All the posts have been edited and updated from their original versions. A few dusty ones remain in the archive.
If you’re interested in episodes from the Application Security Weekly podcast, check out the show index.
-
Mar 30, 2023
•
Why the OWASP Top 10 list no longer drives effective appsec
-
Mar 20, 2023
•
25 years of curl -- one of the most impactful open source projects
-
Feb 3, 2023
•
Notes for conducting prep calls for the podcast
-
Dec 15, 2022
•
Appsec and DevOps concepts expressed as haikus
-
Jan 14, 2018
•
Celebrating the 4th edition of Anti-Hacker Tool Kit
-
Jul 24, 2017
•
Cybersecurity tips to always follow for protecting your devices
-
Mar 20, 2017
•
Software engineering that leads to effective security
-
May 31, 2016
•
A non-technical overview of why HTTPS is so important for the web
-
May 3, 2016
•
Let's encrypt and the security benefits from DevOps
-
Mar 18, 2016
•
Secure code and the planet of the apes
-
Feb 12, 2016
•
Appsec versions of the quote about technology being indistinguishable from magic
-
Sep 9, 2014
•
XSS example
-
May 10, 2014
•
Heartbleed detection tool and demonstration in C++
-
Dec 27, 2013
•
The web -- it's made of people!
-
Dec 3, 2013
•
XSS payloads to take advantage of the presence of jQuery
-
Oct 21, 2013
•
An XSS vector via quirks of PHP integers
-
Sep 25, 2013
•
HTML injection through URL paths
-
Aug 27, 2013
•
Code reuse for XSS attacks
-
Aug 20, 2013
•
Finding secrets in GitHub repos
-
Jun 24, 2013
•
Crafting an XSS payload across two input parameters
-
Jun 18, 2013
•
XSS that takes advantage of JavaScript syntax quirks
-
Jun 14, 2013
•
Finding XSS in hidden input fields
-
Jun 5, 2013
•
Crafting XSS payloads with valid, but strange, JavaScript syntax
-
Mar 28, 2013
•
XSS through localization
-
Mar 21, 2013
•
Example of persistent XSS
-
Mar 14, 2013
•
Insecure browser plugins
-
Mar 5, 2013
•
Historically harsh punishment for security lapses
-
Feb 5, 2013
•
XSS payloads that take advantage of entity encoding
-
Jan 23, 2013
•
Cross-site scripting example inside a JavaScript variable
-
Jan 21, 2013
•
Explanation of CSRF flaws
-
Jan 14, 2013
•
Bypass a regex that tried to block XSS
-
Dec 26, 2012
•
Time of check, time of use vulns in web apps
-
Dec 5, 2012
•
HTML injection quick reference for creating XSS payloads
-
Oct 2, 2012
•
Noramlizing data before validating it
-
Sep 21, 2012
•
Cross-site scripting (XSS) on amazon.com via a book's PDF preview
-
Jun 7, 2012
•
Random passwords from the 2012 LinkedIn breach
-
Jun 5, 2012
•
Flaws that stem from design and implementation mistakes
-
Mar 6, 2012
•
Unicode, UTF-8, and character encoding implications for appsec
-
Nov 16, 2011
•
An appsec list inspired by RFC 1925
-
Jun 16, 2011
•
Advanced vs. sophisticated appsec threats
-
Jun 1, 2011
•
A brief note on confusion and diffusion
-
Apr 26, 2011
•
Explaining cross-site request forgery (CSRF) vulns
-
Apr 14, 2011
•
The advanced persistent ignorance that leads to SQL injection flaws.
-
Dec 11, 2010
•
Appsec ideas from sci-fi books
-
Dec 11, 2010
•
Cybercrime imagined in 1986 by Stanisław Lem
-
Jun 15, 2010
•
Avoiding subtle flaws in regex-based security filters
-
May 18, 2010
•
Cross-site tracing (XST) takes advantage of a web server's reflection of the client's HTTP message in a respose to a TRACE request
-
May 8, 2010
•
The day of the triffids
-
May 7, 2010
•
Finding an XSS vuln vs. finding an exploit, and how such vulns should be prioritized
-
Apr 22, 2010
•
Observations on the 2010 OWASP Top 10
-
Feb 19, 2010
•
One of the earliest examples of XSS
-
Feb 17, 2010
•
Password security lessons from the movie Aliens
-
Jan 4, 2010
•
One of the earliest examples of XSS against web-based email
-
Jul 30, 2008
•
Finding flaws in web apps