Free Daily Podcast Summary
Application Security Weekly (Audio): Daily Summaries Delivered
by Security Weekly Productions
Get key takeaways, quotes, and insights from Application Security Weekly (Audio) in a 5-minute read. Delivered straight to your inbox.
Latest Episodes
The most recent episodes — sign up to get AI-powered summaries of each one.
- Today1h 2m
The State of AI & AppSec - Keith Hoodlet - ASW #383
This year has been a dichotomy of established secure design fundamentals and burgeoning chaos of LLM-driven vuln discovery. Keith Hoodlet returns to share his latest observations on what the recent news about Mythos, models, and harnesses means for appsec. He walks through the problems of misalignment, the potential development doom that looms behind a volume of vulns, and what modern code creation looks like. Along the way we touch on the economics of tokens and the principles behind secure software. Keith gave a preview of his upcoming presentation (May 22nd) on these topics. Check out https://securing.dev/about/ for the slides and more of his writing on appsec. Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw-383
- 1 weeks ago1h 11m
Why Basic Security Practices Still Work - Rob Allen - ASW #382
If you have to ditch your entire appsec strategy because you expect 2026 to bring more vulns more quickly, then you probably didn't have a good strategy in the first place. Rob Allen shares how the mentality of "assume breach" doesn't have to be a defeatist attitude and can instead be a way to change a catastrophic breach into a more contained one. We also talk about proactive security and what an "avoid breach" attitude could look like, including how to apply the macro lessons of default deny and network isolation to writing secure code. Resources https://www.threatlocker.com/blog/the-claude-mythos-preview-proves-now-is-the-time-for-zero-trust?utmsource=cyberriskalliance&utmmedium=sponsor&utmcampaign=claudemythosaswq226&utmcontent=claudemythosasw-&utm_term=podcast https://www.threatlocker.com/capabilities/zero-trust-network-access?utmsource=cyberriskalliance&utmmedium=sponsor&utmcampaign=ztnaq226&utmcontent=ztna-&utm_term=podcast https://www.threatlocker.com/capabilities/zero-trust-cloud-access?utmsource=cyberriskalliance&utmmedium=sponsor&utmcampaign=ztcaq226&utmcontent=ztca-&utm_term=podcast This segment is sponsored by ThreatLocker. Visit https://securityweekly.com/threatlocker to learn more about them! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw-382
- 2 weeks ago1h 9m
Keeping Up With the OWASP GenAI Project - Scott Clinton - ASW #381
Speed is the most common theme among developers and appsec teams working with LLMs and agents, from trying to keep up with patterns for deploying agents to dealing with more code faster to how the latest models impact code quality and security. The OWASP GenAI Project is helping organizations keep up with the speed of those changes and engaging the appsec community for sharing effective ways to keep systems secure. Scott Clinton shares the latest progress on the the project, its roadmap for the year, and how appsec practitioners can shape its future. Resources: https://genai.owasp.org/2026/04/28/finbot-ctf-is-live-a-hands-on-companion-to-the-owasp-genai-security-project/ https://genai.owasp.org/2025/01/22/announcing-the-owasp-gen-ai-red-teaming-guide/ https://www.scworld.com/podcast-episode/3695-inside-the-owasp-genai-security-project-steve-wilson-asw-352 This segment is sponsored by The OWASP GenAI Security Project. Visit https://securityweekly.com/owasp to learn more about them! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw-381
- 3 weeks ago44 min
Top 10 Web Hacking Techniques of 2025 and a Hint for 2026 - James Kettle - ASW #380
Portswigger's list of web hacking techniques is a long-running celebration of curiosity and research from the web hacking community. James Kettle shares his thoughts on the entries from 2025 and how he expects LLMs and agents to influence what the list will look like for next year. He also shares some insights on using LLMs for his own blackbox research, giving us a peek into the work he'll be sharing at Black Hat USA this summer. Resources https://portswigger.net/research/top-10-web-hacking-techniques-of-2025 https://blackhat.com/us-26/briefings/schedule/index.html#can-ai-do-novel-security-research-meet-the-http-terminator-51894 Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw-380
- 4 weeks ago1h 13m
