AppSec publiczne
[search 0]
Więcej
Download the App!
show episodes
 
AppSec Builders features practical and actionable conversations with application security experts and practitioners. Topics range from understanding and solving classes of vulnerability, building protections to efficiently scale with your business, and core best practices to strengthen your security posture. AppSec Builders is hosted by Jb Aviat, AppSec staff engineer at Datadog, former CTO and co-founder at Sqreen and Apple Red Team member. Contact us at appsecbuilders@datadoghq.com
  continue reading
 
Artwork
 
Welcome to The AppSec Insiders Podcast. This is a show where we discuss the hottest topics and latest trends in application and cloud security, and tell you what you need to know For those who don’t know who we are, we are all software developers, white-hat hackers, and code security experts. When we’re not recording the podcast, we help organizations of all sizes with their cybersecurity needs. If you’re an AppSec professional looking for an opportunity to work with some of the best in the ...
  continue reading
 
Loading …
show series
 
Absolute AppSec welcomes Alejandro Saenz to join Seth Law and Ken Johnson as a guest. Alejandro has been active in application and product security fields for over a decade, most recently working in product security for Twilio. Before that he worked as a senior application security engineer and software engineer at Softrams and as an application se…
  continue reading
 
Charles Shirer joins Absolute AppSec for a special episode of the show. Charles has decades of experience as a pentester, threat hunter, red teamer, and security consultant. He's CEO of GlobalWave consulting, a security consulting firm that's been serving clients for over a decade. Charles is also a frequent conference speaker, online commentator, …
  continue reading
 
Dustin Lehr, current director of AppSec at data integration company Fivetran, joins Seth and Ken for a special episode of Absolute AppSec. Dustin has spent years helping improve companies' security cultures industry-wide, through his work co-founding Katilyst Security which focuses on helping companies create security champion programs. Additionall…
  continue reading
 
Kyle Kelly joins Seth Law and Ken Johnson as a special guest on the Absolute AppSec podcast. Kyle is an Executive Cybersecurity Consultant at Bancsec, Inc, and Security Researcher at Semgrep, and founder of the wonderful Cramhacks newsletter. As a consultant and researcher, Kyle specializes in supply chain security, a speciality that informs the th…
  continue reading
 
Bryan Schmidt, information security lead at Adept AI is joining Ken Johnson (@cktricky on twitter/x) and Seth Law (@Sethlaw) for a special episode of Absolute AppSec. Before Adept.AI, Bryan spent the last half decade working as a security engineering manager at, first, Flatiron Health and, later ChowNow, and he worked as a penetration tester and se…
  continue reading
 
**Video may be required**: this episode is focused on demonstrating uses of LLMs against various code. As such, listeners may want to watch the stream to see these uses rather than just listening. Also, Seth and Ken talk briefly at the beginning of the episode about a new tldr;sec project (thanks Clint!) called awesome secure defaults that lists ou…
  continue reading
 
After a week of travel, Seth and Ken return to the podcast with a breakdown of their travel experiences at multiple conferences and teaching their first Practical Secure Code Review course using LLMs to enhance the methodology. This is followed by reinforcement of code review steps including library research, a discussion of the recent XZ backdoor,…
  continue reading
 
When Ken is away, the geeks will play. Seth is joined by podcast regular Stefan Edwards (@lojikil) to catch up on his recent work around threat hunting. This progresses into a discussion on threat intelligence and what is available for applications. A recent blog post on the utility of the CVE system spurs thoughts on the usefulness of published CV…
  continue reading
 
Ken and Seth are back to talk about the difference and competing priorities of Application and Enterprise Security. In short, recent news contends that Enterprise or Infrastructure security is lacking, whereas Application or Product Security is in a good state. This is followed by a discussion on supply chain security tools due to a recent analysis…
  continue reading
 
Ken and Seth return for another episode, starting out with pointers on getting into security and finding a niche, all based on a recently released Microsoft project to introduce anyone to security. This is followed by a discussion on Chinese hacking groups and recent breaches among those groups. Finally, a discussion protecting the software supply …
  continue reading
 
Seth and Ken review the recent Whitehouse report on going back to the basics for software security and vulnerabilities. Specifically, how is the use of memory unsafe languages like C and C++ affecting the overall security of the internet landscape. This include a discussion on formal verification and crocs and socks of software testing. Finally, th…
  continue reading
 
Podcast viewers will be familiar with Portswigger's annual list of Web Hacking Techniques. Ken and Seth take some time to digest the list and recommend reviewing not only the top 10, but also the nominations. A discussion on the use of LLM Agents as a dynamic scanning engine for identifying vulnerabilities. If you aren't already using an LLM to hel…
  continue reading
 
Ken and Seth comment on their recent use of the same passwords across multiple organizations. Errr, or wait. That's administrators in some instances, according to recently published analysis from Lares. Will we ever get over passwords or are we doomed to repeat the past? In other news, GitHub Copilot may be (one of) the culprit(s) for the enshitifi…
  continue reading
 
Seth and Ken return to the podcast to talk about fraud scammers based on a recent article from Cory Doctorow and what AppSec can do to protect their apps and themselves. Crocs and Socks. The use of deep fakes to scam corporations to transfer money. Finally, a discussion on sensitive data and why it happens in APIs due to the recent news that Spouti…
  continue reading
 
Ken and Seth start out with a lengthy discussion about application security jobs, training, and getting into the security space due to an article based on someone's experience moving from IT to pentesting. This is followed by possible needs for the NSA to collect commercially available browsing data. Finally, a quick hit on prompt injection and how…
  continue reading
 
