Absolute AppSec
A weekly podcast of all things application security related. Hosted by Ken Johnson and Seth Law.
- Update frequency
- every 10 days
- Episodes
- 297
- Years Active
- 2018 - 2025
Episode 136: AppSec Nihilism and Breaches
Back off of a week's break, Seth and Ken catch up on breach news. A return of security nihilism is also in order based on recent breaches and exploits.
Tue 01 Jun 2021
Episode 135: GoSDL, Language Choice, Kenna, Dependency Confusion
Punchy and Grumpy are back at it starting with a discussion on GoSDL and how it integrates with developer workflows. Followed by a discussion on language choice/experience, Cisco's acquisition of Ken…
Tue 18 May 2021
Episode 134: Legal Protections, Browser Sanitization APIs, Burnout
Statler and Waldorf meet again to discuss legal protections when conducting security testing, new browser APIs for sanitization of user-supplied content, how XSS is boring, and techniques for dealing…
Tue 11 May 2021
Episode 133: Rob Shavell - Privacy
Rob Shavell from Abine.com joins Seth and Ken to talk about data privacy, social media, and industry concerns with tracking.
Tue 04 May 2021
Episode 132: Supply Chain Attacks, What I Wish I Knew Starting in Security
Ken and Seth are the dynamic duo revealing what they wish they knew starting in security and as a penetration tester. Also a discussion about supply chain attacks and a tribute to the late Dan Kamins…
Tue 27 Apr 2021
Episode 131: Jeevan Singh - Threat Modeling
Jeevan Singh from Segment joins Seth and Ken to discuss the recently-released, open source threat modeling training material.
Tue 20 Apr 2021
Episode 130: Facebook 'Breach', Data Privacy
Ken and Seth break down the Facebook 'Breach', aka data collection and different views on dealing with that data. The discussion continues with privacy data and how far we should trust any social med…
Tue 13 Apr 2021
Episode 129: Rey Bango - JQuery, Developer Relations, Security Education
Rey Bango (@reybango) from Veracode joins Seth and Ken to talk about his path into security. Topics include JavaScript, JQuery, building relationships between security and relations, and how to educa…
Tue 06 Apr 2021
Episode 128: Stefan Edwards/David Coursey - PHP, Backdoors, and AppSec Nihilism
Seth hosts Stefan Edwards (@lojikil) and David Coursey (@dacoursey) discussing PHP's recent backdoor, probable fixes including code commit signing and the move to GitHub. THe discussion covers ease o…
Tue 30 Mar 2021
Episode 127: Regexes, WAFs, Secondary Contexts
Seth and Ken discuss the role of regular expressions in routing of web application requests. Discussion covers basics of routing, exploitation of secondary contexts, and bypassing of web application …
Tue 23 Mar 2021
Episode 126: Junior AppSec Positions, Phishing Site Detection, Client-side JavaScript
Seth and Ken are back on another Taco Tuesday to talk through getting into application security and how to support those new to the field. Also a discussion on phishing sites that detect VMs and othe…
Tue 16 Mar 2021
Episode 125: Interviews, SQLi, Concurrency, Wordpress
Seth and Ken discuss interviewing techniques for technical resources, SQL injection in the media and Github's recent concurrency vulnerability. Also a discussion on recent WordPress plugin vulnerabil…
Tue 09 Mar 2021
Episode 124: 2020 Top 10 Web Hacking Techniques, Development vs. Security
Seth and Ken discuss Portswigger's Top 10 Web Hacking Techniques of 2020, specifically injection attacks through images in PDFs and reverse proxies. Further discussion on creativity in development an…
Tue 02 Mar 2021
Episode 123: Client-Side Controls, Dependency Confusion
Seth and Ken discuss client-side controls and 3rd-party JavaScript security features. Confused deputy vulnerabilities (dependency confusion) in the news.
Tue 23 Feb 2021
Episode 122: Brian Glas (@infosecdad) - OWASP Top 10 2021
Seth and Ken welcome back Professor Brian Glas (@infosecdad) to dispel the recent OWASP Top 10 2021 speculation and rumor. We talk through the origins and purpose of the OWASP Top 10 as well as the 2…
Thu 18 Feb 2021
Episode 121: Stefan Edwards (@lojikil) - Formal Specification, Fuzzing, LangSec
Stefan Edwards (@lojikil) once again joins Seth and Ken to talk all things LangSec (language security). Discussion ranges from manual vs. automated testing to fuzzing to semantic analysis to formal s…
Tue 02 Feb 2021
Episode 120: OWASP Top 10 2021, Researcher Attacks, Parler, Phishing
Seth and Ken discuss the proposed 2021 OWASP Top 10 Risks, North Korean attacks against security researchers, password managers, latest in Parler de-platforming, and phishing possibilities.
Tue 26 Jan 2021
Episode 119: Bugtraq, Web Cache Poisoning, and Blind SSRF
Seth and Ken wax nostalgic about the old days due to the shut down of the Bugtraq Mailing List (RIP old friend). Further discussions on web cache poisoning and blind server-side request forgery (SSRF…
Tue 19 Jan 2021
Episode 118: Parler, Twitter, and IDOR
Seth and Ken return with a discussion about application security in the news, including relevance to the Parler "backups". Also discussions about Twitter and latest political developments and how the…
Tue 12 Jan 2021
Episode 117: Solarwinds, Timing Attacks, Threat Dragon
The dynamic duo is back for their last podcast of 2020!
Tue 22 Dec 2020
Disclaimer: The podcast and artwork embedded on this page are the property of Ken Johnson and Seth Law. This content is not affiliated with or endorsed by eachpod.com.