The Application Security Podcast
By Chris Romeo and Robert Hurlbut
Listen to a podcast, please open Podcast Republic app. Available on Google Play Store and Apple App Store.
Image by Chris Romeo and Robert Hurlbut
Category: Technology
Open in Apple Podcasts
Open RSS feed
Open Website
Rate for this podcast
Subscribers: 49
Reviews: 0
Episodes: 259
Description
Chris Romeo and Robert Hurlbut dig into the tips, tricks, projects, and tactics that make various application security professionals successful. They cover all facets of application security, from threat modeling and OWASP to DevOps+security and security champions. They approach these stories in an educational light, explaining the details in a way those new to the discipline can understand. Chris Romeo is the CEO of Devici and a General Partner at Kerr Ventures, and Robert Hurlbut is a Principal Application Security Architect focused on Threat Modeling at Aquia.
| Episode | Date |
|---|---|
|
Dustin Lehr -- Culture Change through Champions and Gamification
|
Apr 16, 2024 |
|
Francesco Cipollone -- Application Security Posture Management and the Power of Working with the Business
|
Apr 09, 2024 |
|
Mukund Sarma -- Developer Tools that Solve Security Problems
|
Apr 02, 2024 |
|
Meghan Jacquot -- Assumed Breach Red Team Engagements for AppSec
|
Mar 20, 2024 |
|
Bill Sempf -- Development, Security, and Teaching the Next Generation
|
Mar 12, 2024 |
|
Hendrik Ewerlin -- Threat Modeling of Threat Modeling
|
Mar 05, 2024 |
|
Jason Nelson -- Three Pillars of Threat Modeling Success: Consistency, Repeatability, and Efficacy
|
Feb 27, 2024 |
|
Erik Cabetas -- Cracking Codes on Screen and in Contests: An Expert's View on Hacking, Vulnerabilities, and the Evolution of Cybersecurity Language
|
Feb 17, 2024 |
|
Justin Collins -- Enabling the Business to Move Faster, Securely
|
Feb 06, 2024 |
|
Kyle Kelly -- The Dumpster Fire of Software Supply Chain Security
|
Jan 30, 2024 |
|
Chris Hughes -- Software Transparency
|
Jan 20, 2024 |
|
Jay Bobo & Darylynn Ross -- App Sec Is Dead. Product Security Is the Future.
|
Jan 09, 2024 |
|
Eitan Worcel -- Is AI a Security Champion?
|
Dec 19, 2023 |
|
Björn Kimminich -- OWASP Juice Shop
|
Dec 12, 2023 |
|
Arshan Dabirsiaghi -- Security Startups, AI Influencing AppSec, and Pixee/Codemodder.io
|
Dec 05, 2023 |
|
Dr. Jared Demott -- Cloud Security & Bug Bounty
|
Nov 28, 2023 |
|
Katharina Koerner -- Security as Responsible AI
|
Nov 21, 2023 |
|
Ray Espinoza -- The AppSec CISO, Vendor Relationships, and Mentoring
|
Nov 15, 2023 |
|
Chris John Riley -- MVSP: Minimum Viable Secure Product
|
Nov 07, 2023 |
|
Steve Wilson and Gavin Klondike -- OWASP Top Ten for LLM Release
|
Oct 31, 2023 |
|
Tanya Janca -- What Secure Coding Really Means
|
Oct 24, 2023 |
|
