All Episodes
Application Security Weekly (Video) — 709 episodes
Why Basic Security Practices Still Work - Rob Allen - ASW #382
Keeping Up With the OWASP GenAI Project - Scott Clinton - ASW #381
Top 10 Web Hacking Techniques of 2025 and a Hint for 2026 - James Kettle - ASW #380
The Human Aspect of Red Teams - Brian Fox, Tom Tovar, T. Gwyddon 'Data' Owen - ASW #379
Securing Software's Journey with the OWASP SPVS - Cameron W., Farshad Abasi, Rohan Ravindranath, Ido Geffen - ASW #378
AppSec News Roundup on Claude Code Leak, Axios NPM Compromise, Secure Design - Idan Plotnik, Raj Mallempati - ASW #377
Developing the Skills Needed for Modern Software Development - Keith Hoodlet, Ron Rasin, Shashwat Sehgal - ASW #376
Why Proactive Security Is Far Better Than Patching - Erik Nost - ASW #375
Creating Better Security Guidance and Code with LLMs - Mark Curphey - ASW #374
Making Medical Devices Secure - Tamil Mathi - ASW #373
Modern AppSec that keeps pace with AI development - James Wickett - ASW #372
Helping Users with Practical Advice to Protect their Digital Devices - Runa Sandvik - ASW #371
Conducting Secure Code Analysis with LLMs - ASW #370
Bringing Strong Authentication and Granular Authorization for GenAI - Dan Moore - ASW #369
Focusing on Proactive Controls in the Face of LLM-Assisted Malware - Rob Allen - ASW #368
Building proactive defenses that reflect the true nature of modern software risk - Paul Davis - ASW #367
Lessons from MongoBleed, CWE Top 25, and Secure Coding Benchmarks - ASW #366
Secure By Design Is Better Than Secure By Myth - Bob Lord - ASW #365
The Upsides and Downsides of LLM-Generated Code - Chris Wysopal - ASW #364
AI-Era AppSec: Transparency, Trust, and Risk Beyond the Firewall - Felipe Zipitria, Steve Springett, Aruneesh Salhotra, Ken Huang - ASW #363
Modern AppSec: OWASP SAMM, AI Secure Coding, Threat Modeling & Champions - Sebastian Deleersnyder, James Manico, Adam Shostack, Dustin Lehr - ASW #362
Developing Open Source Skills for Maintaining Projects - Kat Cosgrove - ASW #361
Making OAuth Scale Securely for MCPs - Aaron Parecki - ASW #360
Making TN Critical Infrastructure the Most Secure in the Nation - T. Gwyddon 'Data' ("Gwee-thin") Owen, James Cotter - ASW #359
Figuring Out Where to Start with Secure Code - ASW #358
Secure Coding as Critical Thinking Instead of Vulnspotting - Matias Madou - ASW #357
Ransomware, Defaults, and Proactive Defenses - Rob Allen - ASW #356
Researching and Remediating RCEs via GitHub Actions - Bar Kaduri, Roi Nisimi - ASW #355
Quantum Computing Isn't A Threat To Blockchains - Yet - Sandy Carielli, Martha Bennett - ASW #354
Reacting to Ransomware and Setting Secure Defaults - Rob Allen - ASW #353
Inside the OWASP GenAI Security Project - Steve Wilson - ASW #352
Finding Large Bounties with Large Language Models - Nico Waisman - ASW #351
Changing the Vuln Conversation from Volume to Remediation - Francesco Cipollone - ASW #350
Design Errors in Entra ID, Design Defenses in iOS, Design Difficulties in DeepSeek - ASW #349
How OWASP's GenAI Security Project keeps up with the pace of AI/Agentic changes - Scott Clinton - ASW #348
Limitations and Liabilities of LLM Coding - Ted Shorter, Seemant Sehgal - ASW #347
AI, APIs, and the Next Cyber Battleground: Black Hat 2025 - Michael Callahan, Idan Plotnik, Josh Lemos, Chris Boehm - ASW #346
Translating Security Regulations into Secure Projects - Emily Fox, Roman Zhukov - ASW #345
Managing the Minimization of a Container Attack Surface - Neil Carpenter - ASW #344
The Future of Supply Chain Security - Janet Worthington - ASW #343
Uniting software development and application security - Jonathan Schneider, Will Vandevanter - ASW #342
How Product-Led Security Leads to Paved Roads - Julia Knecht - ASW #341
Rise of Compromised LLMs - Sohrob Kazerounian - ASW #340
Getting Started with Security Basics on the Way to Finding a Specialization - ASW #339
Checking in on the State of Appsec in 2025 - Sandy Carielli, Janet Worthington - ASW #338
Simple Patterns for Complex Secure Code Reviews - Louis Nyffenegger - ASW #337
How Fuzzing Barcodes Raises the Bar for Secure Code - Artur Cygan - ASW #336
Threat Modeling With Good Questions and Without Checklists - Farshad Abasi - ASW #335
Bringing CISA's Secure by Design Principles to OT Systems - Matthew Rogers - ASW #334
AIs, MCPs, and the Acutal Work that LLMs Are Generating - ASW #333
AI in AppSec: Agentic Tools, Vibe Coding Risks & Securing Non-Human Identities - Mo Aboul-Magd, Brian Fox, Mark Lambert, Shahar Man - ASW #332
Appsec News & Interviews from RSAC on Identity and AI - Charlotte Wylie, Rami Saas - ASW #331
Secure Code Reviews, LLM Coding Assistants, and Trusting Code - Rey Bango, Karim Toubba, Gal Elbaz - ASW #330
AI Era, New Risks: How Data-Centric Security Reduces Emerging AppSec Threats - Idan Plotnik, Vishal Gupta - ASW #329
Secure Designs, UX Dragons, Vuln Dungeons - Jack Cable - ASW #328
Managing Secrets - Vlad Matsiiako - ASW #327
More WAFs in Blocking Mode and More Security Headaches from LLMs - Sandy Carielli, Janet Worthington - ASW #326
In Search of Secure Design - ASW #325
Avoiding Appsec's Worst Practices - ASW #324
Finding a Use for GenAI in AppSec - Keith Hoodlet - ASW #323
Redlining the Smart Contract Top 10 - Shashank - ASW #322
Skype Hangs Up, Android Backdoors, Jailbreak Research, Pretend AirTags, Wallbleed - ASW #321
CISA's Secure by Design Principles, Pledge, and Progress - Jack Cable - ASW #321
QR Codes Replacing SMS, MS Pulls VSCode Extension, Threat Modeling, Bybit Hack - ASW #320
Keeping Curl Successful and Secure Over the Decades - Daniel Stenberg - ASW #320
Regex DoS, LLM Backdoors, Secure AI Architectures, Rust Survey - ASW #319
Developer Environments, Developer Experience, and Security - Dan Moore - ASW #319
Top 10 Web Hacking Techniques of 2024 - James Kettle - ASW #318
Unforgivable Vulns, DeepSeek iOS App Security Flaws, Memory Safety Standards - ASW #317
Code Scanning That Works With Your Code - Scott Norberg - ASW #317
New SLAP & FLOP Attacks, OCSP Fades Away, DeepSeek's ClickHouse, OAuth 2.0 Security - ASW #316
Threat Modeling That Helps the Business - Sandy Carielli, Akira Brand - ASW #316
Opengrep & Semgrep, Hacking Subarus, Hacking Synths, Stealing Cookies, and RANsacked - ASW #315
Security the AI SDLC - Niv Braun - ASW #315
Appsec Predictions for 2025 - Cody Scott - ASW #314
PyPI's Quarantine, Phishing & Awareness, Porting Fishshell to Rust, Cyber Trust Mark - ASW #313
Discussing Useful Security Requirements with Developers - Ixchel Ruiz - ASW #313
Removing Rust, Double Clickjacking, h3i CLI, JWT Mistakes, Reviewing Recursion - ASW #312
