The Application Security Podcast

Steve Wilson, author of 'The Developer's Playbook for Large Language Model Security,' dives into the complexities of AI and security. He discusses AI hallucinations and the crucial need for trust in AI applications. Steve shares insights on supply chain vulnerabilities and the importance of strict oversight and testing tools. He also explores the interplay between personal hobbies and security strategies, emphasizing innovative approaches in AppSec leveraging AI to enhance vulnerability management. Expect practical tips for building secure AI applications!

In this conversation with Jeff Williams, a co-founder of OWASP and a trailblazer in application security, listeners dive into the transformative power of Application Detection and Response (ADR). Jeff emphasizes ADR's role in real-time monitoring and response to vulnerabilities, contrasting it with traditional security techniques. He shares insights on the evolution of security testing and the importance of community building. The discussion also explores the intersection of AI and AppSec, addressing both its potential benefits and challenges in enhancing security.

Philip Wiley shares his unique journey from professional wrestling to being a renowned pen tester. We define pen testing and the role of social engineering in ethical hacking. We talk tools of the trade, share a favorite web app pentest hack and offer good advice on starting a career in cybersecurity. Philip shares some insights from his book, ‘The Pentester Blueprint: Starting a Career as an Ethical Hacker.’ And we discuss the impact of AI on pen testing and where this field is headed in the next few years.The Pentester Blueprint Starting a Career as an Ethical Hacker written by Phillip WylieThe Web Application Hacker’s Handbook written by Dafydd Stuttard, Marcus PintoWhere to find Phillip:Website:  https://thehackermaker.com/Podcast: https://phillipwylieshow.com/X: https://x.com/PhillipWylieLinkedIn: https://www.linkedin.com/in/phillipwylie/FOLLOW OUR SOCIAL MEDIA: ➜Twitter: @AppSecPodcast➜LinkedIn: The Application Security Podcast➜YouTube: https://www.youtube.com/@ApplicationSecurityPodcast Thanks for Listening! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Steve Springett, an expert in secure software development and key figure in multiple OWASP projects, shares insights on CycloneDX and the importance of software transparency. He discusses the evolving landscape of Software Bills of Materials (SBOMs) and their critical role in security and inventory management. Steve also reflects on personal interests outside of tech, such as automotive modifications and Formula One. His humorous anecdotes and deep knowledge blend seamlessly, making for an engaging and informative conversation.

In this engaging discussion, Irfaan Santoe, an AppSec professional with a consulting background, delves into the intricacies of Application Security strategies. He emphasizes the importance of measuring program maturity and conveying ROI to business leaders. Santoe explores the communication gaps between CISOs and AppSec initiatives, offering insights on how to bridge them. The conversation also touches on balancing security with practical business operations, making a compelling case for strategic investments in cybersecurity that align with business objectives.

Join Chris Romeo and Robert Hurlbut in a captivating discussion with Andrew Van Der Stok, the executive director at OWASP. They delve into the latest developments in the OWASP Top 10 Project, emphasizing the significance of data collection and developer engagement. Learn about the methodology behind building the OWASP Top 10, the importance of framework security, and get insights that could shape the future of web application security.

Derek Fisher, an expert in hardware, software, and cybersecurity with over 25 years of experience is back on the podcast. Derek shares his advice on cybersecurity hiring, specifically in application security, and dives into the challenges of entry-level roles in the industry. We discuss the value of certifications, the necessity of lifelong learning, and the importance of networking. Listen along for good advice on getting noticed in cybersecurity, resume tips, and the evolving landscape of AppSec careers.Mentioned in this episode:The Application Security Handbook by Derek FisherWith the Old Breed by E.B. SledgeCyber for Builders by Ross HaleliukEffective Vulnerability Management by Chris HughesPrevious episode:Derek Fisher – The Application Security HandbookFOLLOW OUR SOCIAL MEDIA: ➜Twitter: @AppSecPodcast➜LinkedIn: The Application Security Podcast➜YouTube: https://www.youtube.com/@ApplicationSecurityPodcast Thanks for Listening! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Award-winning public speaker Tanya Janca discusses secure guardrails in application security, emphasizing the importance of guiding individuals back to secure practices. She also shares insights on implementing security guardrails in software development and fostering collaboration between software developers and security professionals.

Jahanzeb Farooq discusses his journey in cybersecurity and the challenges of building AppSec programs from scratch. Jahanzeb shares his experience working in various industries, including Siemens, Novo Nordisk, and Danske Bank, highlighting the importance of understanding developer needs and implementing the right tools. The conversation covers the complexities of cybersecurity in the pharmaceutical and financial sectors, shedding light on regulatory requirements and the role of software in critical industries. Learn about prioritizing security education, threat modeling, and navigating digital transformation.Mentioned in this Episode:The Power of Habit by Charles DuhiggFOLLOW OUR SOCIAL MEDIA: ➜Twitter: @AppSecPodcast➜LinkedIn: The Application Security Podcast➜YouTube: https://www.youtube.com/@ApplicationSecurityPodcast Thanks for Listening! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

David Quisenberry shares about his journey into the security world, insights on building AppSec programs in small to mid-sized companies, and the importance of data-driven decision-making. The conversation delves into the value of mentoring and why it's important to build real relationships with the people you work with, the vital role of trust with engineering teams, and the significance of mental health and community in the industry. Books Shared in the Episode:SRE Engineering by Betsy Beyer, Chris Jones, Jennifer Petoff and Niall Richard Murphy  The Phoenix Project by Gene Kim, Kevin Behr and George Spafford Security Chaos Engineering by Aaron Rinehart and Kelly Shortridge CISO Desk Reference Guide by Bill Bonney, Gary Hayslip, Matt Stamper Wiring the Winning Organization by Gene Kim and Dr. Steven J. Spear The Body Keeps the Score by Bessel van der Kolk, M.D. Intelligence Driven Incident Response by Rebekah Brown and Scott J. Roberts Never Eat Alone by Keith Ferrazzi  Thinking Fast and Slow by Daniel Kahneman Do Hard Things by Steve Magness How Leaders Create and Use Networks, Whitepaper by Herminia Ibarra and Mark Lee HunterFOLLOW OUR SOCIAL MEDIA: ➜Twitter: @AppSecPodcast➜LinkedIn: The Application Security Podcast➜YouTube: https://www.youtube.com/@ApplicationSecurityPodcast Thanks for Listening! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~