Scanner Results Are a Starting Point. Here's What Comes Next. - Federico Kirschbaum - ASW #386
Most AppSec teams are working through more findings than their teams can validate. SAST surfaces thousands of potential issues. DAST generates alert volume that outpaces triage capacity. Somewhere in that output are the vulnerabilities that matter, the ones that are actually exploitable in production. This conversation explores why automated testing often stops short of the hardest part of the job: proving what is real. We dig into how business logic flaws and authorization vulnerabilities get missed by tools that scan without reasoning, what exploit validation looks like at runtime, and how security engineers are shifting toward findings that developers will actually act on. The segment is sponsored by XBOW. Visit https://securityweekly.com/xbow to see how autonomous AI pentesting delivers expert-quality findings in hours with real exploit validation your team can actually act on. Show Notes: https://securityweekly.com/asw-386
Podzilla Summary coming soon
Sign up to get notified when the full AI-powered summary is ready.
Free forever for up to 3 podcasts. No credit card required.
Listen to This Episode
More from Security Weekly Podcast Network (Video)
Trolling Microsoft With Vulnerabilities - PSW #930
Innovation Without Data Security Risk as AI Unlocks Budgets and Identity Challenges - Tony Kelly - BSW #451
Geinbot, SolarWinds, Brave, UNK_Deaddrop, durabletask, Insta, Aaran Leyland... - SWN #588
The State of AI in SecOps, the Unintended Consequences of Vulnmaxxing, and the News - Filip Stojkovski - ESW #462
Get summaries like this every morning.
Free AI-powered recaps of Security Weekly Podcast Network (Video) and your other favorite podcasts, delivered to your inbox.
Free forever for up to 3 podcasts. No credit card required.