Powered by RND
PodcastsTechnologyAbsolute AppSec

Absolute AppSec

Ken Johnson and Seth Law
Absolute AppSec
Latest episode

Available Episodes

5 of 282
  • Episode 282 - Model Context Protocol, A2A, NHI Authentication
    It is time to talk about Model Context Protocol (MCP), Google's Agent 2 Agent specification, and get back to the crocs and socks of authentication for Non-Human Identities (NHIs). MCP servers have exploded over the last few weeks and provide a standard mechanism for LLMs to interact with pretty much _anything_. Seth and Ken talk about the risks, exposures, and where things could go from here.
    --------  
  • Episode 281 - Signing Models, Vibe Coding, GitHub Action Abuse
    The duo are back for a discussion on securing machine learning models using Sigstore, based on a recent blog post from Google Security. Followed by some spicy takes on opinions on vibe coding and its effects on application and product security. Finally, short-lived tokens used to exploit RCE against the GitHub CodeQL Action.
    --------  
  • Episode 280 - Middleware Vulnerabilities, Identifying Enumeration with LLMs
    Seth and Ken are back with an episode dedicated to a review of the recent Next.js middleware vulnerability and how that impacts application security both specifically and in general. Over-dependence on third party software accompanied by agile development can lead to devastating results when security flaws are identified. A followup and demo of using LLMs to analyze HTTP sessions for user enumeration flaws as a sneak peak of an upcoming talk by Seth for BSidesSLC.
    --------  
  • Episode 279 - Conferences, Destructive Fatigue, Imposter Syndrome
    After a week's hiatus, Ken and Seth return and start with a discussion on OWASP conferences and the effectiveness of attendance for vendors. This is followed by an expansive mental health discussion inspired by a recent blog post on Destructive Fatigue from Justin Larson at Redpoint Security. A constant focus on breaking and tearing down applications or anything can have mental health effects. Additionally, focus on the negative aspects increases imposter syndrome that is already prevalent across the industry. This leads to the question, what do you do to maintain sanity and mental health? Jump into Slack or tag @absoluteappsec on social media with your strategies.
    --------  
  • Episode 278 - Security Conferences, Testing Data in Git, Unforgivable Vulnerabilities
    Seth and Ken return without a guest to discuss recent news, breaches, and research. Initial discussions around the purposes of the various security conferences and what is recommended for various professional levels. An article discussing recent customer data exposure by Zapier in git test data. Synthetic test data has been an issue for long time so not a surprising turn of events. Finally, thoughts on the definitions and classification of Unforgivable Vulnerabilities as proposed by the UK's National Cyber Security Centre.
    --------  

More Technology podcasts

About Absolute AppSec

A weekly podcast of all things application security related. Hosted by Ken Johnson and Seth Law.
Podcast website

Listen to Absolute AppSec, Elon Musk Podcast and many other podcasts from around the world with the radio.net app

Get the free radio.net app

  • Stations and podcasts to bookmark
  • Stream via Wi-Fi or Bluetooth
  • Supports Carplay & Android Auto
  • Many other app features
Social
v7.15.0 | © 2007-2025 radio.de GmbH
Generated: 4/17/2025 - 9:11:03 PM