Chris Romeo and Robert Hurlbut

The Application Security Podcast

Chris Romeo and Robert Hurlbut dig into the tips, tricks, projects, and tactics that make various application security professionals successful. They cover all facets of application security, from threat modeling and OWASP to DevOps+security and security champions. They approach these stories in an educational light, explaining the details in a way those new to the discipline can understand. Chris Romeo is the CEO of Devici and a General Partner at Kerr Ventures, and Robert Hurlbut is a Principal Application Security Architect focused on Threat Modeling at Aquia.

Autor

Chris Romeo and Robert Hurlbut

Kategorie

Technology

Podcast-Website

appsec.buzzsprout.com

Neueste Folge

16. Jun 2026

Wo hören?

Podcasts in der App Replaio Radio Bald verfügbar

Podcasts kommen bald in die App. Installiere sie jetzt und erlebe als Erster einen ganz neuen Blick auf Podcasts

Bei Google Play herunterladen Kostenlos installieren Android 5 Mio.+ Downloads · Bewertung 4,8 iOS bald

Folgen

Bjorn Kimminich -- The Joy of the Vulnerable Web: JuiceShop 19.11.2018

Send us Fan Mail Bjorn Kimminich joins to talk about JuiceShop. He dives into what JuiceShop is and some of its use cases.  You can find Bjorn on Twitter @bkimminich  FOLLOW OUR SOCIAL MEDIA: ➜Twitter: @AppSecPodcast ➜LinkedIn: The Application Security Podcast ➜YouTube: https://www.youtube.com/@ApplicationSecurityPodcast Thanks for Listening! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Swaroop Yermalkar -- iGoat and iOS Mobile Pen Testing 13.11.2018

Send us Fan Mail Chris is at AppSec USA and is joined by Swaroop to talk about iGoat. They discuss how iGoat relates to WebGoat and how they can be used for pen testing.  You can find Swaroop on Twitter @swaroopsy FOLLOW OUR SOCIAL MEDIA: ➜Twitter: @AppSecPodcast ➜LinkedIn: The Application Security Podcast ➜YouTube: https://www.youtube.com/@ApplicationSecurityPodcast Thanks for Listening! ~~~~~~~~...

Adam Bacchus and Jon Bottarini -- Two Sides to a Bug Bounty: The Researcher and The Program 05.11.2018

Send us Fan Mail  Chris and Robert talk with Adam and John from HackerOne about Bug Bounty. They dive into bug bounty from the programming and security researcher sides to show how you can combine these pieces with being successful with a bug bounty.  You can find Adam on Twitter @SushiHack and Jon @jon_bottarini FOLLOW OUR SOCIAL MEDIA: ➜Twitter: @AppSecPodcast ➜LinkedIn: The Application Security...

Erlend Oftedal -- What You Require, You Must Also Retire 30.10.2018

Send us Fan Mail Chris talks with Erlend Oftedal about the Norway Chapter of OWASP and continues on to what retire.js is and how it works. You can find Erlend on Twitter @webtonull FOLLOW OUR SOCIAL MEDIA: ➜Twitter: @AppSecPodcast ➜LinkedIn: The Application Security Podcast ➜YouTube: https://www.youtube.com/@ApplicationSecurityPodcast Thanks for Listening! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Abhay Bhargav -- Threat Modeling as Code 23.10.2018

Send us Fan Mail Abhay Bhargav joins Robert to talk about threat modeling as code. He dives into how this can help you in your threat models.  You can find Abhay on Twitter @abhaybhargav FOLLOW OUR SOCIAL MEDIA: ➜Twitter: @AppSecPodcast ➜LinkedIn: The Application Security Podcast ➜YouTube: https://www.youtube.com/@ApplicationSecurityPodcast Thanks for Listening! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Tony UV -- Threat Libraries in the Cloud 16.10.2018

Send us Fan Mail Tony UV joins Robert to discuss all things threat libraries in the cloud.  You can find Tony on Twitter @t0nyuv FOLLOW OUR SOCIAL MEDIA: ➜Twitter: @AppSecPodcast ➜LinkedIn: The Application Security Podcast ➜YouTube: https://www.youtube.com/@ApplicationSecurityPodcast Thanks for Listening! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Aaron Rinehart -- Chaos Engineering and #AppSec 09.10.2018

Send us Fan Mail Chris and Robert talk to Aaron Rinehart about how the security community can embrace chaos engineering.  You can find Aaron on Twitter @aaronrinehart FOLLOW OUR SOCIAL MEDIA: ➜Twitter: @AppSecPodcast ➜LinkedIn: The Application Security Podcast ➜YouTube: https://www.youtube.com/@ApplicationSecurityPodcast Thanks for Listening! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Jessica Robinson and Vandana Verma-- WIA: Women in #AppSec 01.10.2018

Send us Fan Mail Jessie and Vandana join Chris from Women in #AppSec to discuss the project! They dive into what the project is and how the numerous OWASP Chapters around the world can participate!  You can find them on Twitter @InfosecVandana and @jessrobin96 FOLLOW OUR SOCIAL MEDIA: ➜Twitter: @AppSecPodcast ➜LinkedIn: The Application Security Podcast ➜YouTube: https://www.youtube.com/@Applicatio...

