Invicti Security

AppSec Serialized by Invicti

The cybersecurity podcast about application security and those who practice it. Hosted by tech industry veterans, each episode focuses on a specific area of cybersecurity, with the hosts and their guests sharing their practitioners’ experiences and opinions, sprinkled liberally with a solid dose of humor and anecdotes.

Autor

Invicti Security

Kategorie

Technology

Neueste Folge

10. Feb 2026

Wo hören?

Podcasts in der App Replaio Radio Bald verfügbar

Podcasts kommen bald in die App. Installiere sie jetzt und erlebe als Erster einen ganz neuen Blick auf Podcasts

Bei Google Play herunterladen Kostenlos installieren Android 5 Mio.+ Downloads · Bewertung 4,8 iOS bald

Folgen

OWASP Top 10 Turns 20: Still Valid, Still Controversial 10.02.2026

The OWASP Top 10 has been the web application security yardstick for over two decades now, from its first edition in 2003 to the latest 2025 update, with its changes of format and scope often stirring industry controversy.   In this episode of AppSec Serialized, Dan Murphy and Ryan Bergquist discuss the past, present, and future of the OWASP Top 10, and do a reality check on its practical usefulne...

Dune and Gloom Under the AppSec Tree: From Shai-Hulud to React2Shell 18.12.2025

Supply-chain vulnerabilities are getting more frequent and dangerous, with the Shai-Hulud npm worm and React2Shell RCE vulnerability being just two of the recent ones.   In this episode of AppSec Serialized, Dan Murphy and Ryan Bergquist analyze those recent threats (plus a bonus Django vulnerability) and talk about the implications of security risk shifting towards dependencies.

20,000 Apps Under the Sea: Deep Dive into Vibe Coding Security 25.11.2025

Vibe coding is allowing even non-developers to produce fully functional web applications by using LLMs to generate code – but how secure are they?   In this episode of AppSec Serialized, special guest Bogdan Calin joins hosts Dan Murphy and Ryan Bergquist to talk about his research, which involved vibe-coding over 20,000 applications and analyzing them to learn what vulnerabilities and hardcoded s...

Conducting the AppSec Symphony: From Noise to ASPM Harmony 30.10.2025

Application security posture management (ASPM) has become a crucial pillar of AppSec programs by aggregating, correlating, and prioritizing vulnerability reports arriving from various testing tools.   In this episode of AppSec Serialized, Cenk Kalpakoğlu, founder of Kondukto, joins hosts Dan and Ryan to discuss the evolution of ASPM, how Invicti and Kondukto approach integrations, and how security...

Prompt and Circumstance: LLM Vulnerability
Scanning 23.09.2025

Large language models are transforming software development by making it easier to write and connect code, but they also introduce serious security risks. Vulnerabilities like LLM command injection, SSRF, and insecure outputs mirror traditional web flaws while creating new attack vectors unique to AI-driven apps.   In this episode, Dan Murphy and Ryan Bergquist discuss how LLM-powered applications...

Revving the (Scan) Engine 14.08.2025

At the heart of any DAST product is a scan engine that needs to be fast and accurate while keeping up with how the latest applications and APIs are being built and attacked. As AI-assisted development increases both the volume of code and its opacity, having an engine that can automatically and reliably test for security flaws without holding up releases is crucial for any serious DAST solution—an...

AppSec Tech Below the Deck 25.02.2025

Application security engineers connect security to engineering in more ways than one. Without their efforts, skills, and tools, even the best-laid application security policies and programs would remain mere CISO wishlists.  In this episode, Invicti’s Frank Catucci and Dan Murphy talk to application security engineer Paul Good to learn what a day in the life of an AppSec guy looks like when you ne...

CISO on the Seesaw 21.01.2025

The role of Chief Information Security Officer, or CISO, is crucial for any sizable organization yet often misunderstood as purely a compliance paperwork post. In reality, CISOs have to balance multiple aspects of information security to minimize risk, ensure timely incident response, maintain compliance, and more—all with finite resources and competing priorities. In this episode, Frank Catucci a...

Another Code Brick in the Wall 17.12.2024

Software supply-chain security is one aspect of cybersecurity that affects every sizable application out there and also every organization that uses web apps and APIs. Application frameworks and libraries make up much of the running code base of modern software—and it only takes one vulnerable or compromised component to create a critical security gap. In this episode, Frank Catucci and Dan Murphy...

APIs Wide Open 19.11.2024

APIs are the secret door through which so many application attacks are executed in recent years. Compared to graphical user interfaces, they are far easier to build and deploy but far harder to test and secure, making API security a top concern. In this episode, Frank Catucci and Dan Murphy dive into the world of API security, discussing high-profile breaches and looking at ways to discover and te...

Machine Learning When the Perimeter is Burning 24.10.2024

Knowing what sites, apps, and APIs you’re exposing to the Internet is crucial for determining your realistic risk level and making accurate security decisions. In this episode, Frank Catucci and Dan Murphy are joined by special guest Bogdan Calin, Principal Security Researcher at Invicti, to talk about ways of determining an organization’s web attack surface and the resulting risk level. In partic...

Hot Cross-Site Fun 10.09.2024

Cross-site scripting (XSS) is one of the oldest web vulnerability types and still a very real threat. In this episode, Frank Catucci and Dan Murphy talk about the origins of cross-site scripting, some high-profile attacks, and best practices to test for and also prevent XSS in applications. In the fiction segment, Mallory the hacker uses XSS to inject script into an old and vulnerable leaderboard...

Höre den Podcast AppSec Serialized by Invicti in Replaio

Radio und Podcasts in einer App - kostenlos und ohne Anmeldung. Installiere sie noch heute und verpasse den Start nicht

Bei Google Play herunterladen

Replaio ist kein Herausgeber von Podcasts; die Namen der Sendungen, Cover und Audioinhalte gehören ihren Autoren und werden über öffentliche RSS-Feeds verbreitet