Hasan Yasar -- Actionable SBOM via DevSecOps
|
Oct 16, 2023 |
|
Varun Badhwar -- The Developer Productivity Tax
|
Oct 10, 2023 |
|
OWASP Board of Directors Debate
|
Oct 03, 2023 |
|
Itzik Alvas -- Secrets Security and Management
|
Sep 26, 2023 |
|
Harshil Parikh -- Deep Environmental and Organizational Context in Application Security
|
Sep 19, 2023 |
|
Jeff Williams -- The Tech of Runtime Security
|
Sep 12, 2023 |
|
Mark Curphey and John Viega -- Chalk
|
Sep 05, 2023 |
|
Maril Vernon -- You Get What You Inspect, Not What You Expect
|
Aug 29, 2023 |
|
Dan Küykendall -- Why All Application Security Products Suck
|
Aug 22, 2023 |
|
Kevin Johnson -- Samurai Swords and Zap's Departure
|
Aug 15, 2023 |
|
Tony Quadros -- The Life of an AppSec Vendor
|
Aug 08, 2023 |
|
Steve Giguere -- Cloud AppSec
|
Jul 24, 2023 |
|
Paul McCarty -- The Burrito Analogy of the Software Supply Chain
|
Jul 14, 2023 |
|
Farshad Abasi -- Three Models for Deploying AppSec Resources
|
Jul 09, 2023 |
|
Kim Wuyts -- The Future of Privacy Threat Modeling
|
Jun 29, 2023 |
|
François Proulx -- Actionable Software Supply Chain Security
|
Jun 22, 2023 |
|
Steve Wilson -- OWASP Top Ten for LLMs
|
Jun 15, 2023 |
|
JB Aviat -- The State of Application Security
|
Jun 07, 2023 |
|
Joshua Wells -- Application Security in the Age of Zero Trust
|
Jun 01, 2023 |
|
Jeevan Singh -- The Future of Application Security Engineers
|
May 15, 2023 |
|
Tony Turner -- Threat Modeling and SBOM
|
May 03, 2023 |
|
Christian Frichot -- Threat Modeling with hcltm
|
Apr 18, 2023 |
|
Zohar Shachar -- Bug Bounty from Both Sides
|
Apr 03, 2023 |
|
Sarah-jane Madden -- Threat Modeling to established teams
|
Mar 23, 2023 |
|
Jet Anderson -- The AppSec Code Doctor
|
Mar 16, 2023 |
|
James Mckee -- Developer Security
|
Mar 09, 2023 |
|
Derek Fisher -- The Application Security Handbook
|
Mar 02, 2023 |
|
Rob van der Veer -- OWASP AI Security & Privacy Guide
|
Feb 23, 2023 |
|
Robyn Lundin -- Planning & organizing a penetration test as an AppSec team
|
Jan 10, 2023 |
|
Michael Bargury -- Low Code / No Code Security and an OWASP Top Ten
|
Jan 03, 2023 |
|
Alex Olsen -- Security champions, empowering developers, and AppSec training
|
Dec 20, 2022 |
|
Mark Curphey -- The future of OWASP
|
Dec 13, 2022 |
|
Tiago Mendo -- How to scan at scale with OWASP ZAP
|
Dec 06, 2022 |
|
Wolfgang Goerlich -- Security beyond vulnerabilities
|
Nov 29, 2022 |
|
Sam Stepanyan -- OWASP Nettacker Project
|
Nov 08, 2022 |
|
Nick Aleks and Dolev Farhi -- GraphQL Security
|
Nov 01, 2022 |
|
Guy Barhart-Magen -- Log4j and Incident Response
|
Sep 23, 2022 |
|
Brett Smith -- Security is a Necessary Evil
|
Aug 30, 2022 |
|
Chen Gour-Arie -- The AppSec Map
|
Aug 16, 2022 |
|
Dominique Righetto -- OWASP Secure Headers
|
Aug 09, 2022 |
