Application Security Weekly (Audio)

About all things AppSec, DevOps, and DevSecOps. Hosted by Mike Shema and John Kinsella, the podcast focuses on helping its audience find and fix software flaws effectively.

Avoiding Appsec's Worst Practices - ASW #324 04/01/2025

Finding a Use for GenAI in AppSec - Keith Hoodlet - ASW #323 03/25/2025

Redlining the Smart Contract Top 10 - Shashank . - ASW #322 03/18/2025

CISA's Secure by Design Principles, Pledge, and Progress - Jack Cable - ASW #321 03/11/2025

Keeping Curl Successful and Secure Over the Decades - Daniel Stenberg - ASW #320 03/04/2025

Developer Environments, Developer Experience, and Security - Dan Moore - ASW #319 02/25/2025

Top 10 Web Hacking Techniques of 2024 - James Kettle - ASW #318 02/18/2025

Code Scanning That Works With Your Code - Scott Norberg - ASW #317 02/11/2025

Threat Modeling That Helps the Business - Akira Brand, Sandy Carielli - ASW #316 02/04/2025

Security the AI SDLC - Niv Braun - ASW #315 01/28/2025

Appsec Predictions for 2025 - Cody Scott - ASW #314 01/21/2025

Discussing Useful Security Requirements with Developers - Ixchel Ruiz - ASW #313 01/14/2025

DefectDojo and Bringing Quality Appsec Tools to Small Appsec Teams - Greg Anderson - ASW #312 01/07/2025

Applying Usability and Transparency to Security - Hannah Sutor - ASW #311 12/16/2024

Looking Back on 2024 - ASW #310 12/10/2024

Adding Observability with OpenTelemetry - Adriana Villela - ASW #309 12/03/2024

Biometric Frontiers: Unlocking The Future Of Engagement - Andras Cser, Enza Iannopollo - ASW #308 11/19/2024

Modernizing AppSec - Melinda Marks - ASW #307 11/12/2024

Bug bounties, vulnerability disclosure, PTaaS, fractional pentesting - Grant McCracken - ASW #306 11/05/2024

Making TLS More Secure, Lessons from IPv6, LLMs Finding Vulns - Arnab Bose, Shiven Ramji - ASW #305 10/29/2024

Making TLS More Secure, Lessons from IPv6, LLMs Finding Vulns - Arnab Bose, Shiven Ramji - ASW #305 Better TLS implementations with Rust, fuzzing, and managing certs, appsec lessons from the everlasting transition to IPv6, LLMs for finding vulns (and whether fuzzing is better), and more! Also check out this presentation from BSides Knoxville that we talked about briefly, Generative AI has been the talk of the technology industry for the past 18+ months. Companies are seeing its value, so generative AI budgets are growing. With more and more AI agents expected in the coming years, it’s essential that we are securing how consumers interact with generative AI agents and how developers build AI agents into their apps. This is where identity comes in. Shiven Ramji, President of Customer Identity Cloud at Okta, will dive into the importance of protecting the identity of AI agents and Okta’s new security tools revealed at Oktane that address some of the largest issues consumers and businesses have with generative AI right now. Segment Resources: Today, there isn’t an identity security standard for enterprise applications that ensures interoperability across all SaaS and IDPs. There also isn’t an easy way for an app, resource, workload, API or any other enterprise technology to make itself discoverable, governable, support SSO and SCIM and continuous authentication. This lack of standardization is one of the biggest barriers to cybersecurity today. Arnab Bose, Chief Product Officer, Workforce Identity Cloud at Okta, joins Security Weekly's Mandy Logan to discuss the need for a new, comprehensive identity security standard for enterprise applications, and the work Okta is doing alongside other industry players to institute a framework for SaaS companies to enhance the end-to-end security of their products across every touchpoint of their technology stack. Segment Resources: This segment is sponsored by Oktane, to view all of the CyberRisk TV coverage from Oktane visit . Visit for all the latest episodes! Show Notes: /episode/index/show/aswaudio/id/33667942

The Complexities, Configurations, and Challenges in Cloud Security - Scott Piper - ASW #304 10/21/2024

The Future of Zed Attack Proxy - Simon Bennetts, Ori Bendet - ASW #302 10/08/2024

More Car Hacks, CUPS Vulns, Microsoft's SFI, Memory Safety, Password Complexity - Farshad Abasi - ASW #301 10/02/2024

Vulnerable APIs and Bot Attacks: Two Interconnected, Growing Security Threats - David Holmes - ASW #300 09/24/2024

Bringing Secure Coding Concepts to Developers - Dustin Lehr - ASW #299 09/17/2024

Paying Down Tech Debt, Rust in Firmware, EUCLEAK, Deploying SSO - ASW #298 09/10/2024

Close the Security Theater: Enter Resilience - Kelly Shortridge - ASW Vault 09/02/2024

Changing the Course of IoT's Future from Its Insecure Past - Paddy Harrington - ASW #297 08/27/2024

The Fallout and Lessons Learned from the CrowdStrike Fiasco - Shimon Modi, Jeff Pollard, Allie Mellen, Boaz Barzel - ASW #296 08/20/2024

The Fallout and Lessons Learned from the CrowdStrike Fiasco - Shimon Modi, Jeff Pollard, Allie Mellen, Boaz Barzel - ASW #296 This week, Jeff Pollard and Allie Mellen join us to discuss the fallout and lessons learned from the CrowdStrike fiasco. They explore the reasons behind running in the kernel, the challenges of software quality, and the distinction between a security incident and an IT incident. They also touch on the need to reduce the attack surface and the importance of clear definitions in the cybersecurity industry. The conversation explores the need for a product security revolution and the importance of transparency and trust in security vendors. As development cycles shorten and more responsibilities shift to developers, application security (AppSec) is rapidly evolving. Organizations are increasingly building mature programs that automate and enhance AppSec, moving beyond manual processes. In this discussion, we explore how organizations are adapting their AppSec practices, highlighting the challenges and milestones encountered along the way. Key topics include the integration of security into the development lifecycle, the impact of emerging technologies, and strategies for fostering a security-first culture. Boaz Barzel shares his experiences and offers practical advice on overcoming common obstacles, ensuring that security measures keep pace with rapid technological advancements. This segment serves as a comprehensive guide for organizations striving to enhance their AppSec practices and continuously optimize their posture. This segment is sponsored by OX Security. Visit to learn more about them! Given the rapid rise of threat actors utilizing AI for cyber-attacks, security teams need advanced AI capabilities more than ever. Shimon will discuss how Dataminr’s Pulse for Cyber Risk uses Dataminr’s leading multi-modal AI platform to provide the speed and scale required to build enterprise resilience in the modern cyber threat environment. Dataminr's world-leading AI platform helps companies stay informed - performing trillions of daily computations across billions of public data inputs from more than one million unique public data sources encompassing text, image, video, audio and sensor signals to provide real-time information when you need it most. Segment Resources: This segment is sponsored by Dataminr. Visit to learn more about their world-leading AI platform perform! Visit for all the latest episodes! Show Notes: /episode/index/show/aswaudio/id/32658657

When Appsec Needs to Start Small - Kalyani Pawar, Danny Jenkins, Nikos Kiourtis - ASW #295 08/13/2024

Application Security Weekly (Audio)

TOPICS