Rephonic
Artwork for Application Security Weekly

Application Security Weekly (Audio)

Mike Shema
Application Security
Cybersecurity
Generative AI
Devops
Open Source Software
Threat Modeling
Llms
Vulnerability Management
Software Development
Supply Chain Security
Zero Trust
Software Supply Chain Security
OWASP Genai Security Project
Appsec
Artificial Intelligence
Cloud Security
Large Language Models
Bug Bounty Programs
Vulnerabilities
API Security

About all things AppSec, DevOps, and DevSecOps. Hosted by Mike Shema and John Kinsella, the podcast focuses on helping its audience find and fix software flaws effectively.

PublishesWeeklyEpisodes404Founded8 years ago
Number of ListenersCategories
NewsTech NewsTechnology

Listen to this Podcast

Artwork for Application Security Weekly

Latest Episodes

Mobile applications have unique risks and threat models compared to server-side applications and infrastructure. Consequently, they need different strategies to ensure their business logic and workflows well secured. We'll dive into some of these def... more

SquidBleed reveals another vuln that's been lurking for decades, but its real lesson is in managing an attack surface. Regardless of whatever programming language you use, removing code is one of the best security steps you can take, followed by chan... more

Appsec has seen machine identities from daemons and processes to services, microservices, and cloud accounts. And now we have agents. Ev Kontsevoy talks about what it means to have engineers and agents interacting in an environment, and why a focus o... more

Agents and LLMs are creating and reviewing code. They're a new tool to help developers write software and they're a new abstraction layer for expressing what code should do. But if we're focused on determining whether code is secure, where do we focu... more

Key Facts

Accepts Guests
Accepts Sponsors
Contact Information
Podcast Host
Number of Listeners
Find out how many people listen to this podcast per episode and each month.

Similar Podcasts

People also subscribe to these shows.

Recent Guests

Ev Kontsevoy
Co-founder and CEO of Teleport
Teleport
Episode: How AI Is Reshaping Identity Security at the Infrastructure Layer - Amit Masand, Neha Duggal, Ev Kontsevoy - ASW #388
Neha Duggal
Chief Product Officer at P0 Security
P0 Security
Episode: How AI Is Reshaping Identity Security at the Infrastructure Layer - Amit Masand, Neha Duggal, Ev Kontsevoy - ASW #388
Amit Masand
Founder and CEO at IDM Express
IDM Express
Episode: How AI Is Reshaping Identity Security at the Infrastructure Layer - Amit Masand, Neha Duggal, Ev Kontsevoy - ASW #388
Federico Kirschbaum
Head of the XBOW Security Lab; cybersecurity expert with 20+ years of experience; co-founder of Faraday Security and Echo Party
XBOW, Faraday Security, Echo Party
Episode: Scanner Results Are a Starting Point. Here's What Comes Next. - Federico Kirschbaum - ASW #386
Merritt Maxim
VP Research Director at Forrester
Forrester
Episode: AppSec Conversations on Agents, LLMs, and OWASP from RSAC - Merritt Maxim, Scott Clinton, Janet Worthington - ASW #384
Janet Worthington
Senior security analyst at Forrester
Forrester
Episode: AppSec Conversations on Agents, LLMs, and OWASP from RSAC - Merritt Maxim, Scott Clinton, Janet Worthington - ASW #384
Gwyddon Data Owen
Retired Air Force Cyber Warfare Officer; Director of Cybersecurity and Technology for Universal Strategy Group
Universal Strategy Group
Episode: The Human Aspect of Red Teams - Brian Fox, Tom Tovar, T. Gwyddon 'Data' Owen - ASW #379
Brian Fox
CTO and Co-founder at Sonatype
Sonatype
Episode: The Human Aspect of Red Teams - Brian Fox, Tom Tovar, T. Gwyddon 'Data' Owen - ASW #379
Tom Tovar
CEO at Appdome
Appdome
Episode: The Human Aspect of Red Teams - Brian Fox, Tom Tovar, T. Gwyddon 'Data' Owen - ASW #379

Hosts

Mike Shema
Host focusing on application security, secure coding, and industry trends; frequently discusses SDLC, threat modeling, and tooling.
John Kinsella
Co-host who covers AppSec news, industry insights, and practical guidance for developers and security teams.

