Application Security Weekly (Audio)

Mike Shema

Application Security

Open Source Software

Cybersecurity

Software Supply Chain Security

Supply Chain Security

EBPF

Cybersecurity Best Practices

Security Engineering

Generative AI In Security

Node.js

Development Teams

Bot Management

API Security

Software Development

Vulnerabilities

Luis Villa

Government Funding For Software

Appsec

XZ Utils

Karan Dwivedi

About all things AppSec, DevOps, and DevSecOps. Hosted by Mike Shema and John Kinsella, the podcast focuses on helping its audience find and fix software flaws effectively.

23 ratings

Publishes	Weekly	Episodes	391	Founded	8 years ago
Number of Listeners		Categories	NewsTech NewsTechnology

Listen to this Podcast

Guests Hosts Reviews Talking Points

Latest Episodes

AppSec News Roundup on Claude Code Leak, Axios NPM Compromise, Secure Design - Idan Plotnik, Raj Mallempati - ASW #377

Security problems aren't changing very much even though security teams are. We catch up on the implications of the Claude Code source leak, the very human lessons from the axios NPM compromise, and what secure design looks like when it involves agent... more

7 Apr 2026 • 1 hr 8 min

Developing the Skills Needed for Modern Software Development - Keith Hoodlet, Shashwat Sehgal, Ron Rasin - ASW #376

The future of secure software is going through a mix of skills expected of humans and skills files created for LLMs. We might even posit that appsec as a discipline will fade (and that might not even be a bad thing!). Keith Hoodlet describes the skil... more

31 Mar 2026 • 1 hr 15 min

Why Proactive Security Is Far Better Than Patching - Erik Nost - ASW #375

So much of appsec's efforts can be consumed by vuln management and a race to patch security flaws. But that's more a symptom of the ease of scanning and the volume of CVEs. Erik Nost walks through the principles behind proactive security, why the con... more

24 Mar 2026 • 38 min

Creating Better Security Guidance and Code with LLMs - Mark Curphey - ASW #374

What happens when secure coding guidance goes stale? What happens LLMs write code from scratch? Mark Curphy walks us through his experience updating documentation for writing secure code in Go and recreating one of his own startups.

One of the them... more

17 Mar 2026 • 1 hr 4 min

Key Facts

Accepts Guests

Accepts Sponsors

Contact Information

Podcast Host

Number of Listeners

Find out how many people listen to this podcast per episode and each month.

Similar Podcasts

People also subscribe to these shows.

Risky BusinessRisky Business Media

SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)Johannes B. Ullrich

CISO Series PodcastDavid Spark, Mike Johnson, and Andy Ellis

Cybersecurity HeadlinesCISO Series

CyberWire DailyN2K Networks

Recent Guests

Keith Hoodlet

Director of Security Research at One Password

One Password

Episode: Developing the Skills Needed for Modern Software Development - Keith Hoodlet, Shashwat Sehgal, Ron Rasin - ASW #376

Shashwat Sehgal

CEO and co-founder at P0 Security

P0 Security

Episode: Developing the Skills Needed for Modern Software Development - Keith Hoodlet, Shashwat Sehgal, Ron Rasin - ASW #376

Ron Rasin

Chief Strategy Officer at Silverfort

Silverfort

Episode: Developing the Skills Needed for Modern Software Development - Keith Hoodlet, Shashwat Sehgal, Ron Rasin - ASW #376

Erik Nost

Senior analyst at Forrester focusing on proactive security, vault management, exposure management, and continuous security testing

Forrester

Episode: Why Proactive Security Is Far Better Than Patching - Erik Nost - ASW #375

Mark Curphy

Co-founder and Chief Marketing Officer at Crash Override; former OWASP founder and security leader

Crash Override

Episode: Creating Better Security Guidance and Code with LLMs - Mark Curphey - ASW #374

Tamil Mathi

Security researcher focused on IoT, web and cloud security with threat modeling expertise

Independent security researcher / medical device security specialist

Episode: Making Medical Devices Secure - Tamil Mathi - ASW #373

James Wickett

CEO of Dry Run Security, expert on AI-enabled security agents and code review

Dry Run Security

Episode: Modern AppSec that keeps pace with AI development - James Wickett - ASW #372

Runa Sandvik

Founder of GRANIT, a consultancy focused on security for journalists and other at-risk people around the world

GRANIT

Episode: Helping Users with Practical Advice to Protect their Digital Devices - Runa Sandvik - ASW #371

Dan Moore

Senior Director for CIAM Strategy and Identity Standards at Fusion Auth

Fusion Auth

Episode: Bringing Strong Authentication and Granular Authorization for GenAI - Dan Moore - ASW #369

Hosts

Mike Shema

Host associated with Application Security Weekly, frequently leads discussions on AppSec tooling and secure coding practices.

