Best Applicationsecurityweekly Podcasts (2025)

1
Limitations and Liabilities of LLM Coding - Seemant Sehgal, Ted Shorter - ASW #347 1:17:09

Play Pause

1d ago1:17:09

1:17:09

Up first, the ASW news of the week. At Black Hat 2025, Doug White interviews Ted Shorter, CTO of Keyfactor, about the quantum revolution already knocking on cybersecurity’s door. They discuss the terrifying reality of quantum computing’s power to break RSA and ECC encryption—the very foundations of modern digital life. With 2030 set as the deadline…

1
Limitations and Liabilities of LLM Coding - Ted Shorter, Seemant Sehgal - ASW #347 1:17:09

1d ago1:17:09

1:17:09

Up first, the ASW news of the week. At Black Hat 2025, Doug White interviews Ted Shorter, CTO of Keyfactor, about the quantum revolution already knocking on cybersecurity’s door. They discuss the terrifying reality of quantum computing’s power to break RSA and ECC encryption—the very foundations of modern digital life. With 2030 set as the deadline…

1
AI, APIs, and the Next Cyber Battleground: Black Hat 2025 - Chris Boehm, Idan Plotnik, Josh Lemos, Michael Callahan - ASW #346 1:08:11

9d ago1:08:11

1:08:11

In this must-see BlackHat 2025 interview, Doug White sits down with Michael Callahan, CMO at Salt Security, for a high-stakes conversation about Agentic AI, Model Context Protocol (MCP) servers, and the massive API security risks reshaping the cyber landscape. Broadcast live from the CyberRisk TV studio at Mandalay Bay, Las Vegas, the discussion pu…

1
AI, APIs, and the Next Cyber Battleground: Black Hat 2025 - Michael Callahan, Idan Plotnik, Josh Lemos, Chris Boehm - ASW #346 1:08:11

9d ago1:08:11

1:08:11

In this must-see BlackHat 2025 interview, Doug White sits down with Michael Callahan, CMO at Salt Security, for a high-stakes conversation about Agentic AI, Model Context Protocol (MCP) servers, and the massive API security risks reshaping the cyber landscape. Broadcast live from the CyberRisk TV studio at Mandalay Bay, Las Vegas, the discussion pu…

1
Translating Security Regulations into Secure Projects - Roman Zhukov, Emily Fox - ASW #345 1:13:31

15d ago1:13:31

1:13:31

The EU Cyber Resilience Act joins the long list of regulations intended to improve the security of software delivered to users. Emily Fox and Roman Zhukov share their experience education regulators on open source software and educating open source projects on security. They talk about creating a baseline for security that addresses technical items…

1
Translating Security Regulations into Secure Projects - Emily Fox, Roman Zhukov - ASW #345 1:13:31

16d ago1:13:31

1:13:31

The EU Cyber Resilience Act joins the long list of regulations intended to improve the security of software delivered to users. Emily Fox and Roman Zhukov share their experience education regulators on open source software and educating open source projects on security. They talk about creating a baseline for security that addresses technical items…

1
Managing the Minimization of a Container Attack Surface - Neil Carpenter - ASW #344 1:08:17

23d ago1:08:17

1:08:17

A smaller attack surface should lead to a smaller list of CVEs to track, which in turn should lead to a smaller set of vulns that you should care about. But in practice, keeping something like a container image small has a lot of challenges in terms of what should be considered minimal. Neil Carpenter shares advice and anecdotes on what it takes to…

1
Managing the Minimization of a Container Attack Surface - Neil Carpenter - ASW #344 1:08:17

23d ago1:08:17

1:08:17

A smaller attack surface should lead to a smaller list of CVEs to track, which in turn should lead to a smaller set of vulns that you should care about. But in practice, keeping something like a container image small has a lot of challenges in terms of what should be considered minimal. Neil Carpenter shares advice and anecdotes on what it takes to…

1
The Future of Supply Chain Security - Janet Worthington - ASW #343 42:13

30d ago42:13

42:13

Open source software is a massive contribution that provides everything from foundational frameworks to tiny single-purpose libraries. We walk through the dimensions of trust and provenance in the software supply chain with Janet Worthington. And we discuss how even with new code generated by LLMs and new terms like slopsquatting, a lot of the most…

1
The Future of Supply Chain Security - Janet Worthington - ASW #343 42:13

30d ago42:13

42:13

Open source software is a massive contribution that provides everything from foundational frameworks to tiny single-purpose libraries. We walk through the dimensions of trust and provenance in the software supply chain with Janet Worthington. And we discuss how even with new code generated by LLMs and new terms like slopsquatting, a lot of the most…