DefectDojo and Bringing Quality Appsec Tools to Small Appsec Teams - Greg Anderson - ASW #312
Ancient Curl Bug, AWS re:Invent, Malware in NPM, Census III Report, MS OTP - ASW #311
Applying Usability and Transparency to Security - Hannah Sutor - ASW #311
AI's Junk Vulns, Web3 Backdoor, LLM CTFs, 5 GenAI Mistakes, Top Ten for LLMs - ASW #310
Looking Back on 2024 - ASW #310
Fuzzing Barcodes, Fuzzing with AI, AI vs. Scammers, CWEs, Repo Swatting - ASW #309
Adding Observability with OpenTelemetry - Adriana Villela - ASW #309
AI fixes everything, C++ the actual worst, IAM is hard - ASW #308
Biometric Frontiers: Unlocking The Future Of Engagement - Andras Cser, Enza Iannopollo - ASW #308
Typosquatting NPM, vulnerability analysis, and AI challenges - ASW #307
Modernizing AppSec - Melinda Marks - ASW #307
Total Recall? LLM finds bug in SQLite, C++ safety failures, zero time for zero privs - ASW #306
Bug bounties, vulnerability disclosure, PTaaS, fractional pentesting - Grant McCracken - ASW #306
Protecting Identity of AI Agents & Standardizing Identity Security for SaaS Apps - Shiven Ramji, Arnab Bose - ASW #305
Making TLS More Secure, Lessons from IPv6, LLMs Finding Vulns - ASW #305
JSON Parsing, Email Parsing, CISA's Bad Practices Guide, Abusing Disclosure Policies - ASW #304
The Complexities, Configurations, and Challenges in Cloud Security - Scott Piper - ASW #304
Perl & PHP Vulns, Fuzzing & Parsers, Protecting Multi-Hosted Tenants, Secure Design - ASW #303
RCE from Iconv + PHP, Fuzzing a Codec, Fuzzing LLMs, Revisiting Recall - ASW #302
The Future of Zed Attack Proxy - Simon Bennetts, Ori Bendet - ASW #302
More Car Hacks, CUPS Vulns, Microsoft's SFI, Memory Safety, Password Complexity - ASW #301
Fuzzing for Vulns, GitLab Auth Bypass, JPEG Vulns, Programming Language Ranks - ASW #300
Vulnerable APIs and Bot Attacks: Two Interconnected, Growing Security Threats - David Holmes - ASW #300
A TLD Takeover, An LLM CTF, A Firmware Flaw, 6 Truths of Cyber Risk - ASW #299
Bringing Secure Coding Concepts to Developers - Dustin Lehr - ASW #299
Paying Down Tech Debt, Rust in Firmware, EUCLEAK, Deploying SSO - ASW #298
Close the Security Theater: Enter Resilience - Kelly Shortridge - ASW Vault
Apache HTTPD Vulns, Hacking IoT Speakers, Use Cases for WASM, Slack AI Leak - ASW #297
Changing the Course of IoT's Future from Its Insecure Past - Paddy Harrington - ASW #297
Navigating the Path to Maturity & AI is helping combat cyber threats - Shimon Modi, Boaz Barzel - ASW #296
The Fallout and Lessons Learned from the CrowdStrike Fiasco - Allie Mellen, Jeff Pollard - ASW #296
Reducing Supply Chain Risk & What's lurking in your phone? - Danny Jenkins, Nikos Kiourtis - ASW #295
When Appsec Needs to Start Small - Kalyani Pawar - ASW #295
Dead Code, CrowdStrike's Kernel Lessons, VMs & Security Boundaries, SLUBStick Attack - ASW #294
Building Successful Security Champions Programs - Marisa Fagan - ASW #294
A CISO's Perspective on AI, Appsec, and Changing Behaviors - Paul Davis - ASW #293
SAPwned, Squarespace Domain Hijacks, AIs Fixing Code, Infosec Investments - ASW #292
Where Generative AI Can Actually Help Security (And Where It Doesn't) - Allie Mellen, Farshad Abasi - ASW #292
A 2024 Appsec Report, Preparing for the AIxCC, Secure Design and Post-Quantum Crypto - ASW #291
Producing Secure Code by Leveraging AI - Stuart McClure - ASW #291
State Of Application Security 2024 - Sandy Carielli, Janet Worthington - ASW #290
Polyfill Empties Trust, regreSSHion, CocoaPods Vulns & Secure Design, LLM Bughunters - ASW #290
Shared Responsibility Models, AI in Offensive Security, Apple's Private Cloud Compute - ASW #289
OAuth 2.0 from Protecting APIs to Supporting Authorization & Authentication - Aaron Parecki - ASW #289
Learning EBPF - Liz Rice - ASW Vault
Microsoft Recall's Security & Privacy, Hacking Web APIs, Secure Design Pledge - ASW #288
Bots are Taking Over the Internet & Defining ASPM - Idan Plotnik, Erez Hasson - ASW #287
Open Source Software Supply Chain Security & The Real Crisis Behind XZ Utils - Luis Villa - ASW #287
Securing Shadow Apps & Protecting Data - Guy Guzner, Pranava Adduri - ASW Vault
Collecting Bounties and Building Communities - Ben Sadeghipour - ASW Vault
Unpacking XDR & Business Applications - Chris Thomas, Oliver Tavakoli - ASW #286
Node.js Secure Coding - Liran Tal - ASW #286
The Enterprise Browser & AI in Securing Software and Supply Chains - Mike Fey, Josh Lemos - ASW #285
Inside the OWASP Top 10 for LLM Applications - Sandy Dunn - ASW #285
Hacking AI Bias with Human Techniques - Keith Hoodlet - ASW #284
AI & Hype & Security (Oh My!) - Caleb Sima - ASW #284
Random Problems, Protecting Packages, and Vulns in Designs, Defaults & Data Leaks - ASW #283
Why Companies Continue to Struggle with Supply Chain Security - Melinda Marks - ASW #283
XZ & Open Source, PuTTY's Private Keys, LeakyCLI, LLMs Writing Exploits - ASW #282
Sustainable Funding of Open Source Tools - Simon Bennetts, Mark Curphey - ASW #282
Arg Parsing in Rust, End of Life Hardware, CSRB & MS, Chrome's V8 Sandbox - ASW #281
Demystifying Security Engineering Career Tracks - Karan Dwivedi - ASW #281
OWASP Breach, Types of Prompt Injection, Device-Bound Sessions, ASVS & APIs - ASW #280
Lessons That The XZ Utils Backdoor Spells Out - Farshad Abasi - ASW #280
Top 10's First Update, Metasploit's Second Update, PHP Prepares Statements, RSA & MS - ASW #279
Infosec Myths, Mistakes, and Misconceptions - Adrian Sanabria - ASW #279
Successful Security Needs a Streamlined UX - Benedek Gagyi - ASW #278
GoFetch Side Channel, OpenSSF & Security Education, Fuzzing vs. Formal Verification - ASW #278
Vulns in Smart Locks, FCC labels for IoT, ZAP's New Home - ASW #277
Figuring Out Where Appsec Fits When Starting a Cybersecurity Program - Tyler VonMoll - ASW #277
TeamCity Authn Bypass, ArtPrompt Attacks, Low Quality Vuln Reports, Secure by Design - ASW #276
More API Calls, More Problems: The State of API Security in 2024 - Lebin Cheng - ASW #276
SAML & Secrets, Serializing AI Models, OWASP ISTG, More Memory Safety - ASW #275
The Simple Mistakes and Complex Seeds of a Vulnerability Management Program - Emily Fox - ASW #275
PrintListener, Post-Quantum Crypto in iMessage, Silent Sabotage, Rust Survey Results - ASW #274
Creating the Secure Pipeline Verification Standard - Farshad Abasi - ASW #274
Redefining Threat Modeling - Security Team Goes on Vacation - Jeevan Singh - ASW Vault
LLMs & Security Tools, Shim Vuln, AI Threat Models, Configuration as Code with Pkl - ASW #273
Creating Code Security Through Better Visibility - Christien Rioux - ASW #273