John Kinsella

Co-host focusing on practical security insights and interview-style discussions around AppSec trends.

Reviews

4.7 out of 5 stars from 23 ratings

Yes
It’s the best.
Apple Podcasts
5
Alpha Gay
United States9 months ago
Great show
Amazing show with great news and tips on making sure you code is secure.
Apple Podcasts
5
DMLou
United States3 years ago
One of the best podcast on planet 👍
One of the best podcast on planet 👍
Mike and john are the best and most funny host I had the pleasure dealing with.
Also level of knowledge and precision is unbeatable
Apple Podcasts
5
Fracipo
United Kingdom4 years ago
Great show
Best show I’ve found so far related to AppSec
Apple Podcasts
5
jrod d
United States5 years ago
Keith fails again
Clearly doesn’t know or understand java but still keeps yapping regardless. And don’t get me started on the gdpr episode... so much misinformation and stupidity in one location is rare.
Apple Podcasts
1
quasi42
Denmark8 years ago

Embed These Reviews on a Website

Listeners Say

Key themes from listener reviews, highlighting what works and what could be improved about the show.

Guests and hosts are commended for depth of knowledge and engaging conversations.

A few critics note occasional misinformation or strong opinions, but overall quality is high.

Show is perceived as a strong resource for staying current on AppSec and AI security trends.

Listeners praise practical security guidance and actionable insights.

Top Technology Podcasts

All-In with Chamath, Jason, Sacks & FriedbergAll-In Podcast, LLC

AcquiredBen Gilbert and David Rosenthal

Search EnginePJ Vogt

Hard ForkThe New York Times

The Cast Nexa ShowCast Nexa

DGTL Voices with Ed Marxdgtlvoices

Tomorrow, TodayShekhar Natarajan

The AI Daily Brief: Artificial Intelligence News and AnalysisNathaniel Whittemore

The Sixth BureauBloomberg and iHeartPodcasts

Dwarkesh PodcastDwarkesh Patel

Talking Points

Recent interactions between the hosts and their guests.

Creating Better Security Guidance and Code with LLMs - Mark Curphey - ASW #374

Q: How do you ensure the guidance you give to models stays current and accurate, especially regarding OWASP?

He describes deliberately prioritizing authoritative sources over generic prompts, while also highlighting the need to continuously audit and update prompts with up-to-date data and to use prompts that steer models away from outdated OWASP guidance until validated.

Creating Better Security Guidance and Code with LLMs - Mark Curphey - ASW #374

Q: Tell us a little about your approach to writing secure code with LLMs and your view on OWASP guidance.

Mark explains a hands-on workflow where he uses agentic tools and a strong emphasis on test-driven development, architecture thinking, and alignment with authoritative data sources to guide LLMs. He argues for a human-in-the-loop approach and for augmenting, not replacing, human review—particularly when it comes to security guidance and code generation.

Modern AppSec that keeps pace with AI development - James Wickett - ASW #372

Q: What role does GoFix play in code modernization and AppSec?

GoFix demonstrates that language tooling can automatically modernize code and enforce internal style guides, offering a deterministic approach that reduces fragmentation and can improve security-readability, suggesting a path for broader adoption across languages.

Modern AppSec that keeps pace with AI development - James Wickett - ASW #372

Q: How does multi-agent AI collaboration affect code reviews and vulnerability discovery?

Multiple agents working in parallel provide broader coverage and context, enabling more comprehensive reviews, but also require careful management to avoid hallucinations and conflicting results; a baseline analysis plus differential review helps merge results effectively.

Modern AppSec that keeps pace with AI development - James Wickett - ASW #372

Q: What kinds of flaws are AI-generated code most likely to produce, and how does that differ from traditional patterns?

