
Application Security Weekly (Audio)
About all things AppSec, DevOps, and DevSecOps. Hosted by Mike Shema and John Kinsella, the podcast focuses on helping its audience find and fix software flaws effectively.
Show episodes

Changing the Vuln Conversation from Volume to Remediation - Francesco Cipollone - ASW #350
Dealing with vulns tends to be a discussion about prioritization. After all, there a tons of CVEs and dependencies with known vulns. It's important to figure out how to present developers with useful vuln info that doesn't overwhelm them. Francesco Cipollone shares how to redirect that discussion to focus on remediatio

Design Errors in Entra ID, Design Defenses in iOS, Design Difficulties in DeepSeek - ASW #349
In the news, Microsoft encounters a new cascade of avoidable errors with Entra ID, Apple improves iOS with hardware-backed memory safety, DeepSeek demonstrates the difficulty in reviewing models, curl reduces risk by eliminating code, preserving the context of code reviews, and more! Visit https://www.securityweekly.co

How OWASP's GenAI Security Project keeps up with the pace of AI/Agentic changes - Scott Clinton - ASW #348
This week, we chat with Scott Clinton, board member and co-chain of the OWASP GenAI Security Project. This project has become a massive organization within OWASP with hundreds of volunteers and thousands of contributors. This team has been cranking out new tools, reports and guidance for practitioners month after month
Up first, the ASW news of the week. At Black Hat 2025, Doug White interviews Ted Shorter, CTO of Keyfactor, about the quantum revolution already knocking on cybersecurity’s door. They discuss the terrifying reality of quantum computing’s power to break RSA and ECC encryption—the very foundations of modern digital life.

AI, APIs, and the Next Cyber Battleground: Black Hat 2025 - Chris Boehm, Idan Plotnik, Josh Lemos, Michael Callahan - ASW #346
In this must-see BlackHat 2025 interview, Doug White sits down with Michael Callahan, CMO at Salt Security, for a high-stakes conversation about Agentic AI, Model Context Protocol (MCP) servers, and the massive API security risks reshaping the cyber landscape. Broadcast live from the CyberRisk TV studio at Mandalay Bay

Translating Security Regulations into Secure Projects - Roman Zhukov, Emily Fox - ASW #345
The EU Cyber Resilience Act joins the long list of regulations intended to improve the security of software delivered to users. Emily Fox and Roman Zhukov share their experience education regulators on open source software and educating open source projects on security. They talk about creating a baseline for security