Chris Romeo and Robert Hurlbut dig into the tips, tricks, projects, and tactics that make various application security professionals successful. They cover all facets of application security, from threat modeling and OWASP to DevOps+security and security champions. They approach these stories in an educational light, explaining the details in a way those new to the discipline can understand. Chris Romeo is the CEO of Devici and a General Partner at Kerr Ventures, and Robert Hurlbut is a Prin ...
…
continue reading
OWASP Podcasts
Podcasts from the MiSec, OWASP Detroit, and BSides Detroit communities.
…
continue reading
Securing the future of DevOps and AI: real talk with industry leaders.
…
continue reading
The OWASP Podcast Series is a recorded series of discussions with thought leaders and practitioners who are working on securing the future for coming generations.
…
continue reading
This podcast contains security topics discussed by the Secure Ideas LLC. team.
…
continue reading
About all things AppSec, DevOps, and DevSecOps. Hosted by Mike Shema and John Kinsella, the podcast focuses on helping its audience find and fix software flaws effectively.
…
continue reading
A podcast about the world of Cybersecurity, Privacy, Compliance, and Regulatory issues that arise in today's workplace. Co-hosts Bryan Brake, Brian Boettcher, and Amanda Berlin teach concepts that aspiring Information Security professionals need to know, or refresh the memories of seasoned veterans.
…
continue reading
Exploring the bonds shared between people and technology
…
continue reading
Daily cybersecurity news for practitioners. Vulnerabilities, defenses, threats, network security insight, research and more to make you sound smarter as you get to the office in the morning. New each weekday.
…
continue reading
About all things AppSec, DevOps, and DevSecOps. Hosted by Mike Shema and John Kinsella, the podcast focuses on helping its audience find and fix software flaws effectively.
…
continue reading
A brief daily summary of what is important in information security. The podcast is published every weekday and designed to get you ready for the day with a brief, usually 5 minutes long summary of current network security related events. The content is late breaking, educational and based on listener input as well as on input received by the SANS Internet Storm Center. You may submit questions and comments via our contact form at https://isc.sans.edu/contact.html .
…
continue reading
Welcome to the Security Weekly Podcast Network, your all-in-one source for the latest in cybersecurity! This feed features a diverse lineup of shows, including Application Security Weekly, Business Security Weekly, Paul's Security Weekly, Enterprise Security Weekly, and Security Weekly News. Whether you're a cybersecurity professional, business leader, or tech enthusiast, we cover all angles of the cybersecurity landscape. Tune in for in-depth panel discussions, expert guest interviews, and ...
…
continue reading
A weekly podcast of all things application security related. Hosted by Ken Johnson and Seth Law.
…
continue reading
Shared Security is your premier cybersecurity and privacy podcast where we explore the bonds shared between people and technology. Join industry experts Tom Eston, Scott Wright, and Kevin Johnson as they deliver the latest news, actionable tips, expert guidance, and insightful interviews with top cybersecurity and privacy specialists. Stay informed and take control of your online security and privacy in today's interconnected world. Tune in every week to discover invaluable insights, strateg ...
…
continue reading
Welcome to the Security Weekly Podcast Network, your all-in-one source for the latest in cybersecurity! This feed features a diverse lineup of shows, including Application Security Weekly, Business Security Weekly, Paul's Security Weekly, Enterprise Security Weekly, and Security Weekly News. Whether you're a cybersecurity professional, business leader, or tech enthusiast, we cover all angles of the cybersecurity landscape. Tune in for in-depth panel discussions, expert guest interviews, and ...
…
continue reading
CISO Insights: The Cybersecurity Leadership Podcast Where Security Leaders Shape Tomorrow’s Defenses Join us for CISO Insights, the definitive podcast for cybersecurity executives navigating today’s evolving threat landscape. Each episode delivers exclusive conversations with industry pioneers and practical frameworks from security leaders. CISO Insights provides actionable intelligence for executives building resilient security programs. We cover everything from board-level risk communicati ...
…
continue reading
Your anything goes security podcast presented to you by Black Lantern Security
…
continue reading
Security teams have their hands full. Building relationships across the entire organization is vital for success. In Champions of Security, I interview passionate individuals with unique stories. Each guest shares their honest opinions about what’s working (and what isn’t) in the security world. Tune in to learn valuable insights about keeping your customers safe.
