エピソード

  • Episode 289 - Return of @lojikil - Context Matters

    Episode 289 - Return of @lojikil - Context Matters
    2025/06/24
    With @cktricky out on a grand tour across the country (or just unable to record for the day), @sethlaw succumbs to the dark side to give @lojikil a platform to talk about recent developments in the application security world. Specifically, a discussion on vulnerability data and scoring mechanisms, including CVE, CVSS, CWSS, and other acronyms. Wraps up with a longer discussion on the use of AI across multiple disciplines and provenance of AI Slop.
    続きを読む 一部表示
    1分未満
  • Episode 288 - Security and AI

    Episode 288 - Security and AI
    2025/06/17
    Seth and Ken return with an in-depth discussion around the future of security due to use of AI. The landscape of security is changing quickly and we do not know where it is headed. As such, it is worth exploring how it has changed security's outlook and what we are seeing across organizations from a consulting and product perspective. A recent article from a16z titled "Next-Gen Pentesting: AI Empowers the Good Guys" is a good summary of the changes happening. A short aside on unintended consequences when introducing new browser features.
    続きを読む 一部表示
    1分未満
  • Episode 287 - w/ Hayden Smith (Hunted Labs) - Open Source Dependency Threats

    Episode 287 - w/ Hayden Smith (Hunted Labs) - Open Source Dependency Threats
    2025/06/10
    Hayden Smith, Hunted Labs Co-Founder comes on Absolute AppSec to discuss, among other things, the Hunted Labs work discovering and publicizing the EasyJson software supply chain threat. Before co-founding Hunted Labs, Hayden was Senior Director of Field Services at Anchore, assisting US government, intelligence, and Fortune 500 clients. Long a specialist on supply-chain issues, Smith established the DoD's Platform One software factory, designed container-hardening pipelines securing 500+ Iron Bank images, and led Anchore solutions architects. Previously, he also worked at Booz Allen Hamilton where he supported US government and intelligence clients on cybersecurity/DevOps, and led the cybersecurity team testing the US Air Force's GPS OCX. Seth and Ken discuss some of Hayden's path into the security industry as well as Hunted Labs' report on the EasyJson software supply-chain threat. Read up here for more information: https://huntedlabs.com/exclusive-threat-report/
    続きを読む 一部表示
    1分未満
  • Episode 286 - Kayra Otaner - Authenticating Open Source Developers

    Episode 286 - Kayra Otaner - Authenticating Open Source Developers
    2025/05/20
    We are happy to have Kayra Otaner as a special guest on the Absolute AppSec podcast. Kayra (kayraotaner on LinkedIn and X/twitter), the current Director of DevSecOps at Roche, brings over 15 years of cybersecurity leadership experience from New York and Wall Street. He's led DevSecOps and DevOps teams across a variety of organizations, including ADP, Voice, and adMarketplace, and has served as a trusted CTO advisor for Trendyol. His background also includes cybersecurity consulting for the Turkish Navy, where he helped develop a defense solution that was later deployed in NATO's Locked Shields cyber defense war games in Tallinn. Kayra is a frequent speaker at international DevSecOps conferences and serves on the Business and Computer Science Advisory Board at Middlesex County College in New Jersey. During this episode of the podcast Kayra discusses his journey into information security and spurs on his recent thoughts on authenticating open source developers through models similar to TSA PreCheck.
    続きを読む 一部表示
    1分未満
  • Episode 285 - easyjson, Software Dependencies, Breaches

    Episode 285 - easyjson, Software Dependencies, Breaches
    2025/05/13
    News this week has been dominated by dependency issues and attribution towards unwanted nation states and actors. Specifically, easyjson is developed by a Russian firm that is under sanctions. The podcast duo discuss the implications and how to protect apps from sub-dependency threats. This leads to a deep dive into breaches and whether a breach has an effect on the industry, company, or individual. Current regulations and certifications can be lost, but does not always have the effect we would expect.
    続きを読む 一部表示
    1分未満
  • Episode 284 - BSidesSF/RSA Recap, Vibe Coding, WebAuthN

    Episode 284 - BSidesSF/RSA Recap, Vibe Coding, WebAuthN
    2025/05/06
    Back after a hiatus for both BSidesSF and RSA, Seth and Ken recap their experience at both conferences. TL;DR - BSidesSF is great for technical security content and community, RSA focuses on sales for mostly large organizations and budgets. Two sides of the security industry coin and depends on preferences for which makes the most sense for career or business growth. This is followed by a short discussion on vibe coding educational security tools. Episode wraps with an article on MFA phishing and how WebAuthN helps prevent accidental exposure.
    続きを読む 一部表示
    1分未満
  • Episode 283 - Intentionally-Vulnerable MCP Server, Hallucinating Software Packages

    Episode 283 - Intentionally-Vulnerable MCP Server, Hallucinating Software Packages
    2025/04/22
    Ok, so vulnerable MCP tools are a thing now? Ken demonstrates installing and running an intentionally vulnerable MCP server with a bunch of example issues. Following is a discussion of the recent article and research around hallucinations of 3rd party dependencies/libraries in AI-Generated Python and JavaScript. New attack targets all dependent on how creative the LLM is allowed to be. A short aside on why we talk about AI and LLMs so much.
    続きを読む 一部表示
    1分未満
  • Episode 282 - Model Context Protocol, A2A, NHI Authentication

    Episode 282 - Model Context Protocol, A2A, NHI Authentication
    2025/04/15
    It is time to talk about Model Context Protocol (MCP), Google's Agent 2 Agent specification, and get back to the crocs and socks of authentication for Non-Human Identities (NHIs). MCP servers have exploded over the last few weeks and provide a standard mechanism for LLMs to interact with pretty much _anything_. Seth and Ken talk about the risks, exposures, and where things could go from here.
    続きを読む 一部表示
    1分未満