Application Security Weekly (Audio)

Mike Shema

Application Security

Cybersecurity

Generative AI

Devops

Open Source Software

Threat Modeling

Vulnerability Management

Llms

Software Development

Supply Chain Security

Software Supply Chain Security

Zero Trust

Artificial Intelligence

Appsec

Cloud Security

Large Language Models

Bug Bounty Programs

Vulnerabilities

API Security

Devsecops

About all things AppSec, DevOps, and DevSecOps. Hosted by Mike Shema and John Kinsella, the podcast focuses on helping its audience find and fix software flaws effectively.

23 ratings

Publishes	Weekly	Episodes	395	Founded	8 years ago
Number of Listeners		Categories	NewsTechnologyTech News

Listen to this Podcast

Guests Hosts Reviews Talking Points

Latest Episodes

Keeping Up With the OWASP GenAI Project - Scott Clinton - ASW #381

Speed is the most common theme among developers and appsec teams working with LLMs and agents, from trying to keep up with patterns for deploying agents to dealing with more code faster to how the latest models impact code quality and security. The O... more

5 May 2026 • 1 hr 9 min

Top 10 Web Hacking Techniques of 2025 and a Hint for 2026 - James Kettle - ASW #380

Portswigger's list of web hacking techniques is a long-running celebration of curiosity and research from the web hacking community. James Kettle shares his thoughts on the entries from 2025 and how he expects LLMs and agents to influence what the li... more

28 Apr 2026 • 44 min

The Human Aspect of Red Teams - Brian Fox, Tom Tovar, T. Gwyddon 'Data' Owen - ASW #379

Red team exercises set goals to see if a particular outcome can be accomplished through a simulated attack, but the ultimate outcome should be educating the org about how to improve tools and processes that make attacks more difficult to succeed. Gwy... more

21 Apr 2026 • 1 hr 13 min

Securing Software's Journey with the OWASP SPVS - Ido Geffen, Rohan Ravindranath, Cameron W., Farshad Abasi - ASW #378

It's one thing to write secure code, it's another to release it into the wild. That code needs to be designed, built, tested, released, and maintained. Farshad Abasi and Cameron Walters explain how the OWASP Secure Pipeline Verification Standard pick... more

14 Apr 2026 • 1 hr 9 min

Key Facts

Accepts Guests

Accepts Sponsors

Contact Information

Podcast Host

Number of Listeners

Find out how many people listen to this podcast per episode and each month.

Similar Podcasts

People also subscribe to these shows.

The Application Security PodcastChris Romeo and Robert Hurlbut

Security Now (Audio)TWiT

CyberWire DailyN2K Networks

Risky BusinessRisky Business Media

SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)Johannes B. Ullrich

Recent Guests

Gwyddon Data Owen

Retired Air Force Cyber Warfare Officer; Director of Cybersecurity and Technology for Universal Strategy Group

Universal Strategy Group

Episode: The Human Aspect of Red Teams - Brian Fox, Tom Tovar, T. Gwyddon 'Data' Owen - ASW #379

Tom Tovar

CEO at Appdome

Appdome

Episode: The Human Aspect of Red Teams - Brian Fox, Tom Tovar, T. Gwyddon 'Data' Owen - ASW #379

Cameron Walters

Director of Application Security and Security Engineering

OWASP SPVS project team

Episode: Securing Software's Journey with the OWASP SPVS - Ido Geffen, Rohan Ravindranath, Cameron W., Farshad Abasi - ASW #378

Rohan Ravindranath

Founder and CEO

Zappsec

Episode: Securing Software's Journey with the OWASP SPVS - Ido Geffen, Rohan Ravindranath, Cameron W., Farshad Abasi - ASW #378

Ido Geffen

CEO and co-founder

Novee Security

Episode: Securing Software's Journey with the OWASP SPVS - Ido Geffen, Rohan Ravindranath, Cameron W., Farshad Abasi - ASW #378

Raj Mallempati

CEO and co-founder at BlueFlag Security

BlueFlag Security

Episode: AppSec News Roundup on Claude Code Leak, Axios NPM Compromise, Secure Design - Idan Plotnik, Raj Mallempati - ASW #377

Keith Hoodlet

Director of Security Research at One Password

One Password

Episode: Developing the Skills Needed for Modern Software Development - Keith Hoodlet, Shashwat Sehgal, Ron Rasin - ASW #376

