Absolute AppSec
A weekly podcast of all things application security related. Hosted by Ken Johnson and Seth Law.
- Update frequency
- every 10 days
- Episodes
- 297
- Years Active
- 2018 - 2025
Episode 96: Fuzzing and Static Analysis Tools
Seth and Ken discuss fuzzing techniques, recommendations, and experience. Stories of fuzzing in production. How static analysis tools have changed and where they fit.
Tue 19 May 2020
Episode 95: Jessica Rozhin (@JessicaRozhin) and Lady Christina Liu (cliuthulu) - Incident Response, Lockpicking, Building an Infosec Culture
Jessica Rozhin (@JessicaRozhin) and Lady Christina Liu (@cliuthulu) join Seth and Ken to talk about alternate routes into security, including accounting and joining a circus. Discussions on forensics…
Tue 12 May 2020
Episode 94: Bug Bounty, Microservices vs. Monoliths, and CVE Fatigue
Seth and Ken discuss tips for running a bug bounty program, risk of webhooks, Segment's move to and from microservices, and having CVE Fatigue.
Tue 05 May 2020
Episode 93: Huntr Dev - Securing Open Source Software
Seth and Ken are joined by the Huntr Dev team to talk about securing open source software, bug bounties, and writing secure code.
Tue 21 Apr 2020
Episode 92: Working from Home, Skreen, Evolution of AppSec
Seth struggles with internet access during a discussion with Ken on working from home, employee surveillance, and Sneek. Additional thoughts on the evolution of application security and penetration t…
Tue 14 Apr 2020
Episode 91: Stefan Edwards - More Voatz, Zoom, Code Reviews, Report Writing, Threat Models, and Risk Assessments
LOJI IS BACK! Stefan joins Seth and Ken to talk about his work on Trail of Bits assessment of the Voatz mobile application, share thoughts on Zoom, and discuss the assessment process. Discussions on …
Tue 07 Apr 2020
Episode 90: Voatz, HackerOne, Bug Bounties, GraphQL, Shodan Network Trends
Seth and Ken provide their take on the Voatz mobile app dismissal from HackerOne. Additional discussion of network trends during social distancing and COVID-19 as reported by Shodan. Finally some tho…
Tue 31 Mar 2020
Episode 89: Kat Sweet - Incident Response, DevOps and Developer Training, Breaking into Security
Kat Sweet (@TheSweetKat) continues our discussion from DevSecOps Days Austin. Topics include incident response, staying right while you push left, developer training, and getting into information sec…
Tue 24 Mar 2020
Episode 88: Kevin Johnson - Secure Ideas, Star Wars, Passing it On
Kevin Johnson of Secure Idea joins Seth and Ken in a discussion on his path into security, Star Wars (yes, really), and giving back to the community. This includes passing on teaching, sharing knowle…
Tue 17 Mar 2020
Episode 87: Abhay Bhargav - Threat Modeling, DevSecOps, Microservices
Abhay Bhargav, founder of We45, joins Seth and Ken in a discussion on threat modeling in an agile development methodology, the rise and role of DevSecOps, and security within microservices.
Tue 03 Mar 2020
Episode 86: Rohan Johsi - QA Security Testing, Security Champions, Paypal Vulnerabilities
Seth and Ken discuss bug bounties and a recent article on Paypal issues. Joined by Rohan Joshi to discuss building an application security program, QA security testing, and security champions.
Tue 25 Feb 2020
Episode 85: David Lindner - Voting Apps, Bug Bounties, IAST/RASP/WAF
David Lindner (@golfhackerdave) joins Seth and Ken discuss the voting applications, including the Iowa debacle and the Voatz application. Ranting on bug bounties and response times for researcher fin…
Tue 18 Feb 2020
Episode 84: Tinfoil Hat Tuesday - Backdoors, Application Libraries, Equifax
Seth and Ken discuss the latest security news, including CIA Backdoors in the Crypto AG products, FBI release of wanted Chinese nationals related to the Equifax breach, protecting applications agains…
Tue 11 Feb 2020
Episode 83: Ron Perris - NPM, Developer Training, React
Ron Perris (@ronperris), Software Security Engineer from npm, Inc. joins Seth and Ken to talk about module security, developer interactions, and recent node security issues. DOM Clobbering.
Thu 06 Feb 2020
Episode 82: Kelley Robinson - MFA, SHAKEN, STIR
Kelley Robinson (@kelleyrobinson), Security Advocate at Twilio/Authy joins Seth and Ken to talk about multifactor authentication, her path into security, and advances in voice security (SHAKEN/STIR).
Tue 28 Jan 2020
Episode 81: Matias Madou - Application Security Training
Ken and Seth are joined by Matias Madou, CTO of Secure Code Warrior. Discussion of current state of application security training, static analysis tools, and just-in-time-training.
Tue 21 Jan 2020
Episode 80: Louis Barratt - SIRT and AppSec
Louis Barrett of the Segment SIRT team joins Seth and Ken to discuss his path into security, mentors, and SIRT. Discussions on approaching SIRT, creating a SIRT team, and how to integration AppSec in…
Tue 14 Jan 2020
Episode 79: Live from DevSecOpsDays Austin - Next up in AppSec/DevSecops
Seth and Ken host the podcast live from DevSecOpsDays Austin, with multiple guests from conference speakers. Discussions on what each guest feels is up next in AppSec and DevSecOps for the forseeable…
Tue 17 Dec 2019
Episode 78: Breaches, Passwords, and Chicken Fingies
Seth and Ken host Seth and Santa's Secure Workshop as a pair this week. The discussion revolves around the Hacker 1 "breach", Practical Pentest Lab's storage and sending of plaintext passwords, chick…
Tue 10 Dec 2019
Episode 77: Clint Gibler, DevSecOps, TLDR; Sec
Seth and Ken are joined this week by Clint Gibler (@clintgibler) to talk about DevSecOps, what he sees in the industry as effective security, and his newsletter TLDR; Sec (https://bit.ly/tldrsec). Co…
Tue 03 Dec 2019
Disclaimer: The podcast and artwork embedded on this page are the property of Ken Johnson and Seth Law. This content is not affiliated with or endorsed by eachpod.com.