Securing the future of DevOps and AI: real talk with industry leaders.
…
continue reading
OWASP Podcasts
Podcasts from the MiSec, OWASP Detroit, and BSides Detroit communities.
…
continue reading
The OWASP Podcast Series is a recorded series of discussions with thought leaders and practitioners who are working on securing the future for coming generations.
…
continue reading
Chris Romeo and Robert Hurlbut dig into the tips, tricks, projects, and tactics that make various application security professionals successful. They cover all facets of application security, from threat modeling and OWASP to DevOps+security and security champions. They approach these stories in an educational light, explaining the details in a way those new to the discipline can understand. Chris Romeo is the CEO of Devici and a General Partner at Kerr Ventures, and Robert Hurlbut is a Prin ...
…
continue reading
This podcast contains security topics discussed by the Secure Ideas LLC. team.
…
continue reading
Exploring the bonds shared between people and technology
…
continue reading
A podcast about the world of Cybersecurity, Privacy, Compliance, and Regulatory issues that arise in today's workplace. Co-hosts Bryan Brake, Brian Boettcher, and Amanda Berlin teach concepts that aspiring Information Security professionals need to know, or refresh the memories of seasoned veterans.
…
continue reading
About all things AppSec, DevOps, and DevSecOps. Hosted by Mike Shema and John Kinsella, the podcast focuses on helping its audience find and fix software flaws effectively.
…
continue reading
Der Chaos Computer Club ist die größte europäische Hackervereinigung, und seit über 25 Jahren Vermittler im Spannungsfeld technischer und sozialer Entwicklungen.
…
continue reading
Daily cybersecurity news for practitioners. Vulnerabilities, defenses, threats, network security insight, research and more to make you sound smarter as you get to the office in the morning. New each weekday.
…
continue reading
About all things AppSec, DevOps, and DevSecOps. Hosted by Mike Shema and John Kinsella, the podcast focuses on helping its audience find and fix software flaws effectively.
…
continue reading
A weekly podcast of all things application security related. Hosted by Ken Johnson and Seth Law.
…
continue reading
Shared Security is your premier cybersecurity and privacy podcast where we explore the bonds shared between people and technology. Join industry experts Tom Eston, Scott Wright, and Kevin Johnson as they deliver the latest news, actionable tips, expert guidance, and insightful interviews with top cybersecurity and privacy specialists. Stay informed and take control of your online security and privacy in today's interconnected world. Tune in every week to discover invaluable insights, strateg ...
…
continue reading
Coffee, Chaos & ProdSec is where cybersecurity meets caffeine-fueled chaos. Hosts Kurt (security architect and chaos tamer) and Cameron (ProdSec wrangler and DevSecOps junkie) dive into hacking, AppSec, supply chain failures, AI surprises, and the everyday madness of defending modern systems. With humor, sharp insight, real breach breakdowns, bad password confessions, and a few questionable impressions, they explore the messy reality of security and how teams survive it. New episodes Every W ...
…
continue reading
CISO Insights: The Cybersecurity Leadership Podcast Where Security Leaders Shape Tomorrow’s Defenses Join us for CISO Insights, the definitive podcast for cybersecurity executives navigating today’s evolving threat landscape. Each episode delivers exclusive conversations with industry pioneers and practical frameworks from security leaders. CISO Insights provides actionable intelligence for executives building resilient security programs. We cover everything from board-level risk communicati ...
…
continue reading
Your anything goes security podcast presented to you by Black Lantern Security
…
continue reading
Security teams have their hands full. Building relationships across the entire organization is vital for success. In Champions of Security, I interview passionate individuals with unique stories. Each guest shares their honest opinions about what’s working (and what isn’t) in the security world. Tune in to learn valuable insights about keeping your customers safe.
…
continue reading
Welcome to the Women in Security Podcast! This podcast is devoted to the world of information & cyber security and the great women who make it turn. In each episode, I sit down with a guest speaker to discuss their experiences and touch on some of the lesser known aspects of the industry. We'll shed light on the routes to the various technical and non-technical roles in this space, as well as exploring the skillsets required to be successful.
