Francesco Cipollone, CEO of Phoenix Security, joins Chris and Robert to discuss security and explain Application Security Posture Management (ASPM). Francesco shares his journey from developer to cybersecurity leader, revealing the origins and

Mukund Sarma -- Developer Tools that Solve Security Problems

15 days ago 46m 32s

Mukund Sarma, the Senior Director for Product Security at Chime, talks with Chris about his career path from being a software engineer to becoming a leader in application security. He explains how he focuses on building security tools that are

Meghan Jacquot -- Assumed Breach Red Team Engagements for AppSec

28 days ago 40m 55s

AppSec specialist Megan Jacquot joins Chris and Robert for a compelling conversation about community, career paths, and productive red team exercises. Megan shares her unique cybersecurity origin story, tracing her interest in the field from ch

Bill Sempf -- Development, Security, and Teaching the Next Generation

Mar 12th, 2024 39m 44s

Robert is joined by Bill Sempf, an application security architect with over 20 years of experience in software development and security. Bill shares his security origins as a curious child immersed in technology, leading to his lifelong dedicat

Hendrik Ewerlin -- Threat Modeling of Threat Modeling

Mar 5th, 2024 33m 50s

Robert and Chris talk with Hendrik Ewerlin, a threat modeling advocate and trainer. Hendrik believes you can threat model anything, and he recently applied threat modeling to the process of threat modeling itself. His conclusions are published

Jason Nelson -- Three Pillars of Threat Modeling Success: Consistency, Repeatability, and Efficacy

Feb 27th, 2024 53m 52s

Jason Nelson, an accomplished expert in information security management, joins Chris to share insights on establishing successful threat modeling programs in data-intensive industries like finance and healthcare. Jason presents his three main p

Erik Cabetas -- Cracking Codes on Screen and in Contests: An Expert's View on Hacking, Vulnerabilities, and the Evolution of Cybersecurity Language

Feb 17th, 2024 51m 12s

Erik Cabetas joins Robert and Chris for a thought-provoking discussion about modern software security. They talk about the current state of vulnerabilities, the role of memory-safe languages in AppSec, and why IncludeSec takes a highly systemat

Justin Collins -- Enabling the Business to Move Faster, Securely

Feb 6th, 2024 47m 19s

Justin Collins of Gusto joins Robert and Chris for a practical conversation about running security teams in an engineering-minded organization. Justin shares his experience leading product security teams, the importance of aligning security wit

Kyle Kelly -- The Dumpster Fire of Software Supply Chain Security

Jan 30th, 2024 41m 17s

Kyle Kelly joins Chris to explore the wild west of software supply chain security. Kyle, author of the CramHacks newsletter, sheds light on the complicated and often misunderstood world of software supply chain security. He brings unique insigh

Chris Hughes -- Software Transparency

Jan 20th, 2024 39m 10s

Chris Hughes, co-founder of Aquia, joins Chris and Robert on the Application Security Podcast to discuss points from his recent book Software Transparency: Supply Chain Security in an Era of a Software-Driven Society, co-authored with Tony Turn

Jay Bobo & Darylynn Ross -- App Sec Is Dead. Product Security Is the Future.

Jan 9th, 2024 52m 25s

Jay Bobo and Darylynn Ross from CoverMyMeds join Chris to explain their assertion that 'AppSec is Dead.' They discuss the differences between product and application security, emphasizing the importance of proper security practices and effectiv

Eitan Worcel -- Is AI a Security Champion?