Karen Staley -- A Conversation with Karen 25.09.2018

Send us Fan Mail This week we're joined by Karen Staley, the Executive Director of the OWASP Foundation. She dives into what's happening on OWASP and what we can look forward to in the future.  You can find her on Twitter @owasped FOLLOW OUR SOCIAL MEDIA: ➜Twitter: @AppSecPodcast ➜LinkedIn: The Application Security Podcast ➜YouTube: https://www.youtube.com/@ApplicationSecurityPodcast Tha...

Mohammed Imran -- Back to the Lab Again with a DevOps 18.09.2018

Send us Fan Mail Mohammed Imran joins us to discuss the DevSecOps Studio and more about the beautiful world of DevOps.  You can find him on Twitter @secfigo FOLLOW OUR SOCIAL MEDIA: ➜Twitter: @AppSecPodcast ➜LinkedIn: The Application Security Podcast ➜YouTube: https://www.youtube.com/@ApplicationSecurityPodcast Thanks for Listening! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Niels Tanis -- A Slice of the Razor with ASP.Net Core 11.09.2018

Send us Fan Mail Niels Tanis joins to talk about Razor and ASP.Net Core versus General. You can find Niels on Twitter @nielstanis FOLLOW OUR SOCIAL MEDIA: ➜Twitter: @AppSecPodcast ➜LinkedIn: The Application Security Podcast ➜YouTube: https://www.youtube.com/@ApplicationSecurityPodcast Thanks for Listening! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Ofer Maor -- A Pen Testers Transition to #AppSec: #VoteForOfer 04.09.2018

Send us Fan Mail Chris is joined by Ofer Maor to talk about his journey of transitioning into the world of #AppSec from the world of Pen Testing.  You can find him on Twitter @OferMaor FOLLOW OUR SOCIAL MEDIA: ➜Twitter: @AppSecPodcast ➜LinkedIn: The Application Security Podcast ➜YouTube: https://www.youtube.com/@ApplicationSecurityPodcast Thanks for Listening! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Matt Tesauro -- #AppSec Pipeline as Toolbox 28.08.2018

Send us Fan Mail We're joined by Matt Tesauro, a co-lead for the AppSec Pipeline Project. He explains how they began building this project and some ways for you to start using this in your organization.  You can find Matt on Twitter @matt_tesauro FOLLOW OUR SOCIAL MEDIA: ➜Twitter: @AppSecPodcast ➜LinkedIn: The Application Security Podcast ➜YouTube: https://www.youtube.com/@ApplicationSecurity...

Stephen de Vries -- Threat Modeling with a bit of #Startup 20.08.2018

Send us Fan Mail Stephen de Vries joins to discuss Threat Modeling and the unique approach that he takes by using tooling. We also discuss application security and startups.  You can find Stephen on Twitter @stephendv  FOLLOW OUR SOCIAL MEDIA: ➜Twitter: @AppSecPodcast ➜LinkedIn: The Application Security Podcast ➜YouTube: https://www.youtube.com/@ApplicationSecurityPodcast Thanks for Listening! ~~~...

Julien Vehent -- Securing DevOps 14.08.2018

Send us Fan Mail Julien Vehent joins us to discuss all things DevOps + Security. We talk through Julien's new book, Securing DevOps, and go in-depth about his journey to building security into DevOps at his job.  You can find Julien on Twitter @jvehent  Visit Manning Publications FOLLOW OUR SOCIAL MEDIA: ➜Twitter: @AppSecPodcast ➜LinkedIn: The Application Security Podcast ➜YouTube: https://ww...

Christian Folini -- CRS and an Abstraction Layer 07.08.2018

Send us Fan Mail Christian Folini joins Chris at AppSec EU for this episode about ModSecurity and the Core Rule Set project from OWASP. They dive into the timeline for the abstraction layer piece of the project and much more. You can find Christian on Twitter @ChrFolini. OWASP ModSecurity Core Rule Set ModSecurity FOLLOW OUR SOCIAL MEDIA: ➜Twitter: @AppSecPodcast ➜LinkedIn: The Application Securit...

Sean Wright -- Google Chrome and the Case of the Disappearing HTTP 30.07.2018

Send us Fan Mail Sean Wright joins Chris to discuss the changes Google made to handle the HTTP Protocol. They also dive into TLS and some other pieces of crypto that relate to #AppSec.  You can find Sean on Twitter @SeanWrightSec FOLLOW OUR SOCIAL MEDIA: ➜Twitter: @AppSecPodcast ➜LinkedIn: The Application Security Podcast ➜YouTube: https://www.youtube.com/@ApplicationSecurityPodcast Thanks for Lis...

