Absolute AppSec
A weekly podcast of all things application security related. Hosted by Ken Johnson and Seth Law.
- Update frequency
- every 10 days
- Episodes
- 297
- Years Active
- 2018 - 2025
Episode 56: Learn to Code / Loco Moco Sec Recap
Seth and Ken get back together to talk about Loco Moco Sec and recent industry news. Specifically, should all security people be able to code? Is it a strict requirement? Ken gives his take on the ta…
Tue 23 Apr 2019
Episode 55: Stefan Edwards ruins Infosec - Testing Edition
Seth is joined once again by Stefan Edwards. First in the series "Lojikil ruins Infosec". Ken is at LocomocoSec in Hawaii, so Seth and Stefan (@lojikil) talk all things testing, including symbolic ex…
Thu 18 Apr 2019
Episode 54: Recon-NG and Burp Suite v2 with Tim Tomes
Seth and Ken are joined by Tim Tomes, aka LaNMaSteR53. We discuss Tim's path into application security, his work on Recon-NG, and his analysis of Burp Suite Professional's version 2.
Tue 09 Apr 2019
Episode 53: Building AppSec at Github with Greg Ose
Seth and Ken talk AppCache vulnerabilities and postMessage exploits from PortSwigger's Top 10 web hacking techniques of 2018. Greg Ose joins them to talk about building application security programs,…
Tue 02 Apr 2019
Episode 52: Serialization Vulns, Managing Careers, and Hacking your Happiness with Chris Gates
Seth and Ken talk about serialization vulnerabilities, number 6 in the top web hacking techniques of 2018. Discussions on continuous integration, hacking jenkins, reading code to find vulns, maintain…
Tue 26 Mar 2019
Episode 51: XXE review and techniques, Assessment Reporting and Process with Jessica Ryan
Seth and Ken talk about new techniques for exploiting XXE, number 7 in the top web hacking techniques of 2018. Discussions on assessment process, including reporting, note taking and soft skills with…
Tue 19 Mar 2019
Episode 50: Static Analysis Tools, DevSecOps, Secure Code Training with Eric Heitzman
Seth and Ken talk about number 8 in the top web hacking techniques of 2018. Discussions on static analysis tools and approach to usidng them. Eric Heitzman joins to talk about his background, DevSecO…
Tue 12 Mar 2019
Episode 49: Subdomain Takeovers, DNS SSRF, Oauth Best Practices, Top 10 Web Hacking Techniques of 2019
Seth and Ken talk through subdomain takeovers vulnerabilities at large companies and identification of DNS SSRF. Ken walks through a few oauth best practices. A look at the Portswigger list of Top 10…
Tue 05 Mar 2019
Episode 48: .dev domains, Kubernetes Secrets, Threat Modeling as Code, OWASP Glue Project and Omer Levi Hevroni
Seth and Ken discuss recent events with the .dev domain and why developers should care. Omer Levi Hevroni (@omerlh) stops by to talk about the OWASP Glue Project, the Kamus project for managing Kuber…
Tue 26 Feb 2019
Episode 47: Mapping Application Source Code, Mobile OWASP Top 10, Mobile Application Testing, and Kevin Cody
Seth and Ken review steps taken during a secure code review to map out an application. Joined by Kevin Cody (@kevcody) to talk mobile application testing, OWASP Mobile Top 10, what devices to use whe…
Wed 20 Feb 2019
Episode 46: Fuzzing, Frameworks, Training and Daniel Miessler
Seth and Ken talk about the recent release of ClusterFuzz by Google. Joined by Daniel Miessler (@Daniel Miessler) to talk about the SecLists project, how it relates to fuzzing, training developers an…
Wed 13 Feb 2019
Episode 45: Making the most of Bug Bounties, managing an AppSec program, and Sean Poris
Seth and Ken are joined by Sean Poris (@skp00) of Verizon Media to talk about making the most of a bug bounty program, Sean's path into application security from his budding time as a biologist, and …
Wed 06 Feb 2019
Episode 44: AppSec California, running a Bug Bounty program, and David Coursey
Seth and Ken are joined once again by David Coursey (@dacoursey) to review topics from AppSec California 2019, including building developer relationships and the OWASP ZAP HUD. Ken and Dave answer qu…
Wed 30 Jan 2019
Episode 43: DerbyCon, pwnhead, and Keith Hoodlet
Seth and Ken are joined by Keith Hoodlet (@andMyHacks) to discuss DerbyCon, pwnhead, and application security in medical devices.
Wed 16 Jan 2019
Episode 42: SSRF Rebinding and Segment Team (Leif Dreizler and David Scrobonia)
Seth and Ken discuss SSRF Rebinding defenses with Segment (Leif, David, and Achille). Additional topics include password complexity, password resets, and using Troy Hunt's breach database.
Wed 09 Jan 2019
Episode 41: Hidden File/Dir Enumeration and Will Bengtson
Seth and Ken discuss hidden file and directory enumeration. Joined by Will Bengtson to talk AWS and cloud security, including cloudtrail and trailblazer.
Wed 19 Dec 2018
Episode 40: Code Reviews
Seth and Ken talk through secure code reviews and assessment scoping, more on breaches, the Google congressional hearings and more.
Wed 12 Dec 2018
Episode 39: Jerry Gamblin
Is there such a thing as breach fatigue? When have we had enough? Seth and Ken are joined by Jerry Gamblin of Kenna Security to discuss recent breaches and AWS Re:Invent.
Wed 05 Dec 2018
Episode 38: Matt Konda
Seth and Ken discuss node packages and event_stream fallout. Matt Konda (@mkonda) joins to talk about OWASP, the Glue tool, Jemurai and his origin story and other topics.
Wed 28 Nov 2018
Episode 37: Stefan Edwards
Seth and Ken discuss security gifts for appsec peeps. Joined by Stefan Edwards (@lojikil) to talk about his origin story (Seth gets bagged on), formal verification, and a multitude of other topics.
Wed 21 Nov 2018
Disclaimer: The podcast and artwork embedded on this page are the property of Ken Johnson and Seth Law. This content is not affiliated with or endorsed by eachpod.com.