Application Security Weekly (Audio)
Technology
Sometimes infosec problems can be summarized succinctly, like "patching is hard". Sometimes a succinct summary sounds convincing, but is based on old data, irrelevant data, or made up data. Adrian Sanabria walks through some of the archeological work he's done to dig up the source of some myths. We talk about some of our favorite (as in most disliked) myths to point out how oversimplified slogans and oversimplified threat models lead to bad advice -- and why bad advice can make users less secure.
Segment resources:
The OWASP Top 10 gets its first update after a year, Metasploit gets its first rewrite (but it's still in Perl), PHP adds support for prepared statements, RSA Conference puts passwords on notice while patching remains hard, and more!
Visit https://www.securityweekly.com/asw for all the latest episodes!
Show Notes: https://securityweekly.com/asw-279
Node.js Secure Coding - Oliver Tavakoli, Chris Thomas, Liran Tal - ASW #286
Inside the OWASP Top 10 for LLM Applications - Sandy Dunn, Mike Fey, Josh Lemos - ASW #285
AI & Hype & Security (Oh My!) & Hacking AI Bias - Caleb Sima, Keith Hoodlet - ASW #284
Why Companies Continue to Struggle with Supply Chain Security - Melinda Marks - ASW #283
Sustainable Funding of Open Source Tools - Mark Curphey, Simon Bennetts - ASW #282
Demystifying Security Engineering Career Tracks - Karan Dwivedi - ASW #281
Lessons That The XZ Utils Backdoor Spells Out - Farshad Abasi - ASW #280
Successful Security Needs a Streamlined UX - Benedek Gagyi - ASW #278
Figuring Out Where Appsec Fits When Starting a Cybersecurity Program - Tyler VonMoll - ASW #277
More API Calls, More Problems: The State of API Security in 2024 - Lebin Cheng - ASW #276
The Simple Mistakes and Complex Seeds of a Vulnerability Management Program - Emily Fox - ASW #275
Creating the Secure Pipeline Verification Standard - Farshad Abasi - ASW #274
Redefining Threat Modeling - Security Team Goes on Vacation - Jeevan Singh - ASW Vault
Creating Code Security Through Better Visibility - Christien Rioux - ASW #273
Starting an OWASP Project (That's Not a List!) - Grant Ongers - ASW #272
Getting Your First Conference Presentation - Sarah Harvey - ASW #271
Dealing with the Burden of Bad Bots - Sandy Carielli - ASW #270
Communicating Technical Topics Without Being Boring - Eve Maler - ASW #269
What's in Store for 2024? - ASW #268
Create your
podcast in
minutes
It is Free
Insight Story: Tech Trends Unpacked
Zero-Shot
Fast Forward by Tomorrow Unlocked: Tech past, tech future
The Unbelivable Truth - Series 1 - 26 including specials and pilot
A Prairie Home Companion: News from Lake Wobegon