Vibe coding is allowing even non-developers to produce fully functional web applications by using LLMs to generate code – but how secure are they?

In this episode of AppSec Serialized, special guest Bogdan Calin joins hosts Dan Murphy and Ryan Bergquist to talk about his research, which involved vibe-coding over 20,000 applications and analyzing them to learn what vulnerabilities and hardcoded secrets are most frequent.

Application security posture management (ASPM) has become a crucial pillar of AppSec programs by aggregating, correlating, and prioritizing vulnerability reports arriving from various testing tools.

In this episode of AppSec Serialized, Cenk Kalpakoğlu, founder of Kondukto, joins hosts Dan and Ryan to discuss the evolution of ASPM, how Invicti and Kondukto approach integrations, and how security can be embedded early in CI/CD pipelines. The conversation covers industry trends, automation, and lessons from Kondukto’s startup journey to its acquisition by Invicti.

Large language models are transforming software development by making it easier to write and connect code, but they also introduce serious security risks. Vulnerabilities like LLM command injection, SSRF, and insecure outputs mirror traditional web flaws while creating new attack vectors unique to AI-driven apps.

In this episode, Dan Murphy and Ryan Bergquist discuss how LLM-powered applications can be manipulated into leaking data, executing malicious commands, or wasting costly tokens. They also explain how Invicti’s scanning technology detects and validates these risks, helping organizations protect against the growing challenges of LLM security.

At the heart of any DAST product is a scan engine that needs to be fast and accurate while keeping up with how the latest applications and APIs are being built and attacked. As AI-assisted development increases both the volume of code and its opacity, having an engine that can automatically and reliably test for security flaws without holding up releases is crucial for any serious DAST solution—and for its users.

In this episode of AppSec Serialized, Dan Murphy and Ryan Bergquist look at the evolution of DAST and discuss how Invicti has combined the best features of Netsparker and Acunetix to create a new scan engine powering its AppSec platform.

Application security engineers connect security to engineering in more ways than one. Without their efforts, skills, and tools, even the best-laid application security policies and programs would remain mere CISO wishlists.

In this episode, Invicti’s Frank Catucci and Dan Murphy talk to application security engineer Paul Good to learn what a day in the life of an AppSec guy looks like when you need to balance internal and external security needs. In the story segment, Mallory the hacker realizes that vulnerabilities are not given once and for all—because while you’re probing a gap, someone might already be fixing it…

The role of Chief Information Security Officer, or CISO, is crucial for any sizable organization yet often misunderstood as purely a compliance paperwork post. In reality, CISOs have to balance multiple aspects of information security to minimize risk, ensure timely incident response, maintain compliance, and more—all with finite resources and competing priorities.

In this episode, Frank Catucci and Dan Murphy talk to a real-life CISO, Invicti’s own Matthew Sciberras, discussing the balancing skills required to define and apply application security policies with limited resources. In the story segment, Alice the head dev realizes her cherished new project will be delayed due to vulnerabilities—if only she had scanned earlier…

Software supply-chain security is one aspect of cybersecurity that affects every sizable application out there and also every organization that uses web apps and APIs. Application frameworks and libraries make up much of the running code base of modern software—and it only takes one vulnerable or compromised component to create a critical security gap.

In this episode, Frank Catucci and Dan Murphy go into supply-chain security and look at several high-profile breaches caused by insecure components and dependencies. In the fiction segment, Alice the head dev realizes that vulnerable library the CISO is asking about is used in lots and lots of places...

APIs are the secret door through which so many application attacks are executed in recent years. Compared to graphical user interfaces, they are far easier to build and deploy but far harder to test and secure, making API security a top concern.

In this episode, Frank Catucci and Dan Murphy dive into the world of API security, discussing high-profile breaches and looking at ways to discover and test the API part of your web applications. In the fiction segment, Mallory the hacker finds a shadow API being exposed by MegaHelix Corp.