Absolute AppSec Podcast Por Ken Johnson and Seth Law arte de portada

Absolute AppSec

Absolute AppSec

De: Ken Johnson and Seth Law
Escúchala gratis

Obtén 3 meses por US$0.99 al mes + $20 crédito Audible
A weekly podcast of all things application security related. Hosted by Ken Johnson and Seth Law.
Episodios
  • Episode 303 - w/Prof. Brian Glas - OWASP Top 10 2025

    Episode 303 - w/Prof. Brian Glas - OWASP Top 10 2025
    Nov 10 2025
    Prof. Brian Glas (infosecdad on social media) joins Seth Law (sethlaw) and Ken Johnson (cktricky) for a timely episode of Absolute AppSec. Infosec Guru and one of the OWASP Top Ten project leaders Prof. Glas joins us in the aftermath of the Global AppSec conference and the announcement of the new OWASP Top Ten (2025). This episode focuses on the process for compiling the list as well as gleaning any other insights from Prof. Glas.
    Más Menos
    Menos de 1 minuto
  • Episode 302 - OWASP Global AppSec DC predictions, AI Browser Dangers, MCP Security

    Episode 302 - OWASP Global AppSec DC predictions, AI Browser Dangers, MCP Security
    Nov 4 2025
    Episode 302 of Absolute AppSec has hosts Ken Johnson and Seth Law speculating on the upcoming Global AppSec DC conference, predicting the announcement of the OWASP Top Ten 2025 edition, with Brian Glass scheduled to discuss it on the podcast. The conversation shifts to a technical discussion of OpenAI's new browser, Atlas, which is built on Chromium and includes AI capabilities. The hosts noted concern over the discovered prompt instructions for Atlas, which direct the ChatGPT agent to use browser history and available APIs to find data from the user's logged-in sites to answer ambiguous queries or fulfill requests. This functionality raises significant security concerns, as the agent's ability to comb the cache and logged-in sites could be exploited, effectively creating a "honeypot for cross-site scripting" with malicious potential like unauthorized money transfers. The hosts discussed the lack of talk submissions on Mobile Context Protocol (MCP) security at the conference, despite its growing relevance in a world of AI agents and tooling. Finally, they highlighted a new tool called SlopGuard, developed to prevent the risk of AI hallucinating non-existent, potentially malicious packages (which occurs 5-21% of the time) and attempting to install them from registries like NPM.
    Más Menos
    Menos de 1 minuto
  • Episode 301 - AI Browsers, New AI Agent Attacks, Framework Checklists

    Episode 301 - AI Browsers, New AI Agent Attacks, Framework Checklists
    Oct 28 2025
    In this episode, Seth and Ken debate OpenAI's Atlas browser, which embeds AI into web browsing. Ken views it as a major privacy concern, potentially accelerating invasive data collection and surveillance. Seth noted that new browsers historically have critical flaws. They acknowledged that AI is very useful for generic and technical internet searches. They discussed the Co-Fish attack, a phishing vulnerability in Microsoft Copilot Studio that could exfiltrate access tokens via a seemingly valid Microsoft URL. Finally, they noted that big companies like Snyk and Black Duck are moving toward agentic AI capabilities, confirming the industry trend.
    Más Menos
    Menos de 1 minuto
Todavía no hay opiniones