October was the month when tales of terror became timely and the days took a fearful turn towards Halloween.

I love Halloween and horror movies. A favorite recent series is “The Edge of Sleep” (which originated as a podcast). The found footage genre is near and dear to my heart, so I also have to recommend “Deadstream” as another recent-ish favorite.

SW logo

Episode 302

We started a new month with an old friend. Simon Bennetts returned, along with Ori Bendet, to talk about ZAP’s new collaboration with Checkmarx.

We first talked about building ZAP and its community with Simon over a year ago in episode 254. Then he and Mark Curphy stopped by in April to talk about finding sustainable funding for the project. It’s great to see ZAP now have long-term support and, as Simon explained, how that support will create new opportunities for ZAP to expand its features.

Episode 303

Then Kalyani Pawar joined as a new co-host! We celebrated episode 303 by having the three of us talk about striking appsec fear in three words – like, “written in Perl” or “cybersecurity awareness month”…

There was plenty of news to cover, from how many vulns legacy code can hold to how many parsers you can pack into a package. As always, John Kinsella added his insights on secure defaults, isolating resources, and wrangling repos.

Episode 304

Scott Piper shared some advice on how to ratchet up security within an org’s environment, why securing clouds (and creating those guardrails) remains complex, and some tips on tracking down shadow clouds.

Creating guardrails within clouds has become a favored appsec design pattern that increases security without sacrificing development – when they’re done well.

Despite all those clouds, he shed lots of light onto strategies for enacting change that makes secure defaults better for everyone!

Episode 305

Adrian Sanabria stopped by for our almost-Halloween episode.

The two of us talked about some appsec lessons inspired from the slow transition to IPv6, fun hardware hacking stories, and my hypothesis that on a CPU-cycle-per-CPU-cycle basis fuzzing will outshine LLMs for finding flaws.

It was also nice for Adrian to stop by since I’ll be out for a few episodes in November and he’ll be stepping in.

We won’t have to change a thing. Just think of ASW as Adrian Sanabria Weekly…

Subscribe to ASW to find these episodes and more! Also check out the September 2024 recap.

ASW on Apple Podcasts