Application Security Weekly (Audio)

This isn't a story about NPM even though it's inspired by NPM. Twice. The maintainer of the "colors" NPM library intentionally changed the library's behavior from its expected functionality to printi…

There's an understandable focus on "shift left" in modern DevOps and appsec discussions. So what does it take to broaden what we call appsec into something effective for modern apps, whether they're …

What does a collaborative approach to security testing look like? What does it take to tackle an entire attack class as opposed to fixing a bunch of bugs? If we can shift from vulnerability mitigatio…

This week, we welcome Francesco Cipollone - CEO & Founder - AppSec Phoenix Ltd, to discuss DevSecOps, Compliance GRC, and the Future of Application Security! In the AppSec News, Mike & John talk: All…

In today’s session Chris Wysopal will address a number of topics with Mike, including systemic risk in software development and how developers and security teams can work together to meet common goal…

This week, we welcome Liam Randall, CEO at Cosmonic, to talk about wasmCloud - Distributed Computing With WebAssembly! CNCF wasmCloud helps developers to build distributed microservices in WebAssembl…

This week, we welcome Ryan Lloyd, Chief Product Officer at Guardsquare, to discuss Mobile Application Security! Mobile applications have a unique attack surface. The tools and techniques being used t…

This week, Mike, John and Dan McKinney from Cloudsmith will be discussing SBOM and what that looks like for your applications. Other topics include: cloud-native tooling for your software supply chai…

This week, we welcome Peter Klimek, Director of Technology, Office of the CTO at Imperva! Peter will talk to the challenges he's hearing from customers and partners about managing the security of API…

This week, we welcome Ashish Rajan, Head of Security & Podcast Host at Cloud Security Podcast, to discuss Security Champions in an Online First World! Ashish will talk about building a security champ…

This week, we welcome Nuno Loureiro, CEO at Probely, and Tiago Mendo, CTO at Probely, to talk about Dev(Sec)Ops Scanning Challenges & Tips! There's a plenitude of ways to do Dev(Sec)Ops, and each org…

This week, we welcome Tom Gibson, Senior Staff Engineer at Cloudsmith, to talk about Modernizing the Management of Your Software Supply Chain! This week in the AppSec News, Mike and John talk: The Tw…

This week, we welcome Hillary Benson, Director, Product Management of Secure & Protect at Gitlab, to discuss The Power of Developer-First Security! In the AppSec News, John and Mike discuss Prototype…

This week, we welcome Anita D'Amico, VP, Market Development at Synopsys, and Patrick Carey, Senior Director of Product Marketing at Synopsys, to discuss AppSec Orchestration/Correlation & DevSecOps E…

This week, we welcome Jeff Williams, Co-Founder and Chief Technology Officer at Contrast Security, to discuss Transforming Modern Software Development with Developer-first Application Security! Moder…

This week, we welcome Manish Gupta, CEO and Co-Founder of ShiftLeft, to discuss Findings From the 2021 AppSec Shift Left Progress Report! Data from the ShiftLeft customer report shows that companies …

This week, we welcome Caroline Wong, Chief Strategy Officer at Cobalt, to discuss A DevOps Perspective on Risk Tolerance & Risk Transfer! In the segment Mike and Caroline will discuss Risk Tolerance …

This week, we welcome Shubhra Kar, Global CTO and GM of Products & IT at The Linux Foundation, to discuss Challenges in Open Source Application Security! In the AppSec News: BlackBerry addresses BadA…

This week, we welcome Mike Rothman, President & Co-founder at DisruptOps, to discuss DevSecOps - Making It Real! In the AppSec News, Bug bounty report that cleverly manipulates a hash for profit, All…

This week, we welcome Tom Hudson, Security Research Team Lead at Detectify, to discuss Securing Modern Web Apps: Development Techniques are Changing! In the AppSec News, Hardware hacking for authn by…