Sorting Out Glibc Vulns, Apple's Security Research Device, BoringSSL, Old C Vulns - ASW #272
Starting an OWASP Project (That's Not a List!) - Grant Ongers - ASW #272
Vulns & Secure Design, MiraclePtr Success, Abandoned Projects & Maven, Old "AI Chip" - ASW #271
Getting Your First Conference Presentation - Sarah Harvey - ASW #271
Security in Wrenches, Vulns in Atlassian and GitLab, 2023's Top Web Hacking Tricks - ASW #270
Dealing with the Burden of Bad Bots - Sandy Carielli - ASW #270
Communicating Technical Topics Without Being Boring - Eve Maler - ASW #269
23andMe Blames Users, Abusing Google's OAuth2, Rustls Performance, AI Goes OSINT - ASW #268
What's in Store for 2024? - ASW #268
HTTP RFCs Have Evolved, Breaking Into Cloud, Scaling AppSec at Netflix, & Confluence - Keith Hoodlet - ASW Vault
OWASP SAMM - Software Assurance Maturity Model - Sebastian Deleersnyder - ASW Vault
Nagios and Abandoned Projects, Hacking Trains (to Fix Them), OAuth Threats, 5Ghoul - ASW #267
Making Service Meshes Work for People - Idit Levine - ASW #267
Prompt Injection Scanners, Better AI Jailbreaks, Purple Llama, Linux Kernel Security - ASW #266
The ABCs of RFCs - Heather Flanagan - ASW #266
Extracting Data from ChatGPT, Vulns Around AI, Secure AI Guidance, LogoFAIL, BLUFFS - ASW #265
All the News -- Just Six Months Later - ASW #265
Randstorm, Nothing Chats, Platform Engineering, PyPI Security Audit - ASW #264
Starting with Appsec -- Is It More of a Position or a Process? - ASW #264
Platform Firmware Security - Maggie Jauregui - ASW Vault
Fuzzing Strategies, Responding to CISA's Open Source Security RFI, 35 Year Old Worm - ASW #263
How 2023 Changed Application Security and What's to Come in 2024 - Karl Triebes - ASW #263
Citrix Bleed, Atlassian Authz Vuln, OpenJS & jQuery, Secure Future Initiative - ASW #262
Security from a Developer's Perspective - Josh Goldberg - ASW #262
Abusing OAuth, State of DevOps, Nightshade and AI, iLeakage, Sandboxing Apps - ASW #261
How Security Tools Must Evolve - Dan Kuykendall - ASW #261
Okta Breach, SolarWinds RCEs, CISOs and Boards, Crypto Business Logic, Secure Design - ASW #260
OAuth, WebAuthn, and the Impact of Design Choices - Dan Moore - ASW #260
HTTP/2 Rapid Reset, Curl's SOCKS5 Bug, Standardizing CycloneDX, AI Bug Bounty - ASW #259
OT Security - Huxley Barbee - ASW #259
Curl's Impending Patch, Glibc's Looney Tunables, ShellTorch, Another Top 10 List - ASW #258
Shifting Focus to Make DevSecOps Successful - Janet Worthington - Janet Worthington - ASW #258
A Deceptive Dependabot, Insecure JWT, CISA Wants HBOMs, OpenSSF's Critical Projects - ASW #257
Creating Presentations and Training That Engage an Audience - Lina Lau - ASW #257
Equifax's Breach, CISA's 1,000 Vulns, Rust's TLS Library, Complexity vs. Design - ASW #256
Supply Chain Security Security with Containers and CI/CD Systems - Kirsten Newcomer - ASW #256
Azure's Eight XSS Vulns, CNCF's Two Security Audits, CISA's OSS Roadmap, Repojacking - ASW #255
Stopping Business Logic Attacks: Why a WAF is no Longer Enough - Karl Triebes - ASW #255
Microsoft Dumps a Key, Grafana Logs a Key, URL Parsers Disagree, Old Bug in Ubuntu - ASW #254
Building a Scanner and a Community with Zed Attack Proxy - Simon Bennetts - ASW #254
Broadening What We Call AppSec - Christien Rioux - ASW Vault
Go Crypto in Practice, Excel Executes Python, Protecting Users, DARPA Distills - ASW #253
How Can Security Be Smart About Using AI? - Jeff Pollard - ASW #253
Discord.io Stops, Azure AD Pops, Zoom AI Drops, Model Confusion Attacks, Early XSS - ASW #252
Security in a Cloud Native World & Mobile App Attacks - Asaf Ashkenazi, Jason Rolleston - ASW #252
DARPA's AI Challenge, CISA Wants Secure Open Source, 5 Years of Vuln Research - ASW #251
Pointers and Perils for Presentations - Josh Goldberg - ASW #251
Zap's New Home, Clang & Security Tools, LLM Attacks, Rust Supply Chain - ASW #250
You've Got Appsec, But Do You Have ArchSec? - Merritt Baer - ASW #250
Zenbleed, Drop in Zero-Days, Security Testing Handbook, Public Speaking - ASW #249
Identity and Verifiable Credentials in Cars - Eve Maler - ASW #249
SSH-Agent RCE, CTFs & bug bounties, Satellite Security, Cyber Trust Mark, Bad.Build - ASW #248
Navigating the Complexities of Development to Create Secure APIs with Kristen Bell - Kristen Bell - ASW #248
Kubernetes and silentbob strike back, EV charger hacking, fake POCs - ASW #247
Securing Non-Election Election Systems, Modernizing AppSec Education - Brian Glas - ASW #247
Developer-Focused Security - Melinda Marks - ASW #246
Software Trust & Adversaries - Shannon Lietz - ASW #246
The Psychology of Training - Matias Madou - ASW Vault
XSS in Azure, Choosing Web Research Topics, Security Dev-in-Residence, More Myths - ASW #245
Invicti AppSec Indicator: Latest Web Vulnerability Trends & Best Practices - Patrick Vandenberg - ASW #245
Policy Momentum in Coordinated Vulnerability Disclosure - Amit Elazari - ASW Vault
Verizon DBIR, CVSS 4.0, Security at Scale, Big IAM Challenge - ASW #244
Eliminate Security Vulnerabilities with App Modernization and Identity Orchestration - Eric Olden - ASW #244
LLM Top 10, Simple Vulns, PyPI Requires 2FA, ThinkstScapes Quarterly, Fun w/ Learning - ASW #243
What's the Deal with API Security? - Sandy Carielli - ASW #243
Doing Application Security Right - Farshad Abasi - ASW Vault
New TLDs Zip By, eBPF Fuzzer, Microsoft Rocks Rust, Unwanted Tracking Spec - ASW #242
Ten Things I Hate About Lists - ASW #242
Staying Ahead of Hackers: Protecting Mobile Apps & Detecting Malicious Packages - Asaf Ashkenazi, Jeff Martin - ASW #241
What to Do When the Honeymoon Period Ends - Chris Eng - ASW #241
Strengthening Your Security Position: Detecting Software Supply Chain Breaches - ASW #240
Close the Security Theater: Enter Resilience - Kelly Shortridge - ASW #240
Mitigating AppSec Risk with Systematic Testing and Effective Attack Mitigation - Karl Triebes, Patrick Vandenberg - ASW #239
Application Security Maturity and Frameworks - Francesco Cipollone - ASW #239
A Forecast for Threat Groups, K8s Security Audit, GhostToken on Google, BrokenSesame - ASW #238
The Intersection of Hacking, Technology, and Civil Society with Jeff Moss - Jeff Moss - ASW #238
Deps.dev API, Right to Repair Tractors, Secure by Design, WebSockets, Adversarial AI - ASW #237
Collecting Bounties and Building Communities - Ben Sadeghipour - ASW #237
Application Security in Cloud - Vandana Verma Sehgal - ASW #236
JSON and a Regex, IoT Passwords, CAN Injection, Twitter CVE, Complexity, Tabletops - ASW #236
BingBang, Super FabriXss, 3CX on macOS, Secure Code Game, Real World Crypto 2023 - ASW #235
