The Application Security Podcast
Chris Romeo and Robert Hurlbut
Chris Romeo and Robert Hurlbut dig into the tips, tricks, projects, and tactics that make various application security professionals successful. They cover all facets of application security, from threat modeling and OWASP to DevOps+security and security champions. They approach these stories in an educational light, explaining the details in a way those new to the discipline can understand. Chris Romeo is the CEO of Devici and a General Partner at Kerr Ventures, and Robert Hurlbut is a Principal Application Security Architect focused on Threat Modeling at Aquia.
Episodes
Mentioned books
Oct 10, 2017 • 24min
Aditya Gupta -- The Exploitation of IoT
Aditya Gupta joins Robert and Chris.They speak with him about the many facets of IoT and some of its effects on pen testing, training, and mobile application security.FOLLOW OUR SOCIAL MEDIA: ➜Twitter: @AppSecPodcast➜LinkedIn: The Application Security Podcast➜YouTube: https://www.youtube.com/@ApplicationSecurityPodcast Thanks for Listening! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Oct 3, 2017 • 20min
Jim Manico and Katy Anton -- The Future of the OWASP Proactive Controls
Chris and Robert talk to Jim Manico and Katy Anton about the OWASP Proactive Controls project. We have discussed this before, and they are looking for feedback on the upcoming update.FOLLOW OUR SOCIAL MEDIA: ➜Twitter: @AppSecPodcast➜LinkedIn: The Application Security Podcast➜YouTube: https://www.youtube.com/@ApplicationSecurityPodcast Thanks for Listening! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Sep 25, 2017 • 36min
Andrew van der Stock and Brian Glas -- The Future of the OWASP Top 10
We talk about the future of the OWASP Top 10. We do this by meeting the new project leadership team, understanding the process for how they do governance now and into the future, and how they deal with provided feedback. We look behind the curtain at how they make decisions and use the data and feedback provided.Side note, at the AppSec USA closing, the OWASP T10 leaders did announce that A7 and A10 from the OWASP Top 10 RC1 have been removed.FOLLOW OUR SOCIAL MEDIA: ➜Twitter: @AppSecPodcast➜LinkedIn: The Application Security Podcast➜YouTube: https://www.youtube.com/@ApplicationSecurityPodcast Thanks for Listening! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Sep 19, 2017 • 47min
Robert Hurlbut -- Threat Modeling
On this week's episode of the #AppSec Podcast, Chris and Robert are at #AppSecUSA.We hear a conference talk done by Robert on the topic of Threat Modeling. He goes more in-depth than ever before on the show.FOLLOW OUR SOCIAL MEDIA: ➜Twitter: @AppSecPodcast➜LinkedIn: The Application Security Podcast➜YouTube: https://www.youtube.com/@ApplicationSecurityPodcast Thanks for Listening! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Sep 12, 2017 • 32min
Chris and Robert -- Passwords, Identity, and #AppSec
Robert and Chris talk about Passwords, something we all are familiar with.They dive into specifics with passwords and threats that can occur with them. They also talk about how passwords interact with Identity and AppSec.FOLLOW OUR SOCIAL MEDIA: ➜Twitter: @AppSecPodcast➜LinkedIn: The Application Security Podcast➜YouTube: https://www.youtube.com/@ApplicationSecurityPodcast Thanks for Listening! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Sep 5, 2017 • 35min
Tanya Janca and Nicole Becher -- Hacking APIs and Web Services with DevSlop
Tanya and Nicole join Chris and Robert. They talk about what APIs are, how they are used, and some of the threats involved with them. They also look at what DevSlop and ZAP are in combination with APIs. FOLLOW OUR SOCIAL MEDIA: ➜Twitter: @AppSecPodcast➜LinkedIn: The Application Security Podcast➜YouTube: https://www.youtube.com/@ApplicationSecurityPodcast Thanks for Listening! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Aug 29, 2017 • 45min
Jon Mccoy and Jonathan Marcil -- Agile #AppSec
Robert and Chris speak with Jon Mccoy and Jonathan Marcil about using Agile #AppSec in the Secure Development Lifecycle.They dive deeper into what agile is, how it can be used, some practical applications using security champions, and much more.FOLLOW OUR SOCIAL MEDIA: ➜Twitter: @AppSecPodcast➜LinkedIn: The Application Security Podcast➜YouTube: https://www.youtube.com/@ApplicationSecurityPodcast Thanks for Listening! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Aug 22, 2017 • 45min
Jay Beale -- Docker Security and AppSec
A listener asked for a recommendation for a PodCast or Blog post about Docker security. We looked but couldn’t find one, so we created one. Robert interviews Jay Beale from Inguardians and asks what docker is, what threats it introduces, and the specific tie-ins with AppSec.FOLLOW OUR SOCIAL MEDIA: ➜Twitter: @AppSecPodcast➜LinkedIn: The Application Security Podcast➜YouTube: https://www.youtube.com/@ApplicationSecurityPodcast Thanks for Listening! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Aug 17, 2017 • 23min
Chris and Robert -- Proactive Controls, AppSec USA, and Gartners MQ on AppSec Testing
Robert and I try a new format for discussing a few topics per episode. We discuss changes with the Proactive Controls, AppSecUSA, and the Gartner Magic Quadrant for Application Security Testing. We mentioned the link to OWASP Proactive Controls to review the draft and suggest updates.FOLLOW OUR SOCIAL MEDIA: ➜Twitter: @AppSecPodcast➜LinkedIn: The Application Security Podcast➜YouTube: https://www.youtube.com/@ApplicationSecurityPodcast Thanks for Listening! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Aug 8, 2017 • 21min
Robert Hurlbut -- Blackhat Security Conference
We talk with Robert about his experiences at the Blackhat Security Conference.He will explain some of the AppSec-focused parts of the conference and more about the Alec Stamos Keynote.FOLLOW OUR SOCIAL MEDIA: ➜Twitter: @AppSecPodcast➜LinkedIn: The Application Security Podcast➜YouTube: https://www.youtube.com/@ApplicationSecurityPodcast Thanks for Listening! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