…
continue reading
Welcome to The Craft of Open Source, hosted by Ben Rometsch, Co-Founder and CEO of Flagsmith. This bi-weekly show is focused on the ins and outs of the Open Source Software Community. Join Ben as he speaks with the brightest minds that have brought us some of the most adopted technologies on earth. Each episode is an interview with creators, maintainers, entrepreneurs, and key contributors to the open source community. We will cover critical topics for open source developers, contributors an ...
…
continue reading
Welcome to the Women in Security Podcast! This podcast is devoted to the world of information & cyber security and the great women who make it turn. In each episode, I sit down with a guest speaker to discuss their experiences and touch on some of the lesser known aspects of the industry. We'll shed light on the routes to the various technical and non-technical roles in this space, as well as exploring the skillsets required to be successful.
…
continue reading
This episode, the 304th of Absolute AppSec, features hosts Ken Johnson (@cktricky) and Seth Law (@sethlaw) discussing the crush of Q4 expectations, upcoming training opportunities, the recent updates to the OWASP Top Ten, and the impact of AI tools like XBow on application security (AppSec) consulting. The hosts discuss the shift in the OWASP Top T…
…
continue reading
1
OWASP Top 10 for 2025: What’s New and Why It Matters
18:59
18:59
Play later
Play later
Lists
Like
Liked
18:59
In this episode, we discuss the newly released OWASP Top 10 for 2025. Join hosts Tom Eston, Scott Wright, and Kevin Johnson as they explore the changes, the continuity, and the significance of the update for application security. Learn about the importance of getting involved with the release candidate to provide feedback and suggestions. The conve…
…
continue reading
1
OWASP Top 10 for 2025: What's New and Why It Matters
19:00
19:00
Play later
Play later
Lists
Like
Liked
19:00
In this episode, we discuss the newly released OWASP Top 10 for 2025. Join hosts Tom Eston, Scott Wright, and Kevin Johnson as they explore the changes, the continuity, and the significance of the update for application security. Learn about the importance of getting involved with the release candidate to provide feedback and suggestions. The conve…
…
continue reading
1
From Perimeter to Pipeline: Securing the OWASP Top 10 in the Cloud Era
13:33
13:33
Play later
Play later
Lists
Like
Liked
13:33
The 2025 OWASP Top 10 reveals a fundamental shift in application security, showing how threats have transformed from simple code flaws like buffer overflows to exploiting the systemic complexity of cloud-native and microservices architectures. This newest list confirms the continued dominance of Broken Access Control (A01) and spotlights the critic…
…
continue reading
1
SANS Stormcast Thursday, November 13th, 2025: OWASP Top 10 Update; Cisco/Citrix Exploits; Test post quantum readiness
6:33
6:33
Play later
Play later
Lists
Like
Liked
6:33
OWASP Top 10 2025 Release Candidate OWASP published a release candidate for the 2025 version of its Top 10 list https://owasp.org/Top10/2025/0x00_2025-Introduction/ Citrix/Cisco Exploitation Details Amazon detailed how Citrix and Cisco vulnerabilities were used by advanced actors to upload webshells https://aws.amazon.com/blogs/security/amazon-disc…
…
continue reading
1
SANS Stormcast Thursday, November 13th, 2025: OWASP Top 10 Update; Cisco/Citrix Exploits; Test post quantum readiness (#)
6:34
6:34
Play later
Play later
Lists
Like
Liked
6:34
SANS Stormcast Thursday, November 13th, 2025: OWASP Top 10 Update; Cisco/Citrix Exploits; Test post quantum readiness OWASP Top 10 2025 Release Candidate OWASP published a release candidate for the 2025 version of its Top 10 list https://owasp.org/Top10/2025/0x00_2025-Introduction/ Citrix/Cisco Exploitation Details Amazon detailed how Citrix and Ci…
…
continue reading
1
Deepfakes, Donations, and Deception: The Psychology of the Cyber Con
40:50
40:50
Play later
Play later
Lists
Like
Liked
40:50
