The Application Security Weekly podcast delivers interviews and news from the worlds of AppSec, DevOps, and all the other ways people find and fix software flaws.
Latest updates on Bluesky at https://bsky.app/profile/aswpodcast.com
Here’s the March recap while I finish writing up what we did in April. #appsec
https://dangerouserrors.com/appsec/2025/04/04/asw-recap-march-2025
At the end of every episode I mention a favorite #synthwave track. Because music makes everything better, even #appsec.
And since it’s Bandcamp Friday, you can make a musician’s day better by supporting their work and grabbing a track (or two or three).
Find more episodes, recaps, and some random #appsec reading on the blog.
Last year we had the perfect timing of a show falling on Halloween plus an appropriately spooky topic to go with it -- web3, identity, and security. Martha Bennett and Sandra Carielli helped us figure out what web3 wants to be, if it's getting anywhere near that, and the flaws that are getting nearer to it.
This was also the first time Akira Brand joined John Kinsella and me on the hosting side of the show.
Show notes at https://www.scmagazine.com/podcast-episode/2508-asw-218-sandy-carielli-martha-bennett
Give a listen at https://podcasts.apple.com/us/podcast/application-security-weekly-audio/id1338907745?i=1000584662407
A critical OpenSSL vuln is coming this Tuesday, a SQLite vuln, Apple blogs about memory safety and bug bounties, determining a random shuffle The Web3 ecosystem is chock full of applications and projects that have lost money (and their customers’ money) due to breaches, code flaws, or outright fraud...
Our week of #appsec news had a theme of vulns and their relation to security design choices.
We always look for the underlying lessons of a vuln. We want the small stories among technical details, so that an article about a SharePoint RCE can be more educational by tying it to concepts like secure by default and secure by design with regard to things like JWT and PASETO.
Show notes at https://www.scmagazine.com/podcast-episode/2900-creating-presentations-and-training-that-engage-an-audience-lina-lau-asw-257
Communication is a skill that doesn’t appear on top 10 lists, rarely appears as a conference topic, and doesn’t appear enough on job requirements. Yet communication is one of the critical ways that security teams influence developers, convey risk, and share knowledge with others. Even ou...
Lina Lau joined us again! This time we talked about her approach to presentations and training courses, from crafting slides to practicing to preparing for things you can't prepare for. She shares how incident response helped refine her skills in delivering a clear message to an audience. Plus, we find out what kinds of presentations put her to sleep and what grabs her attention.
Show notes at https://www.scmagazine.com/podcast-episode/2900-creating-presentations-and-training-that-engage-an-audience-lina-lau-asw-257
Communication is a skill that doesn’t appear on top 10 lists, rarely appears as a conference topic, and doesn’t appear enough on job requirements. Yet communication is one of the critical ways that security teams influence developers, convey risk, and share knowledge with others. Even ou...
Experimenting with a monthly recap of Application Security Weekly episodes. Here's the write-up for September 2023.
https://deadliestwebattacks.com/appsec/2023/10/04/asw-podcast-september-2023-review
We didn't talk about TypeScript with Josh Goldberg this time around -- we talked about talking. Or, more specifically, tips and techniques for presenting at conferences.
We also talked about presentations we've enjoyed and those we've...less enjoyed. Both Josh and John Kinsella had great examples for these.
It's a long episode that touches on demos, bullet points, memes, images, and more. Check it out!
Show notes at https://www.scmagazine.com/podcast-segment/pointers-and-perils-for-presentations-josh-goldberg-asw-251
A key part of modern appsec is communication. From interpersonal skills for fostering collaborations to presentation skills for delivering a message, the ability to tell a story and engage an audience is a skill that doesn’t appear on top ten lists and that doesn’t come up in secure codi...
Last week John and I talked about Zenbleed, zero days, and creating presentations that don't lead to your audience catching some Zs.
It also marked 30 years since Windows NT was released. And if there's anything that needs to be put to sleep, it's the poor password protection that stuck around for so long in those systems...
Show notes at https://www.scmagazine.com/podcast-segment/zenbleed-drop-in-zero-days-security-testing-handbook-public-speaking-asw-249
Zenbleed in AMD, Google’s TAG sees a drop in zero-days, new security testing handbook from Trail of Bits, Phil Venables’ advice on public speaking, car battery monitor that monitors location(!?), more news on TETRA