Reviews

4.7 out of 5 stars from 23 ratings
  • Yes

    It’s the best.

    Apple Podcasts
    5
    Alpha Gay
    United Statesa year ago
  • Great show

    Amazing show with great news and tips on making sure you code is secure.

    Apple Podcasts
    5
    DMLou
    United States4 years ago
  • One of the best podcast on planet 👍

    One of the best podcast on planet 👍

    Mike and john are the best and most funny host I had the pleasure dealing with.

    Also level of knowledge and precision is unbeatable

    Apple Podcasts
    5
    Fracipo
    United Kingdom4 years ago
  • Great show

    Best show I’ve found so far related to AppSec

    Apple Podcasts
    5
    jrod d
    United States5 years ago
  • Keith fails again

    Clearly doesn’t know or understand java but still keeps yapping regardless. And don’t get me started on the gdpr episode... so much misinformation and stupidity in one location is rare.

    Apple Podcasts
    1
    quasi42
    Denmark8 years ago

Listeners Say

Key themes from listener reviews, highlighting what works and what could be improved about the show.

Guests bring strong industry context and hands-on perspectives.
One reviewer notes misinformation on a certain episode; overall sentiment remains strongly positive.
Show blends humor with serious security topics, which listeners appreciate.
Audience consistently praises practical security guidance and deep technical dives.

Top Technology Podcasts

Tomorrow, Today
Tomorrow, TodayShekhar Natarajan
Acquired
AcquiredBen Gilbert and David Rosenthal
The Room Podcast
The Room PodcastClaudia Laurie and Madison McIlwain
Building AI Boston
Building AI BostonBuilding AI Boston
Eye On A.I.
Eye On A.I.Craig S. Smith
Hard Fork
Hard ForkThe New York Times

Talking Points

Recent interactions between the hosts and their guests.

The State of AI & AppSec - Keith Hoodlet - ASW #383
Q: What is misalignment in the context of LLMs and mobile app security, and why does it matter?
Misalignment refers to AI agents acting in ways that can look like security or hacking behavior, which can trigger false positives or reveal real vulnerabilities. It matters because it necessitates new threat models and secure harnessing practices to keep automated systems from creating or missing security issues.
Top 10 Web Hacking Techniques of 2025 and a Hint for 2026 - James Kettle - ASW #380
Q: Do you think HTTP 1 will ever die, and what does that imply for future research?
HTTP 1 will likely persist for a very long time, but the focus shifts toward encouraging secure implementations and TLS, with researchers continuing to find novel ways to abuse legacy protocols while frameworks evolve to mitigate risk.
Top 10 Web Hacking Techniques of 2025 and a Hint for 2026 - James Kettle - ASW #380
Q: What role do LLMs play in your research workflow compared to the harness you built?
LLMs provide speed and breadth, but a robust harness and researcher-guided methodology are essential to turn AI outputs into credible, novel techniques; tools plus hands-on experimentation determine the quality and novelty of findings.
Creating Better Security Guidance and Code with LLMs - Mark Curphey - ASW #374
Q: How do you ensure the guidance you give to models stays current and accurate, especially regarding OWASP?
He describes deliberately prioritizing authoritative sources over generic prompts, while also highlighting the need to continuously audit and update prompts with up-to-date data and to use prompts that steer models away from outdated OWASP guidance until validated.
Creating Better Security Guidance and Code with LLMs - Mark Curphey - ASW #374
Q: Tell us a little about your approach to writing secure code with LLMs and your view on OWASP guidance.
Mark explains a hands-on workflow where he uses agentic tools and a strong emphasis on test-driven development, architecture thinking, and alignment with authoritative data sources to guide LLMs. He argues for a human-in-the-loop approach and for augmenting, not replacing, human review—particularly when it comes to security guidance and code generation.