|
Hillel Solow -- How to do AppSec without a security team
|
Jul 25, 2022 |
|
Chris Romeo -- The Security Journey Story
|
Jun 02, 2022 |
|
Kristen Tan and Vaibhav Garg -- Machine Assisted Threat Modeling
|
May 10, 2022 |
|
Patrick Dwyer -- CycloneDX and SBOMs
|
May 03, 2022 |
|
Omer Gil and Daniel Krivelevich -- Top 10 CI/CD Security Risks
|
Apr 25, 2022 |
|
Josh Grossman -- Building a High-Value AppSec Scanning Program
|
Apr 19, 2022 |
|
Alex Mor -- Application Risk Profiling at Scale
|
Mar 15, 2022 |
|
Brenna Leath -- Product Security Leads: A different way of approaching Security Champions
|
Mar 09, 2022 |
|
Will Ratner -- Centralized container scanning
|
Feb 16, 2022 |
|
Neil Matatall -- AppSec at Scale
|
Feb 09, 2022 |
|
Joern Freydank -- Security Design Anti Patterns Limit Security Debt
|
Jan 25, 2022 |
|
Ken Toler -- Blockchain, Cloud, and #AppSec
|
Jan 18, 2022 |
|
Jeroen Willemsen and Ben de Haan -- Dirty little secrets
|
Jan 11, 2022 |
|
Adam Shostack -- Fast, cheap and good threat models
|
Dec 15, 2021 |
|
Loren Kohnfelder -- Designing Secure Software
|
Dec 07, 2021 |
|
Ochaun Marshall -- IaC and SAST
|
Nov 29, 2021 |
|
Simon Bennetts -- Using OWASP Zap across an Enterprise
|
Nov 10, 2021 |
|
Timo Pagel -- DevSecOps Maturity Model
|
Oct 27, 2021 |
|
Mazin Ahmed -- Terraform Security
|
Oct 06, 2021 |
|
James Ransome and Brook Schoenfield -- trust and verify: Building in Security at Agile Speed
|
Sep 24, 2021 |
|
OWASP Top 10 2021 Peer Review
|
Sep 17, 2021 |
|
Anastasiia Voitova -- Encryption is easy, key management is hard
|
Sep 14, 2021 |
|
Eran Kinsbruner -- DevSecOps Continuous Testing
|
Aug 20, 2021 |
|
Mark Loveless -- Threat modeling in a DevSecOps environment.
|
Aug 13, 2021 |
|
Jeroen Willemsen -- Security automation with ci/cd
|
Aug 06, 2021 |
|
Thinking back, Looking forward - A Balanced Approach to Securing our Software Future
|
Jul 15, 2021 |
|
Jeevan Singh -- Threat modeling based in democracy
|
Jun 11, 2021 |
|
Dima Kotik -- Application Security and the Zen of Python
|
May 21, 2021 |
|
Dustin Lehr -- Advocating and being on the side of developers
|
May 07, 2021 |
|
Aaron Rinehart -- Security Chaos Engineering
|
Apr 30, 2021 |
|
Izar Tarandach and Matt Coles-- Threat Modeling: A Practical Guide for Development Teams
|
Apr 23, 2021 |
|
Charles Shirer -- The most positive person in security
|
Apr 16, 2021 |
|
Leif Dreizler -- Tactical tips to shift engineering right
|
Apr 09, 2021 |
|
Vandana Verma -- OWASP Spotlight Series
|
Apr 02, 2021 |
|
Dr. Anita D’Amico -- Do certain types of developers or teams write more secure code?
|
Mar 25, 2021 |
|
Alyssa Miller -- Bringing security to DevOps and the CI/CD pipeline
|
Mar 18, 2021 |
|
Liran Tal — Cloud native application security, what’s a developer to do?
