Sign up to save your podcasts
Or
Share 25 years of the same problem in Application Security - Sam Stepanyan
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
25 years of the same problem in Application Security - Sam Stepanyan
Today, I’m joined by Sam Stepanyan, an OWASP Global Board member and an OWASP London Chapter Leader. Sam is an Independent Application Security Consultant and Security Architect with over 20 years of experience in the IT industry.
Sam has worked for various financial services institutions in the City of London specialising in Application Security consulting, Secure Software Development Lifecycle (SDLC), developer training, source code reviews and vulnerability management.
He is also a Subject Matter Expert in Web Application Firewalls (WAF) and SIEM systems.
In this episode, we explore why, despite OWASP being around for over 25 years, many developers are still unaware of it—and why shifting focus toward developer conferences might be key to spreading security knowledge more effectively.
We also discuss the impact of AI on modern security practices, the growing role of automated penetration testing tools, and how even small changes—like adding the word “secure” to a vibe coding prompt—can help nudge developers toward more security-conscious decisions.
Dive right in!
This podcast is brought to you by
Escape: https://escape.tech — Offensive security for the teams that are 100x outnumbered, combining Attack Surface Management, business-logic-aware DAST and AI pentesting solutions.
View all episodes
By The Elephant in AppSecToday, I’m joined by Sam Stepanyan, an OWASP Global Board member and an OWASP London Chapter Leader. Sam is an Independent Application Security Consultant and Security Architect with over 20 years of experience in the IT industry.
Sam has worked for various financial services institutions in the City of London specialising in Application Security consulting, Secure Software Development Lifecycle (SDLC), developer training, source code reviews and vulnerability management.
He is also a Subject Matter Expert in Web Application Firewalls (WAF) and SIEM systems.
In this episode, we explore why, despite OWASP being around for over 25 years, many developers are still unaware of it—and why shifting focus toward developer conferences might be key to spreading security knowledge more effectively.
We also discuss the impact of AI on modern security practices, the growing role of automated penetration testing tools, and how even small changes—like adding the word “secure” to a vibe coding prompt—can help nudge developers toward more security-conscious decisions.
Dive right in!
This podcast is brought to you by
Escape: https://escape.tech — Offensive security for the teams that are 100x outnumbered, combining Attack Surface Management, business-logic-aware DAST and AI pentesting solutions.