Audience Metrics

Listeners, social reach, demographics and more for this podcast.

Listeners per Episode
Gender Skew
Location
Interests
Professions
Age Range
Household Income
Social Media Reach

Frequently Asked Questions About Application Security Weekly

What is Application Security Weekly about and what kind of topics does it cover?

This show centers on application security, DevSecOps, and modern security tooling, with frequent focus on AI/GenAI's impact on secure software development, threat modeling, and secure SDLC practices. Episodes often feature hands-on discussions about vulnerability research, supply chain risk, agent-based security, and governance frameworks like OWASP GenAI and SPVS. A standout is the ongoing integration of AI into security workflows, including guardrails for non-human identities, proactive security strategies, and practical playbooks for engineers and CISOs alike. The format typically blends technical deep-dives with real-world case studies, conference takeaways, and community-driven tooling insights, making it valuable for practitioners who... more

Where can I find podcast stats for Application Security Weekly?

Rephonic provides a wide range of podcast stats for Application Security Weekly. We scanned the web and collated all of the information that we could find in our comprehensive podcast database. See how many people listen to Application Security Weekly and access YouTube viewership numbers, download stats, audience demographics, chart rankings, ratings, reviews and more.

How many listeners does Application Security Weekly get?

Rephonic provides a full set of podcast information for three million podcasts, including the number of listeners. View further listenership figures for Application Security Weekly, including podcast download numbers and subscriber numbers, so you can make better decisions about which podcasts to sponsor or be a guest on. You will need to upgrade your account to access this premium data.

What are the audience demographics for Application Security Weekly?

Rephonic provides comprehensive predictive audience data for Application Security Weekly, including gender skew, age, country, political leaning, income, professions, education level, and interests. You can access these listener demographics by upgrading your account.

How many subscribers and views does Application Security Weekly have?

To see how many followers or subscribers Application Security Weekly has on Spotify and other platforms such as Castbox and Podcast Addict, simply upgrade your account. You'll also find viewership figures for their YouTube channel if they have one.

Which podcasts are similar to Application Security Weekly?

These podcasts share a similar audience with Application Security Weekly:

1. Risky Business
2. SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
3. Risky Bulletin
4. The AI Daily Brief: Artificial Intelligence News and Analysis
5. Security Now (Audio)

How many episodes of Application Security Weekly are there?

Application Security Weekly launched 8 years ago and published 404 episodes to date. You can find more information about this podcast including rankings, audience demographics and engagement in our podcast database.

How do I contact Application Security Weekly?

Our systems regularly scour the web to find email addresses and social media links for this podcast. We scanned the web and collated all of the contact information that we could find in our podcast database. But in the unlikely event that you can't find what you're looking for, our concierge service lets you request our research team to source better contacts for you.

Where can I see ratings and reviews for Application Security Weekly?

Rephonic pulls ratings and reviews for Application Security Weekly from multiple sources, including Spotify, Apple Podcasts, Castbox, and Podcast Addict.

View all the reviews in one place instead of visiting each platform individually and use this information to decide if a show is worth pitching or not.

How do I access podcast episode transcripts for Application Security Weekly?

Rephonic provides full transcripts for episodes of Application Security Weekly. Search within each transcript for your keywords, whether they be topics, brands or people, and figure out if it's worth pitching as a guest or sponsor. You can even set-up alerts to get notified when your keywords are mentioned.

What guests have appeared on Application Security Weekly?

Recent guests on Application Security Weekly include:

1. Ev Kontsevoy
2. Neha Duggal
3. Amit Masand
4. Federico Kirschbaum
5. Merritt Maxim
6. Janet Worthington
7. Gwyddon Data Owen
8. Brian Fox

To view more recent guests and their details, simply upgrade your Rephonic account. You'll also get access to a typical guest profile to help you decide if the show is worth pitching.

Find and pitch the right podcasts

We help savvy brands, marketers and PR professionals to find the right podcasts for any topic or niche. Get the data and contacts you need to pitch podcasts at scale and turn listeners into customers.
Try it free for 7 days