1
Uniting software development and application security - Will Vandevanter, Jonathan Schneider - ASW #342 58:07

1M ago58:07

58:07

Maintaining code is a lot more than keeping dependencies up to date. It involved everything from keeping old code running to changing frameworks to even changing implementation languages. Jonathan Schneider talks about the engineering considerations of refactoring and rewriting code, why code maintenance is important to appsec, and how to build con…

1
Uniting software development and application security - Jonathan Schneider, Will Vandevanter - ASW #342 58:07

1M ago58:07

58:07

Maintaining code is a lot more than keeping dependencies up to date. It involved everything from keeping old code running to changing frameworks to even changing implementation languages. Jonathan Schneider talks about the engineering considerations of refactoring and rewriting code, why code maintenance is important to appsec, and how to build con…

1
How Product-Led Security Leads to Paved Roads - Julia Knecht - ASW #341 1:04:11

1M ago1:04:11

1:04:11

A successful strategy in appsec is to build platforms with defaults and designs that ease the burden of security choices for developers. But there's an important difference between expecting (or requiring!) developers to use a platform and building a platform that developers embrace. Julia Knecht shares her experience in building platforms with an …

1
How Product-Led Security Leads to Paved Roads - Julia Knecht - ASW #341 1:04:11

1M ago1:04:11

1:04:11

A successful strategy in appsec is to build platforms with defaults and designs that ease the burden of security choices for developers. But there's an important difference between expecting (or requiring!) developers to use a platform and building a platform that developers embrace. Julia Knecht shares her experience in building platforms with an …

1
Rise of Compromised LLMs - Sohrob Kazerounian - ASW #340 1:06:35

2M ago1:06:35

1:06:35

AI is more than LLMs. Machine learning algorithms have been part of infosec solutions for a long time. For appsec practitioners, a key concern is always going to be how to evaluate the security of software or a system. In some cases, it doesn't matter if a human or an LLM generated code -- the code needs to be reviewed for common flaws and design p…

1
Rise of Compromised LLMs - Sohrob Kazerounian - ASW #340 1:06:35

2M ago1:06:35

1:06:35

AI is more than LLMs. Machine learning algorithms have been part of infosec solutions for a long time. For appsec practitioners, a key concern is always going to be how to evaluate the security of software or a system. In some cases, it doesn't matter if a human or an LLM generated code -- the code needs to be reviewed for common flaws and design p…

1
Getting Started with Security Basics on the Way to Finding a Specialization - ASW #339 1:07:50

2M ago1:07:50

1:07:50

What are some appsec basics? There's no monolithic appsec role. Broadly speaking, appsec tends to branch into engineering or compliance paths, each with different areas of focus despite having shared vocabularies and the (hopefully!) shared goal of protecting software, data, and users. The better question is, "What do you want to secure?" We discus…

1
Getting Started with Security Basics on the Way to Finding a Specialization - ASW #339 1:07:50

2M ago1:07:50

1:07:50

What are some appsec basics? There's no monolithic appsec role. Broadly speaking, appsec tends to branch into engineering or compliance paths, each with different areas of focus despite having shared vocabularies and the (hopefully!) shared goal of protecting software, data, and users. The better question is, "What do you want to secure?" We discus…

1
Checking in on the State of Appsec in 2025 - Janet Worthington, Sandy Carielli - ASW #338 1:07:15

2M ago1:07:15

1:07:15

Appsec still deals with ancient vulns like SQL injection and XSS. And now LLMs are generating code along side humans. Sandy Carielli and Janet Worthington join us once again to discuss what all this new code means for appsec practices. On a positive note, the prevalence of those ancient vulns seems to be diminishing, but the rising use of LLMs is e…

1
Checking in on the State of Appsec in 2025 - Sandy Carielli, Janet Worthington - ASW #338 1:07:15

2M ago1:07:15

1:07:15

Appsec still deals with ancient vulns like SQL injection and XSS. And now LLMs are generating code along side humans. Sandy Carielli and Janet Worthington join us once again to discuss what all this new code means for appsec practices. On a positive note, the prevalence of those ancient vulns seems to be diminishing, but the rising use of LLMs is e…

1
Simple Patterns for Complex Secure Code Reviews - Louis Nyffenegger - ASW #337 38:26

2M ago38:26

38:26

Manual secure code reviews can be tedious and time intensive if you're just going through checklists. There's plenty of room for linters and compilers and all the grep-like tools to find flaws. Louis Nyffenegger describes the steps of a successful code review process. It's a process that starts with understanding code, which can even benefit from a…

