Episodios

  • Episode 253 w/ Justin Collins - Managing Security, ProdSec vs. AppSec

    Episode 253 w/ Justin Collins - Managing Security, ProdSec vs. AppSec
    Jul 23 2024
    We'd only been a dozen episodes old the last time Justin Collins (@presidentbeef) was on Absolute AppSec, so his upcoming return is certainly overdue. Justin is currently head of security at Gusto, an organization he's been helping secure for nearly five years now. Before Gusto, Justin had stints at SurveyMonkey, Twitter, AT&T interactive, among others. He also is the lead developer of the open-source Ruby-on-Rails security tool Brakeman - https://brakemanscanner.org. This show will covers the range of his deep experience regarding topics like Product Security and AppSec in organizations, static analyzers, and advice for helping organizations create successful security programs and mindsets. Tune in as Justin joins Seth Law (@sethlaw) and Ken Johnson (@cktricky) to talk about managing security people and various product and application security topics.
    Más Menos
    Menos de 1 minuto
  • Episode 252 w/ Rami McCarthy - Security Startups, Jobs

    Episode 252 w/ Rami McCarthy - Security Startups, Jobs
    Jul 16 2024
    Product Security and Cloud security guru Rami McCarthy (@ramimacisabird on X) comes on the Absolute AppSec podcast with Ken and Seth (@cktricky and @sethlaw)! To get to know Rami, you should first check out his website here to get acquainted with some of his latest prodigious activities: https://ramimac.me/. He’s recently delivered a talk regarding zero-touch prod at Fwd:CloudSec and finished a stint as a Security Engineer at Figma. For folks interested in questions of security consulting, management, AWS and cloud security as well as many of the other large questions in infosec, Rami is always a great follow.
    Más Menos
    Menos de 1 minuto
  • Episode 251 - Passive Scanning, Chrome Extensions, CocoaPods, NVD

    Episode 251 - Passive Scanning, Chrome Extensions, CocoaPods, NVD
    Jul 9 2024
    Seth and Ken are back with Episode 251, continuing on with their ranting over all things application security. This starts with a discussion of Mozilla's HTTP Observatory that scans sites for security-relevant headers and leads to a discussion of so-called "passive" scanning of internet sets for risk analysis purposes. This is followed by a walkthrough of the recent exploit of Chrome extensions for remote code execution on client browsers. Compromise of the Apple-focused CocoaPods package repository. Finally, a discussion about recent problems and headaches at the National Vulnerability Database (NVD).
    Más Menos
    Menos de 1 minuto
  • Episode 250 - Security Startups, Polyfill Takeover

    Episode 250 - Security Startups, Polyfill Takeover
    Jul 2 2024
    Seth and Ken are back on the podcast this week without a guest for the first time in a month and start out with an in-depth discussion on startup life based on a recent article from TLDR;Sec. This is followed by thoughts on the recent influx of cash for Portswigger and how it will affect work and the testing space over the next few years. Finally, opinions on the recent polyfill[.io] malware attack and supply chain issues. Join the newsletter at news.absoluteappsec.com for further analysis or pick up some new podcast swag at merch.absoluteappsec.com
    Más Menos
    Menos de 1 minuto
  • Episode 249 w/ Tanya Janca - Secure Guardrails

    Episode 249 w/ Tanya Janca - Secure Guardrails
    Jun 25 2024
    Tanya Janca (@shehackspurple on X) joins Ken Johnson (@cktricky) and Seth Law (@sethlaw) for a special episode of the Absolute AppSec podcast. Tanya is currently head of education and community at Semgrep, and is a prominent info security commenter and active contributor to improving the industry for everybody through helping spread values of diversity, inclusion and kindness. Tanya has had experience with a range of roles, startup founder, pentester, CISO, AppSec Engineer, and software developer, and she’s worked at major industry landmarks such as Microsoft, Adobe, and Nokia. She is an award-winning public speaker, the founder of We Hack Purple (since acquired by Semgrep), an active blogger and streamer and has delivered hundreds of talks and trainings on 6 continents. Catch up with Tanya’s multiple activities and initiatives at her website https://shehackspurple.ca
    Más Menos
    Menos de 1 minuto
  • Episode 248 w/ Rahil Parikh - Building AppSec Programs

    Episode 248 w/ Rahil Parikh - Building AppSec Programs
    Jun 18 2024
    Rahil Parikh, manager of Security Engineering and Architecture @ Policygenius, joins Seth Law and Ken Johnson for an episode of Absolute AppSec. Rahil is long-time leader in information security who's managed security teams and application security programs at a range of organizations: Policy Genius, Zinnia, the New York Times, Frame.io (now Adobe), Jet.com (Walmart), and Gotham Digital Science (Aon). He's also organized a major technical symposium (AAHVAN 08) and has generally been strengthening the infosec community for beyond a decade. He joins the podcast for the June 18th show, so be sure to tune in to learn more about his path in the industry and his thoughts on application security, cloud security, and leading teams toward success.
    Más Menos
    Menos de 1 minuto
  • Episode 247 - w/ Alejandro Saenz

    Episode 247 - w/ Alejandro Saenz
    Jun 11 2024
    Absolute AppSec welcomes Alejandro Saenz to join Seth Law and Ken Johnson as a guest. Alejandro has been active in application and product security fields for over a decade, most recently working in product security for Twilio. Before that he worked as a senior application security engineer and software engineer at Softrams and as an application security consultant at nVisium. Alejandro has regularly contributed to security projects for both better understanding product security metrics and monitoring assets and managing vulnerabilities.
    Más Menos
    Menos de 1 minuto
  • Episode 246 - w/ Charles Shirer

    Episode 246 - w/ Charles Shirer
    Jun 4 2024
    Charles Shirer joins Absolute AppSec for a special episode of the show. Charles has decades of experience as a pentester, threat hunter, red teamer, and security consultant. He's CEO of GlobalWave consulting, a security consulting firm that's been serving clients for over a decade. Charles is also a frequent conference speaker, online commentator, and tireless advocate for helping hackers find ways take care of their overall well-being.
    Más Menos
    Menos de 1 minuto