Seth and Ken discuss fuzzing techniques, recommendations, and experience. Stories of fuzzing in production. How static analysis tools have changed and where they fit.

Stefan (@lojikil) and Brian (@infosecdad) are back to talk about threat modeling with Seth and Ken. Discussion covers risk assessment, threat modeling, asset inventory, and software maturity.

Jessica Rozhin (@JessicaRozhin) and Lady Christina Liu (@cliuthulu) join Seth and Ken to talk about alternate routes into security, including accounting and joining a circus. Discussions on forensics, incident response, and how lock picking can help build an infosec culture.

Seth and Ken discuss tips for running a bug bounty program, risk of webhooks, Segment's move to and from microservices, and having CVE Fatigue.

Seth and Ken are joined by the Huntr Dev team to talk about securing open source software, bug bounties, and writing secure code.

Seth struggles with internet access during a discussion with Ken on working from home, employee surveillance, and Sneek. Additional thoughts on the evolution of application security and penetration testing since the beginning of our careers.

LOJI IS BACK! Stefan joins Seth and Ken to talk about his work on Trail of Bits assessment of the Voatz mobile application, share thoughts on Zoom, and discuss the assessment process. Discussions on report writing, risk assessments, threat modeling, and other appsec goodness.

Seth and Ken provide their take on the Voatz mobile app dismissal from HackerOne. Additional discussion of network trends during social distancing and COVID-19 as reported by Shodan. Finally some thoughts on the new OWASP Firmware Testing Guide and InQL, a GraphQL Burp Suite Pro plugin.

LOJI IS BACK! Stefan joins Seth and Ken to talk about his work on Trail of Bits assessment of the Voatz mobile application, share thoughts on Zoom, and discuss the assessment process. Discussions on report writing, risk assessments, threat modeling, and other appsec goodness.

Kat Sweet (@TheSweetKat) continues our discussion from DevSecOps Days Austin. Topics include incident response, staying right while you push left, developer training, and getting into information security.