Best Applicationsecurityweekly Podcasts (2025)

1
Making OAuth Scale Securely for MCPs - Aaron Parecki - ASW #360 1:07:43

Play Pause

5d ago1:07:43

1:07:43

The MCP standard gave rise to dreams of interconnected agents and nightmares of what those interconnected agents would do with unfettered access to APIs, data, and local systems. Aaron Parecki explains how OAuth's new Client ID Metadata Documents spec provides more security for MCPs and the reasons why the behavior and design of MCPs required a new…

1
Making OAuth Scale Securely for MCPs - Aaron Parecki - ASW #360 1:07:43

4h ago1:07:43

1:07:43

The MCP standard gave rise to dreams of interconnected agents and nightmares of what those interconnected agents would do with unfettered access to APIs, data, and local systems. Aaron Parecki explains how OAuth's new Client ID Metadata Documents spec provides more security for MCPs and the reasons why the behavior and design of MCPs required a new…

1
Making TN Critical Infrastructure the Most Secure in the Nation - T. Gwyddon 'Data' ("Gwee-thin") Owen, James Cotter - ASW #359 59:02

12d ago59:02

59:02

For OT systems, uptime is paramount. That's a hard rule that makes maintaining, upgrading, and securing them a complex struggle. Tomas "Data" Owens and James Cotter discuss how Tennessee is tackling the organizational and technical challenges that come with hardening OT systems across the state. Those challenges range from old technology (like RS-2…

1
Making TN Critical Infrastructure the Most Secure in the Nation - T. Gwyddon 'Data' ("Gwee-thin") Owen, James Cotter - ASW #359 59:02

12d ago59:02

59:02

For OT systems, uptime is paramount. That's a hard rule that makes maintaining, upgrading, and securing them a complex struggle. Tomas "Data" Owens and James Cotter discuss how Tennessee is tackling the organizational and technical challenges that come with hardening OT systems across the state. Those challenges range from old technology (like RS-2…

1
Figuring Out Where to Start with Secure Code - ASW #358 46:23

12d ago46:23

46:23

What are your favorite resources for secure code? Co-hosts John Kinsella and Kalyani Pawar talk about the reality of bringing security into a business. We talk about the role of the OWASP Top 10 and the OWASP ASVS in crafting security programs. And balance that with a discussion in what's the best use of everyone's time -- developers and appsec fol…

1
Figuring Out Where to Start with Secure Code - ASW #358 46:23

19d ago46:23

46:23

What are your favorite resources for secure code? Co-hosts John Kinsella and Kalyani Pawar talk about the reality of bringing security into a business. We talk about the role of the OWASP Top 10 and the OWASP ASVS in crafting security programs. And balance that with a discussion in what's the best use of everyone's time -- developers and appsec fol…

1
Secure Coding as Critical Thinking Instead of Vulnspotting - Matias Madou - ASW #357 1:03:41

26d ago1:03:41

1:03:41

Secure code should be grounded more in concepts like secure by default and secure by design than by "spot the vuln" thinking. Matias Madou shares his experience in secure coding training and the importance of teaching critical thinking. He also discusses why critical thinking is so closely related to threat modeling and how LLMs can be a tool for h…

1
Secure Coding as Critical Thinking Instead of Vulnspotting - Matias Madou - ASW #357 1:03:41

24d ago1:03:41

1:03:41

Secure code should be grounded more in concepts like secure by default and secure by design than by "spot the vuln" thinking. Matias Madou shares his experience in secure coding training and the importance of teaching critical thinking. He also discusses why critical thinking is so closely related to threat modeling and how LLMs can be a tool for h…

1
Ransomware, Defaults, and Proactive Defenses - Rob Allen - ASW #356 1:11:26

1M ago1:11:26

1:11:26

Just how bad can things get if someone clicks on a link? Rob Allen joins us again to talk about ransomware, why putting too much attention on clicking links misses the larger picture of effective defenses, and what orgs can do to prepare for an influx of holiday-infused ransomware targeting. Segment resources https://www.bleepingcomputer.com/news/s…

1
Ransomware, Defaults, and Proactive Defenses - Rob Allen - ASW #356 1:11:26

1M ago1:11:26

1:11:26

Just how bad can things get if someone clicks on a link? Rob Allen joins us again to talk about ransomware, why putting too much attention on clicking links misses the larger picture of effective defenses, and what orgs can do to prepare for an influx of holiday-infused ransomware targeting. Segment resources https://www.bleepingcomputer.com/news/s…

1
Researching and Remediating RCEs via GitHub Actions - Bar Kaduri, Roi Nisimi - ASW #355 1:08:08

1M ago1:08:08

1:08:08

Pull requests are a core part of collaboration, whether in open or closed source. GitHub has documented some of the security consequences of misconfiguring how PRs can trigger actions. But what happens when repo owners don't read the docs? Bar Kaduri and Roi Nisimi walk through their experience in reading docs, finding vulns, demonstrating exploits…

1
Researching and Remediating RCEs via GitHub Actions - Bar Kaduri, Roi Nisimi - ASW #355 1:08:08

1M ago1:08:08

1:08:08

Pull requests are a core part of collaboration, whether in open or closed source. GitHub has documented some of the security consequences of misconfiguring how PRs can trigger actions. But what happens when repo owners don't read the docs? Bar Kaduri and Roi Nisimi walk through their experience in reading docs, finding vulns, demonstrating exploits…

