Najlepsze podcasty z kategorii: Application Security (2025)

1
Tanya Janca -- A Secure SDLC from a Developer's Perspective 48:54

5d ago48:54

48:54

Security expert Tanya Janca discusses her new book "Alice and Bob Learn Secure Coding" and shares insights on making security accessible to developers. In this engaging conversation, she explores how security professionals can better connect with developers through threat modeling, maintaining empathy, and creating inclusive learning environments. …

1
Regex DoS, LLM Backdoors, Secure AI Architectures, Rust Survey - ASW #319 36:26

6d ago36:26

36:26

Applying forgivable vs. unforgivable criteria to reDoS vulns, what backdoors in LLMs mean for trust in building software, considering some secure AI architectures to minimize prompt injection impact, developer reactions to Rust, and more! Show Notes: https://securityweekly.com/asw-319

1
Developer Environments, Developer Experience, and Security - Dan Moore - ASW #319 1:10:21

6d ago1:10:21

1:10:21

Minimizing latency, increasing performance, and reducing compile times are just a part of what makes a development environment better. Throw in useful tests and some useful security tools and you have an even better environment. Dan Moore talks about what motivates some developers to prefer a "local first" approach as we walk through what all of th…

1
Developer Environments, Developer Experience, and Security - Dan Moore - ASW #319 33:56

6d ago33:56

33:56

Minimizing latency, increasing performance, and reducing compile times are just a part of what makes a development environment better. Throw in useful tests and some useful security tools and you have an even better environment. Dan Moore talks about what motivates some developers to prefer a "local first" approach as we walk through what all of th…

1
Top 10 Web Hacking Techniques of 2024 - James Kettle - ASW #318 44:57

13d ago44:57

44:57

We're getting close to two full decades of celebrating web hacking techniques. James Kettle shares which was his favorite, why the list is important to the web hacking community, and what inspires the kind of research that makes it onto the list. We discuss why we keep seeing eternal flaws like XSS and SQL injection making these lists year after ye…

1
Top 10 Web Hacking Techniques of 2024 - James Kettle - ASW #318 44:57

13d ago44:57

44:57

We're getting close to two full decades of celebrating web hacking techniques. James Kettle shares which was his favorite, why the list is important to the web hacking community, and what inspires the kind of research that makes it onto the list. We discuss why we keep seeing eternal flaws like XSS and SQL injection making these lists year after ye…

1
Unforgivable Vulns, DeepSeek iOS App Security Flaws, Memory Safety Standards - ASW #317 35:52

20d ago35:52

35:52

Identifying and eradicating unforgivable vulns, an unforgivable flaw (and a few others) in DeepSeek's iOS app, academics and industry looking to standardize principles and practices for memory safety, and more! Show Notes: https://securityweekly.com/asw-317

1
Mehran Koushkebaghi -- Security as a Systemic Concern: How to develop Anti-Requirements 45:08

20d ago45:08

45:08

Mehran Koushkebaghi, a seasoned engineering expert, delves into the intricacies of systemic security. He draws parallels between civil engineering and IT systems, and explains the importance of holistic thinking in security design. Discover the difference between semantic and syntactic vulnerabilities and understand how anti-requirements play a cri…

1
Code Scanning That Works With Your Code - Scott Norberg - ASW #317 1:12:52

20d ago1:12:52

1:12:52

Code scanning is one of the oldest appsec practices. In many cases, simple grep patterns and some fancy regular expressions are enough to find many of the obvious software mistakes. Scott Norberg shares his experience with encountering code scanners that didn't find the .NET vuln classes he needed to find and why that led him to creating a scanner …

1
Code Scanning That Works With Your Code - Scott Norberg - ASW #317 37:01

20d ago37:01

37:01

Code scanning is one of the oldest appsec practices. In many cases, simple grep patterns and some fancy regular expressions are enough to find many of the obvious software mistakes. Scott Norberg shares his experience with encountering code scanners that didn't find the .NET vuln classes he needed to find and why that led him to creating a scanner …

