Application Security Weekly (Audio)

Security Weekly Productions

Application Security

Open Source Software

Cybersecurity

Software Supply Chain Security

Supply Chain Security

Ebpf

Cybersecurity Best Practices

Security Engineering

Generative AI In Security

Node.js

API Security

Bot Management

Development Teams

Software Development

Vulnerabilities

Government Funding For Software

Luis Villa

Appsec

XZ Utils

Karan Dwivedi

About all things AppSec, DevOps, and DevSecOps. Hosted by Mike Shema and John Kinsella, the podcast focuses on helping its audience find and fix software flaws effectively.

23 ratings

Publishes	Weekly	Episodes	388	Founded	8 years ago
Number of Listeners		Categories	NewsTech NewsTechnology

Listen to this Podcast

Guests Hosts Reviews Talking Points

Latest Episodes

Creating Better Security Guidance and Code with LLMs - Mark Curphey - ASW #374

What happens when secure coding guidance goes stale? What happens LLMs write code from scratch? Mark Curphy walks us through his experience updating documentation for writing secure code in Go and recreating one of his own startups.

One of the them... more

Yesterday • 1 hr 4 min

Making Medical Devices Secure - Tamil Mathi - ASW #373

Medical devices are a special segment of the IoT world where availability and patient safety are paramount. Tamil Mathi explains why many devices need to fail open -- the opposite of what traditional appsec approaches might initially think -- and wha... more

10 Mar 2026 • 1 hr 3 min

Modern AppSec that keeps pace with AI development - James Wickett - ASW #372

As more developers turn to LLMs to generate code, more appsec teams are turning to LLMs to conduct security code reviews. One of the biggest themes in all the discussion around LLMs, agents, and code is speed -- more code created faster. James Wicket... more

3 Mar 2026 • 47 min

Helping Users with Practical Advice to Protect their Digital Devices - Runa Sandvik - ASW #371

Journalists put a lot of effort into collecting information and protecting their sources, but everyone can benefit from having a digital environment that's more secure and more privacy protecting. Runa Sandvik shares her experience working with journ... more

24 Feb 2026 • 1 hr

Key Facts

Accepts Guests

Accepts Sponsors

Contact Information

Podcast Host

Number of Listeners

Find out how many people listen to this podcast per episode and each month.

Similar Podcasts

People also subscribe to these shows.

Darknet DiariesJack Rhysider

Freakonomics RadioFreakonomics Radio + Stitcher

Risky BusinessRisky Business Media

SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)Johannes B. Ullrich

Cybersecurity HeadlinesCISO Series

Recent Guests

Mark Curphy

Co-founder and Chief Marketing Officer at Crash Override; former OWASP founder and security leader

Crash Override

Episode: Creating Better Security Guidance and Code with LLMs - Mark Curphey - ASW #374

Tamil Mathi

Security researcher focused on IoT, web and cloud security with threat modeling expertise

Independent security researcher / medical device security specialist

Episode: Making Medical Devices Secure - Tamil Mathi - ASW #373

James Wickett

CEO of Dry Run Security, expert on AI-enabled security agents and code review

Dry Run Security

Episode: Modern AppSec that keeps pace with AI development - James Wickett - ASW #372

Runa Sandvik

Founder of GRANIT, a consultancy focused on security for journalists and other at-risk people around the world

GRANIT

Episode: Helping Users with Practical Advice to Protect their Digital Devices - Runa Sandvik - ASW #371

Bob Lord

Cyber Security Executive and Public Interest Technologist

Episode: Secure By Design Is Better Than Secure By Myth - Bob Lord - ASW #365

Chris Wysopal

Chief Security Evangelist at Veracode, co-founder of Veracode, and former vice president of research and development at security consultancy At Stake.

Veracode

Episode: The Upsides and Downsides of LLM-Generated Code - Chris Wysopal - ASW #364

Sebastian Deleersnyder

CTO at Torreon, involved in Software Assurance Maturity Model and AI in AppSec.

Torreon

Episode: Modern AppSec: OWASP SAMM, AI Secure Coding, Threat Modeling & Champions - Sebastian Deleersnyder, Dustin Lehr, James Manico, Adam Shostack - ASW #362

James Manico

Secure Coding Instructor and owner of Manico Security.