Dec 19th, 2023 48m 41s

Eitan Worcel joins the Application Security Podcast, to talk automated code fixes and the role of artificial intelligence in application security. We start with a thought-provoking discussion about the consistency and reliability of AI-generate

Björn Kimminich -- OWASP Juice Shop

Dec 12th, 2023 39m 17s

Bjorn Kimminich, the driving force behind the OWASP Juice Shop project, joins Chris and Robert to discuss all things Juice Shop. The OWASP Juice Shop is a deliberately vulnerable web application that serves as an invaluable training tool for se

Arshan Dabirsiaghi -- Security Startups, AI Influencing AppSec, and Pixee/Codemodder.io

Dec 5th, 2023 57m 36s

Arshan Dabirsiaghi of Pixee joins Robert and Chris to discuss startups, AI in appsec, and Pixee's Codemodder.io. The conversation begins with a focus on the unrealistic expectations placed on developers regarding security. Arshan points out tha

Dr. Jared Demott -- Cloud Security & Bug Bounty

Nov 28th, 2023 44m 29s

Chris and Robert are thrilled to have an insightful conversation with Dr. Jared Demott, a seasoned expert in the field of cybersecurity. The discussion traverses a range of topics, from controversial opinions on application security to the prac

Katharina Koerner -- Security as Responsible AI

Nov 21st, 2023 50m 40s

Dr. Katharina Koerner, a renowned advisor and community builder with expertise in privacy by design and responsible AI, joins Chris and Robert to delve into the intricacies of responsible AI in this episode of the Application Security Podcast.

Ray Espinoza -- The AppSec CISO, Vendor Relationships, and Mentoring

Nov 15th, 2023 50m 37s

For Security Pros & Business Leaders | Strategic Insights & Leadership Lessons🔒🌟 When Ray Espinoza joined Chris and Robert on the Application Security Podcast, he gave a treasure trove of insights for both security professionals and business

Chris John Riley -- MVSP: Minimum Viable Secure Product

Nov 7th, 2023 50m 13s

Chris John Riley joins Chris and Robert to discuss the Minimum Viable Secure Product. MVSP is a minimalistic security checklist for B2B software and business process outsourcing suppliers. It was designed by a team that included experts from Go

Steve Wilson and Gavin Klondike -- OWASP Top Ten for LLM Release

Oct 31st, 2023 51m 43s

Steve Wilson and Gavin Klondike are part of the core team for the OWASP Top 10 for Large Language Model Applications project. They join Robert and Chris to discuss the implementation and potential challenges of AI, and present the OWASP Top Ten

Tanya Janca -- What Secure Coding Really Means

Oct 24th, 2023 48m 23s

Tanya Janca, also known as SheHacksPurple, joins the Application Security Podcast again to discuss secure coding, threat modeling, education, and other topics in the AppSec world. With a rich background spanning over 25 years in IT, coding, and

Hasan Yasar -- Actionable SBOM via DevSecOps

Oct 16th, 2023 48m 14s

Hasan Yasar believes that everyone shares the responsibility of creating a secure environment, and this can only be achieved by working collaboratively. He underscores the idea that security is not an isolated endeavor but a collective effort,

Varun Badhwar -- The Developer Productivity Tax

Oct 10th, 2023 38m 53s

Varun Badhwar is a three-time founder, a luminary in the cyber security industry, and a clear communicator. He joins Chris and Robert on the Application Security Podcast to discuss scanning with context, SBOM plus VEX, and the developer product

OWASP Board of Directors Debate

Oct 3rd, 2023 1h 2m

The Application Security Podcast presents the OWASP Board of Directors Debate for the 2023 elections. This is a unique and engaging discussion among six candidates vying for a position on the board. Throughout the debate, candidates address pre

Itzik Alvas -- Secrets Security and Management

Sep 26th, 2023 37m 5s

Itzik Alvas, Co-founder and CEO of Entro, is an expert on secrets security.Itzik joins Chris and Robert to discuss the significance of understanding and managing secrets, emphasizing the importance of knowing how many secrets an organization ha

Harshil Parikh -- Deep Environmental and Organizational Context in Application Security

Sep 19th, 2023 38m 7s

Harshil Parikh is a seasoned security leader with experience building security and compliance functions from the ground up. He notably built the security and compliance team at Medallia from scratch and led it through several transitions. He is