Application Security PodCast

By Chris Romeo and Robert Hurlbut

Chris and Robert deconstruct world-class Application Security experts, digging deep to find the tools, tactics, projects, and tricks that make them successful. Each episode begins with the guest's security origin story or how they got started in Application Security. Topics range from DevOps+security, secure coding, OWASP, threat modeling, security culture, and anything else they can think of regarding application security. Chris Romeo (@edgeroute) is the CEO of Security Journey, and Robert Hurlbut (@roberthurlbut) is a Threat Modeling Architect.

  1. 1.
    Thinking back, Looking forward - A Balanced Approach to Securing our Software Future
    1:11:53
  2. 2.
    Jeevan Singh -- Threat modeling based in democracy
    36:18
  3. 3.
    Dima Kotik -- Application Security and the Zen of Python
    39:17
  4. 4.
    Dustin Lehr -- Advocating and being on the side of developers
    36:34
  5. 5.
    Aaron Rinehart -- Security Chaos Engineering
    48:37
  6. 6.
    Izar Tarandach and Matt Coles-- Threat Modeling: A Practical Guide for Development Teams
    50:05
  7. 7.
    Charles Shirer -- The most positive person in security
    35:44
  8. 8.
    Leif Dreizler: Tactical tips to shift engineering right
    46:05
  1. 9.
    Vandana Verma -- OWASP Spotlight Series
    23:58
  2. 10.
    Dr. Anita D’Amico -- Do certain types of developers or teams write more secure code?
    48:33
  3. 11.
    Alyssa Miller -- Bringing security to DevOps and the CI/CD pipeline
    40:24
  4. 12.
    Liran Tal — Cloud native application security, what’s a developer to do?
    42:07
  5. 13.
    Chris Romeo — DevSecOps Fails
    27:35
  6. 14.
    Jim Routh — Secure software pipelines
    44:45
  7. 15.
    Andrew van der Stock — Taking Application Security to the Masses
    30:41
  8. 16.
    JC Herz and Steve Springett — SBOMs and software supply chain assurance
    48:10
  9. 17.
    Brian Reed — Mobile Appsec: The Good, the Bad and the Ugly as We Head into 2021
    34:56
  10. 18.
    The Threat Modeling Manifesto – Part 2
    24:50
  11. 19.
    The Threat Modeling Manifesto – Part 1
    25:19
  12. 20.
    Season 7 Guests — The best of Season 7
    40:27
  13. 21.
    Aviat Jean-Baptiste — The AppSec report
    32:38
  14. 22.
    Frank Rietta — The convergence of Ruby on Rails and #AppSec
    49:33
  15. 23.
    Dmitry Sotnikov – REST API Security – there is no silver bullet
    33:23
  16. 24.
    Caroline Wong — The state of Penetration Testing
    35:06
  17. 25.
    Aaron Davis — LavaMoat — solving JavaScript software supply chain
    40:08
  18. 26.
    Anastasiia Voitova — Use Cryptography; Don’t Learn It
    34:46
  19. 27.
    Michael Furman — SameSite Cookies
    35:34
  20. 28.
    Chris Romeo — The State of Security and the Importance of Empathy
    43:53
  21. 29.
    Neil Matatall — Content Security Policy
    43:02
  22. 30.
    Grant Ongers — Gamification of threat modeling
    37:38
  23. 31.
    Elie Saad — OWASP WSTG, Cheat Sheets, and Integration
    41:24
  24. 32.
    Graham Holmes — Adversarial Machine Learning
    45:44
  25. 33.
    Ochaun Marshall — Securing Web applications in AWS
    38:08
  26. 34.
    Drew Dennison – Security should make the computer sweat more
    30:20
  27. 35.
    Aaron Guzman — IoTGoat
    36:05
  28. 36.
    Adam Shostack — The Jenga View of Threat Modeling
    31:13
  29. 37.
    Cindy Blake — Aligning security testing with Agile development
    29:45
  30. 38.
    Jannik Hollenbach — Multijuicer: JuiceShop with a side of Kubernetes
    19:31
  31. 39.
    Sebastien Deleersnyder and Bart De Win — OWASP SAMM
    40:13
  32. 40.
    Marc French, Steve Lipner, Maya Kaczorowski, DJ Schleen, Kim Wuyts — Season Six Wrap up
    25:15
  33. 41.
    Mark Merkow — Secure, Resilient, and Agile Software Development
    39:53
  34. 42.
    Zsolt Imre — Fuzz testing is easy
    37:34
  35. 43.
    Adam Shostack — Remote Threat Modeling
    31:11
  36. 44.
    Kim Wuyts — Privacy Threat Modeling
    27:36
  37. 45.
    John Martin — Preventing a Cyberpocalypse
    42:18
  38. 46.
    Jeremy Long — It’s dependency check, not checker
    41:23
  39. 47.
    Alyssa Miller — Experiences with DevOps + Automation and beyond
    44:07
  40. 48.
    Vandana Verma — Support each other
    28:30
  41. 49.
    DJ Schleen — DevOps: The Sec is Silent
    37:35
  42. 50.
    Niels Tanis — 3rd Party Risk in a .NET World
    35:54

Listen to Application Security PodCast now.

Listen to Application Security PodCast in full in the Spotify app