Absolute AppSec Podcast Por Ken Johnson and Seth Law arte de portada

Absolute AppSec

Absolute AppSec

De: Ken Johnson and Seth Law
Escúchala gratis

OFERTA POR TIEMPO LIMITADO. Obtén 3 meses por US$0.99 al mes. Obtén esta oferta.
A weekly podcast of all things application security related. Hosted by Ken Johnson and Seth Law.
Episodios
  • Episode 301 - AI Browsers, New AI Agent Attacks, Framework Checklists

    Episode 301 - AI Browsers, New AI Agent Attacks, Framework Checklists
    Oct 28 2025
    In this episode, Seth and Ken debate OpenAI's Atlas browser, which embeds AI into web browsing. Ken views it as a major privacy concern, potentially accelerating invasive data collection and surveillance. Seth noted that new browsers historically have critical flaws. They acknowledged that AI is very useful for generic and technical internet searches. They discussed the Co-Fish attack, a phishing vulnerability in Microsoft Copilot Studio that could exfiltrate access tokens via a seemingly valid Microsoft URL. Finally, they noted that big companies like Snyk and Black Duck are moving toward agentic AI capabilities, confirming the industry trend.
    Más Menos
    Menos de 1 minuto
  • Episode 300 - THIS! IS! APPSEC!

    Episode 300 - THIS! IS! APPSEC!
    Oct 14 2025
    For the 300th (!!!!) episode of the podcast, Seth and Ken reminisce on changes to the industry and overall approach to application security since inception. The hosts discussed the evolution of the industry, noting that once-popular approaches like blindly emulating "hip" Silicon Valley security programs and running unmanaged Security Champions Programs have fallen out of favor, as organizations now better understand that these approaches are not one-size-fits-all and require careful, metrics-driven management. While Bug Bounty Programs remain popular, they noted an increase in submissions from "skiddies" (script kiddies) that challenge program effectiveness and highlight the need for internal support and a proactive stance before rolling out a public program. Positively, they observed that the industry has become more mature, focusing on business value, metrics, and ROI , a move that may have been accelerated by recent economic pressures. Furthermore, security practices have improved, with the decline of common vulnerabilities like XSS and SQL Injection due to safer frameworks and browser controls, allowing AppSec professionals to focus on more complex issues, such as business logic flaws and focused threat analysis, while the once monolithic process of threat modeling has evolved into a more nimble, "point-in-time" assessment readily adopted by developers.
    Más Menos
    Menos de 1 minuto
  • Episode 299 - Startup Grind, Will Security Companies Disappear

    Episode 299 - Startup Grind, Will Security Companies Disappear
    Oct 7 2025
    The duo is back after a short hiatus. Today's episode is inspired by recent articles related to startups, funding, and the grind that happens when building a company or being an individual contributor. Specifically, a recent article about AI startup founders putting in long hours to the exclusion of everything else is debated. This is followed by aa discussion on the current security AI startup hype cycle, spurred by thoughts from FranklySpeaking, and how security companies in general are acquired and disappear over time.
    Más Menos
    Menos de 1 minuto
Todavía no hay opiniones