Best Sdlc Podcasts (2025)

1
Shift Left in Security Explained: Integrating Security Throughout the SDLC 15:10

14d ago15:10

15:10

In this episode, I explore the crucial principle of 'Shift Left' in security, emphasizing the integration of security measures early in the software development lifecycle (SDLC). I will explain the necessity of moving security considerations from late stages, such as post-release testing, to the very beginning—starting from ideation, requirements, …

1
Inside Autonomous Testing: A Candid Conversation with Marcel from Wopee.io 1:12:49

5d ago1:12:49

1:12:49

Send us a text In this episode of Modern Software, host Mike Verinder sits down with Marcel Veselka, founder of Wopee.io, for an honest and insightful look into the evolving world of autonomous software testing. They dive into Marcel’s journey from PowerPoint prototype to a fully functional AI-driven testing platform that’s reshaping how teams thin…

1
Secure Code Reviews, LLM Coding Assistants, and Trusting Code - Rey Bango, Karim Toubba, Gal Elbaz - ASW #330 1:09:38

6d ago1:09:38

1:09:38

Developers are relying on LLMs as coding assistants, so where are the LLM assistants for appsec? The principles behind secure code reviews don't really change based on who write the code, whether human or AI. But more code means more reasons for appsec to scale its practices and figure out how to establish trust in code, packages, and designs. Rey …

1
Interoperability insights: Advancing Healthcare by bridging science and solutions 17:22

6d ago17:22

17:22

In this episode of Shaping Healthcare, host Laurel Rockall welcomes Anita Mangtani, Senior Healthcare Consultant for Life Sciences at Citius Healthcare Consulting, for an in-depth discussion on interoperability in life sciences. Join them as they: Explore what effective interoperability looks like in life sciences Examine how compliance requirement…

1
AI Era, New Risks: How Data-Centric Security Reduces Emerging AppSec Threats - Vishal Gupta, Idan Plotnik - ASW #329 1:03:03

13d ago1:03:03

1:03:03

We catch up on news after a week of BSidesSF and RSAC Conference. Unsurprisingly, AI in all its flavors, from agentic to gen, was inescapable. But perhaps more surprising (and more unfortunate) is how much the adoption of LLMs has increased the attack surface within orgs. The news is heavy on security issues from MCPs and a novel alignment bypass a…

1
Exploring AI Consciousness / GPT-4.1, o3, o4-mini / Ethical Dilemmas / AIA UK Podcast #2 1:29:25

17d ago1:29:25

1:29:25

In this episode, Gordon Mullan and Govind Shukla dive into the latest AI news, like the new updates to OpenAI's GPT-4.1, Anthropic’s $50M focus on making models easier to understand, and the UAE’s push to bring AI into lawmaking. Tune in for a look at how AI is shaking up technology, regulation, and society! NAVIGATION 00:00 - Introduction 01:01 - …

1
Secure Designs, UX Dragons, Vuln Dungeons - Jack Cable - ASW #328 44:08

20d ago44:08

44:08

In this live recording from BSidesSF we explore the factors that influence a secure design, talk about how to avoid the bite of UX dragons, and why designs should put classes of vulns into dungeons. But we can't threat model a secure design forever and we can't oversimplify guidance for a design to be "more secure". Kalyani Pawar and Jack Cable joi…

1
Coding with AI Agents in 2025: A Game Changer for Developers 15:37

24d ago15:37

15:37

In 2025, AI agents are changing how developers code, build, and think about software. In this video, an experienced solution architect Vladislav Vorobev explains the real differences between popular AI assistants like Copilot and Windsurf, how AI agents actually work in programming, what skills developers need to stay competitive, and where the lin…

1
Managing Secrets - Vlad Matsiiako - ASW #327 1:03:03

27d ago1:03:03

1:03:03

Secrets end up everywhere, from dev systems to CI/CD pipelines to services, certificates, and cloud environments. Vlad Matsiiako shares some of the tactics that make managing secrets more secure as we discuss the distinctions between secure architectures, good policies, and developer friendly tools. We've thankfully moved on from forced 90-day user…

1
More WAFs in Blocking Mode and More Security Headaches from LLMs - Sandy Carielli, Janet Worthington - ASW #326 1:14:45