Shashwat Sehgal

CEO and co-founder at P0 Security

P0 Security

Episode: Developing the Skills Needed for Modern Software Development - Keith Hoodlet, Shashwat Sehgal, Ron Rasin - ASW #376

Ron Rasin

Chief Strategy Officer at Silverfort

Silverfort

Episode: Developing the Skills Needed for Modern Software Development - Keith Hoodlet, Shashwat Sehgal, Ron Rasin - ASW #376

Hosts

Mike Shema

Host associated with Application Security Weekly, frequently leads discussions on AppSec tooling and secure coding practices.

John Kinsella

Co-host focusing on practical security insights and interview-style discussions around AppSec trends.

Reviews

4.7 out of 5 stars from 23 ratings

Yes
It’s the best.
Apple Podcasts
5
Alpha Gay
United States10 months ago
Great show
Amazing show with great news and tips on making sure you code is secure.
Apple Podcasts
5
DMLou
United States3 years ago
One of the best podcast on planet 👍
One of the best podcast on planet 👍
Mike and john are the best and most funny host I had the pleasure dealing with.
Also level of knowledge and precision is unbeatable
Apple Podcasts
5
Fracipo
United Kingdom4 years ago
Great show
Best show I’ve found so far related to AppSec
Apple Podcasts
5
jrod d
United States5 years ago
Keith fails again
Clearly doesn’t know or understand java but still keeps yapping regardless. And don’t get me started on the gdpr episode... so much misinformation and stupidity in one location is rare.
Apple Podcasts
1
quasi42
Denmark8 years ago

Embed These Reviews on a Website

Listeners Say

Key themes from listener reviews, highlighting what works and what could be improved about the show.

Guests and hosts are commended for depth of knowledge and engaging conversations.

A few critics note occasional misinformation or strong opinions, but overall quality is high.

Show is perceived as a strong resource for staying current on AppSec and AI security trends.

Listeners praise practical security guidance and actionable insights.

Top Technology Podcasts

AcquiredBen Gilbert and David Rosenthal

Tomorrow, TodayShekhar Natarajan

All-In with Chamath, Jason, Sacks & FriedbergAll-In Podcast, LLC

The AI Daily Brief: Artificial Intelligence News and AnalysisNathaniel Whittemore

Hard ForkThe New York Times

The Room PodcastClaudia Laurie and Madison McIlwain

Eye On A.I.Craig S. Smith

Bourbon with BradCompletely Offensively LLC

Dwarkesh PodcastDwarkesh Patel

Building AI BostonBuilding AI Boston

Talking Points

Recent interactions between the hosts and their guests.

Top 10 Web Hacking Techniques of 2025 and a Hint for 2026 - James Kettle - ASW #380

Q: Do you think HTTP 1 will ever die, and what does that imply for future research?

HTTP 1 will likely persist for a very long time, but the focus shifts toward encouraging secure implementations and TLS, with researchers continuing to find novel ways to abuse legacy protocols while frameworks evolve to mitigate risk.

Top 10 Web Hacking Techniques of 2025 and a Hint for 2026 - James Kettle - ASW #380

Q: What role do LLMs play in your research workflow compared to the harness you built?

LLMs provide speed and breadth, but a robust harness and researcher-guided methodology are essential to turn AI outputs into credible, novel techniques; tools plus hands-on experimentation determine the quality and novelty of findings.

Creating Better Security Guidance and Code with LLMs - Mark Curphey - ASW #374

Q: How do you ensure the guidance you give to models stays current and accurate, especially regarding OWASP?

He describes deliberately prioritizing authoritative sources over generic prompts, while also highlighting the need to continuously audit and update prompts with up-to-date data and to use prompts that steer models away from outdated OWASP guidance until validated.

Creating Better Security Guidance and Code with LLMs - Mark Curphey - ASW #374

Q: Tell us a little about your approach to writing secure code with LLMs and your view on OWASP guidance.

Mark explains a hands-on workflow where he uses agentic tools and a strong emphasis on test-driven development, architecture thinking, and alignment with authoritative data sources to guide LLMs. He argues for a human-in-the-loop approach and for augmenting, not replacing, human review—particularly when it comes to security guidance and code generation.

