Podcast Episodes
Back to Search
Managing Secrets - Vlad Matsiiako - ASW #327
Secrets end up everywhere, from dev systems to CI/CD pipelines to services, certificates, and cloud environments. Vlad Matsiiako shares some of the tactics that make managing secrets more secure as w…
Published on 4 months, 2 weeks ago
More WAFs in Blocking Mode and More Security Headaches from LLMs - Sandy Carielli, Janet Worthington - ASW #326
The breaches will continue until appsec improves. Janet Worthington and Sandy Carielli share their latest research on breaches from 2024, WAFs in 2025, and where secure by design fits into all this. …
Published on 4 months, 3 weeks ago
In Search of Secure Design - ASW #325
We have a top ten list entry for Insecure Design, pledges to CISA's Secure by Design principles, and tons of CVEs that fall into familiar categories of flaws. But what does it mean to have a secure d…
Published on 5 months ago
Avoiding Appsec's Worst Practices - ASW #324
We take advantage of April Fools to look at some of appsec's myths, mistakes, and behaviors that lead to bad practices. It's easy to get trapped in a status quo of chasing CVEs or discussing which di…
Published on 5 months, 1 week ago
Finding a Use for GenAI in AppSec - Keith Hoodlet - ASW #323
LLMs are helping devs write code, but is it secure code? How are LLMs helping appsec teams? Keith Hoodlet returns to talk about where he's seen value from genAI, where it fits in with tools like sour…
Published on 5 months, 2 weeks ago
Redlining the Smart Contract Top 10 - Shashank . - ASW #322
The crypto world is rife with smart contracts that have been outsmarted by attackers, with consequences in the millions of dollars (and more!). Shashank shares his research into scanning contracts fo…
Published on 5 months, 3 weeks ago
CISA's Secure by Design Principles, Pledge, and Progress - Jack Cable - ASW #321
Just three months into 2025 and we already have several hundred CVEs for XSS and SQL injection. Appsec has known about these vulns since the late 90s. Common defenses have been known since the early …
Published on 5 months, 4 weeks ago
Keeping Curl Successful and Secure Over the Decades - Daniel Stenberg - ASW #320
Curl and libcurl are everywhere. Not only has the project maintained success for almost three decades now, but it's done that while being written in C. Daniel Stenberg talks about the challenges in d…
Published on 6 months ago
Developer Environments, Developer Experience, and Security - Dan Moore - ASW #319
Minimizing latency, increasing performance, and reducing compile times are just a part of what makes a development environment better. Throw in useful tests and some useful security tools and you hav…
Published on 6 months, 2 weeks ago
Top 10 Web Hacking Techniques of 2024 - James Kettle - ASW #318
We're getting close to two full decades of celebrating web hacking techniques. James Kettle shares which was his favorite, why the list is important to the web hacking community, and what inspires th…
Published on 6 months, 3 weeks ago