OwlTail

Cover image of Application Security Weekly (Video)

Application Security Weekly (Video)

Application Security Weekly decrypts development for the Security Professional - exploring how to inject security into their organization’s Software Development Lifecycle (SDLC) in a fluid and transparent way; Learn the tools, techniques, and processes necessary to move at the speed of DevOps (even if you aren’t a DevOps shop yet). The target audience for Application Security Weekly spans the gamut of Security Engineers and Practitioners that need to level-up their skills in the Application Security space - as well as enabling “Cyber Curious” developers to get involved in the Application Security process at their organizations. To a lesser extent, we hope to arm Security Managers and Executives with the knowledge to be conversational in the realm of DevOps - and to provide the right questions to ask their colleagues in development, along with the metrics to think critically about the answers they receive.

Popular episodes

All episodes

The best episodes ranked using user listens.

Podcast cover

Securing Multi-Cloud Environments - Application Security Weekly #69

Gururaj Pandurangi is a founder and CEO of Cloudneeti, a software-as-a-service company focused on continuous cloud security, data privacy and compliance assurance. Gururaj is coming on the show to discuss security in multi-cloud environments. To learn more about Cloudneeti, visit: https://securityweekly.com/cloudneeti Full Show Notes: https://wiki.securityweekly.com/ASW_Episode69 Follow us on Twitter: https://www.twitter.com/securityweekly

39mins

16 Jul 2019

Rank #1

Podcast cover

Protecting Data in Apps and Protecting Apps from Data - ASW #92

Apps must protect the data they collect. How can DevOps teams apply effective controls like strong authentication and authorization? How do cloud services help or hinder encrypting data? Envelope encryption uses multiple keys to protect data. It's a scalable pattern for protecting data and is nicely documented for AWS, Azure, and GCP. Be warned that each provider uses slightly different terminology for the same principle components. Kubernetes also supports this pattern. Data is also an attack vector that apps must protect themselves against. How relevant is the security recommendation of "use input validation" for modern apps? How can apps that rely on user-generated content or microservice architectures handle data securely? Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/ASWEpisode92

35mins

21 Jan 2020

Rank #2

Similar Podcasts

Podcast cover

Ethereum, Kali Linux, & Creepy Alexa - Application Security Weekly #8

In the news, Amazon admits Alexa is creepily laughing at people and is working on a fix, Ethereum fixes serious 'eclipse' flaw that could be exploited by any kid, Kali Linux is now an app in the Windows Store, & more on this episode of Application Security Weekly! Full Show Notes: https://wiki.securityweekly.com/ASW_Episode08 Visit our website: http://securityweekly.com Follow us on Twitter: https://www.twitter.comsecurityweekly

24mins

14 Mar 2018

Rank #3

Podcast cover

Bugs, Breaches, & More - ASW #76

Simjacker – Next Generation Spying Over Mobile, Intel CPUs Vulnerable to Sensitive Data Leakage in NetCAT Attack and NetCAT: Practical Cache Attacks from the Network, What is PSD2? And how it will impact the payments processing industry, Better Together: Why Software-Development Toolmakers Should Embrace Integration, and more! Full Show Notes: https://wiki.securityweekly.com/BSWEpisode143 Visit https://www.securityweekly.com/asw for all the latest episodes!

28mins

18 Sep 2019

Rank #4

Most Popular Podcasts

Podcast cover

MacOS Catalina, OpenShift, & Pink Floyd - Application Security Weekly #64

"Waiting for the worms to come." -- Pink Floyd and RDP's CVE-2019-0708. Even the NSA warns about the population of exposed systems, A patch commands attention for mail servers, In macOS Catalina and iOS 13, Apples finds a way to find devices and not lose privacy, iOS App Transport Security has strong benefits, but weak adoption, and much more! Full Show Notes: https://wiki.securityweekly.com/ASW_Episode64 Follow us on Twitter: https://www.twitter.com/securityweekly

31mins

12 Jun 2019

Rank #5

Podcast cover

Galen Hunt, Microsoft - Application Security Weekly #27

Galen founded and lead the team building the Azure Sphere, announced at RSA Conference 2018. Our goal is to make IoT safe for society. Azure Sphere provides an end-to-end solution that enables any device manufacturer to create highly-secured devices; devices possessing all 7 Properties of Highly-Secured Devices. Full Show Notes: https://wiki.securityweekly.com/ASW_Episode27 Follow us on Twitter: https://www.twitter.com/securityweekly

29mins

8 Aug 2018

Rank #6

Podcast cover

Daniel Cuthbert, Banco Santander - Application Security Weekly #38

Daniel Cuthbert is the Global Head of Security Research for Banco Santander. He joins Keith and Paul this week for an interview! Full Show Notes: https://wiki.securityweekly.com/ASW_Episode38 Follow us on Twitter: https://www.twitter.com/securityweekly

23mins

6 Nov 2018

Rank #7

Podcast cover

OWASP Application Security Verification Standard - Application Security Weekly #04

This week, Paul and Keith discuss OWASP Application Security Verification Standards! Full Show Notes: https://wiki.securityweekly.com/ASW_Episode04 Subscribe to our YouTube channel: https://www.youtube.com/securityweekly Visit our website: http://securityweekly.com Follow us on Twitter: https://www.twitter.comsecurityweekly

25mins

4 Feb 2018

Rank #8

Podcast cover

Agile vs. DevOps - Application Security Weekly #18

This week, Keith and Paul discuss what the difference is between Agile, CI/CD, and DevOps! Agile is focused on processed, highlighting change, all while accelerating delivery. CI/CD focuses on software-defined life cycles, highlighting tools, all that emphasize automation. DevOps focuses on culture, highlighting roles that emphasize responsiveness. Full Show Notes: https://wiki.securityweekly.com/ASW_Episode18 Visit our website: http://securityweekly.com Follow us on Twitter: https://www.twitter.comsecurityweekly