Conclusion: All the Pieces You Need for an #AppSec Program 12.06.2018

Send us Fan Mail The conclusion of Season 3, all the best highlights, and some great advice from our guests on what you need to build an #AppSec Program.  FOLLOW OUR SOCIAL MEDIA: ➜Twitter: @AppSecPodcast ➜LinkedIn: The Application Security Podcast ➜YouTube: https://www.youtube.com/@ApplicationSecurityPodcast Thanks for Listening! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Martin Knobloch -- OWASP, Reach Out; We Are Known and Misunderstood 05.06.2018

Send us Fan Mail Martin Knobloch joins Chris and Robert to discuss all things OWASP. They dive into the history of OWASP and some of the plans for the future.  You can find Martin on Twitter @knoblochmartin. FOLLOW OUR SOCIAL MEDIA: ➜Twitter: @AppSecPodcast ➜LinkedIn: The Application Security Podcast ➜YouTube: https://www.youtube.com/@ApplicationSecurityPodcast Thanks for Listening! ~~~~~~~~~~~~~~...

Devin McMasters -- Bug Bounty with a Side of Empathy 29.05.2018

Send us Fan Mail Devin McMasters joins Chris to talk about bug bounties and how to make them successful.  You can find Devin on Twitter @DevinMcmasters FOLLOW OUR SOCIAL MEDIA: ➜Twitter: @AppSecPodcast ➜LinkedIn: The Application Security Podcast ➜YouTube: https://www.youtube.com/@ApplicationSecurityPodcast Thanks for Listening! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Apollo Clark -- Malicious User Stories 22.05.2018

Send us Fan Mail In this episode, Robert speaks about Malicious User Stories and DevOps with Apollo Clark. He discusses how to properly handle user stories in a world being taken over by DevOps.  You can find Apollo on Twitter @apolloclark FOLLOW OUR SOCIAL MEDIA: ➜Twitter: @AppSecPodcast ➜LinkedIn: The Application Security Podcast ➜YouTube: https://www.youtube.com/@ApplicationSecurityPodcast Than...

Megan Roddie -- Neurodiversity in Security 15.05.2018

Send us Fan Mail Megan Roddie joins Robert at the SOURCE Conference in Boston. She talks about how neurodiverse people can truly help an organization.  You can find her on Twitter @megan_roddie FOLLOW OUR SOCIAL MEDIA: ➜Twitter: @AppSecPodcast ➜LinkedIn: The Application Security Podcast ➜YouTube: https://www.youtube.com/@ApplicationSecurityPodcast Thanks for Listening! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~...

Chase Schultz -- AppSec and Hardware 27.04.2018

Send us Fan Mail Chase Schultz joins to discuss the combination of AppSec and hardware. He also dives into how the Meltdown and Spectre attacks worked. You can find Chase on Twitter @f47h3r_B0 FOLLOW OUR SOCIAL MEDIA: ➜Twitter: @AppSecPodcast ➜LinkedIn: The Application Security Podcast ➜YouTube: https://www.youtube.com/@ApplicationSecurityPodcast Thanks for Listening! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~...

John Melton -- #OWASP AppSensor 20.04.2018

Send us Fan Mail John Melton joins to discuss the #OWASP AppSensor project. He talks about how AppSensor works and how it can be used in your application.  You can find John on Twitter @_jtmelton  FOLLOW OUR SOCIAL MEDIA: ➜Twitter: @AppSecPodcast ➜LinkedIn: The Application Security Podcast ➜YouTube: https://www.youtube.com/@ApplicationSecurityPodcast Thanks for Listening! ~~~~~~~~~~~~~~~~~~~~~~~~~...

David Habusha -- Third Party Software is not a Cathedral, It’s a Bazaar 13.04.2018

Send us Fan Mail David Habusha joins to discuss the OWASP Top 10 A9: Using components with known vulnerabilities. He also dives into the Software Composition Analysis (SCA) market.  You can find David on Twitter @davidhabusha  FOLLOW OUR SOCIAL MEDIA: ➜Twitter: @AppSecPodcast ➜LinkedIn: The Application Security Podcast ➜YouTube: https://www.youtube.com/@ApplicationSecurityPodcast Thanks for Listen...

Höre den Podcast The Application Security Podcast in Replaio

Radio und Podcasts in einer App - kostenlos und ohne Anmeldung. Installiere sie noch heute und verpasse den Start nicht

Bei Google Play herunterladen

Replaio ist kein Herausgeber von Podcasts; die Namen der Sendungen, Cover und Audioinhalte gehören ihren Autoren und werden über öffentliche RSS-Feeds verbreitet