พอดคาสท์ Application Security ชั้นนำ (2025)

1
Simon Gibbs & Devika Gibbs -- Building Bridges with Games 36:03

4d ago36:03

36:03

Simon and Devika Gibbs, the innovative minds behind Cybersec Games, join us on the episode today. Discover how the Gibbs duo are revolutionizing the way we teach and learn security concepts through interactive gaming. Learn about their journey from developing stationary for agile teams to delving into the world of threat modeling games like Elevati…

1
How OWASP's GenAI Security Project keeps up with the pace of AI/Agentic changes - Scott Clinton - ASW #348 1:08:00

4d ago1:08:00

1:08:00

This week, we chat with Scott Clinton, board member and co-chain of the OWASP GenAI Security Project. This project has become a massive organization within OWASP with hundreds of volunteers and thousands of contributors. This team has been cranking out new tools, reports and guidance for practitioners month after month for over a year now. We start…

1
How OWASP's GenAI Security Project keeps up with the pace of AI/Agentic changes - Scott Clinton - ASW #348 1:08:00

4d ago1:08:00

1:08:00

This week, we chat with Scott Clinton, board member and co-chain of the OWASP GenAI Security Project. This project has become a massive organization within OWASP with hundreds of volunteers and thousands of contributors. This team has been cranking out new tools, reports and guidance for practitioners month after month for over a year now. We start…

1
Limitations and Liabilities of LLM Coding - Seemant Sehgal, Ted Shorter - ASW #347 1:17:09

11d ago1:17:09

1:17:09

Up first, the ASW news of the week. At Black Hat 2025, Doug White interviews Ted Shorter, CTO of Keyfactor, about the quantum revolution already knocking on cybersecurity’s door. They discuss the terrifying reality of quantum computing’s power to break RSA and ECC encryption—the very foundations of modern digital life. With 2030 set as the deadline…

1
Limitations and Liabilities of LLM Coding - Ted Shorter, Seemant Sehgal - ASW #347 1:17:09

11d ago1:17:09

1:17:09

Up first, the ASW news of the week. At Black Hat 2025, Doug White interviews Ted Shorter, CTO of Keyfactor, about the quantum revolution already knocking on cybersecurity’s door. They discuss the terrifying reality of quantum computing’s power to break RSA and ECC encryption—the very foundations of modern digital life. With 2030 set as the deadline…

1
Akansha Shukla - Modern AppSec: Securing APIs with Threat Modeling and DevSecOps 35:35

18d ago35:35

35:35

Our guest today is Akansha Shukla, an information security professional with over 10 years of experience in application security, DevSecOps, and API security. We’re discussing why API security remains one of the least mature areas of AppSec today and exploring the challenges developers face when securing APIs. Akansha shares her insights on incorpo…

1
AI, APIs, and the Next Cyber Battleground: Black Hat 2025 - Michael Callahan, Idan Plotnik, Josh Lemos, Chris Boehm - ASW #346 1:08:11

18d ago1:08:11

1:08:11

In this must-see BlackHat 2025 interview, Doug White sits down with Michael Callahan, CMO at Salt Security, for a high-stakes conversation about Agentic AI, Model Context Protocol (MCP) servers, and the massive API security risks reshaping the cyber landscape. Broadcast live from the CyberRisk TV studio at Mandalay Bay, Las Vegas, the discussion pu…

1
AI, APIs, and the Next Cyber Battleground: Black Hat 2025 - Chris Boehm, Idan Plotnik, Josh Lemos, Michael Callahan - ASW #346 1:08:11

18d ago1:08:11

1:08:11

In this must-see BlackHat 2025 interview, Doug White sits down with Michael Callahan, CMO at Salt Security, for a high-stakes conversation about Agentic AI, Model Context Protocol (MCP) servers, and the massive API security risks reshaping the cyber landscape. Broadcast live from the CyberRisk TV studio at Mandalay Bay, Las Vegas, the discussion pu…

1
Translating Security Regulations into Secure Projects - Emily Fox, Roman Zhukov - ASW #345 1:13:31

25d ago1:13:31

1:13:31

The EU Cyber Resilience Act joins the long list of regulations intended to improve the security of software delivered to users. Emily Fox and Roman Zhukov share their experience education regulators on open source software and educating open source projects on security. They talk about creating a baseline for security that addresses technical items…

