Chris Romeo and Robert Hurlbut
The Application Security Podcast
Chris Romeo and Robert Hurlbut dig into the tips, tricks, projects, and tactics that make various application security professionals successful. They cover all facets of application security, from threat modeling and OWASP to DevOps+security and security champions. They approach these stories in an educational light, explaining the details in a way those new to the discipline can understand. Chris Romeo is the CEO of Devici and a General Partner at Kerr Ventures, and Robert Hurlbut is a Principal Application Security Architect focused on Threat Modeling at Aquia.
Autor
Chris Romeo and Robert Hurlbut
Kategorie
Podcast-Website
Neueste Folge
16. Jun 2026
Wo hören?
Podcasts in der App Replaio Radio Bald verfügbarPodcasts kommen bald in die App. Installiere sie jetzt und erlebe als Erster einen ganz neuen Blick auf Podcasts
Folgen
Steve Springett -- Dependency Check and Dependency Track 12.04.2018 48:03
Send us Fan Mail Steve Springett joins the show to talk about Dependency Check and Dependency Track. He also discusses how they can help prevent you from using components with known vulnerabilities. You can find Steve on Twitter @stevespringett FOLLOW OUR SOCIAL MEDIA: ➜Twitter: @AppSecPodcast ➜LinkedIn: The Application Security Podcast ➜YouTube: https://www.youtube.com/@ApplicationSecurityPodcas...
Steven Wierckx -- The #OWASP Threat Modeling Project 06.04.2018 32:30
Send us Fan Mail Steven Wierckx joins Robert and Chris this week to talk about the #OWASP Threat Modeling project that he’s involved in. You can find Steven on Twitter @ihackforfun https://open-security-summit.org/ FOLLOW OUR SOCIAL MEDIA: ➜Twitter: @AppSecPodcast ➜LinkedIn: The Application Security Podcast ➜YouTube: https://www.youtube.com/@ApplicationSecurityPodcast Thanks for Listening! ~~~~~...
Jim Manico -- The #OWASP Cheat Sheet Project 05.04.2018 30:40
Send us Fan Mail Jim Manico joins us to discuss some of the changes with the OWASP Cheat Sheets and their plans for that project's future. Jim also talks about how they are looking for experts to create or update some of the Cheat Sheets. You can find Jim on Twitter @manicode FOLLOW OUR SOCIAL MEDIA: ➜Twitter: @AppSecPodcast ➜LinkedIn: The Application Security Podcast ➜YouTube: https://www.yo...
Neil Smithline -- OWASP Top 10 #10: Logging 23.03.2018 33:36
Send us Fan Mail Neil Smithline joins this week to discuss one of the new items on the OWASP Top 10 List, Insufficient Logging and Monitoring. You can find Neil on Twitter @neilsmithine FOLLOW OUR SOCIAL MEDIA: ➜Twitter: @AppSecPodcast ➜LinkedIn: The Application Security Podcast ➜YouTube: https://www.youtube.com/@ApplicationSecurityPodcast Thanks for Listening! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Jim Routh -- Selling #AppSec Up The Chain 16.03.2018 42:45
Send us Fan Mail Jim Routh joins the podcast to discuss selling #AppSec up the chain. Jim has built five successful software security programs in his career and serves as a CISO now. Jim shares his real-world experience with successfully selling #AppSec to senior management (as well as many other pieces of wisdom for running an AppSec program). You can find Jim on Twitter @jmrouth01 FOLLOW OUR SOC...
Chris and Robert -- #AppSec Recommendations 09.03.2018 29:07
Send us Fan Mail Chris and Robert go over a plethora of recommendations they have accumulated over their years of experience in the industry. Chris’s recommendations 1. Book: Agile Application Security: Enabling Security in a Continuous Delivery Pipeline by Laura Bell (Author), Michael Brunton-Spall (Author), Rich Smith (Author), Jim Bird (Author) https://amzn.com/1491938846 2. Website: Iron Ge...
Magen Wu -- Hustle and Flow: Dealing With Burnout in Security 02.03.2018 32:30
Send us Fan Mail Magen Wu works through the topic of burnout and mental health in security. She gives examples of handling this and recognizing if people around you are burning out. You can find her on Twitter @infosec_tottie Additional information on this topic: Jack Daniel often speaks on this topic of burnout Youtube: The Causes of and Solutions for Security Burnout Youtube: Infosec Survival Sk...