Modern AppSec that keeps pace with AI development - James Wickett - ASW #372

Q: What role does GoFix play in code modernization and AppSec?

GoFix demonstrates that language tooling can automatically modernize code and enforce internal style guides, offering a deterministic approach that reduces fragmentation and can improve security-readability, suggesting a path for broader adoption across languages.

Audience Metrics

Listeners, social reach, demographics and more for this podcast.

Listeners per Episode
Gender Skew
Location
Interests
Professions
Age Range
Household Income
Social Media Reach

Frequently Asked Questions About Application Security Weekly

What is Application Security Weekly about and what kind of topics does it cover?

This show centers on practical AppSec, DevSecOps, and security leadership, with recurring focus on AI-enabled tooling, agentic security, threat modeling, and secure coding practices. Across recent episodes, discussions often explore how AI and large language models reshape vulnerability discovery, code review, and runtime protections, along with proactive security strategies, identity and access management for agents, and governance for AI-driven workflows. Notable guests include security researchers, tool builders, and executives who share hands-on insights into building secure software in fast-moving environments. Listeners likely gain actionable guidance on securing developers, implementing robust authentication, and integrating security... more

Where can I find podcast stats for Application Security Weekly?

Rephonic provides a wide range of podcast stats for Application Security Weekly. We scanned the web and collated all of the information that we could find in our comprehensive podcast database. See how many people listen to Application Security Weekly and access YouTube viewership numbers, download stats, audience demographics, chart rankings, ratings, reviews and more.

How many listeners does Application Security Weekly get?

Rephonic provides a full set of podcast information for three million podcasts, including the number of listeners. View further listenership figures for Application Security Weekly, including podcast download numbers and subscriber numbers, so you can make better decisions about which podcasts to sponsor or be a guest on. You will need to upgrade your account to access this premium data.

What are the audience demographics for Application Security Weekly?

Rephonic provides comprehensive predictive audience data for Application Security Weekly, including gender skew, age, country, political leaning, income, professions, education level, and interests. You can access these listener demographics by upgrading your account.

How many subscribers and views does Application Security Weekly have?

To see how many followers or subscribers Application Security Weekly has on Spotify and other platforms such as Castbox and Podcast Addict, simply upgrade your account. You'll also find viewership figures for their YouTube channel if they have one.

Which podcasts are similar to Application Security Weekly?

These podcasts share a similar audience with Application Security Weekly:

1. The Application Security Podcast
2. Security Now (Audio)
3. CyberWire Daily
4. Risky Business
5. SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

How many episodes of Application Security Weekly are there?

Application Security Weekly launched 8 years ago and published 395 episodes to date. You can find more information about this podcast including rankings, audience demographics and engagement in our podcast database.

How do I contact Application Security Weekly?

Our systems regularly scour the web to find email addresses and social media links for this podcast. We scanned the web and collated all of the contact information that we could find in our podcast database. But in the unlikely event that you can't find what you're looking for, our concierge service lets you request our research team to source better contacts for you.

Where can I see ratings and reviews for Application Security Weekly?

Rephonic pulls ratings and reviews for Application Security Weekly from multiple sources, including Spotify, Apple Podcasts, Castbox, and Podcast Addict.

View all the reviews in one place instead of visiting each platform individually and use this information to decide if a show is worth pitching or not.

How do I access podcast episode transcripts for Application Security Weekly?

Rephonic provides full transcripts for episodes of Application Security Weekly. Search within each transcript for your keywords, whether they be topics, brands or people, and figure out if it's worth pitching as a guest or sponsor. You can even set-up alerts to get notified when your keywords are mentioned.

What guests have appeared on Application Security Weekly?

Recent guests on Application Security Weekly include:

1. Gwyddon Data Owen
2. Tom Tovar
3. Cameron Walters
4. Rohan Ravindranath
5. Ido Geffen
6. Raj Mallempati
7. Keith Hoodlet
8. Shashwat Sehgal

To view more recent guests and their details, simply upgrade your Rephonic account. You'll also get access to a typical guest profile to help you decide if the show is worth pitching.

Find and pitch the right podcasts

We help savvy brands, marketers and PR professionals to find the right podcasts for any topic or niche. Get the data and contacts you need to pitch podcasts at scale and turn listeners into customers.

Try it free for 7 days