The AppSec Insiders

In this episode, we sit down with Dwayne McDaniel, Principal Developer Advocate at GitGuardian, to discuss the alarming rise of secret sprawl in 2025. With over 28 million hard-coded secrets leaked on public GitHub last year alone — a 34% increase year-over-year — 2025 is officially the leakiest year on record. We dig into why it's getting worse, how AI coding tools like Claude Code are contributing to the problem, and what developers and enterprises can do about it. We also explore the future of workload identity, why long-lived credentials are a liability, and how frameworks like SPIFFE/SPIRE are paving the way toward a world without secrets altogether.

In this episode, we explore the emerging security risks of AI and LLMs in modern applications. Iman shares real-world experiences bypassing AI guardrails like LlamaGuard and OpenAI Shield, while the team discusses prompt injection attacks, system prompt exposure, excessive agency vulnerabilities, and data poisoning. Learn about the OWASP Top 10 for LLMs, why AI usage policies are critical, and how attackers are exploiting everything from calendar invites to resume processors with hidden prompts.

In this episode of The AppSec Insiders Podcast, we dive into two major security stories making headlines: a fake Solidity extension that drained a developer’s crypto wallets, and Google’s AI-powered tool “Big Sleep” uncovering a critical Chrome vulnerability. From malicious packages to AI-driven defenses, we break down what these cases reveal about today’s evolving AppSec landscape.

On this episode of The AppSec Insiders Podcast, we dive into CVE-2025-25257, a Fortinet FortiWeb Fabric Connector SQL injection vulnerability that escalates to RCE. We break down how this exploit works, why it’s so impactful, and what lessons organizations can learn, from proper network segmentation to the importance of SAST in your pipeline. We also touch on broader trends, from IoT security issues to recurring mistakes in network management. Plus, we share upcoming events where you can meet us in person and give a quick update on the Eureka DevSecOps platform launch.

In this episode, we unpack CVE-2025-49596, where prompt injection, CSRF, and localhost access were chained to achieve RCE in the MCP Inspector AI tool. Learn how the exploit worked, what it reveals about LLM security risks, and how to defend against similar threats with sandboxing, access controls, and DevSecOps monitoring.  

Welcome to The AppSec Insiders Podcast. This is a show where we discuss the hottest topics and latest trends in application and cloud security, and tell you what you need to know   For those who don’t know who we are, we are all software developers, white-hat hackers, and code security experts. When we’re not recording the podcast, we help organizations of all sizes with their cybersecurity needs. If you’re an AppSec professional looking for an opportunity to work with some of the best in the industry, or a developer with an interest in cybersecurity, be sure to check out our careers page at ForwardSecurity.com/careers We would greatly appreciate it if you subscribed to the podcast wherever you listen to the show, and be sure to follow us on LinkedIn and Twitter at Forward Security. Links are in the show notes. • https://www.ForwardSecurity.com• https://www.linkedin.com/company/fwdsec/• https://twitter.com/fwd_sec• https://forwardsecurity.com/the-appsec-insiders-podcast/

Welcome to The AppSec Insiders Podcast. This is a show where we discuss the hottest topics and latest trends in application and cloud security, and tell you what you need to know   For those who don’t know who we are, we are all software developers, white-hat hackers, and code security experts. When we’re not recording the podcast, we help organizations of all sizes with their cybersecurity needs. If you’re an AppSec professional looking for an opportunity to work with some of the best in the industry, or a developer with an interest in cybersecurity, be sure to check out our careers page at ForwardSecurity.com/careers We would greatly appreciate it if you subscribed to the podcast wherever you listen to the show, and be sure to follow us on LinkedIn and Twitter at Forward Security. Links are in the show notes. • https://www.ForwardSecurity.com• https://www.linkedin.com/company/fwdsec/• https://twitter.com/fwd_sec• https://forwardsecurity.com/the-appsec-insiders-podcast/

In this episode, we discuss 2023 Security Threats & Newcomers Recap

In this episode, we discuss the Flipper Zero and IoT Security. 

In this episode, we return to the topic from the previous episodes and continue explore the challenges of testing against the ASVS standard.

In this episode, we explore the challenges of testing against the ASVS standard - Part 3

In this episode, we continue to explore the challenges of testing against the ASVS standard.

In this episode, we sit down with Oscar van der Meer, Founder and CEO of MergeBase to discuss Software Composition Analysis (SCA) and why it is important for supply chain security.

In this episode we explore Azure Security: Raising Alarms and Reducing the Blast Radius.

In this episode we explore AWS SRA (Secure Reference Architecture).

In this episode, we explore the challenges of testing against the ASVS standard.

In this episode, we continue our discussion about OWASP Top 10 and attacks on the CI/CD pipeline.

In this episode, we explore OWASP Top 10 and the potential attacks on the CI/CD (part 1).

In this episode, we dive deep into the world of ChatGPT and AI technology. What does this mean for application security?