Absolute AppSec Podcast Por Ken Johnson and Seth Law arte de portada

Absolute AppSec

Absolute AppSec

De: Ken Johnson and Seth Law
Escúchala gratis

OFERTA POR TIEMPO LIMITADO | Obtén 3 meses por US$0.99 al mes

$14.95/mes despues- se aplican términos.
A weekly podcast of all things application security related. Hosted by Ken Johnson and Seth Law.
Episodios
  • Episode 308 - w/Avi Douglen - Privacy, AppSec Conferences, OWASP

    Episode 308 - w/Avi Douglen - Privacy, AppSec Conferences, OWASP
    Jan 13 2026
    Ken Johnson (cktricky on social media) and Seth Law are happy to announce a special episode of Absolute AppSec with Avi Douglen (sec_tigger on X), long-time OWASP Global Board of Directors member, founder and CEO of Bounce Security and co-author of the Threat Modeling Manifesto. The conversation ranges from Application Privacy related to Application Security, to participating in meetups and conferences, and finally OWASP as an Avi's experience as a board member.
    Más Menos
    Menos de 1 minuto
  • Episode 307 - 2025 Retrospective, Supply Chain, MCP and APIs

    Episode 307 - 2025 Retrospective, Supply Chain, MCP and APIs
    Dec 23 2025
    In episode 307 of Absolute AppSec, hosts Ken and Seth conduct a retrospective on the application security landscape of 2025. They conclude that their previous predictions were largely accurate, particularly regarding the rise of prompt injection, AI-backed attacks, and the industry-wide shift toward per-token billing models. A major theme of the year was the solidification of supply chain security as a critical pillar of AppSec, driven by notable incidents such as Shai Hulud and React for Shell. The hosts also share insights from their four-day training course on utilizing LLMs for secure code review, noting that while AI development is becoming more prevalent, most practitioners are still in the nascent stages of building custom tooling. Much of the discussion focuses on the Model Context Protocol (MCP); while it offers significant value for agentic workflows, the hosts criticize its current lack of robust security controls, specifically highlighting issues with OAuth implementations and short timeouts in existing clients. Finally, they discuss how the industry is moving toward a more nuanced balance between deterministic tools like Semgrep and the probabilistic creativity of LLMs to increase efficiency in security consulting.
    Más Menos
    Menos de 1 minuto
  • Episode 306 - w/ Paul McCarty - Open Source Malware

    Episode 306 - w/ Paul McCarty - Open Source Malware
    Dec 2 2025
    Given the spate of recent npm news stories, we've arranged a topical show with software supply-chain security researcher and npm hacker Paul McCarty (find Paul on bsky https://bsky.app/profile/6mile.githax.com) . Paul is currently a researcher with Safety (https://getsafety.com/) and has a background in security including work at John Deere, Boeing, Regence Blue Cross/Blue Shield, NASA Jet Propulsion Lab, the US Army, and the Queensland Government. He's also spent twenty some odd years helping startups with security practices, and is a maintainer of the Open Source Malware project. In addition, Paul has been long time friend of the show, contributing his insights to the Absolute AppSec community slack in addition to frequently writing up his research at the SourceCode RED blog: https://sourcecodered.com/blog.
    Más Menos
    Menos de 1 minuto
Todavía no hay opiniones