1M ago1:14:45

1:14:45

The breaches will continue until appsec improves. Janet Worthington and Sandy Carielli share their latest research on breaches from 2024, WAFs in 2025, and where secure by design fits into all this. WAFs are delivering value in a way that orgs are relying on them more for bot management and fraud detection. But adopting phishing-resistant authentic…

1
In Search of Secure Design - ASW #325 1:07:36

1M ago1:07:36

1:07:36

We have a top ten list entry for Insecure Design, pledges to CISA's Secure by Design principles, and tons of CVEs that fall into familiar categories of flaws. But what does it mean to have a secure design and how do we get there? There are plenty of secure practices that orgs should implement are supply chains, authentication, and the SDLC. Those p…

1
Avoiding Appsec's Worst Practices - ASW #324 1:11:19

2M ago1:11:19

1:11:19

We take advantage of April Fools to look at some of appsec's myths, mistakes, and behaviors that lead to bad practices. It's easy to get trapped in a status quo of chasing CVEs or discussing which direction to shift security. But scrutinizing decimal points in CVSS scores or rearranging tools misses the opportunity for more strategic thinking. We s…

1
🎙️ Is BDD Dying? Did Low-Code Kill It? 35:11

2M ago35:11

35:11

Send us a text 🎙️ Episode Title: Is BDD Dying? Did Low-Code Kill It? In this episode of Modern Software, host Mike Verinder is joined by Andy Knight (aka The Automation Panda) for a thoughtful, spicy, and at times hilarious conversation about the state of Behavior-Driven Development (BDD) in 2025. BDD was supposed to revolutionize how teams collabo…

1
Gemini, ChatGPT, and Alibaba: Who Leads the AI Revolution? / AIA UK Podcast #1 1:32:28

2M ago1:32:28

1:32:28

In this first episode of our new podcast, Gordon Mullan and Govind Shukla discuss the latest news in the world of AI, plus other news from robotics, ethics, regulation, and more! NAVIGATION 00:00 - Introduction 06:42 - Google 18:15 - OpenAI 21:44 - Microsoft 40:08 - Mistral 45:16 - China: Alibaba 52:40 - China: Manus 56:30 - Windsurf Editor 57:40 -…

1
Finding a Use for GenAI in AppSec - Keith Hoodlet - ASW #323 54:08

2M ago54:08

54:08

LLMs are helping devs write code, but is it secure code? How are LLMs helping appsec teams? Keith Hoodlet returns to talk about where he's seen value from genAI, where it fits in with tools like source code analysis and fuzzers, and where its limitations mean we'll be relying on humans for a while. Those limitations don't mean appsec should dismiss…

1
Coding Interview Questions and Answers: .NET and Angular / Mock Interview Show #5 1:12:18

2M ago1:12:18

1:12:18

👉 Integrate GitHub Copilot and ChatGPT into your daily work: https://aw.club/global/en/courses/ai-supported-software-engineering In this episode of "Mock Interview Show #5", we dive into .NET and Angular coding interview questions and answers. Whether you're a beginner or have 4+ years of experience, this session will provide valuable insights into…

1
Javan Rasokat and Andra Lezza -- When Chatbots Go Rogue - Lessons Learned from Building and Defending LLM Applications 47:31

2M ago47:31

47:31

Andra Lezza and Javan Rasokat discuss the complexities of securing AI and LLM applications. With years of experience in Application Security (AppSec), Andra and Javan share their journey and lessons from their DEF CON talk on building and defending LLMs. They explore critical vulnerabilities, prompt injection, hallucinations, and the importance of …

1
Redlining the Smart Contract Top 10 - Shashank . - ASW #322 53:01

2M ago53:01

53:01

The crypto world is rife with smart contracts that have been outsmarted by attackers, with consequences in the millions of dollars (and more!). Shashank shares his research into scanning contracts for flaws, how the classes of contract flaws have changed in the last few years, and how optimistic we can be about the future of this space. Segment Res…

1
Jim Routh -- The CISO Transition to the rest of life 49:36

2M ago49:36

49:36

Former CISO Jim Routh discusses his perspective on retirement and career fulfillment in cybersecurity. Rather than viewing retirement as simply stopping work, Routh describes his three-filter approach: working only with people he respects and admires, doing only work he finds fulfilling, and controlling when he works. He shares valuable lessons lea…

