Absolute AppSec
A weekly podcast of all things application security related. Hosted by Ken Johnson and Seth Law.
- Update frequency
- every 10 days
- Episodes
- 297
- Years Active
- 2018 - 2025
Episode 156 - Stefan Edwards (@lojikil) - Open Source Software, Software Bill of Materials
As we get ready for the holidays, we only want to talk about log4hell and bill of materials. Please let it end, please, oh please. A surprise visit by Stefan Edwards (@lojikil) to address all things …
Tue 21 Dec 2021
Episode 155 - Log4Hell, Boring AppSec, Crocs and SOCs
Tis the season... for 0 days. Discussions on the ever-present Log4j issue that the whole industry is dealing with. Kernelcon training announcements, dealing with varying expectations of clients and d…
Fri 17 Dec 2021
Episode 154 - Conferences, Cloud Security, Software Supply Chain
It's one of those days, must be Q4. View of tech conferences as an outsider. An analysis of data from Google's "Threat Horizons" report and what it tells us about Cloud Security. A few items related …
Tue 07 Dec 2021
Episode 153 - Fuzzing, Authentication, Browser Wars (again)
Our last episode before its December!!! Where oh where did 2021 go? Seth and Ken wrap up a conversation on fuzzing strategies for HTTP Requests. A discussion on the difficulty of authentication and w…
Tue 30 Nov 2021
Episode 152 - Breaches, Symbolic Execution, Dynamic vs. Static Assessments
Gobble gobble! It is that time of the year again to stuff our faces... WITH APPSEC! A discussion on breach notification related to the recent GoDaddy disclosure. Understanding symbolic execution with…
Tue 23 Nov 2021
Episode 151 - Secure Code Review, Software Interdependency
Ahem, Seth and Ken return with a live code review of a recently seen authentication routine. A discussion of software interdependence and the issues it creates (such as SSRF). In other words, 151 and…
Tue 16 Nov 2021
Episode 150 - Jerry Gamblin - NVD CVEs, Vulnerability Disclosure, Burp Cert
Jerry Gamblin makes a return to the podcast to talk about recent events in Missouri and how _not_ to respond to responsible vulnerability disclosure. A discussion on the increase of CVEs showing up i…
Tue 26 Oct 2021
Episode 149 - Burnout, AppSec News Sources
Just two old men bi***ing and moaning about App Sec and the price of a good pair of New Balances. Real discussion on dealing with burnout and imposter syndrome. How to stay engaged and interested whe…
Tue 19 Oct 2021
Episode 148 - Facebook, Phrack, Paved Path
Strange things are afoot at the Circle K. Facebook outage and BGP routing. A new issue of phrack released on Oct 5 results a discussion on the good ol' days, BBSes, and the commercialization of secur…
Tue 05 Oct 2021
Episode 147 - James Kettle (@albinowax), Security Research
The one and only James Kettle (@albinowax) of Portswigger joins Seth and Ken to talk about his path into security, HTTP request smuggling, and how to perform security research.
Tue 21 Sep 2021
Episode 146 - OWASP Top 10, Bug Bounties with @JHaddix, Request Smuggling
Now with the latest in old people ramblings. Discussion about the OWASP Top 10 Draft list and how the Top 10 should be used as an awareness document. Discussions on bug bounties with surprise guest J…
Tue 14 Sep 2021
Episode 145 - Return of @cktricky, Burnout, Bumble Vuln, Brute-Forcing
@cktricky is _back_ with a newfound lease on life (and application security). The duo discusses in-person vs. virtual conferences, DEF CON 29, burnout, vulnerabilities in dating apps. A demonstration…
Thu 26 Aug 2021
Episode 144 - Fuzzing, Radamsa, Property Testing
With @cktricky still on hiatus, @sethlaw and @lojikil talk fuzzing, property testing, semantic analysis and demo radamsa.
Tue 17 Aug 2021
Episode 143 - HTTP/2, Black Hat/DEFCON, Kubernetes
With @cktricky out adventuring, @sethlaw is joined by a familiar face (@lojikil) to dive deeply into recent research presented at Black Hat/DEF CON, HTTP/2, and how everything old is new again.
Tue 10 Aug 2021
Episode 142 - AI Code Generation, Puma Scan, HTTP Request Smuggling
Dreamin', Beamin', and Streamin' about using artificial intelligence (AI) to generate code (*cough*, *cough*). When and where to use automated source code analysis tools, specifically Puma Scan for .…
Tue 20 Jul 2021
Episode 141 - print(), Cross-Site Scripting (XSS), RiskIQ, Amass Demo
Just two grumpy old men with some AppSec sprinkled in. Topics this week include new research from portswigger using print to bypass new Chrome XSS iframe restrictions, how XSS is still the best (and …
Tue 13 Jul 2021
Episode 140 - Naomi Buckwalter - Gatekeeping, Developing AppSec Resources
Naomi Buckwalter (@ineedmorecyber) joins Ken and Seth in a discussion about security gatekeeping, how anyone can get into application security, and the relationships between development and security.
Tue 29 Jun 2021
Episode CXXXIX - Return of the @lojikil (Stefan Edwards)
Stefan returns and we pick his brain about information security degrees, format strings, and different testing methodologies. Then we spend most of the episode googling the words that come out of his…
Tue 22 Jun 2021
Episode 138: Ransomware
The duo is back to talk about consulting scheduling and ransomware. Somehow this evolved to a discussion on Hipster Vulns and how auditing is the Crocs-n-SOCs of application security.
Tue 15 Jun 2021
Episode 137: CSRF, GraphQL, Kubernetes, Docker, NoSQL Injection
Live from their parent's basement and dripping with tin foil - Seth and Ken talk about how CSRF is a thing in GraphQL. Kubernetes gets an intentionally-vulnerable setup, and you should definitely che…
Tue 08 Jun 2021
Disclaimer: The podcast and artwork embedded on this page are the property of Ken Johnson and Seth Law. This content is not affiliated with or endorsed by eachpod.com.