The Application Security Podcast

Chris Romeo and Robert Hurlbut

Chris Romeo and Robert Hurlbut dig into the tips, tricks, projects, and tactics that make various application security professionals successful. They cover all facets of application security, from threat modeling and OWASP to DevOps+security and security champions. They approach these stories in an educational light, explaining the details in a way those new to the discipline can understand. Chris Romeo is the CEO of Devici and a General Partner at Kerr Ventures, and Robert Hurlbut is a Principal Application Security Architect focused on Threat Modeling at Aquia.

Episodes

Mentioned books

Aug 22, 2017 • 45min

Jay Beale -- Docker Security and AppSec

A listener asked for a recommendation for a PodCast or Blog post about Docker security. We looked but couldn’t find one, so we created one. Robert interviews Jay Beale from Inguardians and asks what docker is, what threats it introduces, and the specific tie-ins with AppSec.FOLLOW OUR SOCIAL MEDIA: ➜Twitter: @AppSecPodcast➜LinkedIn: The Application Security Podcast➜YouTube: https://www.youtube.com/@ApplicationSecurityPodcast Thanks for Listening! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Aug 17, 2017 • 23min

Chris and Robert -- Proactive Controls, AppSec USA, and Gartners MQ on AppSec Testing

Robert and I try a new format for discussing a few topics per episode. We discuss changes with the Proactive Controls, AppSecUSA, and the Gartner Magic Quadrant for Application Security Testing. We mentioned the link to OWASP Proactive Controls to review the draft and suggest updates.FOLLOW OUR SOCIAL MEDIA: ➜Twitter: @AppSecPodcast➜LinkedIn: The Application Security Podcast➜YouTube: https://www.youtube.com/@ApplicationSecurityPodcast Thanks for Listening! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Aug 8, 2017 • 21min

Robert Hurlbut -- Blackhat Security Conference

We talk with Robert about his experiences at the Blackhat Security Conference.He will explain some of the AppSec-focused parts of the conference and more about the Alec Stamos Keynote.FOLLOW OUR SOCIAL MEDIA: ➜Twitter: @AppSecPodcast➜LinkedIn: The Application Security Podcast➜YouTube: https://www.youtube.com/@ApplicationSecurityPodcast Thanks for Listening! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Jul 25, 2017 • 44min

Dave Ferguson -- The OWASP Top 10 Proactive Controls

Dave Ferguson discusses the OWASP Top 10 Proactive Controls in this episode with Chris.FOLLOW OUR SOCIAL MEDIA: ➜Twitter: @AppSecPodcast➜LinkedIn: The Application Security Podcast➜YouTube: https://www.youtube.com/@ApplicationSecurityPodcast Thanks for Listening! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Jul 4, 2017 • 37min

Jim Manico -- MORE OWASP!

We’re here today with Jim Manico, a project lead with OWASP. We dive deep into some of the projects on his plate.FOLLOW OUR SOCIAL MEDIA: ➜Twitter: @AppSecPodcast➜LinkedIn: The Application Security Podcast➜YouTube: https://www.youtube.com/@ApplicationSecurityPodcast Thanks for Listening! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Jun 27, 2017 • 32min

Mike Goodwin -- The OWASP Threat Dragon

In this episode, we speak with Mike Goodwin, the founder of the OWASP Threat Dragon.We dive into what the threat dragon is and how it can work for youYou can find the tool here: https://github.com/mike-goodwin/owasp-threat-dragonFOLLOW OUR SOCIAL MEDIA: ➜Twitter: @AppSecPodcast➜LinkedIn: The Application Security Podcast➜YouTube: https://www.youtube.com/@ApplicationSecurityPodcast Thanks for Listening! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Jun 19, 2017 • 40min

Mark Willis -- I Just Like Static Analysis. Static Analysis is My Favorite

We’re back with another episode of The Application Security Podcast.This time, we talked to Mark Willis about the many facets of static analysis and how it affects the DevOps world.FOLLOW OUR SOCIAL MEDIA: ➜Twitter: @AppSecPodcast➜LinkedIn: The Application Security Podcast➜YouTube: https://www.youtube.com/@ApplicationSecurityPodcast Thanks for Listening! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Jun 14, 2017 • 28min

Eric Johnson -- Continuous Integration in .NET

Welcome back to season two of the Application Security Podcast. In this week's episode, we talk to Eric Johnson about static analysis, pen testing, continuous integration, etc.Thanks for listening!Rate us on iTunes and provide a positive comment, please!FOLLOW OUR SOCIAL MEDIA: ➜Twitter: @AppSecPodcast➜LinkedIn: The Application Security Podcast➜YouTube: https://www.youtube.com/@ApplicationSecurityPodcast Thanks for Listening! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Jun 6, 2017 • 22min

Matt Clapham -- The Technical Debt Ceiling

Our topic today is technical debt and how security plays into it. Chris was at Converge Conference 2017 in Detroit, Michigan (which he says is the best security conference around) and continued the AppSec PodCast series of hallway conversations. Matt Clapham joins Chris. This is Matt’s second time on the podcast.Rate us on iTunes and provide a positive comment, please!FOLLOW OUR SOCIAL MEDIA: ➜Twitter: @AppSecPodcast➜LinkedIn: The Application Security Podcast➜YouTube: https://www.youtube.com/@ApplicationSecurityPodcast Thanks for Listening! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

May 30, 2017 • 31min

Chris and Robert -- Controversy within the OWASP Top 10 RC

On this episode of the application security podcast, Robert and I jump over a wall. Just kidding. This isn’t Top Gear.This is our second episode of season two of the #AppSec PodCast. Robert and I talk about the OWASP Top 10 2017 release candidate. We walk through what the OWASP Top 10 is and what some of the controversies surround the changes made for this year.Rate us on iTunes and provide a positive comment, please!FOLLOW OUR SOCIAL MEDIA: ➜Twitter: @AppSecPodcast➜LinkedIn: The Application Security Podcast➜YouTube: https://www.youtube.com/@ApplicationSecurityPodcast Thanks for Listening! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

The AI-powered Podcast Player

Save insights by tapping your headphones, chat with episodes, discover the best highlights - and more!

App store banner

Play store banner