Manico Security

Episode: Modern AppSec: OWASP SAMM, AI Secure Coding, Threat Modeling & Champions - Sebastian Deleersnyder, Dustin Lehr, James Manico, Adam Shostack - ASW #362

Kat Cosgrove

Head of Developer Advocacy at Minimus focusing on growing and nurturing open source through authentic contribution.

Minimus

Episode: Developing Open Source Skills for Maintaining Projects - Kat Cosgrove - ASW #361

Hosts

Mike Shema

Host and presenter; an expert in application security and coding practices, engaged in discussions that emphasize actionable security measures.

John Kinsella

Co-host and security advocate with extensive knowledge in cybersecurity practices, focusing on the integration of security in software development.

Reviews

4.7 out of 5 stars from 23 ratings

Yes
It’s the best.
Apple Podcasts
5
Alpha Gay
United States8 months ago
Great show
Amazing show with great news and tips on making sure you code is secure.
Apple Podcasts
5
DMLou
United States3 years ago
One of the best podcast on planet 👍
One of the best podcast on planet 👍
Mike and john are the best and most funny host I had the pleasure dealing with.
Also level of knowledge and precision is unbeatable
Apple Podcasts
5
Fracipo
United Kingdom4 years ago
Great show
Best show I’ve found so far related to AppSec
Apple Podcasts
5
jrod d
United States5 years ago
Keith fails again
Clearly doesn’t know or understand java but still keeps yapping regardless. And don’t get me started on the gdpr episode... so much misinformation and stupidity in one location is rare.
Apple Podcasts
1
quasi42
Denmark8 years ago

Embed These Reviews on a Website

Listeners Say

Key themes from listener reviews, highlighting what works and what could be improved about the show.

The content is regarded as informative, with many appreciating the expert guests who share industry insights.

Some critiques mention occasional misinformation in discussions, highlighting the need for accuracy in technical topics.

Listeners praise the podcast for its practical insights on application security and the humor of the hosts.

Top Technology Podcasts

All-In with Chamath, Jason, Sacks & FriedbergAll-In Podcast, LLC

AcquiredBen Gilbert and David Rosenthal

Tomorrow, TodayShekhar Natarajan

The AI Daily Brief: Artificial Intelligence News and AnalysisNathaniel Whittemore

The InterfaceBBC

Technology NowHewlett Packard Enterprise

Hard ForkThe New York Times

Lex Fridman PodcastLex Fridman

Building AI BostonBuilding AI Boston

Dwarkesh PodcastDwarkesh Patel

Talking Points

Recent interactions between the hosts and their guests.

Creating Better Security Guidance and Code with LLMs - Mark Curphey - ASW #374

Q: How do you ensure the guidance you give to models stays current and accurate, especially regarding OWASP?

He describes deliberately prioritizing authoritative sources over generic prompts, while also highlighting the need to continuously audit and update prompts with up-to-date data and to use prompts that steer models away from outdated OWASP guidance until validated.

Creating Better Security Guidance and Code with LLMs - Mark Curphey - ASW #374

Q: Tell us a little about your approach to writing secure code with LLMs and your view on OWASP guidance.

Mark explains a hands-on workflow where he uses agentic tools and a strong emphasis on test-driven development, architecture thinking, and alignment with authoritative data sources to guide LLMs. He argues for a human-in-the-loop approach and for augmenting, not replacing, human review—particularly when it comes to security guidance and code generation.

Modern AppSec that keeps pace with AI development - James Wickett - ASW #372

Q: What role does GoFix play in code modernization and AppSec?

GoFix demonstrates that language tooling can automatically modernize code and enforce internal style guides, offering a deterministic approach that reduces fragmentation and can improve security-readability, suggesting a path for broader adoption across languages.

Modern AppSec that keeps pace with AI development - James Wickett - ASW #372

Q: How does multi-agent AI collaboration affect code reviews and vulnerability discovery?

Multiple agents working in parallel provide broader coverage and context, enabling more comprehensive reviews, but also require careful management to avoid hallucinations and conflicting results; a baseline analysis plus differential review helps merge results effectively.

Modern AppSec that keeps pace with AI development - James Wickett - ASW #372

Q: What kinds of flaws are AI-generated code most likely to produce, and how does that differ from traditional patterns?