|
Mar 09, 2021 |
|
Chris Romeo — DevSecOps Fails
|
Feb 17, 2021 |
|
Jim Routh — Secure software pipelines
|
Feb 10, 2021 |
|
Andrew van der Stock — Taking Application Security to the Masses
|
Jan 20, 2021 |
|
JC Herz and Steve Springett — SBOMs and software supply chain assurance
|
Jan 12, 2021 |
|
Brian Reed — Mobile Appsec: The Good, the Bad and the Ugly as We Head into 2021
|
Jan 06, 2021 |
|
The Threat Modeling Manifesto – Part 2
|
Nov 24, 2020 |
|
The Threat Modeling Manifesto – Part 1
|
Nov 17, 2020 |
|
Season 7 Guests — The best of Season 7
|
Oct 26, 2020 |
|
Aviat Jean-Baptiste — The AppSec report
|
Oct 13, 2020 |
|
Frank Rietta — The convergence of Ruby on Rails and #AppSec
|
Oct 06, 2020 |
|
Dmitry Sotnikov – REST API Security – there is no silver bullet
|
Sep 30, 2020 |
|
Caroline Wong — The state of Penetration Testing
|
Sep 22, 2020 |
|
Aaron Davis — LavaMoat — solving JavaScript software supply chain
|
Sep 15, 2020 |
|
Anastasiia Voitova — Use Cryptography; Don’t Learn It
|
Sep 10, 2020 |
|
Michael Furman — SameSite Cookies
|
Sep 03, 2020 |
|
Chris Romeo — The State of Security and the Importance of Empathy
|
Aug 27, 2020 |
|
Neil Matatall — Content Security Policy
|
Aug 04, 2020 |
|
Grant Ongers — Gamification of threat modeling
|
Jul 28, 2020 |
|
Elie Saad — OWASP WSTG, Cheat Sheets, and Integration
|
Jul 21, 2020 |
|
Graham Holmes — Adversarial Machine Learning
|
Jul 13, 2020 |
|
Ochaun Marshall — Securing Web applications in AWS
|
Jul 07, 2020 |
|
Drew Dennison – Security should make the computer sweat more
|
Jun 30, 2020 |
|
Aaron Guzman — IoTGoat
|
Jun 23, 2020 |
|
Adam Shostack — The Jenga View of Threat Modeling
|
Jun 16, 2020 |
|
Cindy Blake — Aligning security testing with Agile development
|
Jun 09, 2020 |
|
Jannik Hollenbach — Multijuicer: JuiceShop with a side of Kubernetes
|
Jun 02, 2020 |
|
Sebastien Deleersnyder and Bart De Win — OWASP SAMM
|
May 26, 2020 |
|
Marc French, Steve Lipner, Maya Kaczorowski, DJ Schleen, Kim Wuyts — Season Six Wrap up
|
May 14, 2020 |
|
Mark Merkow — Secure, Resilient, and Agile Software Development
|
Apr 11, 2020 |
|
Zsolt Imre — Fuzz testing is easy
|
Apr 06, 2020 |
|
Adam Shostack — Remote Threat Modeling
|
Mar 28, 2020 |
|
Kim Wuyts — Privacy Threat Modeling
|
Mar 23, 2020 |
|
John Martin — Preventing a Cyberpocalypse
|
Mar 15, 2020 |
|
Jeremy Long — It’s dependency check, not checker
|
Feb 20, 2020 |
|
Alyssa Miller — Experiences with DevOps + Automation and beyond
|
Feb 13, 2020 |
|
Vandana Verma — Support each other
|
Feb 08, 2020 |
|
DJ Schleen — DevOps: The Sec is Silent
|
Jan 30, 2020 |
|
Niels Tanis — 3rd Party Risk in a .NET World
|
Jan 24, 2020 |
|
Maya Kaczorowski — Container and Orchestration Security
|
Jan 16, 2020 |
|
Geoff Hill — AppSec, DevSecOps, and Diplomacy
