Application Security Weekly (Audio)
Mike Shema
Outreach Signals
Publishing Details
Contact & Outreach
About This Podcast
Social Media
Explore Statistics
Recent Episodes
Scanner Results Are a Starting Point. Here's What Comes Next. - Federico Kirschbaum - ASW #386
Most AppSec teams are working through more findings than their teams can validate. SAST surfaces thousands of potential issues. DAST generates alert volume that outpaces triage capacity. Somewhere in…
BadHost, Dead CTFs, Exploding NPMs, and the Verizon DBIR - ASW #385
We dedicate an episode to catching up on appsec news with Kalyani Pawar. We see parsing problems that led to the BadHost vuln, which exposed lots of LLMs, MCPs, and agents to potential compromise. We…
AppSec Conversations on Agents, LLMs, and OWASP from RSAC - Merritt Maxim, Scott Clinton, Janet Worthington - ASW #384
We showcase recordings from this year's RSAC. At RSAC Conference 2026, Scott Clinton, Co-Chair and co-founder of the OWASP GenAI Security Project, shares insights from the project's latest research,…
The State of AI & AppSec - Keith Hoodlet - ASW #383
This year has been a dichotomy of established secure design fundamentals and burgeoning chaos of LLM-driven vuln discovery. Keith Hoodlet returns to share his latest observations on what the recent…
Why Basic Security Practices Still Work - Rob Allen - ASW #382
If you have to ditch your entire appsec strategy because you expect 2026 to bring more vulns more quickly, then you probably didn't have a good strategy in the first place. Rob Allen shares how the…
Keeping Up With the OWASP GenAI Project - Scott Clinton - ASW #381
Speed is the most common theme among developers and appsec teams working with LLMs and agents, from trying to keep up with patterns for deploying agents to dealing with more code faster to how the…
Top 10 Web Hacking Techniques of 2025 and a Hint for 2026 - James Kettle - ASW #380
Portswigger's list of web hacking techniques is a long-running celebration of curiosity and research from the web hacking community. James Kettle shares his thoughts on the entries from 2025 and how…
The Human Aspect of Red Teams - Brian Fox, Tom Tovar, T. Gwyddon 'Data' Owen - ASW #379
Red team exercises set goals to see if a particular outcome can be accomplished through a simulated attack, but the ultimate outcome should be educating the org about how to improve tools and…
Securing Software's Journey with the OWASP SPVS - Ido Geffen, Rohan Ravindranath, Cameron W., Farshad Abasi - ASW #378
It's one thing to write secure code, it's another to release it into the wild. That code needs to be designed, built, tested, released, and maintained. Farshad Abasi and Cameron Walters explain how…
AppSec News Roundup on Claude Code Leak, Axios NPM Compromise, Secure Design - Idan Plotnik, Raj Mallempati - ASW #377
Security problems aren't changing very much even though security teams are. We catch up on the implications of the Claude Code source leak, the very human lessons from the axios NPM compromise, and…
Developing the Skills Needed for Modern Software Development - Keith Hoodlet, Shashwat Sehgal, Ron Rasin - ASW #376
The future of secure software is going through a mix of skills expected of humans and skills files created for LLMs. We might even posit that appsec as a discipline will fade (and that might not even…
Why Proactive Security Is Far Better Than Patching - Erik Nost - ASW #375
So much of appsec's efforts can be consumed by vuln management and a race to patch security flaws. But that's more a symptom of the ease of scanning and the volume of CVEs. Erik Nost walks through…
Creating Better Security Guidance and Code with LLMs - Mark Curphey - ASW #374
What happens when secure coding guidance goes stale? What happens LLMs write code from scratch? Mark Curphy walks us through his experience updating documentation for writing secure code in Go and…
Making Medical Devices Secure - Tamil Mathi - ASW #373
Medical devices are a special segment of the IoT world where availability and patient safety are paramount. Tamil Mathi explains why many devices need to fail open -- the opposite of what traditional…
Modern AppSec that keeps pace with AI development - James Wickett - ASW #372
As more developers turn to LLMs to generate code, more appsec teams are turning to LLMs to conduct security code reviews. One of the biggest themes in all the discussion around LLMs, agents, and code…
Helping Users with Practical Advice to Protect their Digital Devices - Runa Sandvik - ASW #371
Journalists put a lot of effort into collecting information and protecting their sources, but everyone can benefit from having a digital environment that's more secure and more privacy protecting.…
Conducting Secure Code Analysis with LLMs - ASW #370
A major premise of appsec is figuring out effective ways to answer the question, "What security flaws are in this code?" The nature of the question doesn't really change depending on who or what…
Bringing Strong Authentication and Granular Authorization for GenAI - Dan Moore - ASW #369
When it comes to agents and MCPs, the interesting security discussion isn't that they need strong authentication and authorization, but what that authn/z story should look like, where does it get…
Focusing on Proactive Controls in the Face of LLM-Assisted Malware - Rob Allen - ASW #368
Everyone is turning to LLMs to generate code, including attackers. Thus, it's no great surprise that there are now examples of malware generated by LLMs. We discuss the implications of more malware…
Building proactive defenses that reflect the true nature of modern software risk - Paul Davis - ASW #367
Supply chain security remains one of the biggest time sinks for appsec teams and developers, even making it onto the latest iteration of the OWASP Top 10 list. Paul Davis joins us to talk about…
Frequently Asked Questions
Application Security Weekly (Audio) has published 400 episodes since January 2018, covering topics in News, Tech News.
Application Security Weekly (Audio) is currently highly active with new episodes weekly. Average episode length is 1h 9m.
Sign up on Grep.FM to access contact details for Application Security Weekly (Audio), including email and social media links.
Similar Podcasts
Pivot
New York Magazine
781 episodes
Waveform: The MKBHD Podcast
MKBHD
358 episodes
Grumpy Old Geeks
Jason DeFillippo & Brian Schulmeister with Dave Bittner
754 episodes
The Vergecast
The Verge
1,008 episodes
TechStuff
iHeartPodcasts
2,584 episodes
Apple Bitz XL w/ Brian Tong
Big IP | Realm
382 episodes