Application Security Weekly (Audio)

Application Security Weekly (Audio)

The Application Security Weekly podcast delivers interviews and news from the worlds of AppSec, DevOps, DevSecOps, and all the other ways people find and fix software flaws. Join hosts Mike Shema, John Kinsella, and Akira Brand on a journey through modern security practices for apps, clouds, containers, and more.

Application Security Weekly (Audio)

Tue Jul 11 2023

Software Trust & Adversaries, Developer-Focused Security - Shannon Lietz, Melinda Marks - ASW #246

Software TrustMetricsResilienceSecurityCollaboration

This episode covers a wide range of topics related to software trust, metrics, resilience, security, and collaboration between developers and security teams. It explores the challenges faced by organizations in measuring trust in software and highlights the importance of metrics such as resilience, adoption, velocity, and error rates. The episode also delves into the role of security teams in shifting left and working closely with developers to ensure better security outcomes. Additionally, it discusses the unique considerations and challenges in Cloud Native app-sec and offers insights on cloud security programs and vendor selection.

Application Security Weekly (Audio)

Wed Jul 05 2023

The Psychology of Training - Matias Madou - ASW Vault

security culturesecure codingtrainingapplication securitysecurity champions

This episode covers the importance of a good security culture, effective ways to address security, evaluating the effectiveness of security programs, promoting secure coding practices, effective training strategies, and creating developer-friendly solutions. Topics include the need for relevant and interactive content, the role of security champions, measuring the impact of training, focusing on one vulnerability at a time, convincing management teams to invest in security, aligning training with organizational resources, and embedding knowledge into development environments.

Application Security Weekly (Audio)

Wed Jun 28 2023

Latest Web Vulnerability Trends & Best Practices - Patrick Vandenberg - ASW #245

Application SecurityWeb VulnerabilitiesScanning TrendsIoT SecurityRisk Containment

This episode covers a range of topics including the 20th anniversary of '28 Days Later' and its impact on the zombie genre, web vulnerability trends and best practices with Patrick Vandenberg from Invicti, news highlights on XSS in Azure and debunking myths about application security. It also delves into insights on organizations scanning more having fewer vulnerabilities, efficiency and proficiency in addressing vulnerabilities, improvements in vulnerability classes like cross-site scripting, collaboration and operational efficiency in risk containment, allocation of effort in fixing vulnerabilities, trends and profiles in application security, IoT security and shifting left, continuous automated scanning and production environments, risk conversations and business safe software, KeyCloak and IAM challenges, exploring new areas of research in security, bug bounties and security developer in residence programs, Linux kernel vulnerabilities and strategic vulnerability management, a security issue with Amazon CDK, and the importance of practical experience in production environments for job applications.

Application Security Weekly (Audio)

Tue Jun 20 2023

Policy Momentum in Coordinated Vulnerability Disclosure - Amit Elazari - ASW Vault

CybersecurityBug BountiesVulnerability Disclosure ProgramsCollaborationSecurity Education

The episode discusses the importance of building connections between institutions and the hacker community, the increased adoption of vulnerability disclosure programs and bug bounties, flexible security policies and collaboration with researchers, engaging with researchers and fostering collaboration, resources for vulnerability disclosure programs, and resources for effective vulnerability reporting.

Application Security Weekly (Audio)

Wed Jun 14 2023

Enhancing Security: App Modernization, Identity Orchestration, & Big IAM Challenge - Eric Olden - ASW #244

Identity ManagementAccess ControlSecurity PracticesThreat ModelingZero Trust

This episode covers a wide range of topics related to identity management, access control, and security practices. From threat modeling using Jurassic Park as a reference to implementing passwordless authentication and avoiding lock-in, the episode explores the challenges and best practices in modern identity management. It also delves into the importance of distributed policies, zero trust principles, common vulnerabilities, and security risks. The episode concludes with discussions on trust issues, formal verification methods, improving security workflows, and effective measurement in the field of security.

Application Security Weekly (Audio)

Tue Jun 06 2023

What's the Deal with API Security? - Sandy Carielli - ASW #243

API securityPHP-based applicationsWordPress pluginsEncryptionPassword management

The episode covers a range of topics including the 40th anniversary of the movie War Games, API security challenges and solutions, vulnerabilities in PHP-based applications and WordPress plugins, encryption and password management considerations, understanding memory representation and building DNS from scratch, detecting anomalies in AWS infrastructures, real-time ML model drift detection, highlights from Thinkscapes quarterly, and community pledges.

Application Security Weekly (Audio)

Tue May 02 2023

Navigating the Complexities of Application Security: Vulnerability Management, Risk Mitigation, and Business Logic Attacks - ASW #239

  • Phones are backed up on the CVE Expressway due to passing 200,000 records last week.
  • Major delays at the intersection of CI and CD due to an overturned truck carrying CVSS scores.
  • There's major construction down at the infrastructure as code, but once you're past the on-ramp traffic is moving quickly....