Podcast Episodes
Back to SearchEpisode 54: Recon-NG and Burp Suite v2 with Tim Tomes
Seth and Ken are joined by Tim Tomes, aka LaNMaSteR53. We discuss Tim's path into application security, his work on Recon-NG, and his analysis of Bur…
7 years, 2 months ago
Episode 53: Building AppSec at Github with Greg Ose
Seth and Ken talk AppCache vulnerabilities and postMessage exploits from PortSwigger's Top 10 web hacking techniques of 2018. Greg Ose joins them to …
7 years, 2 months ago
Episode 52: Serialization Vulns, Managing Careers, and Hacking your Happiness with Chris Gates
Seth and Ken talk about serialization vulnerabilities, number 6 in the top web hacking techniques of 2018. Discussions on continuous integration, hac…
7 years, 2 months ago
Episode 51: XXE review and techniques, Assessment Reporting and Process with Jessica Ryan
Seth and Ken talk about new techniques for exploiting XXE, number 7 in the top web hacking techniques of 2018. Discussions on assessment process, inc…
7 years, 2 months ago
Episode 50: Static Analysis Tools, DevSecOps, Secure Code Training with Eric Heitzman
Seth and Ken talk about number 8 in the top web hacking techniques of 2018. Discussions on static analysis tools and approach to usidng them. Eric He…
7 years, 3 months ago
Episode 49: Subdomain Takeovers, DNS SSRF, Oauth Best Practices, Top 10 Web Hacking Techniques of 2019
Seth and Ken talk through subdomain takeovers vulnerabilities at large companies and identification of DNS SSRF. Ken walks through a few oauth best p…
7 years, 3 months ago
Episode 48: .dev domains, Kubernetes Secrets, Threat Modeling as Code, OWASP Glue Project and Omer Levi Hevroni
Seth and Ken discuss recent events with the .dev domain and why developers should care. Omer Levi Hevroni (@omerlh) stops by to talk about the OWASP …
7 years, 3 months ago
Episode 47: Mapping Application Source Code, Mobile OWASP Top 10, Mobile Application Testing, and Kevin Cody
Seth and Ken review steps taken during a secure code review to map out an application. Joined by Kevin Cody (@kevcody) to talk mobile application tes…
7 years, 3 months ago
Episode 46: Fuzzing, Frameworks, Training and Daniel Miessler
Seth and Ken talk about the recent release of ClusterFuzz by Google. Joined by Daniel Miessler (@Daniel Miessler) to talk about the SecLists project,…
7 years, 4 months ago
Episode 45: Making the most of Bug Bounties, managing an AppSec program, and Sean Poris
Seth and Ken are joined by Sean Poris (@skp00) of Verizon Media to talk about making the most of a bug bounty program, Sean's path into application s…
7 years, 4 months ago