Obtenez 3 mois à 0,99 $/mois

OFFRE D'UNE DURÉE LIMITÉE
Page de couverture de Absolute AppSec

Absolute AppSec

Absolute AppSec

Auteur(s): Ken Johnson and Seth Law
Écouter gratuitement

À propos de cet audio

 A weekly podcast of all things application security related. Hosted by Ken Johnson and Seth Law.
Épisodes
  • Episode 306 - w/ Paul McCarty - Open Source Malware

    Episode 306 - w/ Paul McCarty - Open Source Malware
    Dec 2 2025
    Given the spate of recent npm news stories, we've arranged a topical show with software supply-chain security researcher and npm hacker Paul McCarty (find Paul on bsky https://bsky.app/profile/6mile.githax.com) . Paul is currently a researcher with Safety (https://getsafety.com/) and has a background in security including work at John Deere, Boeing, Regence Blue Cross/Blue Shield, NASA Jet Propulsion Lab, the US Army, and the Queensland Government. He's also spent twenty some odd years helping startups with security practices, and is a maintainer of the Open Source Malware project. In addition, Paul has been long time friend of the show, contributing his insights to the Absolute AppSec community slack in addition to frequently writing up his research at the SourceCode RED blog: https://sourcecodered.com/blog.
    Voir plus Voir moins
    Moins d'une minute
  • Episode 305 - Career Impact of GenAI, SEO/GEO, More Supply Chain Attacks

    Episode 305 - Career Impact of GenAI, SEO/GEO, More Supply Chain Attacks
    Nov 25 2025
    The latest episode of Absolute AppSec is here, with Ken Johnson and Seth Law checking in during the busy Q4 holiday season to share some fascinating insights on the evolving landscape of security and technology. They kick off by reflecting on their intensive, ever-changing "Harnessing LLMs for Application Security" courses, noting how rapidly the underlying tech evolves. The conversation quickly turns to a compelling debate: How will the rise of generative AI impact career paths for newcomers, especially given that LLMs fundamentally rely on the contributions of existing experts? While pathways may change, they agree that core human activities—like networking, contributing to projects, and maintaining a hacker mindset—will remain crucial. The hosts then dive into a fascinating discussion on the darker side of SEO, introducing the concept of Generative AI Engine Optimization (GEO), where marketers exploit AI search results through tricks like keyword-stuffed files to game rankings. They tie this to historical examples of exploitation, harkening back to Google hacking days. Finally, they cover the recent Shai Hulud 2 supply chain attack, which infected hundreds of NPM packages and utilized even more sophisticated obfuscation and delayed execution tactics than its predecessor.
    Voir plus Voir moins
    Moins d'une minute
  • Episode 304 - More OWASP Top 10, AI Dynamic Testing

    Episode 304 - More OWASP Top 10, AI Dynamic Testing
    Nov 18 2025
    This episode, the 304th of Absolute AppSec, features hosts Ken Johnson (@cktricky) and Seth Law (@sethlaw) discussing the crush of Q4 expectations, upcoming training opportunities, the recent updates to the OWASP Top Ten, and the impact of AI tools like XBow on application security (AppSec) consulting. The hosts discuss the shift in the OWASP Top Ten from focusing on vulnerabilities to focusing on risks, and the dual role the list now plays for both awareness/training and compliance. Shifting to recent funding of XBow, the overall consensus is that while AI tools dramatically improve process flow, scoping, and the speed of vulnerability identification for consultants, they won't replace the need for human experts for complex, bespoke systems, business logic flaws, or authorization issues. AI is commoditizing lower-level AppSec work.
    Voir plus Voir moins
    Moins d'une minute
Pas encore de commentaire