…
continue reading
Welcome to The Craft of Open Source, hosted by Ben Rometsch, Co-Founder and CEO of Flagsmith. This bi-weekly show is focused on the ins and outs of the Open Source Software Community. Join Ben as he speaks with the brightest minds that have brought us some of the most adopted technologies on earth. Each episode is an interview with creators, maintainers, entrepreneurs, and key contributors to the open source community. We will cover critical topics for open source developers, contributors an ...
…
continue reading
1
OWASP Top 10:2025: Aktuelle Informationen und Insights zum Projekt (god2025)
11:10
11:10
Play later
Play later
Lists
Like
Liked
11:10
Der Kurzvortrag stellt den aktuellen Stand der OWASP Top 10:2025 vor, mit etwas Glück haben wir bis dahin schon mehr...Licensed to the public under https://creativecommons.org/licenses/by-sa/4.0/about this event: https://c3voc.deBy Torsten Gigler
…
continue reading
1
Ep 12 - OWASP Top 10:2025 RC1 Breakdown - The Vulnerabilities That Refuse To Die
1:04:57
1:04:57
Play later
Play later
Lists
Like
Liked
1:04:57
🎙️ Coffee, Chaos & ProdSec - Ep 12 The OWASP Top 10:2025 RC1 is here, and it is already causing chaos. So this week, Kurt and Cameron grab their mugs and break down every category with real world stories, honest takes, and a few spicy opinions on why some vulnerabilities just will not go away. From Broken Access Control dominating the charts again,…
…
continue reading
This episode, the 304th of Absolute AppSec, features hosts Ken Johnson (@cktricky) and Seth Law (@sethlaw) discussing the crush of Q4 expectations, upcoming training opportunities, the recent updates to the OWASP Top Ten, and the impact of AI tools like XBow on application security (AppSec) consulting. The hosts discuss the shift in the OWASP Top T…
…
continue reading
1
OWASP Top 10 for 2025: What’s New and Why It Matters
18:59
18:59
Play later
Play later
Lists
Like
Liked
18:59
In this episode, we discuss the newly released OWASP Top 10 for 2025. Join hosts Tom Eston, Scott Wright, and Kevin Johnson as they explore the changes, the continuity, and the significance of the update for application security. Learn about the importance of getting involved with the release candidate to provide feedback and suggestions. The conve…
…
continue reading
1
OWASP Top 10 for 2025: What's New and Why It Matters
19:00
19:00
Play later
Play later
Lists
Like
Liked
19:00
In this episode, we discuss the newly released OWASP Top 10 for 2025. Join hosts Tom Eston, Scott Wright, and Kevin Johnson as they explore the changes, the continuity, and the significance of the update for application security. Learn about the importance of getting involved with the release candidate to provide feedback and suggestions. The conve…
…
continue reading
1
De Cyberbeveiligingswet: De Digitale Revolutie van 2026
17:20
17:20
Play later
Play later
Lists
Like
Liked
17:20
In deze aflevering duiken we in de nieuwe Cyberbeveiligingswet (Cbw), die de Europese NIS2-richtlijn naar Nederlandse wetgeving vertaalt en de huidige Wbni vervangt. We bespreken waarom de implementatie is vertraagd tot het tweede kwartaal van 2026 en waarom de Rijksoverheid adviseert om nu al te starten met de tien verplichte zorgplichtmaatregelen…
