Absolute AppSec
A weekly podcast of all things application security related. Hosted by Ken Johnson and Seth Law.
- Update frequency
- every 10 days
- Episodes
- 297
- Years Active
- 2018 - 2025
Episode 196 - API Reviews, Web App Security Features
Seth and Ken dig into a topic that was raised by a member of our Slack community. The initial half of the show reviews both the risks and dynamic or static review items associated with microservices.…
Tue 24 Jan 2023
Episode 195 - 2022 CVEs, CORS, GraphQL
Ken (@cktricky) and Seth (@sethlaw) take a step away from the news to review technical articles and research released in the last couple of weeks. This includes analysis done by Jerry Gamblin on tota…
Tue 17 Jan 2023
Episode 194 - Frank Wang (dbtlabs) - Organization Security, AI/ML
Frank Wang from dbtlabs (@ffwang2 on twitter) joins Seth and Ken for a discussion on current security landscape, artificial intelligence, and machine learning. Follow Frank on twitter or through his …
Tue 10 Jan 2023
Episode 193 - Security Metrics, End-User Security
@cktricky and @sethlaw host another episode starting with a lengthy discussion on security metrics spurred by a recent post by Leif Drezler (@leifdreizler). Security metrics are highly specific and c…
Tue 20 Dec 2022
Episode 192 - Blogs, GoLang Security, ChatGPT
What do _you_ want for an AppSec Christmas! Another episode featuring Ken and Seth, for sure. The duo starts the conversation talking about useful AppSec and Security Blogs while featuring a recent G…
Tue 13 Dec 2022
Episode 191 - DNS Attacks, Organizational Risk, Mastadon
Going into the final month of 2022, the dynamic duo graces us with their presence. It begins with discussion of DNS Attacks based on Kaminsky-style attacks spurred by research presented at DeepSec by…
Tue 29 Nov 2022
Episode 190 - Immutable Laws of Security
Ken and Seth break down the recently-released Immutable Laws of Security from Microsoft's Security Best Practices recommendations. Points of special interest being "Cybersecurity is a team sport", "N…
Tue 08 Nov 2022
Episode 189 - Security Bypasses, AppMap, Dastardly
Seth and Ken kickoff another unique discussion by looking at a recent scholarly paper on security bypasses and workarounds by health care workers. Followed by a demo of AppMap, a development tool tha…
Tue 01 Nov 2022
Episode 188 - Security Training, Zero Trust, Rating of IoT Security
What's that you say? There is no such thing as "done" with application security? Are our Sisyphean hosts (@cktricky and @sethlaw) therefore doomed to ever push this rock up the mountain, just to disc…
Tue 18 Oct 2022
Episode 187 - Hacking your Health, Fortinet, Secrets in Source
Back once again, Ken and Seth riff off of recent health discussions to talk about hacking health and maintaining a descent work/life balance. Discussion of recent Fortinet authorization issue and how…
Tue 11 Oct 2022
Episode 186 - Security Trainings, Web3 Bounties, MFA
Ken is back in the land of the living, so of course he and Seth dig into the current state of information security training, how SCORM is the worst for developer training, and what goes into creating…
Tue 04 Oct 2022
Episode 185 - Daniel Ting (hoodiepony) - Breaches, Optus, Uber
Ken (cktricky) is out sick today, so Seth is joined by Daniel (https://twitter.com/hoodiepony) from Australia to talk about recent breaches. Specifically, the recent breach of Optus in Australia has…
Tue 27 Sep 2022
Episode 184 - Sources, Payloads, Patreon, Ethereum, Starbucks
Ken is back to lead a discussion on identification of interesting sources for the podcast and specifically how XSS just is not as interesting to him and Seth as it was a decade ago. A new project for…
Thu 15 Sep 2022
Episode 183 - Information Warfare w/LegendaryPatMan
Ken is away, so Loji comes to play. Absolute AppSec is hosted this week by Seth and Stefan (@lojikil) to go outside the normal topics of application security to address questions about information wa…
Tue 06 Sep 2022
Episode 182 - Twitter, LastPass, Testing Edge Cases
A late decision to record an episode this week after thinking it would be scratched due to life ended up with a long discussion on the recent Twitter drama and whistleblower revelations around their …
Tue 30 Aug 2022
Episode 181 - (Post DEFCON)
Finally returned from the wasteland that is Las Vegas, or at least the fun that is #hackersummercamp and #defcon30, Ken and Seth break down their different experiences and impressions from the confer…
Tue 23 Aug 2022
Episode 180 - Logging! Attacks!
It's time for hacker summer camp, so the duo starts out discussing upcoming events and interesting talks. A discussion of LOGGING to warms Seth's heart as it comes to light that logging of sensitive …
Wed 10 Aug 2022
Episode 179 - Starting in AppSec, Threat Modeling
Ken pulls Seth back into an episode to talk through the steps anyone can take to get into Application or Product Security based on some recent articles. True security professionals can come from anyw…
Tue 02 Aug 2022
Episode 178 - Wallet Attacks(!) and Data Privacy
The duo is back and live, with an episode stolen from _some_ headlines. Specifically, a breakdown of various attacks against crypto wallets and how they stem from traditional security risks. Followed…
Tue 26 Jul 2022
Episode 177 - That Post-LocoMocoSec Glow
Seth and Ken recap some of their experiences from LocoMocoSec, followed by a discussion on the recent Bugcrowd revelation that an employee attempted to re-submit reports for gain. A review of LaLuka…
Tue 05 Jul 2022
Disclaimer: The podcast and artwork embedded on this page are the property of Ken Johnson and Seth Law. This content is not affiliated with or endorsed by eachpod.com.