The Application Security Podcast

Chris Romeo and Robert Hurlbut

Chris Romeo and Robert Hurlbut dig into the tips, tricks, projects, and tactics that make various application security professionals successful. They cover all facets of application security, from threat modeling and OWASP to DevOps+security and security champions. They approach these stories in an educational light, explaining the details in a way those new to the discipline can understand. Chris Romeo is the CEO of Devici and a General Partner at Kerr Ventures, and Robert Hurlbut is a Principal Application Security Architect focused on Threat Modeling at Aquia.

Episodes

Mentioned books

Dec 5, 2017 • 32min

Conclusion: OWASP is for everyone

This is the conclusion of Season 02 for the AppSec PodCast. This episode focuses on all the OWASP goodness we’ve experienced this year. You’ll hear our favorite clips and explanations from a season full of OWASP.With the publication of this episode, season 02 is a wrap, and on to season 03, which will roll out in March.FOLLOW OUR SOCIAL MEDIA: ➜Twitter: @AppSecPodcast➜LinkedIn: The Application Security Podcast➜YouTube: https://www.youtube.com/@ApplicationSecurityPodcast Thanks for Listening! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Oct 24, 2017 • 30min

Brian Andrzejewski -- Containers Again

This is the final interview from the #AppSecUSA Conference in Orlando, and Brian Andrzejewski joins Chris and Robert.He talks about containers, their usage within #AppSec, and orchestrations.FOLLOW OUR SOCIAL MEDIA: ➜Twitter: @AppSecPodcast➜LinkedIn: The Application Security Podcast➜YouTube: https://www.youtube.com/@ApplicationSecurityPodcast Thanks for Listening! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Oct 17, 2017 • 23min

Tin Zaw -- ModSecurity and #AppSec

Tin Zaw, an advocate for ModSecurity, joins Robert and Chris.He dives into its background, the use of rules, and the many advantages.FOLLOW OUR SOCIAL MEDIA: ➜Twitter: @AppSecPodcast➜LinkedIn: The Application Security Podcast➜YouTube: https://www.youtube.com/@ApplicationSecurityPodcast Thanks for Listening! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Oct 10, 2017 • 24min

Aditya Gupta -- The Exploitation of IoT

Aditya Gupta joins Robert and Chris.They speak with him about the many facets of IoT and some of its effects on pen testing, training, and mobile application security.FOLLOW OUR SOCIAL MEDIA: ➜Twitter: @AppSecPodcast➜LinkedIn: The Application Security Podcast➜YouTube: https://www.youtube.com/@ApplicationSecurityPodcast Thanks for Listening! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Oct 3, 2017 • 20min

Jim Manico and Katy Anton -- The Future of the OWASP Proactive Controls

Chris and Robert talk to Jim Manico and Katy Anton about the OWASP Proactive Controls project. We have discussed this before, and they are looking for feedback on the upcoming update.FOLLOW OUR SOCIAL MEDIA: ➜Twitter: @AppSecPodcast➜LinkedIn: The Application Security Podcast➜YouTube: https://www.youtube.com/@ApplicationSecurityPodcast Thanks for Listening! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Sep 25, 2017 • 36min

Andrew van der Stock and Brian Glas -- The Future of the OWASP Top 10

We talk about the future of the OWASP Top 10. We do this by meeting the new project leadership team, understanding the process for how they do governance now and into the future, and how they deal with provided feedback. We look behind the curtain at how they make decisions and use the data and feedback provided.Side note, at the AppSec USA closing, the OWASP T10 leaders did announce that A7 and A10 from the OWASP Top 10 RC1 have been removed.FOLLOW OUR SOCIAL MEDIA: ➜Twitter: @AppSecPodcast➜LinkedIn: The Application Security Podcast➜YouTube: https://www.youtube.com/@ApplicationSecurityPodcast Thanks for Listening! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Sep 19, 2017 • 47min

Robert Hurlbut -- Threat Modeling

On this week's episode of the #AppSec Podcast, Chris and Robert are at #AppSecUSA.We hear a conference talk done by Robert on the topic of Threat Modeling. He goes more in-depth than ever before on the show.FOLLOW OUR SOCIAL MEDIA: ➜Twitter: @AppSecPodcast➜LinkedIn: The Application Security Podcast➜YouTube: https://www.youtube.com/@ApplicationSecurityPodcast Thanks for Listening! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Sep 12, 2017 • 32min

Chris and Robert -- Passwords, Identity, and #AppSec

Robert and Chris talk about Passwords, something we all are familiar with.They dive into specifics with passwords and threats that can occur with them. They also talk about how passwords interact with Identity and AppSec.FOLLOW OUR SOCIAL MEDIA: ➜Twitter: @AppSecPodcast➜LinkedIn: The Application Security Podcast➜YouTube: https://www.youtube.com/@ApplicationSecurityPodcast Thanks for Listening! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Sep 5, 2017 • 35min

Tanya Janca and Nicole Becher -- Hacking APIs and Web Services with DevSlop

Tanya and Nicole join Chris and Robert. They talk about what APIs are, how they are used, and some of the threats involved with them. They also look at what DevSlop and ZAP are in combination with APIs. FOLLOW OUR SOCIAL MEDIA: ➜Twitter: @AppSecPodcast➜LinkedIn: The Application Security Podcast➜YouTube: https://www.youtube.com/@ApplicationSecurityPodcast Thanks for Listening! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Aug 29, 2017 • 45min

Jon Mccoy and Jonathan Marcil -- Agile #AppSec

Robert and Chris speak with Jon Mccoy and Jonathan Marcil about using Agile #AppSec in the Secure Development Lifecycle.They dive deeper into what agile is, how it can be used, some practical applications using security champions, and much more.FOLLOW OUR SOCIAL MEDIA: ➜Twitter: @AppSecPodcast➜LinkedIn: The Application Security Podcast➜YouTube: https://www.youtube.com/@ApplicationSecurityPodcast Thanks for Listening! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

The AI-powered Podcast Player

Save insights by tapping your headphones, chat with episodes, discover the best highlights - and more!

App store banner

Play store banner