Podcast Episodes
Back to Search
Simple Patterns for Complex Secure Code Reviews - Louis Nyffenegger - ASW #337
Manual secure code reviews can be tedious and time intensive if you're just going through checklists. There's plenty of room for linters and compilers and all the grep-like tools to find flaws. Louis…
Published on 2 months, 1 week ago
How Fuzzing Barcodes Raises the Bar for Secure Code - Artur Cygan - ASW #336
Fuzzing has been one of the most successful ways to improve software quality. And it demonstrates how improving software quality improves security. Artur Cygan shares his experience in building and a…
Published on 2 months, 2 weeks ago
Threat Modeling With Good Questions and Without Checklists - Farshad Abasi - ASW #335
What makes a threat modeling process effective? Do you need a long list of threat actors? Do you need a long list of terms? What about a short list like STRIDE? Has an effective process ever come out…
Published on 2 months, 3 weeks ago
Bringing CISA's Secure by Design Principles to OT Systems - Matthew Rogers - ASW #334
CISA has been championing Secure by Design principles. Many of the principles are universal, like adopting MFA and having opinionated defaults that reduce the need for hardening guides. Matthew Roger…
Published on 2 months, 4 weeks ago
AIs, MCPs, and the Acutal Work that LLMs Are Generating - ASW #333
The recent popularity of MCPs is surpassed only by the recent examples deficiencies of their secure design. The most obvious challenge is how MCPs, and many more general LLM use cases, have erased tw…
Published on 3 months ago
AI in AppSec: Agentic Tools, Vibe Coding Risks & Securing Non-Human Identities - Mo Aboul-Magd, Shahar Man, Brian Fox, Mark Lambert - ASW #332
ArmorCode unveils Anya—the first agentic AI virtual security champion designed specifically for AppSec and product security teams. Anya brings together conversation and context to help AppSec, develo…
Published on 3 months, 1 week ago
Appsec News & Interviews from RSAC on Identity and AI - Rami Saas, Charlotte Wylie - ASW #331
In the news, Coinbase deals with bribes and insider threat, the NCSC notes the cross-cutting problem of incentivizing secure design, we cover some research that notes the multitude of definitions for…
Published on 3 months, 2 weeks ago
Secure Code Reviews, LLM Coding Assistants, and Trusting Code - Rey Bango, Karim Toubba, Gal Elbaz - ASW #330
Developers are relying on LLMs as coding assistants, so where are the LLM assistants for appsec? The principles behind secure code reviews don't really change based on who write the code, whether hum…
Published on 3 months, 3 weeks ago
AI Era, New Risks: How Data-Centric Security Reduces Emerging AppSec Threats - Vishal Gupta, Idan Plotnik - ASW #329
We catch up on news after a week of BSidesSF and RSAC Conference. Unsurprisingly, AI in all its flavors, from agentic to gen, was inescapable. But perhaps more surprising (and more unfortunate) is ho…
Published on 4 months ago
Secure Designs, UX Dragons, Vuln Dungeons - Jack Cable - ASW #328
In this live recording from BSidesSF we explore the factors that influence a secure design, talk about how to avoid the bite of UX dragons, and why designs should put classes of vulns into dungeons.
…Published on 4 months, 1 week ago