1
New SLAP & FLOP Attacks, OCSP Fades Away, DeepSeek's ClickHouse, OAuth 2.0 Security - ASW #316 34:47

27d ago34:47

34:47

Speculative data flow attacks demonstrated against Apple chips with SLAP and FLOP, the design and implementation choices that led to OCSP's demise, an appsec angle on AI, updating the threat model and recommendations for implementing OAuth 2.0, and more! Show Notes: https://securityweekly.com/asw-316…

1
Kalyani Pawar -- Shaping AppSec at Startups 39:52

27d ago39:52

39:52

Kalyani Pawar shares critical strategies for integrating security early and effectively in AppSec for startups. She recommends that startups begin focusing on AppSec around the 30-employee mark, with an ideal ratio of one AppSec professional per 10 engineers as the company grows. Pawar emphasizes the importance of building a security culture throug…

1
Threat Modeling That Helps the Business - Akira Brand, Sandy Carielli - ASW #316 1:11:39

27d ago1:11:39

1:11:39

Threat modeling has been in the appsec toolbox for decades. But it hasn't always been used and it hasn't always been useful. Sandy Carielli shares what she's learned from talking to orgs about what's been successful, and what's failed, when they've approached this practice. Akira Brand joins to talk about her direct experience with building threat …

1
Threat Modeling That Helps the Business - Sandy Carielli, Akira Brand - ASW #316 36:54

27d ago36:54

36:54

Threat modeling has been in the appsec toolbox for decades. But it hasn't always been used and it hasn't always been useful. Sandy Carielli shares what she's learned from talking to orgs about what's been successful, and what's failed, when they've approached this practice. Akira Brand joins to talk about her direct experience with building threat …

1
Opengrep & Semgrep, Hacking Subarus, Hacking Synths, Stealing Cookies, and RANsacked - ASW #315 34:57

1M ago34:57

34:57

An open source security project forks in response to license changes (and an echo of how we've been here before), car hacking via spectacularly insecure web apps, hacking a synth via spectacularly cool MIDI messages, cookie parsing problems, the RANsacked paper of 100+ LTE/5G vulns found from fuzzing, and more! Show Notes: https://securityweekly.co…

1
Security the AI SDLC - Niv Braun - ASW #315 1:08:34

1M ago1:08:34

1:08:34

A lot of AI security boils down to the boring, but important, software security topics that appsec teams have been dealing with for decades. Niv Braun explains the distinctions between AI-related and AI-specific security as we avoid the FUD and hype of genAI to figure out where appsec teams can invest their time. He notes that data scientists have …

1
Security the AI SDLC - Niv Braun - ASW #315 33:38

1M ago33:38

33:38

A lot of AI security boils down to the boring, but important, software security topics that appsec teams have been dealing with for decades. Niv Braun explains the distinctions between AI-related and AI-specific security as we avoid the FUD and hype of genAI to figure out where appsec teams can invest their time. He notes that data scientists have …

1
Appsec Predictions for 2025 - Cody Scott - ASW #314 52:10

1M ago52:10

52:10

What’s in store for appsec in 2025? Sure, there'll be some XSS and SQL injection, but what about trends that might influence how appsec teams plan? Cody Scott shares five cybersecurity and privacy predictions and we take a deep dive into three of them. We talk about finding value to appsec from AI, why IoT and OT need both programmatic and technica…

1
Appsec Predictions for 2025 - Cody Scott - ASW #314 52:10

1M ago52:10

52:10

What’s in store for appsec in 2025? Sure, there'll be some XSS and SQL injection, but what about trends that might influence how appsec teams plan? Cody Scott shares five cybersecurity and privacy predictions and we take a deep dive into three of them. We talk about finding value to appsec from AI, why IoT and OT need both programmatic and technica…

1
PyPI's Quarantine, Phishing & Awareness, Porting Fishshell to Rust, Cyber Trust Mark - ASW #313 31:43

2M ago31:43

31:43

Design lessons from PyPI's Quarantine capability, effective ways for appsec to approach phishing, why fishshell is moving to Rust component by component (and why that's a good thing!), what behaviors the Cyber Trust Mark might influence, and more! Show Notes: https://securityweekly.com/asw-313