The Human Aspect of Red Teams - Brian Fox, Tom Tovar, T. Gwyddon 'Data' Owen - ASW #379
Red team exercises set goals to see if a particular outcome can be accomplished through a simulated attack, but the ultimate outcome should be educating the org about how to improve tools and processes that make attacks more difficult to succeed. Gwyddon "Data" Owen shares his experience building a red team, creating an exercise, and leveraging the results to improve security. And while the adoption of LLMs will accelerate a red team's activities, there are still plenty of foundational security controls that orgs can establish that would require a red team to be more than just fast, but fast and very careful. Coding Agents Are Getting More Cautious, But Not Safer A new study finds that while frontier AI coding models are hallucinating less than they did a year ago, they still preserve a significant amount of avoidable software risk when left ungrounded. Sonatype's research shows that connecting these models to real-time software intelligence dramatically improves remediation quality and reduces critical and high-severity vulnerability exposure by 60–70%. The takeaway is clear: safer AI-assisted development will depend not just on better models, but on grounding them in accurate, current dependency and vulnerability data. This segment is sponsored by Sonatype. Read the study: https://securityweekly.com/sonatypersac How We Achieve Agentic Outcomes in CyberSecurity: The "Do-It-For-Me" Mobile Defense If you look at deepfakes, synthetic identity, social engineering, and new malware variants coming to market, it seems like attackers have a first-mover advantage in using AI. The volume and variety of threats are growing faster than the current cyber stack can address. Against this backdrop, organizations are moving away from "do-it-yourself" delivery models (more tools, more alerts, more headcount) to "do-it-for-me" agentic AI delivery models (using platforms that unify data, execute policy, and automate outcomes). The emphasis outside of cyber is on empowering the expert human-in-the-loop — so teams spend less time in the noise and more time delivering business outcomes. This segment explores how cybersecurity leaders can make the most of the AI Age, leveraging it for good while staying relevant amid the explosive AI adoption curve. This segment is sponsored by Appdome. Visit https://securityweekly.com/appdomersac to learn more about them! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw-379
- Apr 14, 20261h 9m
Securing Software's Journey with the OWASP SPVS - Ido Geffen, Rohan Ravindranath, Cameron W., Farshad Abasi - ASW #378
It's one thing to write secure code, it's another to release it into the wild. That code needs to be designed, built, tested, released, and maintained. Farshad Abasi and Cameron Walters explain how the OWASP Secure Pipeline Verification Standard picks up from where ASVS left off, how it complements other supply chain security efforts like SLSA, and why they updated it with explicit coverage for AI. They show what goes into making a project relevant and -- most importantly -- successful at defending how supply chains are attacked. They're also looking for more feedback and participation! If you build software packages, consume software packages, or have an interest in helping organizations stay secure, check it out! Resources https://owasp.org/www-project-spvs/ https://github.com/OWASP/www-project-spvs/blob/main/1.5/ReleaseNotesOWASPSPVS1.5-AI-Pipeline-Security.md https://youtu.be/-WoqGDdivGw?si=kK5-csbnTw8Y4g2J -- The Story Behind OWASP SPVS https://slsa.dev Zero Trust That Actually Ships: Moving From Strategy Decks to Real Security Most enterprise organizations have been working at Zero Trust for years and fail to deliver truly secure environments. Rohan Ravindranath shares insights that Zappsec has gained from guiding the global teams that are succeeding at protecting their orgs. Discover the common pitfalls so you can deploy a solution that works. This segment is sponsored by Zappsec. Visit https://securityweekly.com/zappsecrsac to learn more about them! Cloning Attacker Tradecraft: Why AI Pentesting is Becoming Essential Enterprises ship code continuously, but most security validation still happens in snapshots. Novee CEO and co-founder Ido Geffen explains what "AI penetration testing" means, why it's different from automated scanning, and why it's becoming essential as attackers adopt AI to move faster. He breaks down what