|
Jan 09, 2020 |
|
Erez Yalon — The OWASP API Security Project
|
Jan 03, 2020 |
|
Steve Lipner — The Past, Present, and Future of SDL
|
Dec 20, 2019 |
|
David Kosorok — The Three Pillars of an AppSec Program: Prevent, Detect, and React
|
Dec 16, 2019 |
|
Chris and Robert: A Taste of Hi-5
|
Dec 01, 2019 |
|
Bill Dougherty — INCLUDES NO DIRT, practical threat modeling for healthcare and beyond
|
Nov 21, 2019 |
|
Marc French — The AppSec CISO
|
Nov 10, 2019 |
|
Season 5 Finale — A cross section of #AppSec
|
Oct 26, 2019 |
|
Ronnie Flathers — Security programs big and small
|
Sep 28, 2019 |
|
Brook Schoenfield — Security is a messy problem
|
Sep 15, 2019 |
|
Liran Tal — The state of open source software security
|
Sep 05, 2019 |
|
Liran Tal — Open Source Security — 5 Minute AppSec
|
Sep 03, 2019 |
|
Steve Springett — An insiders checklist for Software Composition Analysis
|
Aug 27, 2019 |
|
Steve Springett — OWASP Dependency Track — 5 Minute AppSec
|
Aug 25, 2019 |
|
Elissa Shevinsky — Static Analysis early and often
|
Aug 19, 2019 |
|
Elissa Shevinsky — Be Kind, Security People — 5 Minute AppSec
|
Aug 14, 2019 |
|
Matt McGrath — Security coaches
|
Aug 05, 2019 |
|
Erez Yalon and Liora Herman – The Application Security Village @ DefCon
|
Jul 29, 2019 |
|
Erez Yalon – AppSec Village – 5 Minute AppSec
|
Jul 29, 2019 |
|
Tommy Ross — The BSA Framework for Secure Software
|
Jul 19, 2019 |
|
Adam Shostack — Threat modeling layer 8 and conflict modeling
|
Jul 10, 2019 |
|
Adam Shostack – Threat Modeling – 5 Minute AppSec
|
Jul 09, 2019 |
|
Zoe Braiterman — AI, ML, AppSec, and a dose of data protection
|
Jul 01, 2019 |
|
Caroline Wong — Self-care and self-aware for security people
|
Jun 14, 2019 |
|
Björn Kimminich — The new JuiceShop, GSOC, and Open Security Summit
|
Jun 01, 2019 |
|
Björn Kimminich — JuiceShop — 5 minute AppSec
|
May 26, 2019 |
|
Nancy Gariché and Tanya Janca — DevSlop, the movement
|
May 21, 2019 |
|
Tanya Janca — Mentoring Monday — 5 Minute AppSec
|
May 20, 2019 |
|
Matt Clapham — A perspective on appsec from the world of medical software
|
May 13, 2019 |
|
Jon McCoy — Hacker outreach
|
May 06, 2019 |
|
Omer Levi Hevroni — K8s can keep a secret?
|
May 01, 2019 |
|
Izar Tarandach — Command line threat modeling with pytm
|
Apr 24, 2019 |
|
Simon Bennetts — OWASP ZAP: past, present, and future
|
Apr 13, 2019 |
|
Bill Sempf — Growing AppSec People and KidzMash
|
Apr 08, 2019 |
|
Georgia Weidman — Mobile, IoT, and Pen Testing
|
Mar 31, 2019 |
|
Conclusion: Season 4 Finale
|
Feb 25, 2019 |
|
Geoff Hill -- Rapid Threat Model Prototyping Process
|
Feb 01, 2019 |
|
Bill Wilder -- Running Azure Securely
|
Jan 25, 2019 |
|
Matt Konda -- OWASP Glue
|
Jan 18, 2019 |
|
Josh Grossman, Avi Douglen, and Ofer Maor -- AppSec in Israel and Three Talks to watch from AppSec USA
