Seth and Ken wax nostalgic about the old days due to the shut down of the Bugtraq Mailing List (RIP old friend). Further discussions on web cache poisoning and blind server-side request forgery (SSRF) exploits.

Seth and Ken return with a discussion about application security in the news, including relevance to the Parler "backups". Also discussions about Twitter and latest political developments and how they affect the security industry.

The dynamic duo is back for their last podcast of 2020!

Lewis Ardern (@LewisArdern) and Pwnfunction (@pwnfunction) join Seth and Ken to talk client-side JavaScript security and their recent Vue JS blog post. https://portswigger.net/research/evading-defences-using-vuejs-script-gadgets

Clint Gibler (@clintgibler) joins Seth and Ken to talk about Static Analysis with Semgrep. Demonstrations of writing rules within Semgrep and how to use it.

Seth and Ken discuss account enumeration vulnerabilities and open source tools that take advantage of them. Discussion about the recent Github Actions vulnerability.

Jacob Salassi (@JacobSalassi) joins us to discuss his developer-driven, standardized, threat modeling process. Also discussions on developer empathy, risk assessment, and other topics.

Mark Feferman (@mfeferman) joins Seth and Ken to throw down about automated static analysis tools. Discussion of applictaion security talent (or lack thereof) and 'shifting left'.

Seth and Ken dig into strange requests when running bug bounty programs, recent revelations on Apple security research, and detection as code.

Back at it like a phrack addict to talk reserved words, authentication flaws in apps and Grindr, and recognizing insecure patterns during development.