separates best-in-class AI pentesting: operator-like reasoning across real environments, validated exploitability, and the ability to uncover business logic flaws and multi-step attack chains. Ido covers the technology behind Novee's AI penetration tester: a proprietary LLM model, built independently of "frontier" LLMs (like Claude, ChatGPT, Cursor, etc.), and consistently outperforming them at browser exploitation tests. Finally, he shares what buyers should demand in a live evaluation and how continuous retesting closes the loop after fixes ship. This segment is sponsored by Novee Security. See what your attackers already know at https://securityweekly.com/noveersac. Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw-378
- Apr 7, 20261h 8m
AppSec News Roundup on Claude Code Leak, Axios NPM Compromise, Secure Design - Idan Plotnik, Raj Mallempati - ASW #377
Security problems aren't changing very much even though security teams are. We catch up on the implications of the Claude Code source leak, the very human lessons from the axios NPM compromise, and what secure design looks like when it involves agents, humans, or both. AppSec has always celebrated interesting and impactful vulns. And LLMs are now a favored tool for finding flaws. We shouldn't forget the success and effectiveness of fuzzers like OSS-Fuzz, which has improved security for over 1,000 projects and found over 50,000 bugs. But we can't ignore the ease of prompting an agent to go find -- and exploit -- a vuln when the UX and overhead of doing so is hardly more than writing some markdown. The SDLC Blind Spot: Why Breaches Start with Identity, Not Code Developers have access to source code, CI/CD pipelines, and cloud infrastructure — and attackers know it. Target lost 860GB of source code through a single compromised credential. Recruitment fraud campaigns have pivoted from a compromised developer to cloud admin in under 10 minutes. As agents join human developers, contractors, and service accounts in the SDLC, the attack surface is expanding faster than static security tools can track. Security teams need real-time visibility beyond code and into who has access and what they're actually doing. This segment is sponsored by Apiiro. To lean more, visit https://securityweekly.com/apiirorsac. How AI-Driven Development is Reshaping the Application Risk Landscape Agent coding assistants are accelerating software development, generating more code and more change than security teams were built to handle. In this interview, Idan Plotnik discusses how AI-driven development is reshaping the application risk landscape and why traditional vulnerability management models can't keep up. Make sure to schedule a free SDLC Risk Assessment with BlueFlag Security - 30 minutes to deploy. 48 hours to results. Please visit https://securityweekly.com/blueflagrsac. Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw-377
- Mar 31, 20261h 15m
Developing the Skills Needed for Modern Software Development - Keith Hoodlet, Shashwat Sehgal, Ron Rasin - ASW #376
The future of secure software is going through a mix of skills expected of humans and skills files created for LLMs. We might even posit that appsec as a discipline will fade (and that might not even be a bad thing!). Keith Hoodlet describes the skills he was looking for in building teams of security researchers and why there's still an emphasis on the ability to learn about and understand how software is built. But figuring out what skills will get you hired and what skills are valuable to invest in still feels daunting to new grads and others entering the security industry. We discuss where the role of appsec seems to be heading and a few of the security and software fundamentals that can help you follow that direction. Segment resources https://bsidessf2026.sched.com/event/2E1h4/we-pwn-the-night-growing-leading-an-31337-security-research-team?iframe=yes&w=100%&sidebar=yes&bg=no https://drive.google.com/file/d/1_zLH8vuHU1XOjEyk85WecQwSByDwxAmQ/view?pli=1 https://securing.dev/posts/if-i-were-eighteen-again/ https://research.nvidia.com/labs/lpr/slm-agents/ Then, we rebroadcast two interviews from RSAC 2026. The Identity Crisis of Agentic AI Identity security is being stretched between legacy infrastructure that was never built to be secure and rapidly emerging AI agents and non-human identities that organizations are quickly adopting. As AI accelerates, identity risk grows alongside it, making agentic security fundamentally