Seth and Ken discuss security gifts for appsec peeps. Joined by Stefan Edwards (@lojikil) to talk about his origin story (Seth gets bagged on), formal verification, and a multitude of other topics.

Seth and Ken discuss cross-site scripting and input validation/output encoding findings. Later joined by Mike McCabe's (@mccabe615) talking about cloud security, building an appsec program, interviews (both for and against) and CHRISTMAS.

Seth and Ken discuss server side request forgery and then pick Travis McPeak's (@travismcpeak) brain about AWS security, his path into security, QA testing, and Netflix cloud security tools.

Seth and Ken are joined last minute by Stefan Edwards (@lojikil) to talk about security unit tests, fuzzing, and all things you will need to google later on. Blockchains and secure contracts are introduced and somewhat explained.

Seth and Ken go over fully vetting functions during code reviews. John Melton (@_jtmelton) talks with Ken and Seth about static analysis tools, building an appsec program, open source, and more.

Setup tips for starting an assessment with Burp Suite Professional. Eric Johnson (@emjohn20) talks with Ken and Seth about Roslyn, building Puma Scan, SANS, and more.

Practical advice on submitting and writing effective findings for bug bounties and reports. Rob Fuller (@mubix) talks about his path into security, CCDC, volunteerism, NoVA Hackers and more.

Dave Ferguson (@_sc0rn) talks about the futility of developer training, initial discovery of CSRF in on netflix.com, and application scanning with Ken and Seth.

Matt Tesauro (@matt_tesauro) talks OWASP, community involvement, Defect Dojo, and the AppSec Pipeline toolbox with Ken and Seth.

Astha Singhal (@astha_singhal) joins Ken and Seth to talk automating application security and bug bounties.