Tis the season... for 0 days. Discussions on the ever-present Log4j issue that the whole industry is dealing with. Kernelcon training announcements, dealing with varying expectations of clients and developers on industry terms, further appsec resources, and why crocs and socks matter.

It's one of those days, must be Q4. View of tech conferences as an outsider. An analysis of data from Google's "Threat Horizons" report and what it tells us about Cloud Security. A few items related security of the software supply chain, including an academic white paper comparing different SCA tools.

Our last episode before its December!!! Where oh where did 2021 go? Seth and Ken wrap up a conversation on fuzzing strategies for HTTP Requests. A discussion on the difficulty of authentication and why that is. Finally, Google Chrome has taken over the web and how it comes back to the browser wars of the early 2000s.

Gobble gobble! It is that time of the year again to stuff our faces... WITH APPSEC! A discussion on breach notification related to the recent GoDaddy disclosure. Understanding symbolic execution with trail of bits. The differences of dynamic and static assessments and why both are important.

Ahem, Seth and Ken return with a live code review of a recently seen authentication routine. A discussion of software interdependence and the issues it creates (such as SSRF). In other words, 151 and not even the rum... sigh. Well somehow these clowns are still allowed on YouTube so stay tuned for another episode I guess or whatever. Or don't, who cares. Worst. Internship. Ever.

Jerry Gamblin makes a return to the podcast to talk about recent events in Missouri and how _not_ to respond to responsible vulnerability disclosure. A discussion on the increase of CVEs showing up in the National Vulnerability Database, how Kenna was acquired by Cisco, and Portswigger's new Burp Suite Certificate.

Just two old men bi***ing and moaning about App Sec and the price of a good pair of New Balances. Real discussion on dealing with burnout and imposter syndrome. How to stay engaged and interested when the excitement becomes mundane.

Strange things are afoot at the Circle K. Facebook outage and BGP routing. A new issue of phrack released on Oct 5 results a discussion on the good ol' days, BBSes, and the commercialization of security. Finally, thoughts on paved paths and how they affect security.

The one and only James Kettle (@albinowax) of Portswigger joins Seth and Ken to talk about his path into security, HTTP request smuggling, and how to perform security research.

Now with the latest in old people ramblings. Discussion about the OWASP Top 10 Draft list and how the Top 10 should be used as an awareness document. Discussions on bug bounties with surprise guest Jason Haddix (@JHaddix). More fun with HTTP Request Smuggling.