an identity challenge—because the more access AI has, the greater both its power and potential risk. In this session, Ron Rasin explores how past gaps in areas like Active Directory and machine identities created today's blind spots, and why identity must now act as the control plane for AI-driven enterprises, with real-time enforcement before access is granted. He also highlights new innovations and partnerships enabling embedded identity controls across human, non-human, and AI identities, emphasizing that at machine speed, reactive security is no longer enough. To learn more about Silverfort and their AI Agent product, visit https://securityweekly.com/silverfortrsac. Privileged by Design: AI Agents and the New Identity Risk to Production Systems At RSAC this year, the AI conversation is getting more practical. Less "look what agents can do" and more "who's actually in control when an autonomous system can take real actions across business apps and infrastructure." The Moltbook breach and the growing attention on OpenClaw-style agent vulnerabilities put real weight behind that question because they show how quickly agent ecosystems can scale past oversight. Today we're talking with Shashwath, CEO of P0 Security, about why identity and authorization are the quiet enablers of modern AI, where teams are losing control as non-human identities explode and what security leaders can do to keep innovation moving without turning access sprawl into enterprise risk. To learn more about P0 Security, visit: https://securityweekly.com/p0rsac. Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw-376
Get Application Security Weekly (Audio) summaries in your inbox
Free AI-powered daily recaps. Key takeaways, quotes, and mentions — in a 5-minute read.
Get Free Summaries →Free forever for up to 3 podcasts. No credit card required.
You Might Also Like
Listeners also like.
Security Weekly Podcast Network (Audio)
Security Weekly Productions
Security Weekly Podcast Network (Video)
Security Weekly Productions
Enterprise Security Weekly (Audio)
Security Weekly Productions
Enterprise Security Weekly (Video)
Security Weekly Productions
DevelopSec: Developing Security Awareness
Jardine Software Inc.
Security Weekly News (Audio)
Security Weekly Productions
Business Security Weekly (Audio)
Security Weekly Productions
The OWASP Podcast Series
The OWASP Podcast Series
Paul's Security Weekly (Audio)
Security Weekly Productions
Paul's Security Weekly (Video)
Security Weekly Productions
Shared Security Podcast
Tom Eston, Scott Wright, Kevin Tackett
The Security Podcast of Silicon Valley
YSecurity
About Application Security Weekly (Audio)
About all things AppSec, DevOps, and DevSecOps. Hosted by Mike Shema and John Kinsella, the podcast focuses on helping its audience find and fix software flaws effectively.
Customized Recaps
AI-powered recaps with compact key takeaways, quotes, and insights.
Straight to Your Inbox
Get key takeaways from Application Security Weekly (Audio) in a 5-minute read.
Save Hours Every Week
Stay current on your favorite podcasts without falling behind.
Frequently Asked Questions
What is Podzilla's Application Security Weekly (Audio) daily summary?
It's a free AI-powered email that summarizes new episodes of Application Security Weekly (Audio) as soon as they're published. You get the key takeaways, notable quotes, and links & mentions — all in a quick read.
How does the Application Security Weekly (Audio) podcast summary work?
When a new episode drops, our AI transcribes and analyzes it, then generates a personalized summary tailored to your interests and profession. It's delivered to your inbox every morning.
Is this an official Application Security Weekly (Audio) product?
No. Podzilla is an independent service that summarizes publicly available podcast content. We're not affiliated with or endorsed by Security Weekly Productions.
Can I get summaries of other podcasts too?
Absolutely! The free plan covers up to 3 podcasts. Upgrade to Pro for 15, or Premium for 50. Browse our full catalog at /podcasts.
What topics does Application Security Weekly (Audio) cover?
Application Security Weekly (Audio) covers topics including News, Technology. Our AI identifies the specific themes in each episode and highlights what matters most to you.
Start getting Application Security Weekly (Audio) summaries tomorrow morning.
Free forever for up to 3 podcasts. No credit card required.
Free forever for up to 3 podcasts. No credit card required.