Rey Bango (@reybango) from Veracode joins Seth and Ken to talk about his path into security. Topics include JavaScript, JQuery, building relationships between security and relations, and how to educate the next generation of developers in security.

Seth hosts Stefan Edwards (@lojikil) and David Coursey (@dacoursey) discussing PHP's recent backdoor, probable fixes including code commit signing and the move to GitHub. THe discussion covers ease of security, developer tendencies when securing code, and application security nihilism.

Seth and Ken discuss the role of regular expressions in routing of web application requests. Discussion covers basics of routing, exploitation of secondary contexts, and bypassing of web application firewalls.

Seth and Ken are back on another Taco Tuesday to talk through getting into application security and how to support those new to the field. Also a discussion on phishing sites that detect VMs and other tools to bypass detection and observed client-side JavaScript attacks.

Seth and Ken discuss interviewing techniques for technical resources, SQL injection in the media and Github's recent concurrency vulnerability. Also a discussion on recent WordPress plugin vulnerabilities and why they are always so devastating.

Seth and Ken discuss Portswigger's Top 10 Web Hacking Techniques of 2020, specifically injection attacks through images in PDFs and reverse proxies. Further discussion on creativity in development and how that affects and limits security.

Seth and Ken discuss client-side controls and 3rd-party JavaScript security features. Confused deputy vulnerabilities (dependency confusion) in the news.

Seth and Ken welcome back Professor Brian Glas (@infosecdad) to dispel the recent OWASP Top 10 2021 speculation and rumor. We talk through the origins and purpose of the OWASP Top 10 as well as the 2021 call for data and upcoming release.

Stefan Edwards (@lojikil) once again joins Seth and Ken to talk all things LangSec (language security). Discussion ranges from manual vs. automated testing to fuzzing to semantic analysis to formal specification.

Seth and Ken discuss the proposed 2021 OWASP Top 10 Risks, North Korean attacks against security researchers, password managers, latest in Parler de-platforming, and phishing possibilities.