Clint Gibler (@clintgibler) joins Seth and Ken to talk about Static Analysis with Semgrep. Demonstrations of writing rules within Semgrep and how to use it.

Seth and Ken discuss account enumeration vulnerabilities and open source tools that take advantage of them. Discussion about the recent Github Actions vulnerability.

Jacob Salassi (@JacobSalassi) joins us to discuss his developer-driven, standardized, threat modeling process. Also discussions on developer empathy, risk assessment, and other topics.

Mark Feferman (@mfeferman) joins Seth and Ken to throw down about automated static analysis tools. Discussion of applictaion security talent (or lack thereof) and 'shifting left'.

Seth and Ken dig into strange requests when running bug bounty programs, recent revelations on Apple security research, and detection as code.

Back at it like a phrack addict to talk reserved words, authentication flaws in apps and Grindr, and recognizing insecure patterns during development.

We are back with a Seth and Ken only episode to talk about the evolution of threat modeling, the documentary "The Social Dilemma", mental health, and imposter syndrome.

Sean Poris (@skp00) joins Absolute AppSec to talk about The Paranoids virtual bug bounty hacking event H1-2010, staying sane, managing a virtual team, and advice for running a bug bounty program.

Markus Schirp (@_m_b_j_) joins Seth and Ken to talk about Ruby and other dynamic languages. Mutation testing, TDD weaknesses, and meta programming.

Justin Massey from Data Dog joins us to talk Application Logging.