Application Security Weekly (Audio)

This week, we welcome Maggie Jauregui, Offensive Security Researcher at Intel, to discuss Platform Firmware Security! Firmware security is complex and continues to be an industry challenge. In this p…

This week, we welcome Peter Klimek, Director of Technology, Office of the CTO at Imperva, to discuss Navigating the seas of security in serverless functions!

In the AppSec News: CWE releases the top …

This week, we welcome David DeSanto, Senior Director, Product Management, Dev & Sec at Gitlab! In the wake of events such as the Solarwinds breach, there has been a lot of misinformation about the ro…

In the AppSec news, a password manager makes predictable mistakes, Trusted Types terminate DOM XSS, waking up from PrintNightmare, understanding hardware fault injections.

The truth is, most web ap…

This week, we welcome Clint Gibler, Head of Security Research at r2c, to discuss Scaling Your Application Security Program! In the AppSec News: Visual Studio Code's Workplace Trust, Injured Android a…

This week, we welcome Nuno Loureiro & Tiago Mendo from Probely to discuss some Challenges of DAST Scanners, and their Adoption by Developers! Then, in the AppSec News John and Mike discuss: SLSA fram…

This week, we welcome Sebastian Deleersnyder, CTO at Toreon, to talk about OWASP SAMM - Software Assurance Maturity Model! In the AppSec News, Mike and John talk: ALPACA surveys protocol confusion, l…

This week, we welcome Daniel Hampton, Senior Solutions Architect at Fastly, to discuss API Security: Understanding Threats to Better Protect Your Organization! In the AppSec News, Tyler Robinson join…

This week, we welcome Manish Gupta, CEO and Co-Founder at ShiftLeft, to discuss Bringing Appsec to a Modern CI Pipeline! Appsec in a modern CI pipeline needs a combination of tools, collaboration, an…

This week, we welcome Aanand Krishnan, CEO at Tala Security, Inc., to discuss Third Party Software Risk on the Web! Web applications are highly dependent on third party content and JavaScript. This c…

While the vision for app security is relatively clear, executing on that vision is still somewhat of a work in progress. Fast-moving, interdependent pieces—custom code and open source packages, infra…

Rey Bango will be digging into the developer security training conundrum based on his own experiences with secure coding and security training.

He'll cover:

• The types of security training that work

We start with the article about "Researchers Secretly Tried To Add Vulnerabilities to Linux Kernel, Ended Up Getting Banned" and explore its range of issues from ethics to securing huge, distributed …

This week, we welcome Doug Barbin, Managing Partner at Schellman & Company, LLC, to discuss Supply Chain Management! Supply chain security isn't new, despite the renewed attention from the Solar Wind…

This week, we welcome Leif Dreizler - Engineering Manager, Product Security - Segment, to talk about Shifting Right: What Security Engineers Can Learn From DevSecOps! In the AppSec News, PHP deals wi…

This week, we welcome Andrew van der Stock, Executive Director at OWASP Foundation, to talk about the OWASP Top 10 of 2021! The OWASP Top 10 2021 is in development. A public survey has just been rele…

This week, we welcome Johanna Ydergard, VP of Detectify Crowdsource at Detectify, and Roberto Giachetta, Engineering Manager at Detectify, to discuss Approaching AppSec Like a Hacker! Security is str…

This week, we welcome John Morello, VP of Product at Palo Alto Networks, joins us to talk about Cloud Native Security Platforms! Modern appsec demonstrates the importance of a cloud native strategy f…

This week, we welcome Cynthia Burke, Compliance Manager at Capsule8, to discuss Privacy, Data Security & Compliance! In most IT shops, privacy, data security and compliance often resided under the sa…

This week, we welcome Ted Harrington, Executive Partner at Independent Security Evaluators, to discuss Hackable; How to do Application Security Right! In the Application Security News, Implementation…