AI-generated code still produces classic issues like SQL injection and cross-site scripting, but there's a growing prevalence of logic flaws, authorization problems, and complex business-logic vulnerabilities that require deeper analysis beyond simple pattern matching.

Audience Metrics

Listeners, social reach, demographics and more for this podcast.

Listeners per Episode
Gender Skew
Location
Interests
Professions
Age Range
Household Income
Social Media Reach

Frequently Asked Questions About Application Security Weekly

What is Application Security Weekly about and what kind of topics does it cover?

Focusing exclusively on application security (AppSec), the content covers a wide array of topics pertinent to developers, security professionals, and technology enthusiasts. Regular discussions range from the implications of generative AI in coding practices, the evolution of security standards, to the latest vulnerabilities affecting critical infrastructure. The interactive nature of the episodes, often featuring expert guests, not only tackles current challenges in the field but also anticipates future trends and needed advancements in security protocols. This podcast is noteworthy for its commitment to actionable insight, helping listeners grasp complex themes in AppSec while providing practical solutions to enhance their coding and secu... more

Where can I find podcast stats for Application Security Weekly?

Rephonic provides a wide range of podcast stats for Application Security Weekly. We scanned the web and collated all of the information that we could find in our comprehensive podcast database. See how many people listen to Application Security Weekly and access YouTube viewership numbers, download stats, audience demographics, chart rankings, ratings, reviews and more.

How many listeners does Application Security Weekly get?

Rephonic provides a full set of podcast information for three million podcasts, including the number of listeners. View further listenership figures for Application Security Weekly, including podcast download numbers and subscriber numbers, so you can make better decisions about which podcasts to sponsor or be a guest on. You will need to upgrade your account to access this premium data.

What are the audience demographics for Application Security Weekly?

Rephonic provides comprehensive predictive audience data for Application Security Weekly, including gender skew, age, country, political leaning, income, professions, education level, and interests. You can access these listener demographics by upgrading your account.

How many subscribers and views does Application Security Weekly have?

To see how many followers or subscribers Application Security Weekly has on Spotify and other platforms such as Castbox and Podcast Addict, simply upgrade your account. You'll also find viewership figures for their YouTube channel if they have one.

Which podcasts are similar to Application Security Weekly?

These podcasts share a similar audience with Application Security Weekly:

1. Darknet Diaries
2. Freakonomics Radio
3. Risky Business
4. SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
5. Cybersecurity Headlines

How many episodes of Application Security Weekly are there?

Application Security Weekly launched 8 years ago and published 388 episodes to date. You can find more information about this podcast including rankings, audience demographics and engagement in our podcast database.

How do I contact Application Security Weekly?

Our systems regularly scour the web to find email addresses and social media links for this podcast. We scanned the web and collated all of the contact information that we could find in our podcast database. But in the unlikely event that you can't find what you're looking for, our concierge service lets you request our research team to source better contacts for you.

Where can I see ratings and reviews for Application Security Weekly?

Rephonic pulls ratings and reviews for Application Security Weekly from multiple sources, including Spotify, Apple Podcasts, Castbox, and Podcast Addict.

View all the reviews in one place instead of visiting each platform individually and use this information to decide if a show is worth pitching or not.

How do I access podcast episode transcripts for Application Security Weekly?

Rephonic provides full transcripts for episodes of Application Security Weekly. Search within each transcript for your keywords, whether they be topics, brands or people, and figure out if it's worth pitching as a guest or sponsor. You can even set-up alerts to get notified when your keywords are mentioned.

What guests have appeared on Application Security Weekly?

Recent guests on Application Security Weekly include:

1. Mark Curphy
2. Tamil Mathi
3. James Wickett
4. Runa Sandvik
5. Bob Lord
6. Chris Wysopal
7. Sebastian Deleersnyder
8. James Manico

To view more recent guests and their details, simply upgrade your Rephonic account. You'll also get access to a typical guest profile to help you decide if the show is worth pitching.

Find and pitch the right podcasts

We help savvy brands, marketers and PR professionals to find the right podcasts for any topic or niche. Get the data and contacts you need to pitch podcasts at scale and turn listeners into customers.

Try it free for 7 days