1
CISA's Secure by Design Principles, Pledge, and Progress - Jack Cable - ASW #321 1:13:50

2M ago1:13:50

1:13:50

Just three months into 2025 and we already have several hundred CVEs for XSS and SQL injection. Appsec has known about these vulns since the late 90s. Common defenses have been known since the early 2000s. Jack Cable talks about CISA's Secure by Design principles and how they're trying to refocus businesses on addressing vuln classes and prioritizi…

1
Henrik Plate -- OWASP Top 10 Open Source Risks 38:26

3M ago38:26

38:26

Henrik Plate joins us to discuss the OWASP Top 10 Open Source Risks, a guide highlighting critical security and operational challenges in using open source dependencies. The list includes risks like known vulnerabilities, compromised legitimate packages, name confusion attacks, and unmaintained software, providing developers and organizations a fra…

1
Keeping Curl Successful and Secure Over the Decades - Daniel Stenberg - ASW #320 1:09:02

3M ago1:09:02

1:09:02

Curl and libcurl are everywhere. Not only has the project maintained success for almost three decades now, but it's done that while being written in C. Daniel Stenberg talks about the challenges in dealing with appsec, the design philosophies that keep it secure, and fostering a community to create one of the most recognizable open source projects …

1
Forging efficiencies: Strategies for integrated and personalized care 23:45

3M ago23:45

23:45

In this episode of Shaping Healthcare, host Laurel Rockall welcomes Shitang Patel, VP of Health Plans and Consulting at CitiusTech, Jennifer Zellinger, VP of Product Development and Management at enGen, and Jennifer Magaro, SVP of Customer & Engagement Experience Solutions at enGen, for an in-depth discussion on integrated healthcare solutions and …

1
Tanya Janca -- A Secure SDLC from a Developer's Perspective 48:54

3M ago48:54

48:54

Security expert Tanya Janca discusses her new book "Alice and Bob Learn Secure Coding" and shares insights on making security accessible to developers. In this engaging conversation, she explores how security professionals can better connect with developers through threat modeling, maintaining empathy, and creating inclusive learning environments. …

1
Autonomous SDLC : A Test Product Perspective with ChecksumAI Cofounder Gal Vered 43:22

3M ago43:22

43:22

Send us a text Revolutionizing Testing with AI: Checksum’s Journey In this episode of Modern Software, Mike Verinder sits down with Gal Vered, co-founder of Checksum, to explore how AI is reshaping the Autonomous Software Development Life Cycle (SDLC). Gal shares his journey, the mission behind Checksum, and how their AI-driven testing solutions ar…

1
Developer Environments, Developer Experience, and Security - Dan Moore - ASW #319 1:10:21

3M ago1:10:21

1:10:21

Minimizing latency, increasing performance, and reducing compile times are just a part of what makes a development environment better. Throw in useful tests and some useful security tools and you have an even better environment. Dan Moore talks about what motivates some developers to prefer a "local first" approach as we walk through what all of th…

1
Top 10 Web Hacking Techniques of 2024 - James Kettle - ASW #318 44:57

3M ago44:57

44:57

We're getting close to two full decades of celebrating web hacking techniques. James Kettle shares which was his favorite, why the list is important to the web hacking community, and what inspires the kind of research that makes it onto the list. We discuss why we keep seeing eternal flaws like XSS and SQL injection making these lists year after ye…

1
Accelerating healthcare innovation: Modernizing SDLC with platform engineering 26:10

3M ago26:10

26:10

In this episode of Shaping Healthcare, host Laurel Rockall welcomes Vinay Kumar Ramachander, Assistant Vice President at CitiusTech, and Francis Mohanty, Enterprise Sales Engineer for Global SIs at Harness, for an in-depth discussion on healthcare technology transformation. Join them as they: Explore how DevOps trends are reshaping healthcare techn…

1
Mehran Koushkebaghi -- Security as a Systemic Concern: How to develop Anti-Requirements 45:08

3M ago45:08

45:08

Mehran Koushkebaghi, a seasoned engineering expert, delves into the intricacies of systemic security. He draws parallels between civil engineering and IT systems, and explains the importance of holistic thinking in security design. Discover the difference between semantic and syntactic vulnerabilities and understand how anti-requirements play a cri…

Podcasts Worth a Listen

Sdlc Podcasts

Podcasts Worth a Listen