The Application Security Podcast

Chris Romeo and Robert Hurlbut

Chris Romeo and Robert Hurlbut dig into the tips, tricks, projects, and tactics that make various application security professionals successful. They cover all facets of application security, from threat modeling and OWASP to DevOps+security and security champions. They approach these stories in an educational light, explaining the details in a way those new to the discipline can understand. Chris Romeo is the CEO of Devici and a General Partner at Kerr Ventures, and Robert Hurlbut is a Principal Application Security Architect focused on Threat Modeling at Aquia.

Episodes

Mentioned books

Dec 3, 2018 • 30min

Jim Manico -- The Extremely Unabridged History of SQLi and XSS

Jim Manico joins again to talk about how AppSec has changed over the years and gives us an in-depth look at the history of SQL Injection and XSS. You can find Jim on Twitter @manicodeFOLLOW OUR SOCIAL MEDIA: ➜Twitter: @AppSecPodcast➜LinkedIn: The Application Security Podcast➜YouTube: https://www.youtube.com/@ApplicationSecurityPodcast Thanks for Listening! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Nov 27, 2018 • 44min

Jeff Williams -- The History of OWASP

Chris talks with Jeff Williams about the History of OWASP and where it came from. You can find Jeff on Twitter @planetlevelFOLLOW OUR SOCIAL MEDIA: ➜Twitter: @AppSecPodcast➜LinkedIn: The Application Security Podcast➜YouTube: https://www.youtube.com/@ApplicationSecurityPodcast Thanks for Listening! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Nov 19, 2018 • 37min

Bjorn Kimminich -- The Joy of the Vulnerable Web: JuiceShop

Bjorn Kimminich joins to talk about JuiceShop. He dives into what JuiceShop is and some of its use cases. You can find Bjorn on Twitter @bkimminich FOLLOW OUR SOCIAL MEDIA: ➜Twitter: @AppSecPodcast➜LinkedIn: The Application Security Podcast➜YouTube: https://www.youtube.com/@ApplicationSecurityPodcast Thanks for Listening! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Nov 13, 2018 • 28min

Swaroop Yermalkar -- iGoat and iOS Mobile Pen Testing

Chris is at AppSec USA and is joined by Swaroop to talk about iGoat. They discuss how iGoat relates to WebGoat and how they can be used for pen testing. You can find Swaroop on Twitter @swaroopsyFOLLOW OUR SOCIAL MEDIA: ➜Twitter: @AppSecPodcast➜LinkedIn: The Application Security Podcast➜YouTube: https://www.youtube.com/@ApplicationSecurityPodcast Thanks for Listening! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Nov 5, 2018 • 36min

Adam Bacchus and Jon Bottarini -- Two Sides to a Bug Bounty: The Researcher and The Program

Chris and Robert talk with Adam and John from HackerOne about Bug Bounty. They dive into bug bounty from the programming and security researcher sides to show how you can combine these pieces with being successful with a bug bounty. You can find Adam on Twitter @SushiHack and Jon @jon_bottariniFOLLOW OUR SOCIAL MEDIA: ➜Twitter: @AppSecPodcast➜LinkedIn: The Application Security Podcast➜YouTube: https://www.youtube.com/@ApplicationSecurityPodcast Thanks for Listening! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Oct 30, 2018 • 31min

Erlend Oftedal -- What You Require, You Must Also Retire

Chris talks with Erlend Oftedal about the Norway Chapter of OWASP and continues on to what retire.js is and how it works.You can find Erlend on Twitter @webtonullFOLLOW OUR SOCIAL MEDIA: ➜Twitter: @AppSecPodcast➜LinkedIn: The Application Security Podcast➜YouTube: https://www.youtube.com/@ApplicationSecurityPodcast Thanks for Listening! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Oct 23, 2018 • 28min

Abhay Bhargav -- Threat Modeling as Code

Abhay Bhargav joins Robert to talk about threat modeling as code. He dives into how this can help you in your threat models. You can find Abhay on Twitter @abhaybhargavFOLLOW OUR SOCIAL MEDIA: ➜Twitter: @AppSecPodcast➜LinkedIn: The Application Security Podcast➜YouTube: https://www.youtube.com/@ApplicationSecurityPodcast Thanks for Listening! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Oct 16, 2018 • 31min

Tony UV -- Threat Libraries in the Cloud

Tony UV joins Robert to discuss all things threat libraries in the cloud. You can find Tony on Twitter @t0nyuvFOLLOW OUR SOCIAL MEDIA: ➜Twitter: @AppSecPodcast➜LinkedIn: The Application Security Podcast➜YouTube: https://www.youtube.com/@ApplicationSecurityPodcast Thanks for Listening! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Oct 9, 2018 • 37min

Aaron Rinehart -- Chaos Engineering and #AppSec

Chris and Robert talk to Aaron Rinehart about how the security community can embrace chaos engineering. You can find Aaron on Twitter @aaronrinehartFOLLOW OUR SOCIAL MEDIA: ➜Twitter: @AppSecPodcast➜LinkedIn: The Application Security Podcast➜YouTube: https://www.youtube.com/@ApplicationSecurityPodcast Thanks for Listening! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Oct 1, 2018 • 35min

Jessica Robinson and Vandana Verma-- WIA: Women in #AppSec

Jessie and Vandana join Chris from Women in #AppSec to discuss the project! They dive into what the project is and how the numerous OWASP Chapters around the world can participate! You can find them on Twitter @InfosecVandana and @jessrobin96FOLLOW OUR SOCIAL MEDIA: ➜Twitter: @AppSecPodcast➜LinkedIn: The Application Security Podcast➜YouTube: https://www.youtube.com/@ApplicationSecurityPodcast Thanks for Listening! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

The AI-powered Podcast Player

Save insights by tapping your headphones, chat with episodes, discover the best highlights - and more!

App store banner

Play store banner