Application Security Weekly (Audio) Podcast
1) Secure By Design Is Better Than Secure By Myth - Bob Lord - ASW #365
Not all infosec advice is helpful. Bad advice wastes time, makes people less secure, and takes focus away from making software more secure. Bob Lord talks about his efforts to tamp down hacklore -- th...Show More
2) The Upsides and Downsides of LLM-Generated Code - Chris Wysopal - ASW #364
Developers are adding LLMs to their code creation toolboxes, using them to assist with writing and reviewing code. Chris Wysopal talks about the security downsides of relying on LLMs and how appsec ne...Show More
3) AI-Era AppSec: Transparency, Trust, and Risk Beyond the Firewall - Felipe Zipitria, Steve Springett, Aruneesh Salhotra, Ken Huang - ASW #363
In an era dominated by AI-powered security tools and cloud-native architectures, are traditional Web Application Firewalls still relevant? Join us as we speak with Felipe Zipitria, co-leader of the OW...Show More
4) Modern AppSec: OWASP SAMM, AI Secure Coding, Threat Modeling & Champions - Sebastian Deleersnyder, Dustin Lehr, James Manico, Adam Shostack - ASW #362
Using OWASP SAMM to assess and improve compliance with the Cyber Resilience Act (CRA) is an excellent strategy, as SAMM provides a framework for secure development practices such as secure by design p...Show More
5) Developing Open Source Skills for Maintaining Projects - Kat Cosgrove - ASW #361
Open source projects benefit from support that takes many shapes. Kat Cosgrove shares her experience across the Kubernetes project and the different ways people can make meaningful contributions to it...Show More
Developing Open Source Skills for Maintaining Projects - Kat Cosgrove - ASW #361
1:03:55 | Dec 16th, 2025
6) Making OAuth Scale Securely for MCPs - Aaron Parecki - ASW #360
The MCP standard gave rise to dreams of interconnected agents and nightmares of what those interconnected agents would do with unfettered access to APIs, data, and local systems. Aaron Parecki explain...Show More
7) Making TN Critical Infrastructure the Most Secure in the Nation - T. Gwyddon 'Data' ("Gwee-thin") Owen, James Cotter - ASW #359
For OT systems, uptime is paramount. That's a hard rule that makes maintaining, upgrading, and securing them a complex struggle. Tomas "Data" Owens and James Cotter discuss how Tennessee is tackling t...Show More
8) Figuring Out Where to Start with Secure Code - ASW #358
What are your favorite resources for secure code? Co-hosts John Kinsella and Kalyani Pawar talk about the reality of bringing security into a business. We talk about the role of the OWASP Top 10 and t...Show More
9) Secure Coding as Critical Thinking Instead of Vulnspotting - Matias Madou - ASW #357
Secure code should be grounded more in concepts like secure by default and secure by design than by "spot the vuln" thinking. Matias Madou shares his experience in secure coding training and the impor...Show More
Secure Coding as Critical Thinking Instead of Vulnspotting - Matias Madou - ASW #357
1:03:41 | Nov 18th, 2025
10) Ransomware, Defaults, and Proactive Defenses - Rob Allen - ASW #356
Just how bad can things get if someone clicks on a link? Rob Allen joins us again to talk about ransomware, why putting too much attention on clicking links misses the larger picture of effective defe...Show More