…
continue reading
1
The Cbw Countdown: Surviving the Dutch Cybersecurity Revolution
16:30
16:30
Play later
Play later
Lists
Like
Liked
16:30
This episode unpacks the new timeline for the Cyberbeveiligingswet, the Dutch implementation of NIS2 now projected for the second quarter of 2026, and explains the critical distinction between Essential and Important entities. We dive into the expanded fiduciary duties for board members, who now face mandatory training and potential personal liabil…
…
continue reading
1
Carded at the Digital Door: The Surveillance of the Public Square
35:51
35:51
Play later
Play later
Lists
Like
Liked
35:51
As governments from Australia to Texas enforce "digital borders" through mandates like the Social Media Minimum Age Act, the internet is rapidly shifting from an open forum to a surveillance state requiring government ID or biometric scans for entry. While intended to protect children, experts warn these systems create "massive centralized reposito…
…
continue reading
1
SANS Stormcast Friday, December 12th, 2025: Local AI Models; Mystery Chrome 0-Day; SOAPwn Attack
6:56
6:56
Play later
Play later
Lists
Like
Liked
6:56
Using AI Gemma 3 Locally with a Single CPU Installing AI models on modes hardware is possible and can be useful to experiment with these models on premise https://isc.sans.edu/diary/Using%20AI%20Gemma%203%20Locally%20with%20a%20Single%20CPU%20/32556 Mystery Google Chrome 0-Day Vulnerability Google released an update for Google Chrome fixing a vulne…
…
continue reading
1
The Perimeter is Dead: How Vendor Insecurity Ignited a $500 Million Ransomware Crisis
33:39
33:39
Play later
Play later
Lists
Like
Liked
33:39
We investigate the "Firewall Crisis" where the four dominant vendors—Cisco, Fortinet, SonicWall, and Check Point—collectively contributed over 50 actively exploited vulnerabilities to CISA's catalog, effectively transforming defensive appliances into primary attack vectors. The discussion uncovers how this systemic failure enabled the Akira ransomw…
…
continue reading
1
SANS Stormcast Thursday, December 11th, 2025: Possible CVE-2024-9042 variant; react2shell exploits; notepad++ update hijacking; macOS priv escalation
6:58
6:58
Play later
Play later
Lists
Like
Liked
6:58
Possible exploit variant for CVE-2024-9042 (Kubernetes OS Command Injection) We observed HTTP requests with our honeypot that may be indicative of a new version of an exploit against an older vulnerability. Help us figure out what is going on. https://isc.sans.edu/diary/Possible%20exploit%20variant%20for%20CVE-2024-9042%20%28Kubernetes%20OS%20Comma…
…
continue reading
1
Ep 15 - Part 1 - Get Comfortable Being Vulnerable: The Chaos Behind Every CVE and Every Risk
1:11:58
1:11:58
Play later
Play later
Lists
Like
Liked
1:11:58
🎙️ Coffee, Chaos and ProdSec - Ep 15 Vulnerabilities are piling up faster than teams can read the reports, and vulnerability management is buckling under the weight. So this week, Kurt and Cameron grab their mugs and dig into why modern VM feels impossible, why severity scores mislead everyone, and how reachability and exploitability matter far mor…
…
continue reading
1
SANS Stormcast Wednesday, December 10th, 2025: Microsoft, Adobe, Ivanti, Fortinet, and Ruby patches.
