Application Security Weekly (Audio) Podcast
1) Making Medical Devices Secure - Tamil Mathi - ASW #373
Medical devices are a special segment of the IoT world where availability and patient safety are paramount. Tamil Mathi explains why many devices need to fail open -- the opposite of what traditional ...Show More
2) Modern AppSec that keeps pace with AI development - James Wickett - ASW #372
As more developers turn to LLMs to generate code, more appsec teams are turning to LLMs to conduct security code reviews. One of the biggest themes in all the discussion around LLMs, agents, and code ...Show More
3) Helping Users with Practical Advice to Protect their Digital Devices - Runa Sandvik - ASW #371
Journalists put a lot of effort into collecting information and protecting their sources, but everyone can benefit from having a digital environment that's more secure and more privacy protecting. Run...Show More
4) Conducting Secure Code Analysis with LLMs - ASW #370
A major premise of appsec is figuring out effective ways to answer the question, "What security flaws are in this code?" The nature of the question doesn't really change depending on who or what wrote...Show More
5) Bringing Strong Authentication and Granular Authorization for GenAI - Dan Moore - ASW #369
When it comes to agents and MCPs, the interesting security discussion isn't that they need strong authentication and authorization, but what that authn/z story should look like, where does it get impl...Show More
6) Focusing on Proactive Controls in the Face of LLM-Assisted Malware - Rob Allen - ASW #368
Everyone is turning to LLMs to generate code, including attackers. Thus, it's no great surprise that there are now examples of malware generated by LLMs. We discuss the implications of more malware wi...Show More
7) Building proactive defenses that reflect the true nature of modern software risk - Paul Davis - ASW #367
Supply chain security remains one of the biggest time sinks for appsec teams and developers, even making it onto the latest iteration of the OWASP Top 10 list. Paul Davis joins us to talk about strate...Show More
8) Lessons from MongoBleed, CWE Top 25, and Secure Coding Benchmarks - ASW #366
MongoBleed and a recent OWASP CRS bypass show how parsing problems remain a source of security flaws regardless of programming language. We talk with Kalyani Pawar about how these problems rank agains...Show More
9) Secure By Design Is Better Than Secure By Myth - Bob Lord - ASW #365
Not all infosec advice is helpful. Bad advice wastes time, makes people less secure, and takes focus away from making software more secure. Bob Lord talks about his efforts to tamp down hacklore -- th...Show More
10) The Upsides and Downsides of LLM-Generated Code - Chris Wysopal - ASW #364
Developers are adding LLMs to their code creation toolboxes, using them to assist with writing and reviewing code. Chris Wysopal talks about the security downsides of relying on LLMs and how appsec ne...Show More