2018 was a great year for the Application Security Podcast. We completed season three and then launched season four (which will conclude in January 2019.)
This list contains the top ten most downloaded episodes of 2018. As always, we hope you enjoy!
- Selling #AppSec Up The Chain (S03E09) – Jim Routh discusses selling #AppSec up the chain. Jim has built five successful software security programs in his career and serves as a CISO now. Jim shares his real-world experience with how to successfully sell #AppSec to senior management (as well as many other pieces of wisdom for running an AppSec program).
- All the Pieces You Need for an #AppSec Program: Finale(S03 E21) – The conclusion of Season 3, all the best highlights, and some great advice from our guests on what you need to build an #AppSec Program.
- Insecure Deserialization (S03E03) – Bill Sempf talks insecure deserialization. We do a deep dive and contextual review of the generalities of deserialization, and the specifics of how it applies to “.NET”. Bill gets into his journey to understand these types of vulnerabilities and provides some hints and tips for how you can look for them in your code.
- SAST, DAST, and IAST. Oh My! (S03E05) – Pete Chestna describes the differences between SAST, DAST, IAST, and RASP, the struggles that developers encounter using new tools, false positives that occur and how to reduce them, and advice for building an #AppSec program from scratch versus adding tools to a mature program.
- Securing DevOps (S04E03) – Julien Vehentdiscusses all things DevOps + Security. We talk through Julien’s new book, Securing DevOps and go in depth as to the journey he went through building security into DevOps at his job.
- OWASP, Reach Out; We Are Known and Misunderstood (S03E20) – Martin Knobloch discusses all things OWASP. He dives into the history of OWASP and some of the plans for the future.
- OWASP Top 10 #4 XXE (S03E06) – Katy Anton discusses number four on the OWASP Top 10. She dives into what
XXEis, how to deal with it, and some of the other new items on the OWASP Top 10 2017.
- OWASP Top 10 #10: Logging (S03E10) – Neil Smithline discusses one of the new items on the OWASP Top 10 List, Insufficient Logging and Monitoring.
- AppSec and Hardware (S03E16) – Chase Schultz covers the combination of AppSec and hardware. He also dives into how the Meltdown and Spectre attacks worked.
- Shifting left (S03E01) – We discuss an article Kevin wrote about shifting left and explore codifying intuitions and new projects at Mitre that will bolster the knowledge of your developers and testers. Kevin brings up the lack of true results from the SAST and DAST tools on the market. He brings an interesting perspective, having focused on research and development in his time at DHS.