The Application Security Podcast

We’re back with another episode of The Application Security Podcast.This time, we talked to Mark Willis about the many facets of static analysis and how it affects the DevOps world.FOLLOW OUR SOCIAL MEDIA: ➜Twitter: @AppSecPodcast➜LinkedIn: The Application Security Podcast➜YouTube: https://www.youtube.com/@ApplicationSecurityPodcast Thanks for Listening! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Welcome back to season two of the Application Security Podcast. In this week's episode, we talk to Eric Johnson about static analysis, pen testing, continuous integration, etc.Thanks for listening!Rate us on iTunes and provide a positive comment, please!FOLLOW OUR SOCIAL MEDIA: ➜Twitter: @AppSecPodcast➜LinkedIn: The Application Security Podcast➜YouTube: https://www.youtube.com/@ApplicationSecurityPodcast Thanks for Listening! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Our topic today is technical debt and how security plays into it. Chris was at Converge Conference 2017  in Detroit, Michigan (which he says is the best security conference around) and continued the AppSec PodCast series of hallway conversations. Matt Clapham joins Chris. This is Matt’s second time on the podcast.Rate us on iTunes and provide a positive comment, please!FOLLOW OUR SOCIAL MEDIA: ➜Twitter: @AppSecPodcast➜LinkedIn: The Application Security Podcast➜YouTube: https://www.youtube.com/@ApplicationSecurityPodcast Thanks for Listening! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

On this episode of the application security podcast, Robert and I jump over a wall. Just kidding. This isn’t Top Gear.This is our second episode of season two of the #AppSec PodCast. Robert and I talk about the OWASP Top 10 2017 release candidate. We walk through what the OWASP Top 10 is and what some of the controversies surround the changes made for this year.Rate us on iTunes and provide a positive comment, please!FOLLOW OUR SOCIAL MEDIA: ➜Twitter: @AppSecPodcast➜LinkedIn: The Application Security Podcast➜YouTube: https://www.youtube.com/@ApplicationSecurityPodcast Thanks for Listening! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

This episode is an interview Robert and I did with Brook Schoenfield (@BrkSchoenfield) during the RSA Conference 2017.Brook S.E. Schoenfield is a Distinguished Engineer at Intel Security Group. At Intel Security (including the former McAfee), Mr. Schoenfield is the senior technical leader for delivering software products that protect themselves and Intel Security’s customers. He has been a security architecture leader at global technology companies for over 15 years of his 30+ years in high tech. He is a founding member of IEEE’s Center For Secure Design.We discuss secure design, architecture, and threat modeling. Brook has been an advocate for security across the industry for many years and has a knack for explaining complex things uncomplicatedly. What a pleasure to speak with him!Rate us on iTunes and provide a positive comment, please!FOLLOW OUR SOCIAL MEDIA: ➜Twitter: @AppSecPodcast➜LinkedIn: The Application Security Podcast➜YouTube: https://www.youtube.com/@ApplicationSecurityPodcast Thanks for Listening! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Good day, friends. The Application Security PodCast has concluded our first season. With many friends' help, we could record 18 episodes. We’ve done something different for this final episode of season 1. Our producer, Daniel Romeo, has collected some of our favorite clips from this season, the things that stood out to us. Enjoy! And we look forward to the release of season 2 in a few months.FOLLOW OUR SOCIAL MEDIA: ➜Twitter: @AppSecPodcast➜LinkedIn: The Application Security Podcast➜YouTube: https://www.youtube.com/@ApplicationSecurityPodcast Thanks for Listening! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Join Rafal Los, a seasoned security consultant and voice behind the Down the Security Rabbit Hole Podcast, James Jardine, who bridges development and security, and Michael Santarcangelo, focused on client context. They dive into what makes a good security consultant, emphasizing not just technical skills but the power of empathy and listening. Discover why understanding team dynamics matters, and how new consultants can navigate their careers with hands-on experience and strong networks. Get ready for insights that can transform your approach to security consulting!

On this episode, Robert and I are joined by Adam Shostack (@adamshostack). Adam is a well-known speaker and thought leader in application security. We speak with Adam about how to connect with development teams. This all started about a year ago when Adam tackled the issue of thinking like a hacker and why he wanted people to think differently. We dive deep into this issue, but many other exciting nuggets also fall out in conversation.FOLLOW OUR SOCIAL MEDIA: ➜Twitter: @AppSecPodcast➜LinkedIn: The Application Security Podcast➜YouTube: https://www.youtube.com/@ApplicationSecurityPodcast Thanks for Listening! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Today we talk to Jon McCoy (@thejonmccoy), a developer turned security person. He’s been helping developers learn more about security. We talk about reverse engineering malware and .NET security, as well as a bit of security community and the mindset to Reverse Engineer.FOLLOW OUR SOCIAL MEDIA: ➜Twitter: @AppSecPodcast➜LinkedIn: The Application Security Podcast➜YouTube: https://www.youtube.com/@ApplicationSecurityPodcast Thanks for Listening! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

We bring you a recorded version of Chris’s security conference talk from 2016 for this episode. The talk is “AppSec Awareness, A Blue Print for Security Culture Change.” He covers The Problem Space, why we need application security, how to create sustainable security culture, and introduces the idea of Application Security Awareness. Chris had the luxury of building such a program while at Cisco and shares his experiences with the community.There are slides available to correspond with this talk. They aren’t required, but some may want to follow along. Check out https://speakerdeck.com/edgeroute to get a copy.FOLLOW OUR SOCIAL MEDIA: ➜Twitter: @AppSecPodcast➜LinkedIn: The Application Security Podcast➜YouTube: https://www.youtube.com/@ApplicationSecurityPodcast Thanks for Listening! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~