Unraveling Your Software Bill of Materials - Alyssa Miller - ESW #186 | Enterprise Security Weekly (Video) Podcast

Unraveling Your Software Bill of Materials - Alyssa Miller - ESW #186: Whether you are deploying your own software or someone else's software, there are a chain of dependencies that likely includes vulnerabilities. From the base OS image, to utilities, to frameworks and app servers, to language specific libraries, all... by Security Weekly Podcast Network (Video)

36 min listen

Talking Heads - ASW #150: While the vision for app security is relatively clear, executing on that vision is still somewhat of a work in progress. Fast-moving, interdependent pieces—custom code and open source packages, infrastructure and network configurations, user... by Security Weekly Podcast Network (Audio)

75 min listen

Always Interesting - ASW #143: This week, we welcome John Morello, VP of Product at Palo Alto Networks, joins us to talk about Cloud Native Security Platforms! Modern appsec demonstrates the importance of a cloud native strategy for enterprise security and how much that strategy... by Security Weekly Podcast Network (Audio)

62 min listen

Delivering On the Promise of Application Security - Ankur Shah - ASW #150: While the vision for app security is relatively clear, executing on that vision is still somewhat of a work in progress. Fast-moving, interdependent pieces—custom code and open source packages, infrastructure and network configurations, user... by Application Security Weekly (Video)

36 min listen

Delivering On the Promise of Application Security - Ankur Shah - ASW #150: While the vision for app security is relatively clear, executing on that vision is still somewhat of a work in progress. Fast-moving, interdependent pieces—custom code and open source packages, infrastructure and network configurations, user... by Security Weekly Podcast Network (Video)

36 min listen

Starting with Appsec -- Is It More of a Position or a Process? - ASW #264: This year we've talked about vulns, clouds, breaches, presentations, and all the variations of Dev, Sec, and Ops. As we end the year, let's talk about starting things -- like starting an appsec program or an appsec career. But is there still a need... by Security Weekly Podcast Network (Audio)

74 min listen

Eyes Open - ASW #174: This week, we welcome Ryan Lloyd, Chief Product Officer at Guardsquare, to discuss Mobile Application Security! Mobile applications have a unique attack surface. The tools and techniques being used to compromise these environments are constantly... by Security Weekly Podcast Network (Audio)

71 min listen

Goose Egg - ASW #140: This week, we welcome Brandon Edwards, Co-Founder and Chief Scientist at Capsule8, to discuss Targeting, Exploiting, & Defending Linux! Linux is all over the place (sometimes surprising), why is targeting it different? What types of attacks are... by Security Weekly Podcast Network (Audio)

68 min listen

ASW #231 - Neatsun Ziv: In this episode, Neatsun Ziv, co-founder and CEO of Ox security takes a deep dive into supply chain security. He focuses on the new Open Software Supply Chain Attack Reference (OSC&R), a consortium of leading cybersecurity leaders. OSC&R the... by Security Weekly Podcast Network (Audio)

80 min listen

Application News - ASW #82: Top cloud security controls you should be using, State of Software Security X, Developers: The Cause of and Solution to Security's Biggest Problems, and much more! Visit for all the latest episodes! Show Notes: by Application Security Weekly (Video)

33 min listen

Application News - ASW #82: Top cloud security controls you should be using, State of Software Security X, Developers: The Cause of and Solution to Security's Biggest Problems, and much more! Visit for all the latest episodes! Show Notes: by Security Weekly Podcast Network (Video)

33 min listen

The Device Security Divide - John Loucaides - ESW #242: Organizations are divided. Some will be able to lean into mitigations against catastrophic and cascading failures. Others will not. In this discussion, we will explore the risk tradeoffs in firmware security. This includes risks inherent in devices,... by Enterprise Security Weekly (Video)

33 min listen

The Device Security Divide - John Loucaides - ESW #242: Organizations are divided. Some will be able to lean into mitigations against catastrophic and cascading failures. Others will not. In this discussion, we will explore the risk tradeoffs in firmware security. This includes risks inherent in devices,... by Security Weekly Podcast Network (Video)

33 min listen

ASW #241 - Asaf Ashkenazi, Chris Eng, Jeff Martin: What happens to an app's security after six months? What about a year or two years? A Secure SDLC needs to maintain security throughout an app's lifetime, but too often the rate of new flaws can outpace the rate of new code within an app. Appsec teams... by Security Weekly Podcast Network (Audio)

68 min listen

Policy of Truth - ASW #159: This week, we welcome Peter Klimek, Director of Technology, Office of the CTO at Imperva, to discuss Navigating the seas of security in serverless functions! In the AppSec News: CWE releases the top 25 vulns for 2021, findings bugs in similar code,... by Security Weekly Podcast Network (Audio)

74 min listen

Web Asset Discovery in Application Security - Tolga Kayas - ESW #242: Large organizations develop hundreds of new web applications every year. Some of those deployments are lost in time, and others go wild with high severity vulnerabilities. Forgotten and outdated web applications are a common culprit of successful hack... by Security Weekly Podcast Network (Video)

