Application Security Weekly (Audio)

In this week's interview, Melinda Marks' joins us to discuss her latest research. Her recent report Modernizing Application Security to Scale for Cloud-Native Development delves into many aspects an…

After spending a decade working for appsec vendors, Grant McKracken wanted to give something back. He saw a gap in the market for free or low-cost services for smaller organizations that have real ap…

Better TLS implementations with Rust, fuzzing, and managing certs, appsec lessons from the everlasting transition to IPv6, LLMs for finding vulns (and whether fuzzing is better), and more!

Also check…

Building cloud native apps doesn't mean you're immune to dealing with legacy systems. Cloud services have changed significantly over the last decade, both in the security controls available to them a…

Zed Attack Proxy has been a crucial web app testing tool for decades. It's also had a struggle throughout 2024 to obtain funding that would enable the tool to add more features while remaining true t…

More remote car control via web interfaces, an RCE in CUPS, Microsoft reduces attack surface, migrating to memory safety, dealing with dependency confusion, getting rid of password strength calculato…

APIs are essential to modern application architectures, driving rapid development, seamless integration, and improved user experiences. However, their widespread use has made them prime targets for a…

When a conference positioned as a day of security for developers has to be canceled due to lack of interest from developers, it's important to understand why there was so little interest and why apps…

Considerations in paying down tech debt, make Rust work on bare metal, ECDSA side-channel in Yubikeys, trade-offs in deploying SSO quickly, and more!

Visit https://www.securityweekly.com/asw for all …

Check out this interview from the ASW Vault, hand picked by main host Mike Shema! This segment was originally published on May 9, 2023.

What does software resilience mean? Why is status quo applicati…

IoT devices are notorious for weak designs, insecure implementations, and a lifecycle that mostly ignores patching. We look at external factors that might lead to change, like the FCC's cybersecurity…

This week, Jeff Pollard and Allie Mellen join us to discuss the fallout and lessons learned from the CrowdStrike fiasco. They explore the reasons behind running in the kernel, the challenges of softw…

Startups and small orgs don't have the luxury of massive budgets and large teams. How do you choose an appsec approach that complements a startup's needs while keeping it secure. Kalyani Pawar shares…

Even though Security Champions programs look very different across organizations and maturity levels, they share core principles for becoming successful. Marisa shares her experience in building thes…

Modern appsec isn't modern because security tools got shifted in one direction or another, or because teams are finding and fixing more vulns. It's modern because appsec is meeting developer needs an…

Generative AI has produced impressive chatbots and content generation, but however fun or impressive those might be, they don't always translate to value for appsec. Allie brings some realistic expec…

How can LLMs be valuable to developers as an assistant in finding and fixing insecure code? There are a lot of implications in trusting AI or LLMs to not only find vulns, but in producing code that f…

Sandy Carielli and Janet Worthington, authors of the State Of Application Security 2024 report, join us to discuss their findings on trends this year! Old vulns, more bots, and more targeted supply c…

OAuth 2.0 is more than just a single spec and it's used to protect more than just APIs. We talk about challenges in maintaining a spec over a decade of changing technologies and new threat models. No…

Check out this interview from the ASW Vault, hand picked by main host Mike Shema! This segment was originally published on April 4, 2023.

Following on from her successful title "Container Security", …