Learning eBPF - Liz Rice - ASW #235
OpenAI Info Leak, BitCoin ATM Hack, GitHub RSA SSH Key, Measuring AI Security - ASW #234
Real-life Examples. Benefits, Risk & Security Implications of AI - Frank Catucci - ASW #234
PassTheHash from Outlook, RCE in Modem Chipset, OpenSSH Sandboxes, Curl's Anniversary - ASW #233
Automating Security With Static Analysis - Josh Goldberg - ASW #233
Loom Disclosure, GitHub 2FA, Buffer Overflow in TPM, Dropbox Career Framework - ASW #232
The OWASP ASVS and Sustainable Software Security Practices - Josh Grossman - ASW #232
WebSocket Hijack, Post-Quantum Side-Channel, OWASP's Future, OAuth Misconfigs, ZAP - ASW #231
A Deep Dive Into Software Supply Chain Security - Neatsun Ziv - ASW #231
Twitter 2FA, Server-Side Prototype Pollution, AI Security & Privacy, Smarter Testing - ASW #230
Supply Chain Breaches and Hacking the Cloud: Lessons Learned from IR - Lina Lau - ASW #230
Reddit Breach, Toyota Bugs, OpenSSL Vulns, Top 10 Web Hacking Techniques of 2022 - ASW #229
What's the Best Way to Threat Model? - Nick Selby - ASW #229
Aviation ASCII Art, OpenSSH Double-Free, F5 Format String, OSC&R for Supply Chains - ASW #228
Myths and Lies in Infosec - Adrian Sanabria - ASW #228
Source Leaks, BIND DoS, Refactoring Go to Typescript, Git Audit & Rust, SQL Slammer - ASW #227
There Is No Average Behavior - Dr. David Movshovitz - ASW #227
Breach Disclosures, SSRF in Azure, Integer Flaws, Top 10 Web Hacking Techniques - ASW #226
Crafting Security Training for Secure Code and Security Culture - Marudhamaran Gunasekaran - ASW #226
CircleCI Breach, Vulns in Auto Sites, Google Speaker Bugs, Office Space, S3 Defaults - ASW #225
Securing your APIs using OAuth - Dan Moore - ASW #225
Security Product Metrics, ML 101, PEACH for Cloud, Log4Shell Lookback, Appsec Tools - ASW #224
DevSecOps Essentials - Keith Hoodlet - ASW #224
Another Ping of Death, Clever JSON Manipulation, iCloud Encryption, ChatGPT Threats - ASW #223
Redefining Threat Modeling - Security Team Goes on Vacation - Jeevan Singh - ASW #223
Android Platform Certs Leaked, Hell's Keychain, Web Hacking Cars, Bug Bounty Tips - ASW #222
Inoculating Malicious Content: Making File Types Safe to Handle - Aviv Grafi - ASW #222
AWS AppSync Vuln, Zero-Initialization, HTTP/3 Connections, Thinkst Quarterly - ASW #221
Searching on Encrypted Data: MongoDB's Queryable Encryption - Kenn White - ASW #221
CosMiss, Pixel Lock Screen Bypass, IIoT Path Traversal, NSA on C & C++, Code Reviews - ASW #220
The Top 10 CI/CD Security Risks and CI/CD Goat - Daniel Krivelevich - ASW #220
Punycode in OpenSSL, Authn in Cosmos DB Notebooks, Documenting Security, IoT Labels - ASW #219
Bad Bots are Targeting Your APIs: What You Need to Know - Karl Triebes - ASW #219
Critical OpenSSL Vuln, SQLite Vuln, Apple Security Blog, Randomness & Shuffling - ASW #218
Understanding Web3 Application Security - Sandy Carielli, Martha Bennett - ASW #218
Text4Shell, GUAC for SLSA, OpenSSF Scorecards, Toner Deaf, OWASP Elections - ASW #217
Kubernetes, Container and Cloud Best Practices for Securing Cloud Apps and Hardening - Kong Yew Chan - ASW #217
FortiOS Exploit, Linux Kernel Wi-Fi Vulns, Infosec Communities, Secure Coding - ASW #216
How NVIDIA Uses AI to Address Cybersecurity Challenges - Jason Recla - ASW #216
Rust in the Linux Kernel, Uber Security Verdict, Prototype Pollution, PHP Composer - ASW #215
Creating and Curating Educational Resources for Secure Coding - Akira Brand - ASW #215
Exchange RCE, Patching at Scale, DORA Metrics, USENIX Best Papers, Passkeys - ASW #214
Critical Requirements for Cloud Native Application Security - Dean Agron - ASW #214
Authz Bypass in Oracle Cloud, Chrome Prototype Pollution, Why Security Products Fail - ASW #213
Show, Don't Tell, Your Developers How To Write Secure Code - Janet Worthington - ASW #213
Uber Breach, Rust Security Team, MiraclePtr, Supply Chain Criticism, Careers - ASW #212
API Security from a Developer's Perspective - Sam Placette - ASW #212
Go Vuln Project, OSS-Fuzz Successes, No More Basic Auth, NSA Supply Chain Hardening - ASW #211
Shifting Left Probably Left You Vulnerable. Here's How You Can Make it Right. - Sonali Shah - ASW #211
Twitter Whistleblower Complaint, LastPass Breach, Threat Modeling Culture - ASW #210
Cloud Security Frameworks: Clarity vs. Confusion - Doug Dooley - ASW #210
Debugging & Dev Tools, Isolating PostgreSQL, Abusing the DevOps Pipeline, Xiaomi Flaw - ASW #209
AppSec Tips & Tricks for Cloud Native and Kubernetes Environments - Kiran Kamity - ASW #209
Microsoft Bounties & Edge Security, Strategic Bounty Programs, HTTP Desync Attacks - ASW #208
Good, Not Perfect, AppSec - Tanya Janca - ASW #208
Auth Problems from Parsing, Slack's Password Hashes, Twitter's Info Breach - ASW #207
Agility Broke AppSec. Now It's Going to Fix It - Chen Gour Arie - ASW #207
Smart Lock and Simple Vulns, Macros and Secure Defaults, Breaches and Costs - ASW #206
Reachability & Attackability - Manish Gupta - ASW #206
Atlassian Vuln, Attacking OAuth, OpenSSF Security Audits, Tabletop Exercises - ASW #205
How to Build a Successful Continuous Application Security Program - Ferruh Mavituna - ASW #205
0-Day Vulnerabilities & What's Next - Larry Maccherone - ASW #204
Retbleed, CSRB's First Report, a Case-Sensitive Action, Mac Malware Book - ASW #204
iOS Lockdown Mode, 2FA in PyPI, CloudVulnDB, & Practical Attacks on ML - ASW #203
The Security Challenges That Devs Encounter When Building Secure Apps - Farshad Abasi - ASW #203
Answering the 'How' Questions of Software Security - Nikhil Gupta - ASW #199
Pwn2own, Verizon's DBIR, Zoom's XMPP Flaws, $10M Bounty, & More Bad Packages - ASW #199
More Fuzzing, a Decade of OT Security, & Top Threats to Cloud Computing - ASW #202
How GraphQL & Template Injection Threats Influence App Architectures - Mike Benjamin - ASW #202
Hertzbleed, SynLapse, Java Deserialization, More MFA, Firmware Flaws, & Zombie 0-Day - ASW #201
IE11 Goes to Zero -- A History of Browser Security and Bug Bounties - ASW #201
OWASP Top 10 for K8s, Firefox Process Isolation, Secure Software Factory, CFAA Policy - ASW #198
The Psychology of Training - Matias Madou - ASW #198
RSAC Micro Interviews - Cisco & Invicti Security - Jeetu Patel, Sonali Shah - ASW #200
HTTP RFCs Have Evolved, Breaking Into Cloud, Scaling AppSec at Netflix, & Confluence - ASW #200
Developing Future Cybersecurity Contributors - Brian Glas - ASW #197
Typosquatting, Curl's Security Update, & OpenSSF's 10 Point Mobilization Plan - ASW #197
Smart Contract Security, Heroku Breach, & Real World Crypto Highlights - ASW #196