Threat actors are exploiting human psychology using sophisticated techniques like AI-powered deepfakes and emotional manipulation to bypass traditional security defenses. This episode explores how nonprofits and consumer organizations are increasingly targeted by highly effective scams, including CEO impersonation fraud, Business Email Compromise (…
…
continue reading
1
Security Money: The Index is Back Near Highs as AI Leads the Discussion - BSW #423
1:03:20
1:03:20
Play later
Play later
Lists
Like
Liked
1:03:20
The Security Weekly 25 index is back near all time highs as the NASDAQ hits another record high. Funding and acquisitions have shifted to AI as the security industry continues to evolve. We also had a new IPO, Netskope. They will replace CyberArk once the Palo Alto Networks acquisition closes, allowing the index to survive another public company ac…
…
continue reading
1
Security Money: The Index is Back Near Highs as AI Leads the Discussion - BSW #423
1:03:20
1:03:20
Play later
Play later
Lists
Like
Liked
1:03:20
The Security Weekly 25 index is back near all time highs as the NASDAQ hits another record high. Funding and acquisitions have shifted to AI as the security industry continues to evolve. We also had a new IPO, Netskope. They will replace CyberArk once the Palo Alto Networks acquisition closes, allowing the index to survive another public company ac…
…
continue reading
1
The Accidental Leak: Why You're the Biggest Threat to Your Own Data
29:01
29:01
Play later
Play later
Lists
Like
Liked
29:01
We dive into the most financially devastating threats of 2025, revealing how ransomware, which accounted for 76% of incurred losses in one portfolio, and vendor breaches continue to drive significant financial damage. The discussion explores how AI is turbocharging social engineering and credential stuffing (which caused a 250% increase in Account …
…
continue reading
1
SANS Stormcast Wednesday, November 26th, 2025: Attacks Against Messaging; Passwords in Random Websites; Fluentbit Vuln; #thanksgiving
6:07
6:07
Play later
Play later
Lists
Like
Liked
6:07
Spyware Allows Cyber Threat Actors to Target Users of Messaging Applications Spyware attacks messaging applications in part by triggering vulnerabilities in messaging applications but also by deploying tools like keystroke loggers and screenshot applications. https://www.cisa.gov/news-events/alerts/2025/11/24/spyware-allows-cyber-threat-actors-targ…
…
continue reading
1
SANS Stormcast Wednesday, November 26th, 2025: Attacks Against Messaging; Passwords in Random Websites; Fluentbit Vuln; #thanksgiving (#)
6:07
6:07
Play later
Play later
Lists
Like
Liked
6:07
SANS Stormcast Wednesday, November 26th, 2025: Attacks Against Messaging; Passwords in Random Websites; Fluentbit Vuln; #thanksgiving Spyware Allows Cyber Threat Actors to Target Users of Messaging Applications Spyware attacks messaging applications in part by triggering vulnerabilities in messaging applications but also by deploying tools like key…
…
continue reading
1
AI and Cybersecurity - Shakour Abuzneid - SWN #532
32:17
32:17
Play later
Play later
Lists
Like
Liked
32:17
Doug talks about AI with Cybersecurity Expert Dr. Shakour Abuzneid from Roger Williams University. Show Notes: https://securityweekly.com/swn-532
…
continue reading
1
AI with Dr. Shakour Abuzneid - Shakour Abuzneid - SWN #532
32:17
32:17
Play later
Play later
Lists
Like
Liked
32:17
Doug talks about AI with Cybersecurity Expert Dr. Shakour Abuzneid from Roger Williams University. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-532
…
continue reading
The latest episode of Absolute AppSec is here, with Ken Johnson and Seth Law checking in during the busy Q4 holiday season to share some fascinating insights on the evolving landscape of security and technology. They kick off by reflecting on their intensive, ever-changing "Harnessing LLMs for Application Security" courses, noting how rapidly the u…
…
continue reading
1
Figuring Out Where to Start with Secure Code - ASW #358
46:23
46:23
Play later
Play later
Lists
Like
Liked
46:23
What are your favorite resources for secure code? Co-hosts John Kinsella and Kalyani Pawar talk about the reality of bringing security into a business. We talk about the role of the OWASP Top 10 and the OWASP ASVS in crafting security programs. And balance that with a discussion in what's the best use of everyone's time -- developers and appsec fol…