AI-generated code still produces classic issues like SQL injection and cross-site scripting, but there's a growing prevalence of logic flaws, authorization problems, and complex business-logic vulnerabilities that require deeper analysis beyond simple pattern matching.

Audience Metrics

Listeners, social reach, demographics and more for this podcast.

Listeners per Episode
Gender Skew
Location
Interests
Professions
Age Range
Household Income
Social Media Reach

Frequently Asked Questions About Application Security Weekly

What is Application Security Weekly about and what kind of topics does it cover?

This show centers on practical AppSec, DevSecOps, and security leadership, with recurring focus on AI-enabled tooling, agentic security, threat modeling, and secure coding practices. Across recent episodes, discussions often explore how AI and large language models reshape vulnerability discovery, code review, and runtime protections, along with proactive security strategies, identity and access management for agents, and governance for AI-driven workflows. Notable guests include security researchers, tool builders, and executives who share hands-on insights into building secure software in fast-moving environments. Listeners likely gain actionable guidance on securing developers, implementing robust authentication, and integrating security... more

Where can I find podcast stats for Application Security Weekly?

Rephonic provides a wide range of podcast stats for Application Security Weekly. We scanned the web and collated all of the information that we could find in our comprehensive podcast database. See how many people listen to Application Security Weekly and access YouTube viewership numbers, download stats, audience demographics, chart rankings, ratings, reviews and more.

How many listeners does Application Security Weekly get?

Rephonic provides a full set of podcast information for three million podcasts, including the number of listeners. View further listenership figures for Application Security Weekly, including podcast download numbers and subscriber numbers, so you can make better decisions about which podcasts to sponsor or be a guest on. You will need to upgrade your account to access this premium data.

What are the audience demographics for Application Security Weekly?

Rephonic provides comprehensive predictive audience data for Application Security Weekly, including gender skew, age, country, political leaning, income, professions, education level, and interests. You can access these listener demographics by upgrading your account.

How many subscribers and views does Application Security Weekly have?

To see how many followers or subscribers Application Security Weekly has on Spotify and other platforms such as Castbox and Podcast Addict, simply upgrade your account. You'll also find viewership figures for their YouTube channel if they have one.

Which podcasts are similar to Application Security Weekly?

These podcasts share a similar audience with Application Security Weekly:

1. Risky Business
2. SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
3. CISO Series Podcast
4. Cybersecurity Headlines
5. CyberWire Daily

How many episodes of Application Security Weekly are there?

Application Security Weekly launched 8 years ago and published 391 episodes to date. You can find more information about this podcast including rankings, audience demographics and engagement in our podcast database.

How do I contact Application Security Weekly?

Our systems regularly scour the web to find email addresses and social media links for this podcast. We scanned the web and collated all of the contact information that we could find in our podcast database. But in the unlikely event that you can't find what you're looking for, our concierge service lets you request our research team to source better contacts for you.

Where can I see ratings and reviews for Application Security Weekly?

Rephonic pulls ratings and reviews for Application Security Weekly from multiple sources, including Spotify, Apple Podcasts, Castbox, and Podcast Addict.

View all the reviews in one place instead of visiting each platform individually and use this information to decide if a show is worth pitching or not.

How do I access podcast episode transcripts for Application Security Weekly?

Rephonic provides full transcripts for episodes of Application Security Weekly. Search within each transcript for your keywords, whether they be topics, brands or people, and figure out if it's worth pitching as a guest or sponsor. You can even set-up alerts to get notified when your keywords are mentioned.

What guests have appeared on Application Security Weekly?

Recent guests on Application Security Weekly include:

1. Keith Hoodlet
2. Shashwat Sehgal
3. Ron Rasin
4. Erik Nost
5. Mark Curphy
6. Tamil Mathi
7. James Wickett
8. Runa Sandvik

To view more recent guests and their details, simply upgrade your Rephonic account. You'll also get access to a typical guest profile to help you decide if the show is worth pitching.

Find and pitch the right podcasts

We help savvy brands, marketers and PR professionals to find the right podcasts for any topic or niche. Get the data and contacts you need to pitch podcasts at scale and turn listeners into customers.

Try it free for 7 days