Securing SAP: Addressing the Critical & Complex Challenge - Christoph Nagy - ASW #196
ExtraReplica, Document.domain Disfavored, & Highlights From Thinkst Quarterly - ASW #195
Bad Bots - Automated Threat Targeting Your Websites, Mobile Apps, & APIs - Lynn Marks - ASW #195
Java's ECDSA for Nought, Writing a Kernel RCE, Okta's Conclusion, Log4Shell Hot Patch - ASW #194
What Does Software Supply Chain Security Threat Mean to Developers? - Dr. Chenxi Wang - ASW #194
OAuth Tokens Taken, Vulns in Medical IoT, Scoring a Proactive Security Culture - ASW #193
Appsec (and adjacent) Metrics - ASW #193
SSRF at a FinTech, Zoom's Bounties, SLSA Build Provenance, & Raspberry Pi Credentials - ASW #192
Service Mesh & Zero Trust Kubernetes Security - William Morgan - ASW #192
Escaping from BlastDoor's Sandbox, Spring RCE, Old Zlib Flaw, Startup Security - ASW #191
Democratizing Software Security - Eric Allard - ASW #191
Okta & LAPSUS$, Fuzzing Rust, SQL Injection & Stale Code, Log4j Lessons - ASW #190
How to Build a Developer-First Application Security Program - Harshil Parikh - ASW #190
A Great Escape, Peace Not War, & How to Burp Good - ASW #189
Helping Secure OSS Software - Alvaro Munoz - ASW #189
Dirty Pipe, AutoWarp Vuln in Azure, TLStorm Hits UPS Devices, Car Hacking - ASW #188
Doing Application Security Right - Farshad Abasi - ASW #188
Vulns in Markdown Parsers, Census II & Open Source Security, iCloud Private Relay - ASW #187
Deep Visibility & Understanding the Underlying Data Layer - Lebin Cheng - ASW #187
Bug Bounty Costs, GitHub's Advisory Database, ICS Vulns of 2021, CNCF Secure Software - ASW #186
Integrating Appsec Tools for DevOps Teams - Steve Wilson - ASW #186
Cassandra RCE, Pixelation Is Poor Redaction, Rust's Useful Errors, & Hardening Edge - ASW #185
The DIY AppSec Lab - ASW #185
Docker Boundaries, Google Bounties, 2021's Top Web Hacks, Apple AirTags, AI vs. RFCs - ASW #184
The Modern Developer Must be Security Minded, Too - Doug Kersten - ASW #184
HTTP/3 Streams, Argo CD Paths, Log4j Devs, Cyber Safety Review Board, OSSF Projects - ASW #183
Policy Momentum in Coordinated Vulnerability Disclosure - Amit Elazari - ASW #183
PwnKit, Qubit Hack, Multichain Hack, Safari Bounty, & Python NaN - ASW #182
Shift Left, NOT S#!T LEFT - Larry Maccherone - ASW #182
IndexedDB Leak, Linux Kernel Bug, Zoom Security, SSRF & Allow Lists, Security Courses - ASW #181
API Security (Shadow APIs) - Himanshu Dwivedi - ASW #181
Scams and Security in Web3*, URL Parsing Problems, AWS Glue, CI/CD Compromises - ASW #180
Investing in Open Source Security - ASW #180
Log4j for FTC, More JNDI, Cache Poisoning, Improving Default Configs, ThinkstScapes - ASW #179
Broadening What We Call AppSec - Christien Rioux - ASW #179
Latest Log4j, Outages & Availability, FPGA Security Concepts, & Bug Bounty Awards - ASW #178
Evolving Security Testing - Dan Guido - ASW #178
Log4Shell, Mozilla's BigFix & New Sandbox, Rust in Linux Kernel, Path Traversal in Go - ASW #177
DevSecOps, Compliance GRC, and the Future of Application Security - Francesco Cipollone - ASW #177
Bug Bounties in Windows/WebKit, Edge Hardening, OAuth Hardening, & GoDaddy Breach - ASW #176
Solving Systemic Risk in Software Development - Chris Wysopal - ASW #176
CVEs 4 CSPs, Malicious PyPi, Bounty Programs, Shared Responsibility, & Breach Costs - ASW #175
wasmCloud - Distributed Computing With WebAssembly - Liam Randall - ASW #175
PAN-OS Vuln, ChaosDB, Fuzzing BusyBox, Refactoring in Rust, HTML Smuggling - ASW #174
Mobile Application Security - Ryan Lloyd - ASW #174
Linux Kernel TIPC RCE, NPM Malware, OTP 2FA Bots, & Security Labels - ASW #173
A Standardized Approach to SBOM - Dan McKinney - ASW #173
Discourse RCE, Trojan Source, WhatsApp Security, & Privacy Engineering - ASW #172
Untangling API Security in 2022 - Peter Klimek - ASW #172
UAParser.js Malware in NPM, Squirrel Sandbox Escape, Securing CI/CD, & AppSec Videos - ASW #171
Security Champions in an Online First World - Ashish Rajan - ASW #171
View Source, Bindiff for Vuln Analysis, Bypass with GitHub Actions, & NIST DevSecOps - ASW #170
Dev(Sec)Ops Scanning Challenges & Tips - Nuno Loureiro, Tiago Mendo - ASW #170
Twitch Breach, HTTPd Path Traversal, Disabling Macros, & Great Cybersecurity Programs - ASW #169
Modernizing the Management of Your Software Supply Chain - Tom Gibson - ASW #169
Prototype Pollution, Funding Open Source Security, Expiring Root CA, Mariana Trench - ASW #168
The Power of Developer-First Security - Hillary Benson - ASW #168
AppSec Orchestration/Correlation & DevSecOps Efficiency - Anita D'Amico, Patrick Carey - ASW #167
Exchange's Great Leak, RCE in VMware, IoT Bug in MQTT, & Chrome's Memory Safety Nets - ASW #167
OMIGOD, FORCEDENTRY, Code Ownership, Security as a Product, & IoT Device Criteria - ASW #166
Transforming Modern Software Development with Developer-First AppSec - Jeff Williams - ASW #166
OWASP Top 10, CISA Bad Practices, Azurescape, Confluence RCE, & API Security Tokens - ASW #165
Findings From the 2021 AppSec Shift Left Progress Report - Manish Gupta - ASW #165
ChaosDB, OpenSSL String Bugs, Revealing Locations, & More Top 15 Vulns - ASW #164
A DevOps Perspective on Risk Tolerance & Risk Transfer - Caroline Wong - ASW #164
BlackBerry's BadAlloc, Glibc's NULL, Backtick Command Injection, & ProxyLogon Details - ASW #163
Challenges in Open Source Application Security - Shubhra Kar - ASW #163
Cracked Concatenation, Injection Against DNS, Allstar GitHub, & DEF CON Highlights - ASW #162
DevSecOps - Making It Real - Mike Rothman - ASW #162
Securing Modern Web Apps: Development Techniques are Changing - Tom Hudson - ASW #161
Router Auth Bypass, Weak IoT RNG, HTTP/2 Request Smuggling, & Kindle Fuzzing - ASW #161
PunkSpider, Bug Bounties, RCE in PyPI, Kernel Pwning With eBPF, & Top Vulns From CISA - ASW #160
Platform Firmware Security - Maggie Jauregui - ASW #160
CWE Top 25, Bugs in Inconstancies, Sequoia Vuln, Twitter Transparency, & Cloud Risks - ASW #159
Navigating the Seas of Security in Serverless Functions - Peter Klimek - ASW #159
Code Comments, Decision Trees, Windows Hello, Telegram Analysis, & Cloud Risks - ASW #158
The Role of Open Source in DevSecOps - David DeSanto - ASW #158
Password Mismanager, Trusted Types vs. DOM XSS, PrintNightmare, & Fault Injections - ASW #157
Web App and API Security Needs to Be Modernized: Here's How - Sean Leach - ASW #157
Semgrep, Microsoft Signs With Rootkits, ATT&CK/D3FEND, & Injured Android - ASW #156
Scaling Your Application Security Program - Clint Gibler - ASW #156
Supply Chain Integrity, Format Strings, Systemd Bug, Instagram Bounty, & Refactoring - ASW #155
