Application Security Weekly (Video)
The Application Security Weekly podcast delivers interviews and news from the worlds of AppSec, DevOps, DevSecOps, and all the other ways people find and fix software flaws. Join hosts Mike Shema and John Kinsella on a journey through modern cybersecurity practices for applications, clouds, containers, and more.
Show episodes
Considerations in paying down tech debt, make Rust work on bare metal, ECDSA side-channel in Yubikeys, trade-offs in deploying SSO quickly, and more! Show Notes: https://securityweekly.com/asw-298
Check out this interview from the ASW Vault, hand picked by main host Mike Shema! This segment was originally published on May 9, 2023. What does software resilience mean? Why is status quo application security unfit for the modern era of software? How can we move from security theater to security chaos engineering? Th
Apache HTTPD Vulns, Hacking IoT Speakers, Use Cases for WASM, Slack AI Leak - ASW #297
Research by Orange Tsai into Apache HTTPD's architecture reveals several vulns, NCC Group shows techniques for hacking IoT devices with Sonos speakers, finding use cases for WebAssembly, Slack's AI leaks data, DARPA wants a future of Rust, and more! Show Notes: https://securityweekly.com/asw-297
Changing the Course of IoT's Future from Its Insecure Past - Paddy Harrington - ASW #297
IoT devices are notorious for weak designs, insecure implementations, and a lifecycle that mostly ignores patching. We look at external factors that might lead to change, like the FCC's cybersecurity labeling for IoT. We explore the constraints that often influence poor security on these devices, whether those constrai
Navigating the Path to Maturity & AI is helping combat cyber threats - Shimon Modi, Boaz Barzel - ASW #296
As development cycles shorten and more responsibilities shift to developers, application security (AppSec) is rapidly evolving. Organizations are increasingly building mature programs that automate and enhance AppSec, moving beyond manual processes. In this discussion, we explore how organizations are adapting their Ap
The Fallout and Lessons Learned from the CrowdStrike Fiasco - Allie Mellen, Jeff Pollard - ASW #296
This week, Jeff Pollard and Allie Mellen join us to discuss the fallout and lessons learned from the CrowdStrike fiasco. They explore the reasons behind running in the kernel, the challenges of software quality, and the distinction between a security incident and an IT incident. They also touch on the need to reduce th