…
continue reading
1
Figuring Out Where to Start with Secure Code - ASW #358
46:23
46:23
Play later
Play later
Lists
Like
Liked
46:23
What are your favorite resources for secure code? Co-hosts John Kinsella and Kalyani Pawar talk about the reality of bringing security into a business. We talk about the role of the OWASP Top 10 and the OWASP ASVS in crafting security programs. And balance that with a discussion in what's the best use of everyone's time -- developers and appsec fol…
…
continue reading
1
Figuring Out Where to Start with Secure Code - ASW #358
46:23
46:23
Play later
Play later
Lists
Like
Liked
46:23
What are your favorite resources for secure code? Co-hosts John Kinsella and Kalyani Pawar talk about the reality of bringing security into a business. We talk about the role of the OWASP Top 10 and the OWASP ASVS in crafting security programs. And balance that with a discussion in what's the best use of everyone's time -- developers and appsec fol…
…
continue reading
1
Figuring Out Where to Start with Secure Code - ASW #358
46:23
46:23
Play later
Play later
Lists
Like
Liked
46:23
What are your favorite resources for secure code? Co-hosts John Kinsella and Kalyani Pawar talk about the reality of bringing security into a business. We talk about the role of the OWASP Top 10 and the OWASP ASVS in crafting security programs. And balance that with a discussion in what's the best use of everyone's time -- developers and appsec fol…
…
continue reading
This podcast dissects adversary tactics, techniques, and procedures (TTPs), focusing on how attackers leverage social engineering and human psychological weaknesses like fear and trust to gain unauthorized access. We explore the proactive strategies of Red Teaming and Breach and Attack Simulation (BAS), which use the MITRE ATT&CK framework to emula…
…
continue reading
1
SANS Stormcast Tuesday, November 25th, 2025: URL Mapping and Authentication; SHA1-Hulud; Hacklore
6:11
6:11
Play later
Play later
Lists
Like
Liked
6:11
Conflicts between URL mapping and URL based access control. Mapping different URLs to the same script, and relying on URL based authentication at the same time, may lead to dangerous authentication and access control gaps. https://isc.sans.edu/diary/Conflicts%20between%20URL%20mapping%20and%20URL%20based%20access%20control./32518 Sha1-Hulud, The Se…
…
continue reading
1
SANS Stormcast Tuesday, November 25th, 2025: URL Mapping and Authentication; SHA1-Hulud; Hacklore (#)
6:11
6:11
Play later
Play later
Lists
Like
Liked
6:11
SANS Stormcast Tuesday, November 25th, 2025: URL Mapping and Authentication; SHA1-Hulud; Hacklore Conflicts between URL mapping and URL based access control. Mapping different URLs to the same script, and relying on URL based authentication at the same time, may lead to dangerous authentication and access control gaps. https://isc.sans.edu/diary/Co…
…
continue reading
1
Aligning teams for effective remediation, Anthropic's latest report, and the news - Ravid Circus - ESW #434
1:38:56
1:38:56
Play later
Play later
Lists
Like
Liked
1:38:56
Interview with Ravid Circus Ravid will discuss why security and engineering misalignment is the biggest barrier to fast, effective remediation, using data from Seemplicity’s 2025 Remediation Operations Report. This is costing some teams days of unnecessary exposure, which can lead to major security implications for organizations. Segment Resources:…
…
continue reading
1
Aligning teams for effective remediation, Anthropic's latest report, and the news - Ravid Circus - ESW #434
1:38:57
1:38:57
Play later
Play later
Lists
Like
Liked
1:38:57
Interview with Ravid Circus Ravid will discuss why security and engineering misalignment is the biggest barrier to fast, effective remediation, using data from Seemplicity's 2025 Remediation Operations Report. This is costing some teams days of unnecessary exposure, which can lead to major security implications for organizations. Segment Resources:…
…
continue reading
1
