『Absolute AppSec』のカバーアート

Absolute AppSec

Absolute AppSec

著者: Ken Johnson and Seth Law
無料で聴く

このコンテンツについて

 A weekly podcast of all things application security related. Hosted by Ken Johnson and Seth Law.
エピソード
  • Episode 298 - Shai Halud, Layered Security, New Commandments of Security Teams

    Episode 298 - Shai Halud, Layered Security, New Commandments of Security Teams
    2025/09/16
    In what is (sadly) becoming a weekly segment, this episode starts with talk of the latest installment of npm package takeovers, dubbed Shai Halud as discussed in Slack and analyzed by Paul McCarty and team. Strategies discussed for monitoring packages and preventing malware from entering into organization's products. This is followed by an article referencing security via intentional redundancy when designing sensitive application functionality. Finally, analysis of a recent article from Frankly Speaking that lists a series of new commandments for security teams, which are mostly agreed to by both Seth and Ken, with some caveats.
    続きを読む 一部表示
    1分未満
  • Episode 297 - True/False Positives, Phishing Package Maintainers

    Episode 297 - True/False Positives, Phishing Package Maintainers
    2025/09/09
    The Absolute AppSec duo returns with an in-depth episode talking about true and false positives, where context matters and business impact must be taken into account in order to avoid rabbit holes. This discussion spurred by a recent article from signalblur of magonia.io discussing alerts in a security operations center. In short, only considering existence of a flaw (or alert) is not enough by itself. True impact comes by understanding context. Anyone want t-shirts? A discussion of the recent successful phish of an npm package maintainer, resulting in exposure of millions of projects depending on popular npm packages. It happens, folks, protect yourself.
    続きを読む 一部表示
    1分未満
  • Episode 296 - OWASP Top 10, NX Compromise, Security News Sources

    Episode 296 - OWASP Top 10, NX Compromise, Security News Sources
    2025/09/02
    Ken and Seth kickoff a podcast by reviewing current state of the OWASP Top 10 project, given recent requests and interactions on Absolute AppSec slack from various contributors. This is followed by an in-depth breakdown of the recent NX npm package compromise. This breakdown shows that even though AI is weaponized to exfiltrate data, the main exploit was the result of a command injection flaw. Crocs and Socks coming back to bit all of us. Finally, Ken and Seth provide a list of resources used to monitor the wider security community.
    続きを読む 一部表示
    1分未満
まだレビューはありません