The Application Security Podcast

Chris Romeo and Robert Hurlbut

Chris Romeo and Robert Hurlbut dig into the tips, tricks, projects, and tactics that make various application security professionals successful. They cover all facets of application security, from threat modeling and OWASP to DevOps+security and security champions. They approach these stories in an educational light, explaining the details in a way those new to the discipline can understand. Chris Romeo is the CEO of Devici and a General Partner at Kerr Ventures, and Robert Hurlbut is a Principal Application Security Architect focused on Threat Modeling at Aquia.

Episodes

Mentioned books

Sep 25, 2018 • 17min

Karen Staley -- A Conversation with Karen

This week we're joined by Karen Staley, the Executive Director of the OWASP Foundation. She dives into what's happening on OWASP and what we can look forward to in the future. You can find her on Twitter @owaspedFOLLOW OUR SOCIAL MEDIA: ➜Twitter: @AppSecPodcast➜LinkedIn: The Application Security Podcast➜YouTube: https://www.youtube.com/@ApplicationSecurityPodcast Thanks for Listening! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Sep 18, 2018 • 27min

Mohammed Imran -- Back to the Lab Again with a DevOps

Mohammed Imran joins us to discuss the DevSecOps Studio and more about the beautiful world of DevOps. You can find him on Twitter @secfigoFOLLOW OUR SOCIAL MEDIA: ➜Twitter: @AppSecPodcast➜LinkedIn: The Application Security Podcast➜YouTube: https://www.youtube.com/@ApplicationSecurityPodcast Thanks for Listening! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Sep 11, 2018 • 29min

Niels Tanis -- A Slice of the Razor with ASP.Net Core

Niels Tanis joins to talk about Razor and ASP.Net Core versus General.You can find Niels on Twitter @nielstanisFOLLOW OUR SOCIAL MEDIA: ➜Twitter: @AppSecPodcast➜LinkedIn: The Application Security Podcast➜YouTube: https://www.youtube.com/@ApplicationSecurityPodcast Thanks for Listening! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Sep 4, 2018 • 27min

Ofer Maor -- A Pen Testers Transition to #AppSec: #VoteForOfer

Chris is joined by Ofer Maor to talk about his journey of transitioning into the world of #AppSec from the world of Pen Testing. You can find him on Twitter @OferMaorFOLLOW OUR SOCIAL MEDIA: ➜Twitter: @AppSecPodcast➜LinkedIn: The Application Security Podcast➜YouTube: https://www.youtube.com/@ApplicationSecurityPodcast Thanks for Listening! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Aug 28, 2018 • 22min

Matt Tesauro -- #AppSec Pipeline as Toolbox

We're joined by Matt Tesauro, a co-lead for the AppSec Pipeline Project. He explains how they began building this project and some ways for you to start using this in your organization. You can find Matt on Twitter @matt_tesauroFOLLOW OUR SOCIAL MEDIA: ➜Twitter: @AppSecPodcast➜LinkedIn: The Application Security Podcast➜YouTube: https://www.youtube.com/@ApplicationSecurityPodcast Thanks for Listening! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Aug 20, 2018 • 22min

Stephen de Vries -- Threat Modeling with a bit of #Startup

Stephen de Vries joins to discuss Threat Modeling and the unique approach that he takes by using tooling. We also discuss application security and startups. You can find Stephen on Twitter @stephendv FOLLOW OUR SOCIAL MEDIA: ➜Twitter: @AppSecPodcast➜LinkedIn: The Application Security Podcast➜YouTube: https://www.youtube.com/@ApplicationSecurityPodcast Thanks for Listening! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Aug 14, 2018 • 34min

Julien Vehent -- Securing DevOps

Julien Vehent joins us to discuss all things DevOps + Security. We talk through Julien's new book, Securing DevOps, and go in-depth about his journey to building security into DevOps at his job. You can find Julien on Twitter @jvehent Visit Manning PublicationsFOLLOW OUR SOCIAL MEDIA: ➜Twitter: @AppSecPodcast➜LinkedIn: The Application Security Podcast➜YouTube: https://www.youtube.com/@ApplicationSecurityPodcast Thanks for Listening! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Aug 7, 2018 • 25min

Christian Folini -- CRS and an Abstraction Layer

Christian Folini joins Chris at AppSec EU for this episode about ModSecurity and the Core Rule Set project from OWASP. They dive into the timeline for the abstraction layer piece of the project and much more.You can find Christian on Twitter @ChrFolini.OWASP ModSecurity Core Rule SetModSecurityFOLLOW OUR SOCIAL MEDIA: ➜Twitter: @AppSecPodcast➜LinkedIn: The Application Security Podcast➜YouTube: https://www.youtube.com/@ApplicationSecurityPodcast Thanks for Listening! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Jul 30, 2018 • 25min

Sean Wright -- Google Chrome and the Case of the Disappearing HTTP

Sean Wright joins Chris to discuss the changes Google made to handle the HTTP Protocol. They also dive into TLS and some other pieces of crypto that relate to #AppSec. You can find Sean on Twitter @SeanWrightSecFOLLOW OUR SOCIAL MEDIA: ➜Twitter: @AppSecPodcast➜LinkedIn: The Application Security Podcast➜YouTube: https://www.youtube.com/@ApplicationSecurityPodcast Thanks for Listening! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Jun 12, 2018 • 29min

Conclusion: All the Pieces You Need for an #AppSec Program

The conclusion of Season 3, all the best highlights, and some great advice from our guests on what you need to build an #AppSec Program. FOLLOW OUR SOCIAL MEDIA: ➜Twitter: @AppSecPodcast➜LinkedIn: The Application Security Podcast➜YouTube: https://www.youtube.com/@ApplicationSecurityPodcast Thanks for Listening! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

The AI-powered Podcast Player

Save insights by tapping your headphones, chat with episodes, discover the best highlights - and more!

App store banner

Play store banner