Episodios

  • Episode 291 - w/ Sean Varga - OWASP Top 10 of AppSec Sales

    Episode 291 - w/ Sean Varga - OWASP Top 10 of AppSec Sales
    Jul 8 2025
    Sean Varga, current regional sales manager with noted ASPM company Cycode joins Ken (@cktricky) and Seth (@sethlaw) to discuss the dawning realization organizations are having that they need AppSec experience and tech help to accompany their swelling numbers of developers. Sean's introduces "the OWASP Top 10 for AppSec Sales" to the community Before joining Cycode, Sean worked as Large Enterprise Sales Manager at Apiiro and Enterprise Account executive at Secure Code Warrior. He's also had stints at Veracode, Quest Software, and RSA across his career. We'll get to know Sean and his journey into AppSec, as well as getting his insights on the direction he sees things going moving forward. Connect with or follow Sean on LinkedIn to see what he's up to in the meantime: https://www.linkedin.com/in/sean-varga/
    Más Menos
    Menos de 1 minuto
  • Episode 290 - Authentication Fatigue, Browser AI Agents

    Episode 290 - Authentication Fatigue, Browser AI Agents
    Jul 1 2025
    Ken returns after a week's hiatus to review the latest AppSec news with Seth. Specifically, the idea that authentication fatigue exists for both consumers and developers. The amount of choice to implement security controls can have unintended consequences and introduces risk that may or may not be considered. This is followed by research from SquareX that claims Browser AI Agents are riskier and easier to target than employees. This results in opinions on phishing and protections against consumer/business targeting by attackers.
    Más Menos
    Menos de 1 minuto
  • Episode 289 - Return of @lojikil - Context Matters

    Episode 289 - Return of @lojikil - Context Matters
    Jun 24 2025
    With @cktricky out on a grand tour across the country (or just unable to record for the day), @sethlaw succumbs to the dark side to give @lojikil a platform to talk about recent developments in the application security world. Specifically, a discussion on vulnerability data and scoring mechanisms, including CVE, CVSS, CWSS, and other acronyms. Wraps up with a longer discussion on the use of AI across multiple disciplines and provenance of AI Slop.
    Más Menos
    Menos de 1 minuto
  • Episode 288 - Security and AI

    Episode 288 - Security and AI
    Jun 17 2025
    Seth and Ken return with an in-depth discussion around the future of security due to use of AI. The landscape of security is changing quickly and we do not know where it is headed. As such, it is worth exploring how it has changed security's outlook and what we are seeing across organizations from a consulting and product perspective. A recent article from a16z titled "Next-Gen Pentesting: AI Empowers the Good Guys" is a good summary of the changes happening. A short aside on unintended consequences when introducing new browser features.
    Más Menos
    Menos de 1 minuto
  • Episode 287 - w/ Hayden Smith (Hunted Labs) - Open Source Dependency Threats

    Episode 287 - w/ Hayden Smith (Hunted Labs) - Open Source Dependency Threats
    Jun 10 2025
    Hayden Smith, Hunted Labs Co-Founder comes on Absolute AppSec to discuss, among other things, the Hunted Labs work discovering and publicizing the EasyJson software supply chain threat. Before co-founding Hunted Labs, Hayden was Senior Director of Field Services at Anchore, assisting US government, intelligence, and Fortune 500 clients. Long a specialist on supply-chain issues, Smith established the DoD's Platform One software factory, designed container-hardening pipelines securing 500+ Iron Bank images, and led Anchore solutions architects. Previously, he also worked at Booz Allen Hamilton where he supported US government and intelligence clients on cybersecurity/DevOps, and led the cybersecurity team testing the US Air Force's GPS OCX. Seth and Ken discuss some of Hayden's path into the security industry as well as Hunted Labs' report on the EasyJson software supply-chain threat. Read up here for more information: https://huntedlabs.com/exclusive-threat-report/
    Más Menos
    Menos de 1 minuto
  • Episode 286 - Kayra Otaner - Authenticating Open Source Developers

    Episode 286 - Kayra Otaner - Authenticating Open Source Developers
    May 20 2025
    We are happy to have Kayra Otaner as a special guest on the Absolute AppSec podcast. Kayra (kayraotaner on LinkedIn and X/twitter), the current Director of DevSecOps at Roche, brings over 15 years of cybersecurity leadership experience from New York and Wall Street. He's led DevSecOps and DevOps teams across a variety of organizations, including ADP, Voice, and adMarketplace, and has served as a trusted CTO advisor for Trendyol. His background also includes cybersecurity consulting for the Turkish Navy, where he helped develop a defense solution that was later deployed in NATO's Locked Shields cyber defense war games in Tallinn. Kayra is a frequent speaker at international DevSecOps conferences and serves on the Business and Computer Science Advisory Board at Middlesex County College in New Jersey. During this episode of the podcast Kayra discusses his journey into information security and spurs on his recent thoughts on authenticating open source developers through models similar to TSA PreCheck.
    Más Menos
    Menos de 1 minuto
  • Episode 285 - easyjson, Software Dependencies, Breaches

    Episode 285 - easyjson, Software Dependencies, Breaches
    May 13 2025
    News this week has been dominated by dependency issues and attribution towards unwanted nation states and actors. Specifically, easyjson is developed by a Russian firm that is under sanctions. The podcast duo discuss the implications and how to protect apps from sub-dependency threats. This leads to a deep dive into breaches and whether a breach has an effect on the industry, company, or individual. Current regulations and certifications can be lost, but does not always have the effect we would expect.
    Más Menos
    Menos de 1 minuto
  • Episode 284 - BSidesSF/RSA Recap, Vibe Coding, WebAuthN

    Episode 284 - BSidesSF/RSA Recap, Vibe Coding, WebAuthN
    May 6 2025
    Back after a hiatus for both BSidesSF and RSA, Seth and Ken recap their experience at both conferences. TL;DR - BSidesSF is great for technical security content and community, RSA focuses on sales for mostly large organizations and budgets. Two sides of the security industry coin and depends on preferences for which makes the most sense for career or business growth. This is followed by a short discussion on vibe coding educational security tools. Episode wraps with an article on MFA phishing and how WebAuthN helps prevent accidental exposure.
    Más Menos
    Menos de 1 minuto