Challenges of DAST Scanners / Adoption by Developers - Nuno Loureiro, Tiago Mendo - ASW #155
ALPACA, EA Breach, sprintf Lives, Go Fuzzing, K8s Goat, & OT Basics - ASW #154
OWASP SAMM - Software Assurance Maturity Model - Sebastian Deleersnyder - ASW #154
HTTP Goes QUIC, Security & Humans, Amazon Sidewalk Privacy, & Product Abuse - ASW #153
API Security: Understanding Threats to Better Protect Your Organization - Daniel Hampton - ASW #153
IIS Bug, Browsers & Androids & Supply Chains Oh My! - ASW #152
Bringing AppSec to a Modern CI Pipeline - Manish Gupta - ASW #152
CNCF Supply Chain, Frag Attacks, Securing Webhooks, & Complexity vs. Security - ASW #151
Third Party Software Risk on the Web - Aanand Krishnan - ASW #151
AirTags & Threat Models, Qualcomm Modem Vuln, Exim RCE(s), & Binary Hardening - ASW #150
Delivering On the Promise of Application Security - Ankur Shah - ASW #150
BadAlloc Vulns, Gatekeeper Bypass, & More Spectre in Micro-Op Caches - ASW #149
Why Developers Need to Think Differently About Software Security - Rey Bango - ASW #149
Signal Aesthetics, AirDrop Privacy, Safety vs. Security, & Data Ordering Attacks - ASW #148
Deceptive Diffs From Subversive Submitters - ASW #148
Rust in Android, Vuln Disclosure, Postmortems, & BootHole Follow-Up - ASW #147
Supply Chain Management - Doug Barbin - ASW #147
Malicious PHP Commits, OAuth Attacks & XML Injection, & Zines For DevSecOps - ASW #146
Shifting Right: What Security Engineers Can Learn From DevSecOps - Leif Dreizler - ASW #146
TikTok Analysis, Patching Patches, CI/CD Integrity, Faster Fuzzing, & Slack Safety - ASW #145
OWASP Top 10 of 2021 - Andrew van der Stock - ASW #145
Supply Chains in Azure SDK/Xcode, GitHub Sessions, & GCP VRP - ASW #144
Approaching AppSec Like a Hacker - Johanna Ydergard, Roberto Giachetta - ASW #144
Unauth'd RCE, "Regexploits", Post-Spectre Web, & SigStore Signing - ASW #143
Cloud Native Security Platforms - John Morello - ASW #143
Security Engineering, Evil Packages, Exchange SSRF, & Observability - ASW #142
Privacy, Data Security & Compliance - Cynthia Burke - ASW #142
JSON, OpenSSL, Educational Resources, & Flaws in CodeQL - ASW #141
Hackable; How to do Application Security Right - Ted Harrington - ASW #141
Dependency Confusion, Suspender Falls, Web Shells, & AppSec Scale - ASW #140
Targeting, Exploiting, & Defending Linux - Brandon Edwards - ASW #140
BBPLR, API Security Trends, Memory Unsafety, & Patching 0-Days - ASW #139
Being a Serial Entrepreneur, Business Leader, & Hacker - Alissa Knight - ASW #139
Sudo Vuln, Libgcrypt, BlastDoor on iMessage, & AWS Lambda security - ASW #138
Groundhog Day - It's Time to Reset the Script on Vulnerabilities - John Delaroderie - ASW #138
KindleDrip, State of Messaging State Machines, DoH, & Data Security Strategies - ASW #137
Reading Industry Analyst Tea Leaves To Predict The Future - Taylor McCaslin - ASW #137
Google 2FA Cloning, Speed vs. Security, & "Hack The Army" Bug Bounty 3.0 - ASW #136
Fuzz Testing - Andrei Serban - ASW #136
Kubernetes Clusters, Microsoft Solarigate, & Apple's Security DIY - ASW #135
Security By Design - ASW #135
Atheris Python Fuzzer, Bronze Bit Attack, & FireEye Highlights - ASW #134
Freedom From Computing Environments - Ev Kontsevoy - ASW #134
Google Play Bug, GitHub, iPhone Radio Reboots, & Docker Hub Vulns - ASW #133
Security Web Applications Against Modern Threats - John Delaroderie, Mike Manrod - ASW #133
Top CyberSec Skills for 2021, Xbox Gamertag Bug, & MobileIron RCE Flaw - ASW #132
Security Decisions During Application Development - Tim Mackey - ASW #132
Drupal Flaws, DevSecOps Implementation, & Cloud Native Security White Paper - ASW #131
Threat Modeling Deep Dive - ASW #131
'Platypus' Attack, IDOR DOD Bug, & 2 More Chrome 0-Days - ASW #130
Automated Hacker Knowledge - Rickard Carlsson - ASW #130
Security Is a Feature - Keith Hoodlet - ASW #129
China's Top Hacking Contest, GitHub Actions, & Vulnonym - ASW #129
Lax IoT, Adobe Flash Croaks, Link Preview Vulns, & Security Theatre! - ASW #128
Azure App Service & Cloud-Native Signal Sciences Deployments - Alfred Chung - ASW #128
Cyber Risk in Industrial IoT, Firefox 'Site Isolation', & Chrome 0-Day Bug - ASW #127
Cyber Resiliency Through Self-Healing Cloud Infrastructure - Cesar Rodriguez - ASW #127
Windows "Ping of Death", SonicWall VPN RCE , & MediaTek BootROM Glitch - ASW #126
The Future of Application Security Testing (AST) - Taylor McCaslin - ASW #126
Fortinet SIEM RCE, Facebook Bug Bounty, & Anti-Virus Vulnerabilities - ASW #125
Application Security Best Practices - James Manico - ASW #125
DOMOS 5.8 OS Command Injection, API Shield, & TRB245 Vulnerabilities - ASW #124
Things Every Developer Should Know About Security - Chris Romeo - ASW #124
Bypassing TikTok's MFA, Instragram RCE, & Chrome Security Updates - ASW #123
The Difference Between Finding Vulns & Securing Apps - ASW #123
Project OneFuzz, Bluetooth Spoofing Bug, & Safeguarding Secrets - ASW #122
Visualizing & Detecting Threats For Your Custom Application - Justin Massey - ASW #122
RCE via BACKBLAZE, Microsoft Patch Tuesday, & CRYLOGGER - ASW #121
The People & Process of DevOps - Frank Catucci - ASW #121
GitHub to Ruby 2.7, CISO Success, & Lessons From Uber - ASW #120
Detecting Threats & Avoiding Misconfigs In The Cloud-Age - Marc Tremsal - ASW #120
ATM Attacks, gcploit, & ClusterFuzz - ASW #119
DevOps-First Application Security For Mid-Markets - Sundar Krish - ASW #119
AWS S3 Crypto SDK, ReVoLTE Attack, & Microsoft Bug Bounties - ASW #118
Immutable Security For Immutable Infrastructure - Cesar Rodriguez - ASW #118
SWVHSC: Amazon GuardDuty, Sandboxing & Workload Isolation, & No More SHA-1 - ASW #117
SWVHSC: How Does Sec Live In A DevOps World? - Mike Rothman - ASW #117
TaskRouter JS SDK, EL1/EL3 Vulnerability, & 234 Alexa Skills Store Violations - ASW #116
Fixing Vulnerabilities Effectively & Efficiently - John Matherly - ASW #116
SIGRed RCE, Google Cloud 'Confidential VMs', & Twitter Hack Crypto Scam - ASW #115
Cloud Security Posture Management & Governance - Bhasker Nallapothula, Kris Rajana - ASW #115
Top Bug Bounty Rankings, Zoom 0-Day, & Firefox Send Malware - ASW #114
DevSecOps - Judy Ngure - ASW #114
Guacamole RCE, PAN-OS Flaw, & A Culture of Resilience - ASW #113
Protecting Mobile Applications - Catherine Chambers, Will Hickie - ASW #113
DLL Hijacking, Trust Through Privacy, & Adobe EOL Data - ASW #112
Using IaC to Establish & Analyze Secure Environments - Cesar Rodriguez - ASW #112
CallStranger, SMBleedingGhost, & Misconfigured Kubeflow - ASW #111
Data Mapping & Data Value Journey - Michelle Dennedy - ASW #111
Zoom Vulns, Apple 0-Days, & Abandoned Domains - ASW #110
