エピソード

  • Episode 259 - Special Melbourne Australia Edition w/Paul McCarty and Daniel Ting

    Episode 259 - Special Melbourne Australia Edition w/Paul McCarty and Daniel Ting
    2024/09/12
    Seth and Ken take the podcast global this week while traveling to Melbourne, Australia. The duo is joined this episode are joined by Paul McCarty and Daniel Ting, both involved in the local application security community. The discussion starts with a comparison of industries in Australia and the United States, both differences and similarities. This is followed by thoughts on security software supply chain, from a red and blue team perspective. Finally, some thoughts on community changes due to the pandemic and supporting local meetups.
    続きを読む 一部表示
    1分未満
  • Episode 258 - Engaging Developers, ALBeast, Dangerous TLDs

    Episode 258 - Engaging Developers, ALBeast, Dangerous TLDs
    2024/09/03
    Seth (@sethlaw) and Ken (@cktricky) are back this week with some hot takes on the recent cancellation of OWASP's San Francisco Developer Days that were running alongside Global AppSec San Francisco. OWASP has struggled to engage the development community over the years and this is no surprise for anyone in AppSec/ProdSec. This is followed by review of the ALBeast (why do all vulnerabilities have to be branded?) and how our past selves were correct in identifying dangerous TLDs as being exploitable.
    続きを読む 一部表示
    1分未満
  • Episode 257 - In-Person vs. Virtual Training, Compliance Violations

    Episode 257 - In-Person vs. Virtual Training, Compliance Violations
    2024/08/27
    Ken (@cktricky) returns alongside Seth (@sethlaw) for the week. This starts with an in-depth discussion on the pros and cons of in-person and virtual trainings. In short, the duo prefers in-person due for the advantages, but understand that financial pressures come into play, so virtual is a good substitute. This is followed by thoughts on the recent lawsuit by thy government against Georgia Tech for failing to meet government cybersecurity compliance requirements, even after attesting to their existence. Third-party risk assessments may not be the most fun part of security, but what happens when an organization doesn't meet their obligations? Seems like both sides are in the "find out" phase of FAFO.
    続きを読む 一部表示
    1分未満
  • Episode 256 w/ John Poulin - Token Security, Staying Technical as a Manager

    Episode 256 w/ John Poulin - Token Security, Staying Technical as a Manager
    2024/08/21
    Ken Johnson (@cktricky) abandons the podcast this week to attend a conference and play business, so Seth (@sethlaw) bring in Cloud Security Partners CTO John Poulin (@forced_request) as a co-host. John and Seth start off by discussing the difference in virtual and in-person training. This is followed by two articles. The first is from CrankySec, where the idea that security isn't valued over other technical business aspects. The second article is from Keith Hoodlet (also a podcast guest) detailing why staying technical as a manager is something any of us should strive towards (and how to do it).
    続きを読む 一部表示
    1分未満
  • Episode 255 (0xFF) - HackerSummerCamp Recap

    Episode 255 (0xFF) - HackerSummerCamp Recap
    2024/08/13
    Seth and Ken are back from Vegas for Episode 0xFF (!!!!) of Absolute AppSec, sponsored by Redpoint Security (redpointsecurity.com). After spending the last week+ withering away in the desert heat while listening to industry insiders, technicians, and hackers talk about their research, the duo have returned dehydrated to share their own experiences from DEF CON 32, Blackhat, BSidesLV, and Diana Initiative. After some discussion, they dive into interesting talks, new tools, hotel searches, and badge controversies.
    続きを読む 一部表示
    1分未満
  • Episode 254 - Pre-Hacker Summer Camp

    Episode 254 - Pre-Hacker Summer Camp
    2024/08/01
    Seth and Ken return this week at a slightly unusual time help get you prepped for all things Hacker Summer Camp. As regular visitors to Las Vegas each year for Blackhat, BSidesLV, DEF CON, and other events, the duo has recommendations for making the most of your time in the desert. Specifically, download HackerTracker (https://hackertracker.app), plan out your time, take care of yourself, and have fun.
    続きを読む 一部表示
    1分未満
  • Episode 253 w/ Justin Collins - Managing Security, ProdSec vs. AppSec

    Episode 253 w/ Justin Collins - Managing Security, ProdSec vs. AppSec
    2024/07/23
    We'd only been a dozen episodes old the last time Justin Collins (@presidentbeef) was on Absolute AppSec, so his upcoming return is certainly overdue. Justin is currently head of security at Gusto, an organization he's been helping secure for nearly five years now. Before Gusto, Justin had stints at SurveyMonkey, Twitter, AT&T interactive, among others. He also is the lead developer of the open-source Ruby-on-Rails security tool Brakeman - https://brakemanscanner.org. This show will covers the range of his deep experience regarding topics like Product Security and AppSec in organizations, static analyzers, and advice for helping organizations create successful security programs and mindsets. Tune in as Justin joins Seth Law (@sethlaw) and Ken Johnson (@cktricky) to talk about managing security people and various product and application security topics.
    続きを読む 一部表示
    1分未満
  • Episode 252 w/ Rami McCarthy - Security Startups, Jobs

    Episode 252 w/ Rami McCarthy - Security Startups, Jobs
    2024/07/16
    Product Security and Cloud security guru Rami McCarthy (@ramimacisabird on X) comes on the Absolute AppSec podcast with Ken and Seth (@cktricky and @sethlaw)! To get to know Rami, you should first check out his website here to get acquainted with some of his latest prodigious activities: https://ramimac.me/. He’s recently delivered a talk regarding zero-touch prod at Fwd:CloudSec and finished a stint as a Security Engineer at Figma. For folks interested in questions of security consulting, management, AWS and cloud security as well as many of the other large questions in infosec, Rami is always a great follow.
    続きを読む 一部表示
    1分未満