8:04
8:04
Play later
Play later
Lists
Like
Liked
8:04
Microsoft Patch Tuesday Microsoft released its regular monthly patch on Tuesday, addressing 57 flaws. https://isc.sans.edu/diary/Microsoft%20Patch%20Tuesday%20December%202025/32550 Adobe Patches Adobe patched five products. The remote code execution in ColdFusion, as well as the code execution issue in Acrobat, will very likely see exploits soon. h…
…
continue reading
1
The Chat Control Dilemma: Voluntary Surveillance, Age Checks, and the Fight for Encryption
14:27
14:27
Play later
Play later
Lists
Like
Liked
14:27
After years of controversy, EU member states have agreed on a revised position for the "Chat Control" regulation that drops mandatory mass scanning but introduces a framework for "voluntary" detection of private messages. Privacy advocates and security experts warn that this new "risk mitigation" approach, coupled with mandatory age verification, c…
…
continue reading
1
Making OAuth Scale Securely for MCPs - Aaron Parecki - ASW #360
1:07:43
1:07:43
Play later
Play later
Lists
Like
Liked
1:07:43
The MCP standard gave rise to dreams of interconnected agents and nightmares of what those interconnected agents would do with unfettered access to APIs, data, and local systems. Aaron Parecki explains how OAuth's new Client ID Metadata Documents spec provides more security for MCPs and the reasons why the behavior and design of MCPs required a new…
…
continue reading
1
Making OAuth Scale Securely for MCPs - Aaron Parecki - ASW #360
1:07:43
1:07:43
Play later
Play later
Lists
Like
Liked
1:07:43
The MCP standard gave rise to dreams of interconnected agents and nightmares of what those interconnected agents would do with unfettered access to APIs, data, and local systems. Aaron Parecki explains how OAuth's new Client ID Metadata Documents spec provides more security for MCPs and the reasons why the behavior and design of MCPs required a new…
…
continue reading
1
SANS Stormcast Tuesday, December 9th, 2025: nanoKVM Vulnerabilities; Ghostframe Phishing; WatchGuard Advisory
6:26
6:26
Play later
Play later
Lists
Like
Liked
6:26
nanoKVM Vulnerabilities The nanoKVM device updates firmware insecurely; however, the microphone that the authors of the advisory referred to as undocumented may actually be documented in the underlying hardware description. https://www.tomshardware.com/tech-industry/cyber-security/researcher-finds-undocumented-microphone-and-major-security-flaws-in…
…
continue reading
1
Verification Nation: Inside Australia’s Great Social Media Lockout
13:11
13:11
Play later
Play later
Lists
Like
Liked
13:11
Australia is launching a world-first "grand experiment" by banning social media for under-16s and mandating age verification for search engines, threatening fines of up to $49.5 million for tech giants that fail to comply. We explore the massive privacy trade-offs as millions of Australians—adults included—face requirements to submit government IDs…
…
continue reading
1
Seeing Is Not Believing: How to Spot AI-Generated Video
17:10
17:10
Play later
Play later
Lists
Like
Liked
17:10
In this episode we discuss the rising challenge of AI-generated videos, including deepfakes and synthetic clips that can deceive even a skeptical viewer. Once the gold standard of proof, video content is now increasingly manipulated through advanced AI tools like Sora 2 and Google’s Nano Banana, making it harder to separate reality from fiction. To…
…
continue reading
1
Seeing Is Not Believing: How to Spot AI-Generated Video
17:10
17:10
Play later
Play later
Lists
Like
Liked
17:10
In this episode we discuss the rising challenge of AI-generated videos, including deepfakes and synthetic clips that can deceive even a skeptical viewer. Once the gold standard of proof, video content is now increasingly manipulated through advanced AI tools like Sora 2 and Google's Nano Banana, making it harder to separate reality from fiction. To…
…
continue reading
1
SANS Stormcast Monday, December 8th, 2025: AutoIT3 FileInstall; React2Shell Update; Tika Vuln
5:34
5:34
Play later
Play later
Lists
Like
Liked
5:34
AutoIT3 Compiled Scripts Dropping Shellcodes Malicious AutoIT3 scripts are usign the FileInstall function to include additional scripts at compile time that are dropped as temporary files during execution. https://isc.sans.edu/diary/AutoIT3%20Compiled%20Scripts%20Dropping%20Shellcodes/32542 React2Shell Update The race is on to patch vulnerable syst…