Katy Anton -- OWASP Top 10 #4 XXE 23.02.2018 24:36
Send us Fan Mail Katy Anton joins this week to discuss number four on the OWASP Top 10. She dives into what XXE is, how to deal with it, and other new items on the OWASP Top 10 2017. You can find Katy on Twitter @KatyAnton FOLLOW OUR SOCIAL MEDIA: ➜Twitter: @AppSecPodcast ➜LinkedIn: The Application Security Podcast ➜YouTube: https://www.youtube.com/@ApplicationSecurityPodcast Thanks for Listenin...
Pete Chestna -- SAST, DAST, and IAST. Oh My! 16.02.2018 35:20
Send us Fan Mail Pete Chestna is an advocate for SAST, DAST, and IAST tools and a passionate #AppSec enthusiast. Pete shared A moving quote during this episode: "an #AppSec program is the byproduct of building secure developers.” #Truth Pete describes the differences between SAST, DAST, IAST, and RASP. The struggles developers encounter using new tools, false positives and how to reduce them,...
Irene Michlin -- We Are Not Making It Worse 09.02.2018 33:02
Send us Fan Mail Irene Michlin operates at the intersection of security and agility. She teaches about incremental threat modeling and how to make threat modeling when living in an Agile or DevOps world. Irene ends the discussion by saying that her goal when working with a team on threat modeling is that they all conclude, “We are not making it worse.” You can find Irene on Twitter @IreneMichlin ,...
Bill Sempf -- Insecure Deserialization 02.02.2018 34:06
Send us Fan Mail Bill Sempf joins to talk about insecure deserialization. We do a deep dive and contextual review of the generalities of deserialization and the specifics of how it applies to “.NET.” Bill begins his journey to understand these vulnerabilities and provides some hints and tips for looking for them in your code. FOLLOW OUR SOCIAL MEDIA: ➜Twitter: @AppSecPodcast ➜LinkedIn: The Applica...
Chris and Robert -- Security Champions 26.01.2018 26:52
Send us Fan Mail Security champions are the hands and feet of any well-equipped product security team. Robert and Chris introduce security champions, where to find them, why you need them, and how to set up a beginning champion program from scratch. Here are a few other resources that we’ve written about Security Champions: Do you have Security Champions in your company? Information security needs...
Kevin Greene -- Shifting left 19.01.2018 33:01
Send us Fan Mail Robert and Chris interview Kevin Greene from Mitre. We discuss an article Kevin wrote about shifting left and exploring codifying intuitions and new projects at Mitre that will bolster the knowledge of your developers and testers. Kevin brings up the need for accurate results from the SAST and DAST tools on the market. He brings an exciting perspective, focusing on research and de...
Conclusion: OWASP is for everyone 05.12.2017 31:41
Send us Fan Mail This is the conclusion of Season 02 for the AppSec PodCast. This episode focuses on all the OWASP goodness we’ve experienced this year. You’ll hear our favorite clips and explanations from a season full of OWASP. With the publication of this episode, season 02 is a wrap, and on to season 03, which will roll out in March. FOLLOW OUR SOCIAL MEDIA: ➜Twitter: @AppSecPodcast ➜LinkedIn:...
Brian Andrzejewski -- Containers Again 24.10.2017 29:31
Send us Fan Mail This is the final interview from the #AppSecUSA Conference in Orlando, and Brian Andrzejewski joins Chris and Robert. He talks about containers, their usage within #AppSec, and orchestrations. FOLLOW OUR SOCIAL MEDIA: ➜Twitter: @AppSecPodcast ➜LinkedIn: The Application Security Podcast ➜YouTube: https://www.youtube.com/@ApplicationSecurityPodcast Thanks for Listening! ~~~~~~~~~~~~...
Tin Zaw -- ModSecurity and #AppSec 17.10.2017 22:59
Send us Fan Mail Tin Zaw, an advocate for ModSecurity, joins Robert and Chris. He dives into its background, the use of rules, and the many advantages. FOLLOW OUR SOCIAL MEDIA: ➜Twitter: @AppSecPodcast ➜LinkedIn: The Application Security Podcast ➜YouTube: https://www.youtube.com/@ApplicationSecurityPodcast Thanks for Listening! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Aditya Gupta -- The Exploitation of IoT 10.10.2017 23:56
Send us Fan Mail Aditya Gupta joins Robert and Chris. They speak with him about the many facets of IoT and some of its effects on pen testing, training, and mobile application security. FOLLOW OUR SOCIAL MEDIA: ➜Twitter: @AppSecPodcast ➜LinkedIn: The Application Security Podcast ➜YouTube: https://www.youtube.com/@ApplicationSecurityPodcast Thanks for Listening! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Jim Manico and Katy Anton -- The Future of the OWASP Proactive Controls 03.10.2017 19:37
Send us Fan Mail Chris and Robert talk to Jim Manico and Katy Anton about the OWASP Proactive Controls project. We have discussed this before, and they are looking for feedback on the upcoming update. FOLLOW OUR SOCIAL MEDIA: ➜Twitter: @AppSecPodcast ➜LinkedIn: The Application Security Podcast ➜YouTube: https://www.youtube.com/@ApplicationSecurityPodcast Thanks for Listening! ~~~~~~~~~~~~~~~~~~~~...