1
Translating Security Regulations into Secure Projects - Roman Zhukov, Emily Fox - ASW #345 1:13:31

25d ago1:13:31

1:13:31

The EU Cyber Resilience Act joins the long list of regulations intended to improve the security of software delivered to users. Emily Fox and Roman Zhukov share their experience education regulators on open source software and educating open source projects on security. They talk about creating a baseline for security that addresses technical items…

1
Getting Ready for the EU CRA 40:46

1M ago40:46

40:46

The European Union's Cyber Resilience Act is set to revolutionize how we approach product security worldwide. In this episode, we sit down with application security expert Nariman Aga-Tagiyev to break down everything you need to know about this legislation. Nariman has over 20 years of software development experience and today he’s sharing his expe…

1
Managing the Minimization of a Container Attack Surface - Neil Carpenter - ASW #344 1:08:17

1M ago1:08:17

1:08:17

A smaller attack surface should lead to a smaller list of CVEs to track, which in turn should lead to a smaller set of vulns that you should care about. But in practice, keeping something like a container image small has a lot of challenges in terms of what should be considered minimal. Neil Carpenter shares advice and anecdotes on what it takes to…

1
Managing the Minimization of a Container Attack Surface - Neil Carpenter - ASW #344 1:08:17

1M ago1:08:17

1:08:17

A smaller attack surface should lead to a smaller list of CVEs to track, which in turn should lead to a smaller set of vulns that you should care about. But in practice, keeping something like a container image small has a lot of challenges in terms of what should be considered minimal. Neil Carpenter shares advice and anecdotes on what it takes to…

1
The Future of Supply Chain Security - Janet Worthington - ASW #343 42:13

1M ago42:13

42:13

Open source software is a massive contribution that provides everything from foundational frameworks to tiny single-purpose libraries. We walk through the dimensions of trust and provenance in the software supply chain with Janet Worthington. And we discuss how even with new code generated by LLMs and new terms like slopsquatting, a lot of the most…

1
The Future of Supply Chain Security - Janet Worthington - ASW #343 42:13

1M ago42:13

42:13

Open source software is a massive contribution that provides everything from foundational frameworks to tiny single-purpose libraries. We walk through the dimensions of trust and provenance in the software supply chain with Janet Worthington. And we discuss how even with new code generated by LLMs and new terms like slopsquatting, a lot of the most…

1
Marisa Fagan - Measuring Security Culture 50:05

2M ago50:05

50:05

Marisa Fagan, Head of Product at Katilyst and veteran security culture expert joins us today to share practical strategies for building and scaling security champions programs that actually work, from designing effective pilots to avoiding common pitfalls that can derail your initiatives. Learn how to motivate developers using the SAPs model (Statu…

1
Uniting software development and application security - Will Vandevanter, Jonathan Schneider - ASW #342 58:07

2M ago58:07

58:07

Maintaining code is a lot more than keeping dependencies up to date. It involved everything from keeping old code running to changing frameworks to even changing implementation languages. Jonathan Schneider talks about the engineering considerations of refactoring and rewriting code, why code maintenance is important to appsec, and how to build con…

1
Uniting software development and application security - Jonathan Schneider, Will Vandevanter - ASW #342 58:07

2M ago58:07

58:07

Maintaining code is a lot more than keeping dependencies up to date. It involved everything from keeping old code running to changing frameworks to even changing implementation languages. Jonathan Schneider talks about the engineering considerations of refactoring and rewriting code, why code maintenance is important to appsec, and how to build con…

1
How Product-Led Security Leads to Paved Roads - Julia Knecht - ASW #341 1:04:11

2M ago1:04:11

1:04:11

A successful strategy in appsec is to build platforms with defaults and designs that ease the burden of security choices for developers. But there's an important difference between expecting (or requiring!) developers to use a platform and building a platform that developers embrace. Julia Knecht shares her experience in building platforms with an …

1
How Product-Led Security Leads to Paved Roads - Julia Knecht - ASW #341 1:04:11

2M ago1:04:11

1:04:11

A successful strategy in appsec is to build platforms with defaults and designs that ease the burden of security choices for developers. But there's an important difference between expecting (or requiring!) developers to use a platform and building a platform that developers embrace. Julia Knecht shares her experience in building platforms with an …