The Future State of AppSec - Phillip Maddux - ASW #110
Apps Are the New Endpoint - Catherine Chambers - ASW #109
How to Prevent Account Takeover Attacks - John Chirhart - ASW #109
Highlights From the New Open Source Security and Risk Analysis Report - Tim Mackey - ASW #108
Using Rate Limiting to Protect Web Apps and APIs - Jack Zarris - ASW #108
Samsung RCE 0-Click, Whispers, & Compromising Pluton - ASW #107
How Can Security Work TOGETHER, Not Against, Developers - Joe Garcia - ASW #107
Psychic Paper, Salt RCE, & Love Bugs - ASW #106
Modern Application Security & Container Security - Gareth Rushgrove - ASW #106
Nintendo Breach, NSA Advisory, & Security of IoMT - ASW #105
Threat Modeling in AppSec - Avi Douglen - ASW #105
Malicious Ruby Gems & JSON Web Token Bypass - ASW #104
Building an AppSec Ecosystem - Rebecca Deck - ASW #104
Zooming Alex Stamos & Building Security TestOps - ASW #103
Making Kubernetes a Hostile Place for Attackers - Brad Geesaman - ASW #103
Zoom Flaws, 'Zombie' win32k Bug, & Inputscope - ASW #102
You're (probably) Doing AppSec Wrong - Grant Ongers - ASW #102
The Benefits of SAST and SCA in Your IDE - Utsav Sanghani - ASW #101
Singularity: A Different Take on Container Security - Adam Hughes - ASW #101
Bottlerocket, Supply Chain Casualty, DevOps Sweet Spot - ASW #100
DevSecOps / Scaling Security - Clint Gibler - ASW #100
CISOs, CVE, DevOps, Gandalf - ASW #99
Guy Podjarny, Snyk - Guy Podjarny - ASW #99
InfoSec World Workshop: DevSecOps and Cultural Transformation - Dan Petit - ASW #98
Ghostcat, Apache, Networks, Starliner - ASW #98
Application News - RSA Conference News and Activities - ASW #97
Chris Eng Interview - What's New with Veracode - Chris Eng - ASW #97
SweynTooth, OWASP, CRXcavator, DevSecOps - ASW #96
Lessons Learned From The DevSecOps Trenches - Doug DePerry - ASW #96
WhatsApp Flaw, Dropbox Bug Bounty Program, Investigating Web Shell Attacks - ASW #95
Mitigating at Design Time - Shaun Lamb - ASW #95
Scaling an AppSec Program - ASW #94
Xbox Bounty Program, Magento Patch, RCE in OpenSMTPD - ASW #94
Pwn2Own In Miami, Cloud Vuln., Deconstructing Web Cache Deception Attacks - ASW #93
Dynamically Protecting Mobile Applications With RASP - John Butler - ASW #93
Crypto Bugs, IoT Planes and Application Inspectors, Oh My! - ASW #92
Protecting Data in Apps and Protecting Apps from Data - ASW #92
The Evolution of DevSecOps and AppSec Trends in 2020 - Hillel Solow - ASW #91
Application News - ASW #91
Application News - ASW #90
Privacy by Design - ASW #90
Binary Planting, GitLab, and DevOps Pipelines - ASW #89
API Security - Dave Ferguson - ASW #89
The World Runs On Open-Source, But Who's Paying For Gas? - ASW #88
Software Bill of Materials (SBOM) - Allan Friedman - ASW #88
Facebook, Twitter, & Firefox - ASW #87
Bot Management - Sandy Carielli - ASW #87
Application News - ASW #86
Development Decisions Affect The Security Of Any Application - Tim Mackey - ASW #86
Sysdig Secure 3.0 - Pawan Shankar - ASW #85
Mirantis' Docker, CISOs, & End of Life Dates - ASW #85
Application News - ASW #84
Security Testing - ASW #84
Application News - ASW #83
Teaching Security In Software Development - Daniel Lowrie, Justin Dennison - ASW #83
Application News - ASW #82
Bug Bounties, Pentesting, & Scanners - ASW #82
Application News - ASW #81
Doug Coburn, Signal Sciences - Doug Coburn - ASW #81
Application News - ASW #80
Francois Lascelles, Ping Identity - ASW #80
Application News - ASW #79
Cloud Security for Small Teams - ASW #79
Application News - ASW #78
Information Disclosure Vulnerabilities - Ryan Kelso - ASW #78
Training For Developers - Nicolas Valcárcel - ASW #77
Application News - ASW #77
Bugs, Breaches, & More - ASW #76
OWASP Application Security Verification Standard - ASW #76
Bugs, Breaches, & More - ASW #75
Tools in the DevOps Pipeline: Ty Sbano, Sisense - ASW #75
Black Hat Interviews - WhiteSource and Venafi - ASW #74
Container Security With Sysdig Secure 2.4 - Pawan Shankar - ASW #74
Bugs, Breaches, and More! - ASW #73
Ping Identity, Cequence, & NowSecure - ASW #73
Application News - ASW - News #72
Hacker Summer Camp Round-UP - ASW - Topic #72
Application News - Application Security Weekly #71
Container Security Today - Application Security Weekly #71
Application News - Application Security Weekly #70
Secure App Deployment With Unikernels - Application Security Weekly #70
Application News - Application Security Weekly #69
Securing Multi-Cloud Environments - Application Security Weekly #69
Application News - Application Security Weekly #68
Cloud Native - Application Security Weekly #68
Security Training for Devs - Application Security Weekly #67
GKE, AWS, & S3 Buckets - Application Security Weekly #67
Don't Ignore APIs - Application Security Weekly #66
Osquery, Netflix, & Mozilla - Application Security Weekly #66
Bugs, Breaches, and More! - Application Security Weekly #65
Shannon Lietz, Intuit - Application Security Weekly #65
MacOS Catalina, OpenShift, & Pink Floyd - Application Security Weekly #64
DevSecOps & Software Supply Chains, Microsoft - Application Security Weekly #64
Application News - Application Security Weekly #63
Major Identities & Micro Services - Application Security Weekly #63
Application News - Application Security Weekly #62
Cody Wood, Signal Sciences - Application Security Weekly #62
Application News - Application Security Weekly #61
Securing Software Supply Chains - Application Security Weekly #61
Sven Morgenroth, Netsparker - Application Security Weekly #60
Application News - Application Security Weekly #60
Application News - Application Security Weekly #59
Larry Maccherone, Comcast - Application Security Weekly #59
Application News - Application Security Weekly #58
Thomas Hatch, SaltStack - Application Security Weekly #58
Application News - Application Security Weekly #57
Containers and Kubernetes - Application Security Weekly #57
Falco, Sysdig - Application Security Weekly #56
Docker, ARM, & "Selfie" - Application Security Weekly #56
Wins & Challenges In AppSec , Square - Application Security Weekly #55
Bugs, Breaches, and More! - Application Security Weekly #55
DARPA, Yelp, & FBI - Application Security Weekly #54
Jamie Duncan, Red Hat - Application Security Weekly #54
Application News - Application Security Weekly #53
RSA 2019 Recap - Application Security Weekly #53
Matt Springfield, 12Feet, Inc. - Application Security Weekly #52
Bugs, Breaches, and More! - Application Security Weekly #52
Android, Dark Web, & Development - Application Security Weekly #51
Integrating Security into DevOps, Altran - Application Security Weekly #51
