Securing Software's Journey with the OWASP SPVS - Ido Geffen, Rohan Ravindranath, Cameron W., Farshad Abasi - ASW #378 episode artwork

EPISODE · Apr 14, 2026 · 1H 9M

Securing Software's Journey with the OWASP SPVS - Ido Geffen, Rohan Ravindranath, Cameron W., Farshad Abasi - ASW #378

from Application Security Weekly (Audio)

It's one thing to write secure code, it's another to release it into the wild. That code needs to be designed, built, tested, released, and maintained. Farshad Abasi and Cameron Walters explain how the OWASP Secure Pipeline Verification Standard picks up from where ASVS left off, how it complements other supply chain security efforts like SLSA, and why they updated it with explicit coverage for AI. They show what goes into making a project relevant and -- most importantly -- successful at defending how supply chains are attacked. They're also looking for more feedback and participation! If you build software packages, consume software packages, or have an interest in helping organizations stay secure, check it out! Resources https://owasp.org/www-project-spvs/ https://github.com/OWASP/www-project-spvs/blob/main/1.5/ReleaseNotesOWASPSPVS1.5-AI-Pipeline-Security.md https://youtu.be/-WoqGDdivGw?si=kK5-csbnTw8Y4g2J -- The Story Behind OWASP SPVS https://slsa.dev Zero Trust That Actually Ships: Moving From Strategy Decks to Real Security Most enterprise organizations have been working at Zero Trust for years and fail to deliver truly secure environments. Rohan Ravindranath shares insights that Zappsec has gained from guiding the global teams that are succeeding at protecting their orgs. Discover the common pitfalls so you can deploy a solution that works. This segment is sponsored by Zappsec. Visit https://securityweekly.com/zappsecrsac to learn more about them! Cloning Attacker Tradecraft: Why AI Pentesting is Becoming Essential Enterprises ship code continuously, but most security validation still happens in snapshots. Novee CEO and co-founder Ido Geffen explains what "AI penetration testing" means, why it's different from automated scanning, and why it's becoming essential as attackers adopt AI to move faster. He breaks down what separates best-in-class AI pentesting: operator-like reasoning across real environments, validated exploitability, and the ability to uncover business logic flaws and multi-step attack chains. Ido covers the technology behind Novee's AI penetration tester: a proprietary LLM model, built independently of "frontier" LLMs (like Claude, ChatGPT, Cursor, etc.), and consistently outperforming them at browser exploitation tests. Finally, he shares what buyers should demand in a live evaluation and how continuous retesting closes the loop after fixes ship. This segment is sponsored by Novee Security. See what your attackers already know at https://securityweekly.com/noveersac. Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw-378

NOW PLAYING

Securing Software's Journey with the OWASP SPVS - Ido Geffen, Rohan Ravindranath, Cameron W., Farshad Abasi - ASW #378

0:00 1:09:50

No transcript for this episode yet

We transcribe on demand. Request one and we'll notify you when it's ready — usually under 10 minutes.

Frequently Asked Questions

How long is this episode of Application Security Weekly (Audio)?

This episode is 1 hour and 9 minutes long.

When was this Application Security Weekly (Audio) episode published?

This episode was published on April 14, 2026.

What is this episode about?

It's one thing to write secure code, it's another to release it into the wild. That code needs to be designed, built, tested, released, and maintained. Farshad Abasi and Cameron Walters explain how the OWASP Secure Pipeline Verification Standard...

Can I download this Application Security Weekly (Audio) episode?

Yes, you can download this episode by clicking the download button on the episode player, or subscribe to the podcast in your preferred podcast app for automatic downloads.
URL copied to clipboard!