|
Jan 11, 2019 |
|
Daniel Miessler -- OWASP IoT Top 10
|
Jan 01, 2019 |
|
Travis McPeak -- SecOps Makes Developers Lives Easier
|
Dec 18, 2018 |
|
Chris Romeo -- Security Culture Hacking: Disrupting the Security Status Quo
|
Dec 10, 2018 |
|
Jim Manico -- The Extremely Unabridged History of SQLi and XSS
|
Dec 03, 2018 |
|
Jeff Williams -- The History of OWASP
|
Nov 27, 2018 |
|
Bjorn Kimminich -- The Joy of the Vulnerable Web: JuiceShop
|
Nov 19, 2018 |
|
Swaroop Yermalkar -- iGoat and iOS Mobile Pen Testing
|
Nov 13, 2018 |
|
Adam Bacchus and Jon Bottarini -- Two Sides to a Bug Bounty: The Researcher and The Program
|
Nov 05, 2018 |
|
Erlend Oftedal -- What You Require, You Must Also Retire
|
Oct 30, 2018 |
|
Abhay Bhargav -- Threat Modeling as Code
|
Oct 23, 2018 |
|
Tony UV -- Threat Libraries in the Cloud
|
Oct 16, 2018 |
|
Aaron Rinehart -- Chaos Engineering and #AppSec
|
Oct 09, 2018 |
|
Jessica Robinson and Vandana Verma-- WIA: Women in #AppSec
|
Oct 01, 2018 |
|
Karen Staley -- A Conversation with Karen
|
Sep 25, 2018 |
|
Mohammed Imran -- Back to the Lab Again with a DevOps
|
Sep 18, 2018 |
|
Niels Tanis -- A Slice of the Razor with ASP.Net Core
|
Sep 11, 2018 |
|
Ofer Maor -- A Pen Testers Transition to #AppSec: #VoteForOfer
|
Sep 04, 2018 |
|
Matt Tesauro -- #AppSec Pipeline as Toolbox
|
Aug 28, 2018 |
|
Stephen de Vries -- Threat Modeling with a bit of #Startup
|
Aug 20, 2018 |
|
Julien Vehent -- Securing DevOps
|
Aug 14, 2018 |
|
Christian Folini -- CRS and an Abstraction Layer
|
Aug 07, 2018 |
|
Sean Wright -- Google Chrome and the Case of the Disappearing HTTP
|
Jul 30, 2018 |
|
Conclusion: All the Pieces You Need for an #AppSec Program
|
Jun 12, 2018 |
|
Martin Knobloch -- OWASP, Reach Out; We Are Known and Misunderstood
|
Jun 05, 2018 |
|
Devin McMasters -- Bug Bounty with a Side of Empathy
|
May 29, 2018 |
|
Apollo Clark -- Malicious User Stories
|
May 22, 2018 |
|
Megan Roddie -- Neurodiversity in Security
|
May 15, 2018 |
|
Chase Schultz -- AppSec and Hardware
|
Apr 27, 2018 |
|
John Melton -- #OWASP AppSensor
|
Apr 20, 2018 |
|
David Habusha -- Third Party Software is not a Cathedral, It’s a Bazaar
|
Apr 13, 2018 |
|
Steve Springett -- Dependency Check and Dependency Track
|
Apr 12, 2018 |
|
Steven Wierckx -- The #OWASP Threat Modeling Project
|
Apr 06, 2018 |
|
Jim Manico -- The #OWASP Cheat Sheet Project
|
Apr 05, 2018 |
|
Neil Smithline -- OWASP Top 10 #10: Logging
|
Mar 23, 2018 |
|
Jim Routh -- Selling #AppSec Up The Chain
|
Mar 16, 2018 |
|
Chris and Robert -- #AppSec Recommendations
|
Mar 09, 2018 |
|
Magen Wu -- Hustle and Flow: Dealing With Burnout in Security
|
Mar 02, 2018 |
|
Katy Anton -- OWASP Top 10 #4 XXE
|
Feb 23, 2018 |
|
Pete Chestna -- SAST, DAST, and IAST. Oh My!
