Episodes

  • Episode 273 - Josh Larsen - Ghost Security

    Episode 273 - Josh Larsen - Ghost Security
    Jan 28 2025
    Josh Larsen, co-founder of CTO of Ghost Security, joins Seth Law and Ken Johnson on January 28th at 12 Noon Eastern time. Before Ghost Security, Josh was a co-founder and CEO of Darkbit and before that of the Blackfin Security Group. Larsen led the GTM strategy for both startups, and Darkbit and Blackfin Security Group were acquired by Aqua Security and Symantec Corporation, respectively. Ghost Security (https://ghostsecurity.com/) was founded so development shops and AppSec teams had a tool to perform autonomous application security using Agentic AI with the goal of helping teams discover, test, and mitigate risks in real time. Josh (joshlarsen on Linked In, @josh_larsen on X/Twitter) has been in the industry for 25 years working as a security program manager and consultant as well as building products that improve the security landscape. Be sure to tune in as Seth and Ken talk through his experiences in the field as well as gleaning his insights about the future of AppSec.
    Show more Show less
    Less than 1 minute
  • Episode 272 - New AI Tools, True Cost of False Positives

    Episode 272 - New AI Tools, True Cost of False Positives
    Jan 21 2025
    Ken and Seth start with a demo and discussion on some newer tools that use integrated AI in both the code and workflow spaces. Specifically, use for code review and understanding is improving. This is followed by a wide-ranging discussion of false positives, where they come from, and how they affect application security. Seth gets up in arms about trying to deal with unrealistic expectations around reducing false positives.
    Show more Show less
    Less than 1 minute
  • Episode 271 - Top 10 2024 Web Hacking Techniques, Research Techniques, AppSec Careers

    Episode 271 - Top 10 2024 Web Hacking Techniques, Research Techniques, AppSec Careers
    Jan 17 2025
    Seth and Ken return once again to talk through the overall effectiveness and purpose of Portswigger's Top 10 Web Hacking Techniques and how it benefits the community. A short discussion on some of the current crop of techniques up for polling. Spurred by recent revelations around Snyk's approach to identifying security issues in npm packages, the duo discusses research techniques and identifying security issues without exploitation or harm. To close out, a discussion on progressing from junior to senior within the security space and challenges in the current market.
    Show more Show less
    Less than 1 minute
  • Episode 270 - 2025 AppSec Predictions

    Episode 270 - 2025 AppSec Predictions
    Jan 7 2025
    Ken and Seth return for 2025 to review the accuracy of their predictions from 2024 and make a few new ones for this new year. Some hits and misses for last year, but overall the generic predictions for both AI/LLM growth and software supply chain security were accurate. However, they were wrong in their assumptions around LLM creation and training. For 2025, predictions on AI billing models, software supply chain attacks, OWASP Top 10 2025, and more.
    Show more Show less
    Less than 1 minute
  • Episode 269 - Security Conferences, What Sucks in (App)Sec

    Episode 269 - Security Conferences, What Sucks in (App)Sec
    Dec 17 2024
    The dynamic duo is back for another holiday special. Not that they reference the holidays, but dig into complaints about security conferences and how to build a conference network. Followed by a discussion inspired by a recent TL;DRSec post from Maya Kaczorowski on "What Sucks about Security" where security leaders were asked that specific question. This leads into the question "What Sucks in AppSec?", so the co-hosts give their responses.
    Show more Show less
    Less than 1 minute
  • Episode 268 w/ Clint Gibler - Curating a Newsletter, Secure Defaults

    Episode 268 w/ Clint Gibler - Curating a Newsletter, Secure Defaults
    Dec 10 2024
    Seth and Ken are happy to announce that Clint Gibler (@clintgibler), the force behind TL;DRSec (tldrsec.com) and head of Security Research at Semgrep, will be coming on as a guest again on the Absolute AppSec podcast. The conversation starts with background on his experience with TL;DRSec and writing a newsletter. Followed up by an indepth discussion on secure defaults and how Semgrep and other tools help push security in organizations.
    Show more Show less
    Less than 1 minute
  • Episode 267 - w/ Kinnaird McQuade - Building a Security Product

    Episode 267 - w/ Kinnaird McQuade - Building a Security Product
    Nov 19 2024
    Join us for an episode of Absolute AppSec with Kinnaird McQuade, founder and CTO of NightVision. Kinnaird developed NightVision as a security testing tool that combines codebase analysis with DAST features. Before NightVision, Kinnaird worked as lead security engineer at both Square and Salesforce. Additionally he worked at Synopsys as Cloud Security Consulting Practice Lead. Be sure to tune into the episode as Ken Johnson and Seth Law interview Kinnaird McQuade to gain insights from his experiences and thoughts on improving security for applications and developers.
    Show more Show less
    Less than 1 minute
  • Episode 266 - Scope of Penetration Testing, Attack Modeling

    Episode 266 - Scope of Penetration Testing, Attack Modeling
    Nov 5 2024
    Seth (@sethlaw) and Ken (@cktricky) return for an in-depth discussion on penetration testing expectations, driven by recent posts and slack activity from Andrew Wilson. Essentially, certain clients expect that a single penetration test finds everything possible, whether or not those expectations are appropriate. The duo expounds on their experience with similar expectations and how its affected their respective careers and organizations. A followup on threat modeling and a new approach being coined as Attack Modeling.
    Show more Show less
    Less than 1 minute