1
Quantum Computing Isn't A Threat To Blockchains - Yet - Martha Bennett, Sandy Carielli - ASW #354 58:52

2M ago58:52

58:52

The post quantum encryption migration is going to be a challenge, but how much of a challenge? There are several reasons why it is different from every other protocol and cypher iteration in the past. Is today's hardware up to the task? Is it just swapping out a library, or is there more to it? What is the extent of software, systems, and architect…

1
Quantum Computing Isn't A Threat To Blockchains - Yet - Sandy Carielli, Martha Bennett - ASW #354 58:52

2M ago58:52

58:52

The post quantum encryption migration is going to be a challenge, but how much of a challenge? There are several reasons why it is different from every other protocol and cypher iteration in the past. Is today's hardware up to the task? Is it just swapping out a library, or is there more to it? What is the extent of software, systems, and architect…

1
Reacting to Ransomware and Setting Secure Defaults - Rob Allen - ASW #353 1:03:39

2M ago1:03:39

1:03:39

Ransomware attacks typically don't care about memory safety and dependency scanning, they often target old, unpatched vulns and too often they succeed. Rob Allen shares some of the biggest cases he's seen, what they have in common, and what appsec teams could do better to help them. Too much software still requires custom configuration to make it m…

1
Reacting to Ransomware and Setting Secure Defaults - Rob Allen - ASW #353 1:03:39

2M ago1:03:39

1:03:39

Ransomware attacks typically don't care about memory safety and dependency scanning, they often target old, unpatched vulns and too often they succeed. Rob Allen shares some of the biggest cases he's seen, what they have in common, and what appsec teams could do better to help them. Too much software still requires custom configuration to make it m…

1
Inside the OWASP GenAI Security Project - Steve Wilson - ASW #352 1:07:32

2M ago1:07:32

1:07:32

Interest and participation in the OWASP GenAI Security Project has exploded over the last two years. Steve Wilson explains why it was important for the project to grow beyond just a Top Ten list and address more audiences than just developers. He also talks about how the growth of AI Agents influences the areas that appsec teams need to focus on. W…

1
Inside the OWASP GenAI Security Project - Steve Wilson - ASW #352 1:07:32

2M ago1:07:32

1:07:32

Interest and participation in the OWASP GenAI Security Project has exploded over the last two years. Steve Wilson explains why it was important for the project to grow beyond just a Top Ten list and address more audiences than just developers. He also talks about how the growth of AI Agents influences the areas that appsec teams need to focus on. W…

1
Finding Large Bounties with Large Language Models - Nico Waisman - ASW #351 53:52

2M ago53:52

53:52

1
Application Security Weekly (Video)

Security Weekly Productions

1
Application Security Weekly (Audio)

Security Weekly Productions

1
Making OAuth Scale Securely for MCPs - Aaron Parecki - ASW #360 1:07:43

1
Making OAuth Scale Securely for MCPs - Aaron Parecki - ASW #360 1:07:43

1
Making TN Critical Infrastructure the Most Secure in the Nation - T. Gwyddon 'Data' ("Gwee-thin") Owen, James Cotter - ASW #359 59:02

1
Making TN Critical Infrastructure the Most Secure in the Nation - T. Gwyddon 'Data' ("Gwee-thin") Owen, James Cotter - ASW #359 59:02

1
Figuring Out Where to Start with Secure Code - ASW #358 46:23

1
Figuring Out Where to Start with Secure Code - ASW #358 46:23

1
Secure Coding as Critical Thinking Instead of Vulnspotting - Matias Madou - ASW #357 1:03:41

1
Secure Coding as Critical Thinking Instead of Vulnspotting - Matias Madou - ASW #357 1:03:41

1
Ransomware, Defaults, and Proactive Defenses - Rob Allen - ASW #356 1:11:26

1
Ransomware, Defaults, and Proactive Defenses - Rob Allen - ASW #356 1:11:26

1
Researching and Remediating RCEs via GitHub Actions - Bar Kaduri, Roi Nisimi - ASW #355 1:08:08

1
Researching and Remediating RCEs via GitHub Actions - Bar Kaduri, Roi Nisimi - ASW #355 1:08:08

1
Quantum Computing Isn't A Threat To Blockchains - Yet - Martha Bennett, Sandy Carielli - ASW #354 58:52

1
Quantum Computing Isn't A Threat To Blockchains - Yet - Sandy Carielli, Martha Bennett - ASW #354 58:52

1
Reacting to Ransomware and Setting Secure Defaults - Rob Allen - ASW #353 1:03:39

1
Reacting to Ransomware and Setting Secure Defaults - Rob Allen - ASW #353 1:03:39

1
Inside the OWASP GenAI Security Project - Steve Wilson - ASW #352 1:07:32

1
Inside the OWASP GenAI Security Project - Steve Wilson - ASW #352 1:07:32

1
Finding Large Bounties with Large Language Models - Nico Waisman - ASW #351 53:52

1
Finding Large Bounties with Large Language Models - Nico Waisman - ASW #351 53:52

1
Changing the Vuln Conversation from Volume to Remediation - Francesco Cipollone - ASW #350 1:14:32

1
Changing the Vuln Conversation from Volume to Remediation - Francesco Cipollone - ASW #350 1:14:32

1
Design Errors in Entra ID, Design Defenses in iOS, Design Difficulties in DeepSeek - ASW #349 58:43

1
Design Errors in Entra ID, Design Defenses in iOS, Design Difficulties in DeepSeek - ASW #349 58:43

1
How OWASP's GenAI Security Project keeps up with the pace of AI/Agentic changes - Scott Clinton - ASW #348 1:08:00