1
Simple Patterns for Complex Secure Code Reviews - Louis Nyffenegger - ASW #337 38:26

2M ago38:26

38:26

Manual secure code reviews can be tedious and time intensive if you're just going through checklists. There's plenty of room for linters and compilers and all the grep-like tools to find flaws. Louis Nyffenegger describes the steps of a successful code review process. It's a process that starts with understanding code, which can even benefit from a…

1
How Fuzzing Barcodes Raises the Bar for Secure Code - Artur Cygan - ASW #336 1:01:18

3M ago1:01:18

1:01:18

Fuzzing has been one of the most successful ways to improve software quality. And it demonstrates how improving software quality improves security. Artur Cygan shares his experience in building and applying fuzzers to barcode scanners, smart contracts, and just about any code you can imagine. We go through the useful relationship between unit tests…

1
How Fuzzing Barcodes Raises the Bar for Secure Code - Artur Cygan - ASW #336 1:01:18

3M ago1:01:18

1:01:18

Fuzzing has been one of the most successful ways to improve software quality. And it demonstrates how improving software quality improves security. Artur Cygan shares his experience in building and applying fuzzers to barcode scanners, smart contracts, and just about any code you can imagine. We go through the useful relationship between unit tests…

1
Threat Modeling With Good Questions and Without Checklists - Farshad Abasi - ASW #335 1:08:00

3M ago1:08:00

1:08:00

What makes a threat modeling process effective? Do you need a long list of threat actors? Do you need a long list of terms? What about a short list like STRIDE? Has an effective process ever come out of a list? Farshad Abasi joins our discussion as we explain why the answer to most of those questions is No and describe the kinds of approaches that …

Applicationsecurityweekly Podcasts

1
Application Security Weekly (Audio)

Security Weekly Productions

1
Application Security Weekly (Video)

Security Weekly

1
Limitations and Liabilities of LLM Coding - Seemant Sehgal, Ted Shorter - ASW #347 1:17:09

1
Limitations and Liabilities of LLM Coding - Ted Shorter, Seemant Sehgal - ASW #347 1:17:09

1
AI, APIs, and the Next Cyber Battleground: Black Hat 2025 - Chris Boehm, Idan Plotnik, Josh Lemos, Michael Callahan - ASW #346 1:08:11

1
AI, APIs, and the Next Cyber Battleground: Black Hat 2025 - Michael Callahan, Idan Plotnik, Josh Lemos, Chris Boehm - ASW #346 1:08:11

1
Translating Security Regulations into Secure Projects - Roman Zhukov, Emily Fox - ASW #345 1:13:31

1
Translating Security Regulations into Secure Projects - Emily Fox, Roman Zhukov - ASW #345 1:13:31

1
Managing the Minimization of a Container Attack Surface - Neil Carpenter - ASW #344 1:08:17

1
Managing the Minimization of a Container Attack Surface - Neil Carpenter - ASW #344 1:08:17

1
The Future of Supply Chain Security - Janet Worthington - ASW #343 42:13

1
The Future of Supply Chain Security - Janet Worthington - ASW #343 42:13

1
Uniting software development and application security - Will Vandevanter, Jonathan Schneider - ASW #342 58:07

1
Uniting software development and application security - Jonathan Schneider, Will Vandevanter - ASW #342 58:07

1
How Product-Led Security Leads to Paved Roads - Julia Knecht - ASW #341 1:04:11

1
How Product-Led Security Leads to Paved Roads - Julia Knecht - ASW #341 1:04:11

1
Rise of Compromised LLMs - Sohrob Kazerounian - ASW #340 1:06:35

1
Rise of Compromised LLMs - Sohrob Kazerounian - ASW #340 1:06:35

1
Getting Started with Security Basics on the Way to Finding a Specialization - ASW #339 1:07:50

1
Getting Started with Security Basics on the Way to Finding a Specialization - ASW #339 1:07:50

1
Checking in on the State of Appsec in 2025 - Janet Worthington, Sandy Carielli - ASW #338 1:07:15

1
Checking in on the State of Appsec in 2025 - Sandy Carielli, Janet Worthington - ASW #338 1:07:15

1
Simple Patterns for Complex Secure Code Reviews - Louis Nyffenegger - ASW #337 38:26

1
Simple Patterns for Complex Secure Code Reviews - Louis Nyffenegger - ASW #337 38:26

1
How Fuzzing Barcodes Raises the Bar for Secure Code - Artur Cygan - ASW #336 1:01:18

1
How Fuzzing Barcodes Raises the Bar for Secure Code - Artur Cygan - ASW #336 1:01:18

1
Threat Modeling With Good Questions and Without Checklists - Farshad Abasi - ASW #335 1:08:00