The Application Security Podcast

Chris Romeo and Robert Hurlbut

Chris Romeo and Robert Hurlbut dig into the tips, tricks, projects, and tactics that make various application security professionals successful. They cover all facets of application security, from threat modeling and OWASP to DevOps+security and security champions. They approach these stories in an educational light, explaining the details in a way those new to the discipline can understand. Chris Romeo is the CEO of Devici and a General Partner at Kerr Ventures, and Robert Hurlbut is a Principal Application Security Architect focused on Threat Modeling at Aquia.

Episodes

Mentioned books

Aug 14, 2018 • 34min

Julien Vehent -- Securing DevOps

Julien Vehent joins us to discuss all things DevOps + Security. We talk through Julien's new book, Securing DevOps, and go in-depth about his journey to building security into DevOps at his job. You can find Julien on Twitter @jvehent Visit Manning PublicationsFOLLOW OUR SOCIAL MEDIA: ➜Twitter: @AppSecPodcast➜LinkedIn: The Application Security Podcast➜YouTube: https://www.youtube.com/@ApplicationSecurityPodcast Thanks for Listening! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Aug 7, 2018 • 25min

Christian Folini -- CRS and an Abstraction Layer

Christian Folini joins Chris at AppSec EU for this episode about ModSecurity and the Core Rule Set project from OWASP. They dive into the timeline for the abstraction layer piece of the project and much more.You can find Christian on Twitter @ChrFolini.OWASP ModSecurity Core Rule SetModSecurityFOLLOW OUR SOCIAL MEDIA: ➜Twitter: @AppSecPodcast➜LinkedIn: The Application Security Podcast➜YouTube: https://www.youtube.com/@ApplicationSecurityPodcast Thanks for Listening! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Jul 30, 2018 • 25min

Sean Wright -- Google Chrome and the Case of the Disappearing HTTP

Sean Wright joins Chris to discuss the changes Google made to handle the HTTP Protocol. They also dive into TLS and some other pieces of crypto that relate to #AppSec. You can find Sean on Twitter @SeanWrightSecFOLLOW OUR SOCIAL MEDIA: ➜Twitter: @AppSecPodcast➜LinkedIn: The Application Security Podcast➜YouTube: https://www.youtube.com/@ApplicationSecurityPodcast Thanks for Listening! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Jun 12, 2018 • 29min

Conclusion: All the Pieces You Need for an #AppSec Program

The conclusion of Season 3, all the best highlights, and some great advice from our guests on what you need to build an #AppSec Program. FOLLOW OUR SOCIAL MEDIA: ➜Twitter: @AppSecPodcast➜LinkedIn: The Application Security Podcast➜YouTube: https://www.youtube.com/@ApplicationSecurityPodcast Thanks for Listening! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Jun 5, 2018 • 31min

Martin Knobloch -- OWASP, Reach Out; We Are Known and Misunderstood

Martin Knobloch joins Chris and Robert to discuss all things OWASP. They dive into the history of OWASP and some of the plans for the future. You can find Martin on Twitter @knoblochmartin.FOLLOW OUR SOCIAL MEDIA: ➜Twitter: @AppSecPodcast➜LinkedIn: The Application Security Podcast➜YouTube: https://www.youtube.com/@ApplicationSecurityPodcast Thanks for Listening! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

May 29, 2018 • 30min

Devin McMasters -- Bug Bounty with a Side of Empathy

Devin McMasters joins Chris to talk about bug bounties and how to make them successful. You can find Devin on Twitter @DevinMcmastersFOLLOW OUR SOCIAL MEDIA: ➜Twitter: @AppSecPodcast➜LinkedIn: The Application Security Podcast➜YouTube: https://www.youtube.com/@ApplicationSecurityPodcast Thanks for Listening! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

May 22, 2018 • 23min

Apollo Clark -- Malicious User Stories

In this episode, Robert speaks about Malicious User Stories and DevOps with Apollo Clark. He discusses how to properly handle user stories in a world being taken over by DevOps. You can find Apollo on Twitter @apolloclarkFOLLOW OUR SOCIAL MEDIA: ➜Twitter: @AppSecPodcast➜LinkedIn: The Application Security Podcast➜YouTube: https://www.youtube.com/@ApplicationSecurityPodcast Thanks for Listening! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

May 15, 2018 • 18min

Megan Roddie -- Neurodiversity in Security

Megan Roddie joins Robert at the SOURCE Conference in Boston. She talks about how neurodiverse people can truly help an organization. You can find her on Twitter @megan_roddieFOLLOW OUR SOCIAL MEDIA: ➜Twitter: @AppSecPodcast➜LinkedIn: The Application Security Podcast➜YouTube: https://www.youtube.com/@ApplicationSecurityPodcast Thanks for Listening! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Apr 27, 2018 • 31min

Chase Schultz -- AppSec and Hardware

Chase Schultz joins to discuss the combination of AppSec and hardware. He also dives into how the Meltdown and Spectre attacks worked.You can find Chase on Twitter @f47h3r_B0FOLLOW OUR SOCIAL MEDIA: ➜Twitter: @AppSecPodcast➜LinkedIn: The Application Security Podcast➜YouTube: https://www.youtube.com/@ApplicationSecurityPodcast Thanks for Listening! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Apr 20, 2018 • 30min

John Melton -- #OWASP AppSensor

John Melton joins to discuss the #OWASP AppSensor project. He talks about how AppSensor works and how it can be used in your application. You can find John on Twitter @_jtmelton FOLLOW OUR SOCIAL MEDIA: ➜Twitter: @AppSecPodcast➜LinkedIn: The Application Security Podcast➜YouTube: https://www.youtube.com/@ApplicationSecurityPodcast Thanks for Listening! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

The AI-powered Podcast Player

Save insights by tapping your headphones, chat with episodes, discover the best highlights - and more!

App store banner

Play store banner