…
continue reading
1
The Minivan Empire: How a Solo CISO Built a Global Intelligence Network from a Honda Odyssey
32:40
32:40
Play later
Play later
Lists
Like
Liked
32:40
Discover how a veteran security consultant rebuilt a media empire from scratch following a business collapse, all while operating full-time from a solar-powered Honda Odyssey with Starlink. We explore how the CyberAdX Network leverages extreme automation to deliver 25 million annual impressions and undercut legacy publishers by 50 to 100 times in c…
…
continue reading
1
CISO Insights: The Strategic Security Briefing
12:04
12:04
Play later
Play later
Lists
Like
Liked
12:04
Broadcasting 3-4 episodes weekly, this show delivers critical analysis on data breaches, compliance frameworks, and threat intelligence to a loyal audience of enterprise security practitioners. The listener base is heavily concentrated in the US market (45%), with deep penetration in major tech hubs like California and defense sectors in Virginia. …
…
continue reading
1
NIS2 Unlocked: The New Era of European Cyber Resilience
35:19
35:19
Play later
Play later
Lists
Like
Liked
35:19
This episode explores the transformative impact of the NIS2 Directive, which mandates robust cybersecurity risk management and strict "24-72-30" incident reporting timelines for essential and important entities across the EU. We break down the critical distinctions in supervisory regimes and the expanded scope that now includes sectors ranging from…
…
continue reading
1
SANS Stormcast Friday, December 5th, 2025: Compromised Govt System; React Vuln Update; Array Networks VPN Attacks
4:35
4:35
Play later
Play later
Lists
Like
Liked
4:35
Nation-State Attack or Compromised Government? [Guest Diary] An IP address associated with the Indonesian Government attacked one of our interns' honeypots. https://isc.sans.edu/diary/Nation-State%20Attack%20or%20Compromised%20Government%3F%20%5BGuest%20Diary%5D/32536 React Update Working exploits for the React vulnerability patched yesterday are n…
…
continue reading
1
Taming the AI Gold Rush: A New Building Code for Trustworthy Intelligence
13:24
13:24
Play later
Play later
Lists
Like
Liked
13:24
As the tech world races through an "AI gold rush," the gap between rapid innovation and safety standards has created massive risks for organizations deploying Generative AI. This episode breaks down the new OWASP AI Maturity Assessment (AIMA), a comprehensive blueprint that acts as a "building code" to ensure AI systems are secure, reliable, and al…
…
continue reading
1
SANS Stormcast Thursday, December 4th, 2025: CDN Headers; React Vulnerabiity; PickleScan Patch
6:44
6:44
Play later
Play later
Lists
Like
Liked
6:44
Attempts to Bypass CDNs Our honeypots recently started receiving scans that included CDN specific headers. https://isc.sans.edu/diary/Attempts%20to%20Bypass%20CDNs/32532 React Vulnerability CVE-2025-55182 React patched a critical vulnerability in React server components. Exploitation is likely imminent. https://react.dev/blog/2025/12/03/critical-se…
…
continue reading
1
Mastering Digital Resilience: The DORA in Control Framework
13:37
13:37
Play later
Play later
Lists
Like
Liked
13:37
This episode explores the challenges financial institutions face in translating the complex legal requirements of the EU’s Digital Operational Resilience Act (DORA) into practical, daily operations. We dive into the "DORA in Control" framework developed by NOREA, which consolidates the regulation into 95 actionable controls across eight domains to …
…
continue reading
1
Ep 14 - DevSecOps Without the Buzzwords - What It Really Takes to Build Secure Software
1:09:57
1:09:57
Play later
Play later
Lists
Like
Liked
1:09:57
🎙️ Coffee, Chaos and ProdSec - Ep 14 DevSecOps gets thrown around in cybersecurity more than any other term, but almost no one agrees on what it actually means. So this week, Kurt and Cameron pour fresh mugs and unpack the real practices behind modern Application Security, Product Security, DevSecOps, and Software Supply Chain Security without the …
…
continue reading
1
SANS Stormcast Wednesday, December 3rd, 2025: SmartTube Compromise; NPM Malware Prompt Injection Attempt; Angular XSS Vulnerability
6:06
6:06
Play later
Play later
Lists
Like
Liked
6:06