1
Aram Hovsepyan -- Your Security Dashboard is Lying to You: The Science of Metrics 40:52

2M ago40:52

40:52

Aram Hovsepyan joins the podcast today to chat about the misconceptions behind common security metrics. Aram tells us how total vulnerability counts and CVSS scores can be misleading and he introduces us to the Goal Question Metric framework, this framework is a better approach to building truly effective security dashboards. Learn about the critic…

1
Rise of Compromised LLMs - Sohrob Kazerounian - ASW #340 1:06:35

2M ago1:06:35

1:06:35

AI is more than LLMs. Machine learning algorithms have been part of infosec solutions for a long time. For appsec practitioners, a key concern is always going to be how to evaluate the security of software or a system. In some cases, it doesn't matter if a human or an LLM generated code -- the code needs to be reviewed for common flaws and design p…

1
Rise of Compromised LLMs - Sohrob Kazerounian - ASW #340 1:06:35

2M ago1:06:35

1:06:35

AI is more than LLMs. Machine learning algorithms have been part of infosec solutions for a long time. For appsec practitioners, a key concern is always going to be how to evaluate the security of software or a system. In some cases, it doesn't matter if a human or an LLM generated code -- the code needs to be reviewed for common flaws and design p…

พอดคาสต์ที่ควรค่าแก่การฟัง

Application Security พอดคาสต์

พอดคาสต์ที่ควรค่าแก่การฟัง

1
Application Security Weekly (Audio)

Security Weekly Productions

1
Application Security Weekly (Video)

Security Weekly

1
The Application Security Podcast

Chris Romeo and Robert Hurlbut

1
Future of Application Security

Tromzo

1
Simon Gibbs & Devika Gibbs -- Building Bridges with Games 36:03

1
How OWASP's GenAI Security Project keeps up with the pace of AI/Agentic changes - Scott Clinton - ASW #348 1:08:00

1
How OWASP's GenAI Security Project keeps up with the pace of AI/Agentic changes - Scott Clinton - ASW #348 1:08:00

1
Limitations and Liabilities of LLM Coding - Seemant Sehgal, Ted Shorter - ASW #347 1:17:09

1
Limitations and Liabilities of LLM Coding - Ted Shorter, Seemant Sehgal - ASW #347 1:17:09

1
Akansha Shukla - Modern AppSec: Securing APIs with Threat Modeling and DevSecOps 35:35

1
AI, APIs, and the Next Cyber Battleground: Black Hat 2025 - Michael Callahan, Idan Plotnik, Josh Lemos, Chris Boehm - ASW #346 1:08:11

1
AI, APIs, and the Next Cyber Battleground: Black Hat 2025 - Chris Boehm, Idan Plotnik, Josh Lemos, Michael Callahan - ASW #346 1:08:11

1
Translating Security Regulations into Secure Projects - Emily Fox, Roman Zhukov - ASW #345 1:13:31

1
Translating Security Regulations into Secure Projects - Roman Zhukov, Emily Fox - ASW #345 1:13:31

1
Getting Ready for the EU CRA 40:46

1
Managing the Minimization of a Container Attack Surface - Neil Carpenter - ASW #344 1:08:17

1
Managing the Minimization of a Container Attack Surface - Neil Carpenter - ASW #344 1:08:17

1
The Future of Supply Chain Security - Janet Worthington - ASW #343 42:13

1
The Future of Supply Chain Security - Janet Worthington - ASW #343 42:13

1
Marisa Fagan - Measuring Security Culture 50:05

1
Uniting software development and application security - Will Vandevanter, Jonathan Schneider - ASW #342 58:07

1
Uniting software development and application security - Jonathan Schneider, Will Vandevanter - ASW #342 58:07

1
How Product-Led Security Leads to Paved Roads - Julia Knecht - ASW #341 1:04:11

1
How Product-Led Security Leads to Paved Roads - Julia Knecht - ASW #341 1:04:11

1
Aram Hovsepyan -- Your Security Dashboard is Lying to You: The Science of Metrics 40:52

1
Rise of Compromised LLMs - Sohrob Kazerounian - ASW #340 1:06:35

1
Rise of Compromised LLMs - Sohrob Kazerounian - ASW #340 1:06:35

คู่มืออ้างอิงด่วน