Application Security Weekly (Audio)

Zed Attack Proxy is an essential tool for web app pentesting. The project just recently moved from OWASP to the Secure Software Project. Hear about the challenges of running an OSS security project, …

Check out this interview from the ASW Vault, hand picked by main host Mike Shema! This segment was originally published on January 10, 2022. There's an understandable focus on "shift left" in modern …

We go deep on LLMs and generative AIs to shine a light on areas that security leaders should focus on. There are technical concerns like prompt injection and access controls, and privacy concerns in …

Two featured interviews from this year's Black Hat. In the news, Discord.io ceases to be, Azure AD breach to get scrutiny from the CSRB, Zoom's AI stumbles show security concerns, model confusion att…

A key part of modern appsec is communication. From interpersonal skills for fostering collaborations to presentation skills for delivering a message, the ability to tell a story and engage an audienc…

Mature shops should be looking to a security architecture process to help scale their systems and embrace security by design. We talk about what it means to create a security architecture process, wh…

Identity isn't new, but we do have new ways of presenting and protecting identity with things like payment wallets and verifiable credentials. But we also have identity in surprising places -- like c…

Appsec teams and developers must both understand the consequences of what they're doing when building APIs. Appsec teams need to push for collaboration and help implement tools that augment the devel…

While much has been written and argued about the security of election systems - the things that do the actual ballot counting - there's other systems that have to be in place and secured before the v…

Infosec is still figuring out useful metrics, how to talk about risk, and how to make resilience more relevant. Shannon talks about a new community effort to measure software trust. She also covers t…

Check out this interview from the ASW Vault, hand picked by main host Mike Shema! This segment was originally published on May 23, 2022.

Developers want bug-free code -- it frees up their time and is…

Without visibility and continuous monitoring, dangerous threats expose our blind spots and create risk. Invicti, who brought together Acunetix and Netsparker, analyzes common web application vulns ac…

Security is one of the most evolving and impactful landscapes in the regulatory sphere. Proposed initiatives in the areas of Incident Response, Software and Product Assurance, Coordinated Vulnerabili…

Eric Olden, CEO and Co-Founder of Strata Identity, discusses the concept of Identity Orchestration. He covers the evolving identity landscape and how it has evolved to keep pace with modern apps, the…

Walking the show floor at RSA Conference, you couldn't trip without falling into an application security vendor booth ... and API security specialists were especially plentiful. Join Forrester Princi…

Check out this interview from the ASW VAULT, hand picked by main host Mike Shema! This segment was originally published on March 14, 2022.

Cybersecurity is a large and often complex domain, tradition…

The OWASP Top 10 dates back to 2003, when appsec was just settling on terms like cross-site scripting and SQL injection. It's a list that everyone knows about and everyone talks about. But is it stil…

What happens to an app's security after six months? What about a year or two years? A Secure SDLC needs to maintain security throughout an app's lifetime, but too often the rate of new flaws can outp…

What does software resilience mean? Why is status quo application security unfit for the modern era of software? How can we move from security theater to security chaos engineering? This segment answ…

Application security is messy and is getting messier. Modern application security teams are struggling to identify what's more important to fix. Cloud security and application security is getting squ…