SmartTube Android App Compromise The key a developer used to sign the Android YouTube player SmartTube was compromised and used to publish a malicious version. https://github.com/yuliskov/SmartTube/issues/5131#issue-3670629826 https://github.com/yuliskov/SmartTube/releases/tag/notification Two Years, 17K Downloads: The NPM Malware That Tried to Gas…
…
continue reading
Given the spate of recent npm news stories, we've arranged a topical show with software supply-chain security researcher and npm hacker Paul McCarty (find Paul on bsky https://bsky.app/profile/6mile.githax.com) . Paul is currently a researcher with Safety (https://getsafety.com/) and has a background in security including work at John Deere, Boeing…
…
continue reading
1
Vulnerabilities In Enterprise AI Workflows With Nicolas Dupont
34:34
34:34
Play later
Play later
Lists
Like
Liked
34:34
Episode Summary As AI systems become increasingly integrated into enterprise workflows, a new security frontier is emerging. In this episode of The Secure Developer, host Danny Allan speaks with Nicolas Dupont about the often-overlooked vulnerabilities hiding in vector databases and how they can be exploited to expose sensitive data. Show Notes As …
…
continue reading
1
Agent Zero: The New Era of Autonomous Cybercrime
16:29
16:29
Play later
Play later
Lists
Like
Liked
16:29
This episode explores how the widespread deployment of agentic AI is fundamentally redefining enterprise security by creating fully autonomous, adaptive, and scalable threats that act with growing authority to execute multi-step operations and interact with real systems. We analyze how this shift has industrialized cybercrime, allowing automated op…
…
continue reading
1
Making TN Critical Infrastructure the Most Secure in the Nation - T. Gwyddon 'Data' ("Gwee-thin") Owen, James Cotter - ASW #359
59:02
59:02
Play later
Play later
Lists
Like
Liked
59:02
For OT systems, uptime is paramount. That's a hard rule that makes maintaining, upgrading, and securing them a complex struggle. Tomas "Data" Owens and James Cotter discuss how Tennessee is tackling the organizational and technical challenges that come with hardening OT systems across the state. Those challenges range from old technology (like RS-2…
…
continue reading
1
Making TN Critical Infrastructure the Most Secure in the Nation - T. Gwyddon 'Data' ("Gwee-thin") Owen, James Cotter - ASW #359
59:02
59:02
Play later
Play later
Lists
Like
Liked
59:02
For OT systems, uptime is paramount. That's a hard rule that makes maintaining, upgrading, and securing them a complex struggle. Tomas "Data" Owens and James Cotter discuss how Tennessee is tackling the organizational and technical challenges that come with hardening OT systems across the state. Those challenges range from old technology (like RS-2…
…
continue reading
1
SANS Stormcast Tuesday, December 2nd, 2025: Analyzing ToolShell from Packdets; Android Update; Long Game Malicious Browser Ext.
5:49
5:49
Play later
Play later
Lists
Like
Liked
5:49
Hunting for SharePoint In-Memory ToolShell Payloads A walk-through showing how to analyze ToolShell payloads, starting with acquiring packets all the way to decoding embedded PowerShell commands. https://isc.sans.edu/diary/%5BGuest%20Diary%5D%20Hunting%20for%20SharePoint%20In-Memory%20ToolShell%20Payloads/32524 Android Security Bulletin December 20…
…
continue reading
1
The Hallucination Trap: Cutting Through AI Vendor Hype and Red Flags
14:40
14:40
Play later
Play later
Lists
Like
Liked
14:40
The cybersecurity market is saturated with "AI washing," forcing CISOs to rigorously vet vendors promising "autonomous" capabilities that often lack genuine intelligence. This episode provides a battle-tested framework for demanding proof over promises, revealing critical technical red flags like claims of zero hallucinations or a lack of essential…
…
continue reading
1
So You Want to Be a CISO? With vCISO and Security Justice Alum Chris Clymer
31:09
31:09
Play later
Play later
Lists
Like
Liked
31:09
In this special episode of the Shared Security Podcast, host Tom Eston reunites with former co-host and experienced fractional CISO, Chris Clymer. They reminisce about their early podcasting days and discuss the evolving role of a Chief Information Security Officer (CISO). The conversation covers the responsibilities, challenges, and skills require…
…
continue reading