|
Feb 16, 2018 |
|
Irene Michlin -- We Are Not Making It Worse
|
Feb 09, 2018 |
|
Bill Sempf -- Insecure Deserialization
|
Feb 02, 2018 |
|
Chris and Robert -- Security Champions
|
Jan 26, 2018 |
|
Kevin Greene -- Shifting left
|
Jan 19, 2018 |
|
Conclusion: OWASP is for everyone
|
Dec 05, 2017 |
|
Brian Andrzejewski -- Containers Again
|
Oct 24, 2017 |
|
Tin Zaw -- ModSecurity and #AppSec
|
Oct 17, 2017 |
|
Aditya Gupta -- The Exploitation of IoT
|
Oct 10, 2017 |
|
Jim Manico and Katy Anton -- The Future of the OWASP Proactive Controls
|
Oct 03, 2017 |
|
Andew van der Stock and Brian Glas -- The Future of the OWASP Top 10
|
Sep 25, 2017 |
|
Robert Hurlbut -- Threat Modeling
|
Sep 19, 2017 |
|
Chris and Robert -- Passwords, Identity, and #AppSec
|
Sep 12, 2017 |
|
Tanya Janca and Nicole Becher -- Hacking APIs and Web Services with DevSlop
|
Sep 05, 2017 |
|
Jon Mccoy and Jonathan Marcil -- Agile #AppSec
|
Aug 29, 2017 |
|
Jay Beale -- Docker Security and AppSec
|
Aug 22, 2017 |
|
Chris and Robert -- Proactive Controls, AppSec USA, and Gartners MQ on AppSec Testing
|
Aug 17, 2017 |
|
Robert Hurlbut -- Blackhat Security Conference
|
Aug 08, 2017 |
|
Dave Ferguson -- The OWASP Top 10 Proactive Controls
|
Jul 25, 2017 |
|
Jim Manico -- MORE OWASP!
|
Jul 04, 2017 |
|
Mike Goodwin -- The OWASP Threat Dragon
|
Jun 27, 2017 |
|
Mark Willis -- I Just Like Static Analysis. Static Analysis is My Favorite
|
Jun 19, 2017 |
|
Eric Johnson -- Continuous Integration in .NET
|
Jun 14, 2017 |
|
Matt Clapham -- The Technical Debt Ceiling
|
Jun 06, 2017 |
|
Chris and Robert -- Controversy within the OWASP Top 10 RC
|
May 30, 2017 |
|
Brook S.E. Schoenfield -- Security in the Design and Architecture
|
May 22, 2017 |
|
Conclusion: The End…of Season 1
|
Jan 26, 2017 |
|
Rafal Los, James Jardine, and Michael Santarcangelo -- #DtSR and What Makes a Good Security Consultant?
|
Jan 12, 2017 |
|
Adam Shostack -- Think like an Attacker or Accountant?
|
Jan 04, 2017 |
|
Jon McCoy -- The Mindset to Reverse Engineer
|
Dec 21, 2016 |
|
Chris Romeo -- AppSec Awareness: A Blue Print for Security Culture Change
|
Dec 13, 2016 |
|
Tracy Maleeff -- Natural Paranoia as a Career Path? A Transition to Security
|
Dec 06, 2016 |
|
Chris Romeo -- Security Community at Any Scale
|
Nov 29, 2016 |
|
Deidre Diamond -- The Soft Skills of AppSec
|
Nov 16, 2016 |
|
Tony UcedaVelez -- PASTA: Not Just for Breakfast Anymore
|
Nov 08, 2016 |
|
Glenn Leifheit -- An Inner Glimpse of the Microsoft SDL
|
Nov 02, 2016 |
|
Mike Landeck -- Security Must Meet the Needs of the Business
|
Oct 25, 2016 |
|
Daniel Ramsbrock -- Web Application Pen Testing – Part 2
|
Oct 18, 2016 |
|
Daniel Ramsbrock -- Web Application Pen Testing – Part 1
|
Oct 18, 2016 |
|
Matt Clapham -- Development Security Maturity
|
Oct 11, 2016 |
|
Elena Elkina -- Privacy and Data Protection
|
Oct 04, 2016 |
|
Chris and Robert -- Security in the Methodology
|
Sep 26, 2016 |
|
Chris and Robert -- The Activities of the Secure Development Lifecycle
|
Sep 20, 2016 |
|
Chris and Robert -- Introductions and why #AppSec?
|
Sep 13, 2016 |