Application News - Application Security Weekly #50
Basic Flow of Problem, Solution, and Value - Application Security Weekly #50
Application News - Application Security Weekly #49
The Current State of Privacy & Software Development - Application Security Weekly #49
Bugs, Breaches, and More! - Application Security Weekly #48
Jing Xie, Venafi - Application Security Weekly #48
The Human Element of Application Security - Application Security Weekly #47
Bugs, Breaches, and More - Application Security Weekly #47
Rey Bango, Microsoft - Application Security Weekly #46
CRLF, NASA, & GitHub - Application Security Weekly #46
WordPress, Silicon Valley, and Hijacking - Application Security Weekly #45
Ken Johnson, GitHub - Application Security Weekly #45
Signal App, Jenkins Servers, & WordPress - Application Security Weekly #44
Harry Sverdlove, Edgewise - Application Security Weekly #44
Chris Elgee, Counter Hack Challenge - Application Security Weekly #43
Kubernetes, Firefox, & WordPress - Application Security Weekly #43
NSA Malware, AFL Fuzzer, & Firecracker - Application Security Weekly #42
Aleksei Tiurin, Acunetix - Application Security Weekly #42
Drupalgeddon, USPS, & JavaScript - Application Security Weekly #41
Brent Dukes - Application Security Weekly #41
Instagram, Kraken, GitMiner - Application Security Weekly #40
John Kinsella, Layered Insight - Application Security Weekly #40
ColdFusion, Destroying Logs, & Tracing Meme's - Application Security Weekly #39
Brian Kelly, CyberArk - Application Security Weekly #39
'Stalkerware', DHCPv6 Packets , & Python - Application Security Weekly #38
Daniel Cuthbert, Banco Santander - Application Security Weekly #38
Airline Hacks, MicroTik Bug, & WordPress - Application Security Weekly #37
Johnny Xmas, Kasada.io - Application Security Weekly #37
Cryptocurrency, Disney, and Adobe - Application Security Weekly #36
Bugs, Breaches, and More! - Application Security Weekly #36
Garrett Gross, Rapid7 - Application Security Weekly #35
Git Project, Google+, & Facebook - Application Security Weekly #35
Bugs, Breaches, and More - Application Security Weekly #34
Landing a Job in Application Security - Application Security Weekly #34
Newegg, Ticketmaster, & iOS 12 - Application Security Weekly #33
Ron Gula, Gula Tech Adventures - Application Security Weekly #33
Bluebox-ng, Stock Data Breaches, and CommitStrip- Application Security Weekly #32
April Wright, ArchitectSecurity.org - Application Security Weekly #32
Microsoft, Equifax, MacOS, and Bug Bounties - Application Security Weekly #31
Zane Lackey, Signal Sciences - Application Security Weekly #31
Fortnite, Netflix, & Black Hat - Application Security Weekly #30
The Apache Struts2 RCE Vulnerability - Application Security Weekly #30
Tom McLaughlin, ServerlessOps - Application Security Weekly #29
Matt Alderman & Paul Asadoorian, Def Con 2018 - Application Security Weekly #29
Alibaba Cloud Security, Comcast, and Facebook - Application Security Weekly #28
Secure Coding Practices - Application Security Weekly #28
Resources, Bugs, Breaches, and Learning Tools - Application Security Weekly #27
Galen Hunt, Microsoft - Application Security Weekly #27
Spectre, OWASP, and iGoat - Application Security Weekly #26
Jessica Rozhin, Marqueta - Application Security Weekly #26
Venmo, Oracle, & Linux - Application Security Weekly #25
Joe Garcia, CyberArk - Application Security Weekly #25
AppSec Solutions in a DevOps World - Application Security Weekly #24
iOS Bugs, Burp Suite, & DevSecOps - Application Security Weekly #24
The Hardest Problem in Application Security - Application Security Weekly #23
Facebook, Google, & GitLab - Application Security Weekly #23
PHPMyAdmin, GitHub, and VS Code - Application Security Weekly #22
Thomas GX, Yelda - Application Security Weekly #22
Microsoft, JavaScript, AI Can Fire - Application Security Weekly #21
Dan Kuykendall, Rapid7 - Application Security Weekly #21
Windows, Smart Lock, & iPhone Hackers - Application Security Weekly #20
Ron Gula, Gula Tech Adventures - Application Security Weekly #20
FireFox, Windows 10, DevOps, and BitHubLab - Application Security Weekly #19
Peter Chestna, Veracode - Application Security Weekly #19
GitHub, Oracle, & GDPR - Application Security Weekly #18
Agile vs. DevOps - Application Security Weekly #18
Nest, Node.js, & F.Secure - Application Security Weekly #17
James Wickett, Signal Sciences - Application Security Weekly #17
Adam Gordon, ITProTV - Application Security Weekly #16
Text Bombs, Black Dots of Death, and Azure - Application Security Weekly #16
Twitter, Meltdown, & RSAC - Application Security Weekly #15
Building Your AppSec Program - Application Security Weekly #15
Building Your AppSec Program: Getting Started - Application Security Weekly #14
FDA, Microsoft, & Android - Application Security Weekly #14
Drupal, RSAC, & Facebook - Application Security Weekly #13
Rami Sass, CEO & Co-Founder of WhiteSource - Application Security Weekly #13
Windows, MacOS, & Javascript - Application Security Weekly #12
Open Source Software - Application Security Weekly #12
One Language to Rule Them All - Application Security Weekly #11
Intel, Slack, Spectre, & NASA - Application Security Weekly #11
DevOps or DevSecOps? - Application Security Weekly #10
Cloudflare, Facebook, & Red Team Wisdom - Application Security Weekly #10
AMD, MailChimp, & Equifax - Application Security Weekly #9
Personal Development in Application Security - Application Security Weekly #9
Ethereum, Kali Linux, & Creepy Alexa - Application Security Weekly #8
AppSec Development Partnership - Application Security Weekly #8
DigiCert, GitHub, & Black Panther - Application Security Weekly #7
Facebook Malware Scan - Application Security Weekly #7
Bitcoin, Salon, Oxford Comma Dispute, and Amazon - Application Security Weekly #6
Topic: Bug Bounties - Application Security Weekly #6
OWASP ASVS pt. 2 - Application Security Weekly #05
NSA, Google, & Microsoft - Application Security Weekly #05
OWASP Application Security Verification Standard - Application Security Weekly #04
Intel, CloudFair, & Lenovo - Application Security Weekly #04
Facebook, RedHat, & Russian Twitterbots - Application Security Weekly #03
Matias Madou, Secure Code Warrior - Application Security Weekly #03
Google, Oracle, and Apple - Application Security Weekly #02
Top 10 OWASP pt.2 - Application Security Weekly #02
OWASP Top 10 (2017) Overview - Application Security Weekly #1
NVIDIA, Oracle, Coinbase, and Bitcoin - Application Security Weekly #1
Rise of Application Security - Application Security Weekly #00
Google, Intel, Mozilla, and Starbucks - Application Security Weekly #00