30 min listen

Web Asset Discovery in Application Security - Tolga Kayas - ESW #242: Large organizations develop hundreds of new web applications every year. Some of those deployments are lost in time, and others go wild with high severity vulnerabilities. Forgotten and outdated web applications are a common culprit of successful hack... by Enterprise Security Weekly (Video)

30 min listen

Building a Scanner and a Community with Zed Attack Proxy - Simon Bennetts - ASW #254: Zed Attack Proxy is an essential tool for web app pentesting. The project just recently moved from OWASP to the Secure Software Project. Hear about the challenges of running an OSS security project, why Simon got involved in the first place, and why... by Security Weekly Podcast Network (Audio)

73 min listen

JSON, OpenSSL, Educational Resources, & Flaws in CodeQL - ASW #141: This week on the Application Security News, Implementation pitfalls in parsing JSON, finding all forms of a flaw with CodeQL, more educational resources for hacking apps, engineering and product management practices for DevOps, & more! ... by Security Weekly Podcast Network (Video)

33 min listen

JSON, OpenSSL, Educational Resources, & Flaws in CodeQL - ASW #141: This week on the Application Security News, Implementation pitfalls in parsing JSON, finding all forms of a flaw with CodeQL, more educational resources for hacking apps, engineering and product management practices for DevOps, & more! ... by Application Security Weekly (Video)

33 min listen

ASW #204 - Larry Maccherone: 0-day vulnerabilities pose a high risk because cybercriminals race to exploit them and vulnerable systems are exposed until a patch is issued & installed. These types of software vulnerabilities can be found through continuous detection but even... by Security Weekly Podcast Network (Audio)

74 min listen

Starting with Appsec -- Is It More of a Position or a Process? - ASW #264: This year we've talked about vulns, clouds, breaches, presentations, and all the variations of Dev, Sec, and Ops. As we end the year, let's talk about starting things -- like starting an appsec program or an appsec career. But is there still a need... by Application Security Weekly (Video)

40 min listen

Starting with Appsec -- Is It More of a Position or a Process? - ASW #264: This year we've talked about vulns, clouds, breaches, presentations, and all the variations of Dev, Sec, and Ops. As we end the year, let's talk about starting things -- like starting an appsec program or an appsec career. But is there still a need... by Security Weekly Podcast Network (Video)

40 min listen

Starting an OWASP Project (That's Not a List!) - Grant Ongers - ASW #272: We can't talk about OWASP without talking about lists, but we go beyond the lists to talk about a product security framework. Grant shares his insights on what makes lists work (and not work). More importantly, he shares the work he's doing to... by Security Weekly Podcast Network (Audio)

74 min listen

CVEs 4 CSPs, Malicious PyPi, Bounty Programs, Shared Responsibility, & Breach Costs - ASW #175: This week in the AppSec News: What would CVEs for CSPs look like, clever C2 in malicious Python packages, diversity in bounty programs, shared responsibility and secure defaults, breach costs to influence AppSec programs! Visit for all the... by Security Weekly Podcast Network (Video)

35 min listen

CVEs 4 CSPs, Malicious PyPi, Bounty Programs, Shared Responsibility, & Breach Costs - ASW #175: This week in the AppSec News: What would CVEs for CSPs look like, clever C2 in malicious Python packages, diversity in bounty programs, shared responsibility and secure defaults, breach costs to influence AppSec programs! Visit for all the... by Application Security Weekly (Video)

35 min listen

PSW #761 - Charles Shirer: This week in the Security News: rethinking vulnerability severity, exploiting the hacker tools, Microsoft "fixes" the vulnerable driver problem, its what you do with the data that matters, what is comprehensive security, deconflictions, moles are... by Security Weekly Podcast Network (Audio)

210 min listen

How Security Tools Must Evolve - Dan Kuykendall - ASW #261: The categories of security tools that we're most familiar with have struggled to keep up with how modern apps are designed and what modern devs need. What if instead of being beholden to categories, we created tools that solved problems devs have... by Security Weekly Podcast Network (Audio)

87 min listen

What to Do When the Honeymoon Period Ends - Chris Eng - ASW #241: What happens to an app's security after six months? What about a year or two years? A Secure SDLC needs to maintain security throughout an app's lifetime, but too often the rate of new flaws can outpace the rate of new code within an app. Appsec teams... by Application Security Weekly (Video)

41 min listen

What to Do When the Honeymoon Period Ends - Chris Eng - ASW #241: What happens to an app's security after six months? What about a year or two years? A Secure SDLC needs to maintain security throughout an app's lifetime, but too often the rate of new flaws can outpace the rate of new code within an app. Appsec teams... by Security Weekly Podcast Network (Video)

41 min listen

Discover this podcast and so much more

Unraveling Your Software Bill of Materials - Alyssa Miller - ESW #186

Unraveling Your Software Bill of Materials - Alyssa Miller - ESW #186

Description

Titles in the series (100)

More Episodes from Enterprise Security Weekly (Video)

Related podcast episodes