The Application Security Podcast

Chris Romeo and Robert Hurlbut

Chris Romeo and Robert Hurlbut dig into the tips, tricks, projects, and tactics that make various application security professionals successful. They cover all facets of application security, from threat modeling and OWASP to DevOps+security and security champions. They approach these stories in an educational light, explaining the details in a way those new to the discipline can understand. Chris Romeo is the CEO of Devici and a General Partner at Kerr Ventures, and Robert Hurlbut is a Principal Application Security Architect focused on Threat Modeling at Aquia.

Episodes

Mentioned books

Sep 19, 2017 • 47min

Robert Hurlbut -- Threat Modeling

On this week's episode of the #AppSec Podcast, Chris and Robert are at #AppSecUSA.We hear a conference talk done by Robert on the topic of Threat Modeling. He goes more in-depth than ever before on the show.FOLLOW OUR SOCIAL MEDIA: ➜Twitter: @AppSecPodcast➜LinkedIn: The Application Security Podcast➜YouTube: https://www.youtube.com/@ApplicationSecurityPodcast Thanks for Listening! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Sep 12, 2017 • 32min

Chris and Robert -- Passwords, Identity, and #AppSec

Robert and Chris talk about Passwords, something we all are familiar with.They dive into specifics with passwords and threats that can occur with them. They also talk about how passwords interact with Identity and AppSec.FOLLOW OUR SOCIAL MEDIA: ➜Twitter: @AppSecPodcast➜LinkedIn: The Application Security Podcast➜YouTube: https://www.youtube.com/@ApplicationSecurityPodcast Thanks for Listening! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Sep 5, 2017 • 35min

Tanya Janca and Nicole Becher -- Hacking APIs and Web Services with DevSlop

Tanya and Nicole join Chris and Robert. They talk about what APIs are, how they are used, and some of the threats involved with them. They also look at what DevSlop and ZAP are in combination with APIs. FOLLOW OUR SOCIAL MEDIA: ➜Twitter: @AppSecPodcast➜LinkedIn: The Application Security Podcast➜YouTube: https://www.youtube.com/@ApplicationSecurityPodcast Thanks for Listening! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Aug 29, 2017 • 45min

Jon Mccoy and Jonathan Marcil -- Agile #AppSec

Robert and Chris speak with Jon Mccoy and Jonathan Marcil about using Agile #AppSec in the Secure Development Lifecycle.They dive deeper into what agile is, how it can be used, some practical applications using security champions, and much more.FOLLOW OUR SOCIAL MEDIA: ➜Twitter: @AppSecPodcast➜LinkedIn: The Application Security Podcast➜YouTube: https://www.youtube.com/@ApplicationSecurityPodcast Thanks for Listening! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Aug 22, 2017 • 45min

Jay Beale -- Docker Security and AppSec

A listener asked for a recommendation for a PodCast or Blog post about Docker security. We looked but couldn’t find one, so we created one. Robert interviews Jay Beale from Inguardians and asks what docker is, what threats it introduces, and the specific tie-ins with AppSec.FOLLOW OUR SOCIAL MEDIA: ➜Twitter: @AppSecPodcast➜LinkedIn: The Application Security Podcast➜YouTube: https://www.youtube.com/@ApplicationSecurityPodcast Thanks for Listening! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Aug 17, 2017 • 23min

Chris and Robert -- Proactive Controls, AppSec USA, and Gartners MQ on AppSec Testing

Robert and I try a new format for discussing a few topics per episode. We discuss changes with the Proactive Controls, AppSecUSA, and the Gartner Magic Quadrant for Application Security Testing. We mentioned the link to OWASP Proactive Controls to review the draft and suggest updates.FOLLOW OUR SOCIAL MEDIA: ➜Twitter: @AppSecPodcast➜LinkedIn: The Application Security Podcast➜YouTube: https://www.youtube.com/@ApplicationSecurityPodcast Thanks for Listening! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Aug 8, 2017 • 21min

Robert Hurlbut -- Blackhat Security Conference

We talk with Robert about his experiences at the Blackhat Security Conference.He will explain some of the AppSec-focused parts of the conference and more about the Alec Stamos Keynote.FOLLOW OUR SOCIAL MEDIA: ➜Twitter: @AppSecPodcast➜LinkedIn: The Application Security Podcast➜YouTube: https://www.youtube.com/@ApplicationSecurityPodcast Thanks for Listening! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Jul 25, 2017 • 44min

Dave Ferguson -- The OWASP Top 10 Proactive Controls

Dave Ferguson discusses the OWASP Top 10 Proactive Controls in this episode with Chris.FOLLOW OUR SOCIAL MEDIA: ➜Twitter: @AppSecPodcast➜LinkedIn: The Application Security Podcast➜YouTube: https://www.youtube.com/@ApplicationSecurityPodcast Thanks for Listening! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Jul 4, 2017 • 37min

Jim Manico -- MORE OWASP!

We’re here today with Jim Manico, a project lead with OWASP. We dive deep into some of the projects on his plate.FOLLOW OUR SOCIAL MEDIA: ➜Twitter: @AppSecPodcast➜LinkedIn: The Application Security Podcast➜YouTube: https://www.youtube.com/@ApplicationSecurityPodcast Thanks for Listening! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Jun 27, 2017 • 32min

Mike Goodwin -- The OWASP Threat Dragon

In this episode, we speak with Mike Goodwin, the founder of the OWASP Threat Dragon.We dive into what the threat dragon is and how it can work for youYou can find the tool here: https://github.com/mike-goodwin/owasp-threat-dragonFOLLOW OUR SOCIAL MEDIA: ➜Twitter: @AppSecPodcast➜LinkedIn: The Application Security Podcast➜YouTube: https://www.youtube.com/@ApplicationSecurityPodcast Thanks for Listening! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

The AI-powered Podcast Player

Save insights by tapping your headphones, chat with episodes, discover the best highlights - and more!

App store banner

Play store banner