Andrew van der Stock and Brian Glas -- The Future of the OWASP Top 10 25.09.2017 35:45
Send us Fan Mail We talk about the future of the OWASP Top 10. We do this by meeting the new project leadership team, understanding the process for how they do governance now and into the future, and how they deal with provided feedback. We look behind the curtain at how they make decisions and use the data and feedback provided. Side note, at the AppSec USA closing, the OWASP T10 leaders did anno...
Robert Hurlbut -- Threat Modeling 19.09.2017 47:06
Send us Fan Mail On this week's episode of the #AppSec Podcast, Chris and Robert are at #AppSecUSA. We hear a conference talk done by Robert on the topic of Threat Modeling. He goes more in-depth than ever before on the show. FOLLOW OUR SOCIAL MEDIA: ➜Twitter: @AppSecPodcast ➜LinkedIn: The Application Security Podcast ➜YouTube: https://www.youtube.com/@ApplicationSecurityPodcast Thanks for Li...
Chris and Robert -- Passwords, Identity, and #AppSec 12.09.2017 32:06
Send us Fan Mail Robert and Chris talk about Passwords, something we all are familiar with. They dive into specifics with passwords and threats that can occur with them. They also talk about how passwords interact with Identity and AppSec. FOLLOW OUR SOCIAL MEDIA: ➜Twitter: @AppSecPodcast ➜LinkedIn: The Application Security Podcast ➜YouTube: https://www.youtube.com/@ApplicationSecurityPodcast Than...
Tanya Janca and Nicole Becher -- Hacking APIs and Web Services with DevSlop 05.09.2017 34:46
Send us Fan Mail Tanya and Nicole join Chris and Robert. They talk about what APIs are, how they are used, and some of the threats involved with them. They also look at what DevSlop and ZAP are in combination with APIs. FOLLOW OUR SOCIAL MEDIA: ➜Twitter: @AppSecPodcast ➜LinkedIn: The Application Security Podcast ➜YouTube: https://www.youtube.com/@ApplicationSecurityPodcast Thanks for Listening! ~...
Jon Mccoy and Jonathan Marcil -- Agile #AppSec 29.08.2017 44:33
Send us Fan Mail Robert and Chris speak with Jon Mccoy and Jonathan Marcil about using Agile #AppSec in the Secure Development Lifecycle. They dive deeper into what agile is, how it can be used, some practical applications using security champions, and much more. FOLLOW OUR SOCIAL MEDIA: ➜Twitter: @AppSecPodcast ➜LinkedIn: The Application Security Podcast ➜YouTube: https://www.youtube.com/@Applica...
Jay Beale -- Docker Security and AppSec 22.08.2017 44:46
Send us Fan Mail A listener asked for a recommendation for a PodCast or Blog post about Docker security. We looked but couldn’t find one, so we created one. Robert interviews Jay Beale from Inguardians and asks what docker is, what threats it introduces, and the specific tie-ins with AppSec. FOLLOW OUR SOCIAL MEDIA: ➜Twitter: @AppSecPodcast ➜LinkedIn: The Application Security Podcast ➜YouTube: htt...
Chris and Robert -- Proactive Controls, AppSec USA, and Gartners MQ on AppSec Testing 17.08.2017 22:49
Send us Fan Mail Robert and I try a new format for discussing a few topics per episode. We discuss changes with the Proactive Controls, AppSecUSA, and the Gartner Magic Quadrant for Application Security Testing. We mentioned the link to OWASP Proactive Controls to review the draft and suggest updates. FOLLOW OUR SOCIAL MEDIA: ➜Twitter: @AppSecPodcast ➜LinkedIn: The Application Security Podcast ➜Y...
Ähnliche Podcasts
Replaio ist kein Herausgeber von Podcasts; die Namen der Sendungen, Cover und Audioinhalte gehören ihren Autoren und werden über öffentliche RSS-Feeds verbreitet