Application Security Weekly (Video)
About all things AppSec, DevOps, and DevSecOps. Hosted by Mike Shema and John Kinsella, the podcast focuses on helping its audience find and fix software flaws effectively.
Show episodes
Total Recall? LLM finds bug in SQLite, C++ safety failures, zero time for zero privs - ASW #306
Microsoft delays Recall AGAIN, Project Zero uses an LLM to find a bugger underflow in SQLite, the scourge of infostealer malware, zero standing privileges is easy if you have unlimited time (but no one does), reverse engineering Nintendo's Alarmo and RedBox's... boxes. Bonus: the book series mentioned in this episode T
Bug bounties, vulnerability disclosure, PTaaS, fractional pentesting - Grant McCracken - ASW #306
After spending a decade working for appsec vendors, Grant McKracken wanted to give something back. He saw a gap in the market for free or low-cost services for smaller organizations that have real appsec needs, but not a lot of means to pay for it. He founded DarkHorse, who offers VDPs and bug bounties to organizations
Protecting Identity of AI Agents & Standardizing Identity Security for SaaS Apps - Shiven Ramji, Arnab Bose - ASW #305
Generative AI has been the talk of the technology industry for the past 18+ months. Companies are seeing its value, so generative AI budgets are growing. With more and more AI agents expected in the coming years, it’s essential that we are securing how consumers interact with generative AI agents and how developers bui
Better TLS implementations with Rust, fuzzing, and managing certs, appsec lessons from the everlasting transition to IPv6, LLMs for finding vulns (and whether fuzzing is better), and more! Also check out this presentation from BSides Knoxville that we talked about briefly, https://youtu.be/DLn7Noex_fc?feature=shared Sh
JSON Parsing, Email Parsing, CISA's Bad Practices Guide, Abusing Disclosure Policies - ASW #304
Flaws that arise from inconsistent parsing of JSON and email addresses, CISA's guide to bad software practices, abusing a security disclosure process to take over a WordPress plugin, and more! Show Notes: https://securityweekly.com/asw-304
The Complexities, Configurations, and Challenges in Cloud Security - Scott Piper - ASW #304
Building cloud native apps doesn't mean you're immune to dealing with legacy systems. Cloud services have changed significantly over the last decade, both in the security controls available to them and the sheer volume of services that CSPs provide. Scott Piper shares some history of cloud security, the benefits of acc