AI Agent Does the Hacking: First Documented AI-Orchestrated Cyber Espionage
18:11
18:11
Play later
Play later
Lists
Like
Liked
18:11
In this episode, we discuss the first reported AI-driven cyber espionage campaign, as disclosed by Anthropic. In September 2025, a state-sponsored Chinese actor manipulated the Claude Code tool to target 30 global organizations. We explain how the attack was executed, why it matters, and its implications for cybersecurity. Join the conversation as …
…
continue reading
1
AI Agent Does the Hacking: First Documented AI-Orchestrated Cyber Espionage
18:12
18:12
Play later
Play later
Lists
Like
Liked
18:12
In this episode, we discuss the first reported AI-driven cyber espionage campaign, as disclosed by Anthropic. In September 2025, a state-sponsored Chinese actor manipulated the Claude Code tool to target 30 global organizations. We explain how the attack was executed, why it matters, and its implications for cybersecurity. Join the conversation as …
…
continue reading
SANS Stormcast Monday, November 24th, 2025: CSS Padding in Phishing; Oracle Identity Manager Scans Update; Use of CSS stuffing as an obfuscation technique? Phishing sites stuff their HTML with benign CSS code. This is likely supposed to throw of simple detection engines https://isc.sans.edu/diary/Use%20of%20CSS%20stuffing%20as%20an%20obfuscation%20…
…
continue reading
1
SANS Stormcast Monday, November 24th, 2025: CSS Padding in Phishing; Oracle Identity Manager Scans Update;
4:59
4:59
Play later
Play later
Lists
Like
Liked
4:59
Use of CSS stuffing as an obfuscation technique? Phishing sites stuff their HTML with benign CSS code. This is likely supposed to throw of simple detection engines https://isc.sans.edu/diary/Use%20of%20CSS%20stuffing%20as%20an%20obfuscation%20technique%3F/32510 Critical Oracle Identity Manager Flaw Possibly Exploited as Zero-Day Early exploit attem…
…
continue reading
1
Zero Trust to SCADA: Navigating the InfoSec Mandate
14:25
14:25
Play later
Play later
Lists
Like
Liked
14:25
This podcast explores the comprehensive responsibilities of modern InfoSec professionals, ranging from core security operations like vulnerability management across operating systems, network devices, and containers, to ensuring physical security and managing application development standards. Dive deep into emerging and complex domains such as AI …
…
continue reading
1
Emoticons, Sonicwall, Global Protect, Pop ups, WhatsApp, 7Zip, Roblox, Josh Marpet... - SWN #531
33:56
33:56
Play later
Play later
Lists
Like
Liked
33:56
Emoticons, Sonicwall, Global Protect, Pop-ups, WhatsApp, 7Zip, Roblox, Josh Marpet, and More on the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-531
…
continue reading
1
Emoticons, Sonicwall, Global Protect, Pop ups, WhatsApp, 7Zip, Roblox, Josh Marpet... - SWN #531
33:57
33:57
Play later
Play later
Lists
Like
Liked
33:57
Emoticons, Sonicwall, Global Protect, Pop-ups, WhatsApp, 7Zip, Roblox, Josh Marpet, and More on the Security Weekly News. Show Notes: https://securityweekly.com/swn-531
…
continue reading
1
The Privacy Divide: State Laws, Age Limits, and the Battle for the Under-18 Consumer.
36:11
36:11
Play later
Play later
Lists
Like
Liked
36:11
This episode explores the complex division in state mandates between general consumer privacy laws and specific children’s design codes, which often function as separate acts or amendments. We break down how compliance is determined either by broad, quantitative thresholds like annual gross revenue and high data volume, or by the specific service's…
…
continue reading
1
SANS Stormcast Friday, November 21st, 2025: Oracle Idendity Manager Scans; SonicWall DoS Vuln; Adam Wilson (@sans_edu) reducing prompt injection.
14:09
14:09
Play later
Play later
Lists
Like
Liked
14:09
Oracle Identity Manager Exploit Observation from September (CVE-2025-61757) We observed some exploit attempts in September against an Oracle Identity Manager vulnerability that was patched in October, indicating that exploitation may have occurred prior to the patch being released. https://isc.sans.edu/diary/Oracle%20Identity%20Manager%20Exploit%20…
…
continue reading
