About The Podcast

Seth Law (@sethlaw) & Ken Johnson (@cktricky) host an informal discussion of all things application security. Opinions, biases, and recommendations about the security industry, current events, and anything else is fair game. Guests include industry professionals ranging from consultants to managers.
Have a topic or question? Join us on Slack
Episode #74 - Ernest Mueller, DevOps, Security & Cloud Computing

Listen on Google Play Music
 
| | | Episode #74 - Ernest Mueller, DevOps, Security & Cloud Computing |
| | | Episode #73 - Kevin Cody, CORS, and Lockpicking |
| | | Episode #72 - Consulting Horror Stories |
| | | Episode #71 - Evan Johnson, Cloudflare, and Lastpass |
| | | Episode #70 - Andrew Wilson, OWASP, and Training New AppSec Resources |
| | | Episode #69 - Eric Ellett, Development vs. Security |
| | | Episode #68 - Jerry Gamblin, DEF CON 27 Recap |
| | | Episode #67 - Kubernetes Security with Stefan and Bobby |
| | | Episode #66 - Capital One Breach, NPM, and Secure Code Reviews |
| | | Episode #65 - Adam Baldwin, 3rd Party Dependencies, and Supply Chain Security |
| | | Episode #64 - Hijacked Gems, Zoom RCE, and Marriott/Starwood Breach Fines |
| | | Episode #63 - Julian Berton, AppSec Day, Developer Training, and Security Standards |
| | | Episode #62 - Abdullah Munawar, Ben Pick, Global AppSec DC, and Running an OWASP Chapter |
| | | Episode #61 - Tanya Janca, DevSlop, Diversity, and Inclusion |
| | | Episode #60 - Stefan Edwards, Huawei, Android, and Programming Languages |
| | | Episode #59 - James Wickett & DevOps |
| | | Episode #58 - David Lindner, RASP, Mobile, IoT |
| | | Episode #57 - OWASP WIA (Women In AppSec) Committee |
| | | Episode #56 - Learn to Code / Loco Moco Sec Recap |
| | | Episode #55 - Stefan Edwards ruins Infosec - Testing Edition |
| | | Episode #54 - Recon-NG and Burp Suite 2 with Tim Tomes |
| | | Episode #53 - Building AppSec at GitHub with Greg Ose |
| | | Episode #52 - Serialization Vulns, Career Growth, and Hacking your Happiness with Chris Gates |
| | | Episode #51 - XXE, Assessment Reporting and Process with Jessica Ryan |
| | | Episode #50 - Static Analysis Tools, DevSecOps, Secure Code Training with Eric Heitzman |
| | | Episode #49 - Subdomain Takeovers, DNS SSRF, Oauth Best Practices, Top 10 Web Hacking Techniques of 2019 |
| | | Episode #48 - .dev domains, Kamus with Kubernetes Secrets, Threat Modeling as Code, OWASP Glue Project & Omer Levi Hevroni |
| | | Episode #47 - Mapping Application Source, Mobile OWASP Top 10, Mobile App Testing & Kevin Cody |
| | | Episode #46 - Fuzzing, Frameworks, Training & Daniel Miessler |
| | | Episode #45 - Bug Bounties, Managing AppSec, & Sean Poris |
| | | Episode #44 - AppSec Cali, Bug Bounties, & David Coursey |
| | | Episode #43 - DerbyCon, pwnhead, & Keith Hoodlet |
| | | Episode #42 - SSRF Rebinding & Segment Team (Leif Dreizler& David Scrobonia) - SSRF Rebinding, Breach Password Lists |
| | | Episode #41 - Hidden File Enumeration + Will Bengtson - AWS/Cloud Security, Cloudtrail, Trailblazer |
| | | Episode #40 - Secure Code Reviews, Assessment Scopes, More Breach Fatigue |
| | | Episode #39 - Jerry Gamblin - Breach Fatigue, AWS Re:Invent |
| | | Episode #38 - Matt Konda - event_stream, Glue Tool, OWASP, Jemerai |
| | | Episode #37 - Stefan Edwards - Holiday Gifts, Getting Started with Security and Languages, Formal Verification. |
| | | Episode #36 - Mike McCabe - Input Validation vs. XSS, Cloud Security, Building AppSec Programs, Interviews |
| | | Episode #35 - Travis McPeak - OWASP Bay Area, RepoKid, AWS Security, and SSRF |
| | | Episode #34 - Stefan Edwards - Security Testing, Blockchain & you! |
| | | Episode #33 - John Melton - Building appsec programs, static analysis tools, and contributing to open source. |
| | | Episode #32 - Eric Johnson - Burp Suite Pro setup tips, Puma Scan, teaching appsec |
| | | Episode #31 - Rob Fuller - Writing effective vulnerability reports, CCDC, volunteerism, NoVA Hackers |
| | | Episode #30 - Dave Ferguson - CSRF, AppSec Tooling, Developer Training |
| | | Episode #29 - Matt Tesauro - OWASP, Defect Dojo, AppSec Pipeline Toolbox |
| | | Episode #28 - Astha Singhal - Automating application security, bug bounties |
| | | Episode #27 - Jim Manico - Jim Manico RAW, Training, OWASP, Code Security |
| | | Episode #26 - Justin Larson - Building an AppSec program from scratch, Ruby vs. JS |
| | | Episode #25 - Scott Piper - AWS Security, Cloud Mapper, Cloud Tracker |
| | | Episode #24 - Jason White - Transitioning from developer to application security |
| | | Episode #23 - Ken Toler - Security programs and identifying security champions |
| | | Episode #22 - Jimmy Mesta - Kubernetes and container security |
| | | Episode #21 - Alex Smolen - cloudtrail-daily & webauthn |
| | | Episode #20 - Authentication & JWTs |
| | | Episode #19 - Submitting CFPs & More |
| | | Episode #18 - Chris Gates (Purple Teaming/WeirdAAL) |
| | | Episode #17 - Efail & CSRF Tokens |
| | | Episode #16 - Hipster Languages/Frameworks |
| | | Episode #15 - Kevin Cody (Mobile Security Testing) |
| | | Episode #14 - Karthik Gaekwad |
| | | Episode #13 - Charles Nwatu |
| | | Episode #12 - Justin Collins |
| | | Episode #11 - David Coursey & Stefan Edwards |
| | | Episode 10 - Jimmy Mesta |
| | | Episode 9 - Jason Haddix |
| | | Episode 8 - Neil Matatal |
| | | Episode 7 |
| | | Episode 6 - Kevin Cody |
| | | Episode 5 - Stefan Edwards & David Coursey |
| | | Episode 4 - Evan Johnson |
| | | Episode 3 - Jerry Gamblin |
| | | Episode 2 |
| | | Episode 1 - Introductions |

The Hosts