Last year we had the perfect timing of a show falling on Halloween plus an appropriately spooky topic to go with it -- web3, identity, and security. Martha Bennett and Sandra Carielli helped us figure out what web3 wants to be, if it's getting anywhere near that, and the flaws that are getting nearer to it.

This was also the first time Akira Brand joined John Kinsella and me on the hosting side of the show.

Show notes at https://www.scmagazine.com/podcast-episode/2508-asw-218-sandy-carielli-martha-bennett

Give a listen at https://podcasts.apple.com/us/podcast/application-security-weekly-audio/id1338907745?i=1000584662407

Experimenting with a monthly recap of Application Security Weekly episodes. Here's the write-up for September 2023.

https://deadliestwebattacks.com/appsec/2023/10/04/asw-podcast-september-2023-review

Last week Eve Maler talked about identities, cars, and privacy on ASW. She pointed out that the "new perimeter" of identity dates back to at least 2006. And, more importantly, why modern identity needs secure anchors like FIDO2 and WebAuthn.

We also talked about how the data about cars, drivers, and passengers might be misused or abused -- whether you're a private eye driving your Ferrari around Hawaii or a podcast host tinkering with your car in the garage.

https://youtu.be/p2p0s2Jx_h0

We have yet to fully take advantage of recording video -- expect for cats.

My kitties enjoy strolling through the frame to see what I'm doing. Vivienne likes the back of my chair.

In this episode Kelly's kitty added a soothing purr to the discussion.

https://podcasts.apple.com/us/podcast/application-security-weekly-audio/id1338907745?i=1000612358759

It's a visit to the vault with Application Security Weekly episode 188 where we talked with Farshad Abasi about getting #appsec right.

Part of that requires thinking about where appsec has gone wrong, or at least where we need to bring it back on track. We talk about pentesting, security champions, and how tools should deliver value.

Show notes at https://www.scmagazine.com/podcast-episode/asw-188-farshad-abasi

https://youtu.be/rtS71KwM4fM

All the show notes for Application Security Weekly are at https://www.scmagazine.com/podcast-show/application-security-weekly. They include resources from guest segments and the news articles we cover.

But I also keep an index on my blog where you can find the intros and extra commentary.
https://deadliestwebattacks.com/asw-podcast-episode-index/

I'm ever so slowly writing new blog posts and editing old ones.

Like coding, I wind up removing lots of lines and finding better ways to make them readable.

Also like coding, my IDE (aka spellcheck) still lets me make lots of stupid mistakes.

https://deadliestwebattacks.com/articles/

In ASW episode 240 we talked with Kelly Shortridge about shedding old #appsec practices in favor of building resilient systems. There was a comment about how other industries like airlines handle safety and resilience.

In a fun coincidence, I had also considered what that outdated appsec approach to aviation safety might look like.

https://deadliestwebattacks.com/asw-podcast-notes/asw-episode-238

Gaff tape and lots of cables — what recording looks like for us at #RSAC2023

We always appreciate the hardware side of #appsec. Check out new episodes of ASW every Monday!

https://podcasts.apple.com/us/podcast/application-security-weekly-audio/id1338907745