Ken and Seth return to settle the age old question of whether false positives or false negatives are better when dealing with security tools. Tears are shed as stories of wasted efforts ring through on the podcasting airwaves. Maybe. Discussions on AI generated recommendations and how it _can_ be useful, but also turn out poorly. Finally, introduct…
  continue reading
 
David Trejo (@dtrejo@infosec.exchange) and Paul Kuliniewicz, security engineers at Chime join Seth (@sethlaw on x) and Ken (@cktricky) to discuss the ins and outs of challenges and successes in a widely recognized effective product security program. You can start reading up on the Monocle program here: https://medium.com/life-at-chime/monocle-how-c…
  continue reading
 
Ken and Seth return to discuss current news. First up is a discussion about token leakage based on the recent discovery of AI tokens on Github and Cloud tokens on Hugging Face's repository. The struggles that package maintainers have with hosted data and secrets is an old problem that doesnt' have a good solution. A re-hash of the recent blogpost "…
  continue reading
 
We are excited to have Brian C Reed, chief mobility office at NowSecure, as a special guest on the Absolute AppSec podcast. Brian has specialized in mobile security, and his company NowSecure works to secure apps, train developers in safe mobile security engineering. As a piece of his work in mobile security, Brian has helped strengthen OWASP MASVS…
  continue reading
 
Jeevan Singh (@askjeevansingh) returns to join Ken Johnson (cktricky on Twitter) and Seth Law (sethlaw) as a guest on the podcast! Jeevan is currently with Rippling, was previously the Director of Product Security at Twilio, and before that Segment. He has been a long-time leader in security and development communities, and currently heads up the @…
  continue reading
 
When cktricky is away, the lojis will play. Stefan Edwards co-hosts an episode with Seth in what ends up bypassing the AI hype to discuss the current state of OWASP. In short, things are murky but the organization is useful and the industry should support some version of its efforts. A discussion on privacy and training AI, based on recent articles…
  continue reading
 
Ken Johnson (cktricky) and Seth Law (@sethlaw) welcome Leif Dreizler back on the show! Leif recently became a Senior Manager of Software Engineering at Semgrep (semgrep.dev) , spent the better part of a decade working in product security and security software engineering at Twilio and Segment (segment.io). He also is a podcast co-host for the 404 S…
  continue reading
 
Seth and Ken are back to review some recent news and community discussions. Specifically, the duo talks about the use of coding requirements and projects during interviews for application security. Both have had experience on both ends and have opinions. This is followed by reactions to the recent breach and data dumps from 23andMe. Finally, new AI…
  continue reading
 
Erik Cabetas, founder and managing partner of Include Security joins Ken Johnson (@cktricky on twitter) and Seth Law (@sethlaw). Erik has been running Include Security for the last decade, and before that comes from a path that includes time working with early security teams at MicroSoft and Fortify Software, blue-team stints with financial groups …
  continue reading
 
Ken (cktricky on Twitter) and Seth (sethlaw) welcome Cole Cornford (https://www.colecornford.com) to Absolute AppSec for a discussion on running a security startup and the future of security training for developers and organizations. Cole is the CEO and Founder of Galah Cyber (https://www.galahcyber.com.au) and an all around AppSec maestro, frequen…
  continue reading
 
Shlomi is back! Shlomi Shaki, GitHub’s head of Asia-Pacific-Japan advanced security sales and all around thoughtful observer of the world of application security is back on the podcast with Ken Johnson and Seth Law. A lively discussion on security vs. engineering and failures of security to meet development/business in the appropriate places. Sugge…
  continue reading
 
Ken and Seth are back with another episode where they try _not_ to cover more on LLMs and AI. Specifically, talk about the basics of implementing security into an SDLC. A long conversation and personal experience from both Ken and Seth on time management and how to get into a flow when working on technical problems. Finally, some answers to questio…
  continue reading
 
A very special pre-DEF CON episode with @lojikil (aka Stefan Edwards). Seth and Stefan dig into various security aspects of artificial intelligence and the recent hype cycle around large language models (LLMs). A discussion of the recently released OWASP Top 10 for LLMs and its target audience. Finally, opinions on the recent news of ZAPs departure…
  continue reading
 
Ken Johnson (@cktricky) and Seth Law (@sethlaw) host Brian Walter (@bdwalter), co-founder and CEO of OpenContext (opencontext.com), tech industry veteran with leadership stints at device-reputation company iovation (acquired by TransUnion), Xerox, Siemens, Sun Microsystems, Lockheed Martin, among others. Discussion focuses on establishing product r…
  continue reading
 
From depths comes a rumbling, and it carries the whisper of AppSec on its breath! Seth and Ken dig into approaches to conducting client scans and processing results. A review of recent research into EPP services for domain registrars along with the methodology for conducting code reviews and appsec research. Finally, some resources for threat model…
  continue reading
 
Beware! It’s double ides of May! (Proviso being that you add the integers and not the 1/2s). Sponsored by @redpointsec, an application security firm that specializes in code security by and for coders. If you're looking for Web App or mobile Pentesting, developer training, smart contract or secure-code reviews, check them out: https://redpointsecur…
  continue reading
 
Hello! We’re just a podcast, standing in front of you, aching to be the SYN to your ACK. Seth and Ken are back to talk about how the PyPI repo is experiencing an attack from multiple malicious package uploads. Seth brings up the concept of watering hole attacks and how the IDE plugin is a growing attack vector. Solarwinds discussion follows. Learni…
  continue reading
 
Loading …

Skrócona instrukcja obsługi