1
Milan Williams -- AppSec Metrics 36:16

2M ago36:16

36:16

Milan Williams discusses the importance of application security metrics and how to make them both meaningful and actionable. She explains that metrics are crucial for tracking progress in what can often feel like an overwhelming security landscape, and they're valuable for career advancement and securing resources. We discuss metrics categories and…

1
Discussing Useful Security Requirements with Developers - Ixchel Ruiz - ASW #313 1:07:41

2M ago1:07:41

1:07:41

There's a pernicious myth that developers don't care about security. In practice, they care about code quality. What developers don't care for is ambiguous requirements. Ixchel Ruiz shares her experience is discussing software designs, the challenges in prioritizing dev efforts, and how to help open source project maintainers with their issue backl…

1
Discussing Useful Security Requirements with Developers - Ixchel Ruiz - ASW #313 36:04

2M ago36:04

36:04

There's a pernicious myth that developers don't care about security. In practice, they care about code quality. What developers don't care for is ambiguous requirements. Ixchel Ruiz shares her experience is discussing software designs, the challenges in prioritizing dev efforts, and how to help open source project maintainers with their issue backl…

Podcasty warte posłuchania

Application Security Podcasty

Podcasty warte posłuchania

1
Application Security Weekly (Audio)

Security Weekly Productions

1
Application Security Weekly (Video)

Security Weekly

1
The Application Security Podcast

Chris Romeo and Robert Hurlbut

1
Future of Application Security

Tromzo

1
Tanya Janca -- A Secure SDLC from a Developer's Perspective 48:54

1
Regex DoS, LLM Backdoors, Secure AI Architectures, Rust Survey - ASW #319 36:26

1
Developer Environments, Developer Experience, and Security - Dan Moore - ASW #319 1:10:21

1
Developer Environments, Developer Experience, and Security - Dan Moore - ASW #319 33:56

1
Top 10 Web Hacking Techniques of 2024 - James Kettle - ASW #318 44:57

1
Top 10 Web Hacking Techniques of 2024 - James Kettle - ASW #318 44:57

1
Unforgivable Vulns, DeepSeek iOS App Security Flaws, Memory Safety Standards - ASW #317 35:52

1
Mehran Koushkebaghi -- Security as a Systemic Concern: How to develop Anti-Requirements 45:08

1
Code Scanning That Works With Your Code - Scott Norberg - ASW #317 1:12:52

1
Code Scanning That Works With Your Code - Scott Norberg - ASW #317 37:01

1
New SLAP & FLOP Attacks, OCSP Fades Away, DeepSeek's ClickHouse, OAuth 2.0 Security - ASW #316 34:47

1
Kalyani Pawar -- Shaping AppSec at Startups 39:52

1
Threat Modeling That Helps the Business - Akira Brand, Sandy Carielli - ASW #316 1:11:39

1
Threat Modeling That Helps the Business - Sandy Carielli, Akira Brand - ASW #316 36:54

1
Opengrep & Semgrep, Hacking Subarus, Hacking Synths, Stealing Cookies, and RANsacked - ASW #315 34:57

1
Security the AI SDLC - Niv Braun - ASW #315 1:08:34

1
Security the AI SDLC - Niv Braun - ASW #315 33:38

1
Appsec Predictions for 2025 - Cody Scott - ASW #314 52:10

1
Appsec Predictions for 2025 - Cody Scott - ASW #314 52:10

1
PyPI's Quarantine, Phishing & Awareness, Porting Fishshell to Rust, Cyber Trust Mark - ASW #313 31:43

1
Milan Williams -- AppSec Metrics 36:16

1
Discussing Useful Security Requirements with Developers - Ixchel Ruiz - ASW #313 1:07:41

1
Discussing Useful Security Requirements with Developers - Ixchel Ruiz - ASW #313 36:04

Skrócona instrukcja obsługi