31mins

6 Jun 2018

Rank #9

Podcast cover

Bugs, Breaches, and More - Application Security Weekly #47

In the News segment, Oracle patches 284 vulnerabilities, bug in Twitter Android app exposed protected tweets, 4 tips for better API Security in 2019, and more! Full Show Notes: https://wiki.securityweekly.com/ASW_Episode47 Follow us on Twitter: https://www.twitter.com/securityweekly

29mins

23 Jan 2019

Rank #10

Podcast cover

Sysdig Secure 3.0 - Pawan Shankar - ASW #85

Pawan Shankar is the Senior Product Marketing Manager of Sysdig. Sysdig is very excited to announce the launch of Sysdig Secure 3.0! With this release, Sysdig Secure is the industry’s first security tool to bring both threat prevention and incident response to Kubernetes. To learn more about Sysdig, visit: https://securityweekly.com/sysdig Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/ASWEpisode85

36mins

20 Nov 2019

Rank #11

Podcast cover

Shannon Lietz, Intuit - Application Security Weekly #65

Mike Shema and John Kinsella interview Shannon Lietz, the Director Information Security at Intuit about DevOps. Full Show Notes: https://wiki.securityweekly.com/ASW_Episode65 Follow us on Twitter: https://www.twitter.com/securityweekly

33mins

18 Jun 2019

Rank #12

Podcast cover

The Benefits of SAST and SCA in Your IDE - Utsav Sanghani - ASW #101

Static application security testing (SAST) is critical for uncovering and eliminating issues in proprietary code. However, over 60% of the code in an average application today is composed of open source components. SAST isn't designed to find open source vulnerabilities (CVEs) or identify open source licenses. And manually maintaining a repository of approved open source components for developers is inefficient and time-consuming. That’s where software composition analysis (SCA) comes in. Introducing a new functionality within the Code Sight IDE plugin that combines SAST and SCA in one place to enable secure development. For more information, visit: https://securityweekly.com/synopsys Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/ASWEpisode101

38mins

23 Mar 2020

Rank #13

Podcast cover

Bugs, Breaches, and More! - Application Security Weekly #36

Paul and April Wright discuss a jQuery Plugin that has been exploited for years is finally getting patched, a flaw in LibSSH leaves thousands of servers at risk, and a remote code implantation flaw found in Medtronic Cardiac Programmers. Full Show Notes: https://wiki.securityweekly.com/ASW_Episode36 Follow us on Twitter: https://www.twitter.com/securityweekly

29mins

23 Oct 2018

Rank #14

Podcast cover

Bugs, Breaches, and More! - ASW #73

CVE-2019-1162 showcases elevation of privilege in an ancient Windows component. HTTP/2 Denial of Service Advisory with seven vulns that affects the protocol implemented by several vendors, SSH certificate authentication for GitHub Enterprise Cloud works well with tools like Sharkey and BLESS. We talked more about ephemeral access and SSH in episode 71, Polaris Points the Way to Kubernetes Best Practices, and much more! Full Show Notes: https://wiki.securityweekly.com/ASW_Episode73 Visit https://www.securityweekly.com/asw for all the latest episodes!

38mins

21 Aug 2019

Rank #15

Podcast cover

Application News - ASW #83

Stable Channel Update for Desktop Chrome users should upgrade to, Overcoming the container security conundrum: What enterprises need to know, Security Think Tank: In the cloud, the buck stops with you, PHP Bug Allows Remote Code-Execution on NGINX, Servers and patch details at Sec Bug #78599, Raising Security Awareness: Why Tools Can't Replace People, and much more! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/ASWEpisode83

31mins

6 Nov 2019

Rank #16

Podcast cover

Peter Chestna, Veracode - Application Security Weekly #19

Peter Chestna is the Director of Developer Engagement Veracode. He comes on the show to talk about the article he wrote called "The 3 Ways of DevSecOps". Full Show Notes: https://wiki.securityweekly.com/ASW_Episode19 Follow us on Twitter: https://www.twitter.comsecurityweekly

35mins

13 Jun 2018

Rank #17

Podcast cover

CISOs, CVE, DevOps, Gandalf - ASW #99

CVE-2020-0688 Losing the keys to your kingdom, which is why Multiple nation-state groups are hacking Microsoft Exchange servers, Revoking certain certificates on March 4 and Why 3 million Let’s Encrypt certificates are being killed off today, Gandalf: An Intelligent, End-To-End Analytics Service for Safe Deployment in Large-Scale Cloud Infrastructure and slides, CISOs Who Want a Seat at the DevOps Table Better Bring Value. Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/ASWEpisode99

37mins

9 Mar 2020

Rank #18

Podcast cover

Application News - RSA Conference News and Activities - ASW #97

6 of the 10 vendors at Innovation Sandbox are application security companies, F5 Empowers Customers with End-to-End App Security, Checkmarx Simplifies Automation of Application Security Testing for Modern Development and DevOps Environments, and more RSA Conference News! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/ASWEpisode97

32mins

26 Feb 2020

Rank #19

Podcast cover

Microsoft, Equifax, MacOS, and Bug Bounties - Application Security Weekly #31

U.S. Government releases post-mortem on Equifax, MacOS security baseline script by Jerry Gamblin, Equifax mega-breach and nothing has changed, Docker hacking challenge, and Bug Bounties and mental health.  Full Show Notes: https://wiki.securityweekly.com/ASW_Episode31 Follow us on Twitter: https://www.twitter.com/securityweekly

33mins

13 Sep 2018

Rank #20