Absolute AppSec
A weekly podcast of all things application security related. Hosted by Ken Johnson and Seth Law.
- Update frequency
- every 10 days
- Episodes
- 297
- Years Active
- 2018 - 2025
Episode 176 - Exposed Secrets, Semgrep Rules, IoT Security Failures
Guess what's coming right up!? Another edition of Absolute AppSec with your summer-school hosts, @sethlaw and @cktricky. What are the secrets out there available if one scans the internet? Well, secu…
Tue 21 Jun 2022
Episode 175 - Web3, JWT Security, Public App Attacks
Late night edition. Now we are tired. Seth and Ken get back to the podcast and dig into Web3 security a bit. A review of the recent blog post from portswigger on JWT security. Finally discussion on p…
Tue 14 Jun 2022
Episode 174 - Smart Contracts, Code Review Lessons Learned
If there were a magical world where mensch-y podcasters (@cktricky and @sethlaw) discuss smart contract vulnerabilities, secure code review experiences, and package takeover attacks, wouldn't you lik…
Tue 31 May 2022
Episode 173 - Enumeration Attacks!
Yet ANOTHER episode of Absolute AppSec with Seth and Ken! User enumeration vulnerabilities are the order of the day. Seth digs in on an interesting #talesfromconsulting where security questions, and…
Tue 24 May 2022
Episode 172 - Jimmy Mesta - Kubernetes, Startup Adventures
Jimmy Mesta (@jimmesta) of KSOC joins Ken and Seth to talk about Kubernetes Security and startup adventures with KSOC. This leads to a discussion on the OWASP's Top 10 Kubernetes Project and how all …
Tue 17 May 2022
Episode 171 - Ruby Deserialization Walkthrough, Domain Takeovers
Ken and Seth are back to talk about potential of package hijacking based on DNS takeovers due to domain expirations. Ken provides a walkthrough of Ruby Deserialization techniques based on recent news…
Tue 10 May 2022
Episode 170 - Security Basics, Social Engineering, Plan for Failure
Seth and Ken return with a discussion of security basics and failures resulting from lack of security hygiene. As a developer, security engineer, or a CISO, i's important to recognize that breaches w…
Tue 03 May 2022
Episode 169 - Finding Security Bugs
Seth and Ken return to the podcast and spend the episode reviewing the recent keynote from Mark Dowd at OffensiveCon 22 about the process he uses to find bugs in software.
Tue 26 Apr 2022
Episode 168 - Secure Code Review, Package Confusion, Privacy Acts
What's that sound?! Could it be the Absolute AppSec train coming 'round the bend, set to deliver
@cktricky and @sethlaw's timely takes on Application Security news?! This episode starts with an in-de…
Tue 19 Apr 2022
Episode 167 - Ken Toler - Cryptocurrency, Spring4Shell
A pair of Kens. A quick discussion on Spring4Shell and how the exploit takes advantage of Java's dynamic configuration options along with a data binding aka mass assignment vulnerabilities. Ken Toler…
Tue 05 Apr 2022
Episode 166 - Web App Firewalls, ProtestWare, CSP Level 3
As sands through the hourglass, another episode is falls on a Tuesday in late March. It was not _the_ first episode, but it was an episode as Ken and Seth talk about the origins of web application fi…
Tue 22 Mar 2022
Episode 165 - Portswigger 2021 Top 10, Supply Chain Attacks, TLS Certs
Welcome to the latest nihilism and bitch session. In this episode, Seth and Ken review Portswigger's Top 10 list of the "most significant web security research released in the last year". Discussion …
Tue 15 Mar 2022
Episode 164 - Supply Chain Security, Cyber Attacks, 2FA, AutoWarp
What now? Another episode? You have to be kidding me. Now I get to write another summary per my job description. At least this episode covers some security topics like as Software Supply Chain Securi…
Tue 08 Mar 2022
Episode 163 - IT Army, Secrets, Access Control
And we are live, with our 163 episode of Absolute AppSec. Say hi to Ken and Seth once again as they start out with a discussion on the IT Cyber Army and issues with enlisting to help in cyber attacks…
Tue 01 Mar 2022
Episode 162 - Mike McCabe (@mccabe615) - Cloud Security
After a week's hiatus, the Absolute AppSec-ers return with guest Mike McCabe (@mccabe615) to talk about all things Cloud Security. Discussions on cloud security tools, various differences between AWS…
Tue 22 Feb 2022
Episode 161 - Language Semantics, Blockchain Validations, Pentest Stories
A blast from the past as Ken and Seth reminisce about past penetration testing and security stories. A discussion of language semantics and how programming language basics are similar to spoken langu…
Tue 08 Feb 2022
Episode 160 - Mental Health, Open Source Bug Bounties, IDOR
The duplicitous duo returns with another episode that starts out in left field away from security topics by addressing mental health and how to keep sane when life gets busy, in both good and bad way…
Tue 01 Feb 2022
Episode 159 - Neil Matatall - CSP, Infosec Hiring, Languages + Framework Security
Ken and Seth are back to talk with a blast from the past. Neil Matatall (@ndm) of Twitter, Github, and now TikTok fame joins the discussion (again) to talk about CSP. The conversation wanders from th…
Tue 25 Jan 2022
Episode 158 - More Supply Chains, 2021 Top Ten, CORS + CSRF
Yet another episode. Always something to discuss. Ken and Seth talk about a recent article covering *theoretical* software supply chain exploits and how this will be a big thing this year. A review o…
Tue 18 Jan 2022
Episode 157 - 2022 Predictions, Schema Libraries, NPM and Open Source Packages
NEW YEAR, NEW SECURITY MADNESS! The duo is back with their application security predictions for 2022. A discussion on 3rd party library differences, in particular how URL/URI Schema libraries and par…
Tue 11 Jan 2022
Disclaimer: The podcast and artwork embedded on this page are the property of Ken Johnson and Seth Law. This content is not affiliated with or endorsed by eachpod.com.