Rephonic
Artwork for Application Security Weekly

Application Security Weekly (Video)

Mike Shema
Application Security
Cybersecurity
Generative AI
Artificial Intelligence
Devops
Threat Modeling
OWASP
Large Language Models
Fuzzing
SQL Injection
Appsec
OWASP Top 10
Ransomware
Supply Chain Security
Open Source Software
CISA
Devsecops
Vulnerability Management
Software Supply Chain Security
Apis

About all things AppSec, DevOps, and DevSecOps. Hosted by Mike Shema and John Kinsella, the podcast focuses on helping its audience find and fix software flaws effectively.

PublishesWeeklyEpisodes718Founded8 years ago
Number of ListenersCategories
TechnologyTech NewsNews

Listen to this Podcast

Artwork for Application Security Weekly

Latest Episodes

While LLMs and agents are new to appsec and everyone else, a lot of AI security requirements translate to well-known API security requirements. Jeremy Snyder helps us frame the OWASP LLM Top 10 into five layers in order to help orgs understand and pr... more

Mobile applications have unique risks and threat models compared to server-side applications and infrastructure. Consequently, they need different strategies to ensure their business logic and workflows well secured. We'll dive into some of these def... more

YouTube

SquidBleed reveals another vuln that's been lurking for decades, but its real lesson is in managing an attack surface. Regardless of whatever programming language you use, removing code is one of the best security steps you can take, followed by chan... more

YouTube

Appsec has seen machine identities from daemons and processes to services, microservices, and cloud accounts. And now we have agents. Ev Kontsevoy talks about what it means to have engineers and agents interacting in an environment, and why a focus o... more

YouTube

Key Facts

Accepts Guests
Accepts Sponsors
Contact Information
Podcast Host
Number of Listeners
Find out how many people listen to this podcast per episode and each month.

Similar Podcasts

People also subscribe to these shows.

Risky Business
Risky BusinessRisky Business Media
CyberWire Daily
CyberWire DailyN2K Networks
Cyber Hack
Cyber HackBBC World Service

Recent Guests

Itamar Apelblat
Co-founder and CEO at Token Security
Token Security
Episode: Reducing Attack Surface & Evaluating Efficiency in Agents - Itamar Apelblat, David Goldschlag - ASW #389
David Goldschlag
CEO and co-founder at Aembit
Aembit
Episode: Reducing Attack Surface & Evaluating Efficiency in Agents - Itamar Apelblat, David Goldschlag - ASW #389
Ev Kontsevoy
CEO and co-founder of Teleport
Teleport
Episode: How AI Is Reshaping Identity Security at the Infrastructure Layer - Ev Kontsevoy, Neha Duggal, Amit Masand - ASW #388
Neha Duggal
Chief Product Officer at P0 Security
P0 Security
Episode: How AI Is Reshaping Identity Security at the Infrastructure Layer - Ev Kontsevoy, Neha Duggal, Amit Masand - ASW #388
Amit Masand
Founder and CEO at IDM Express
IDM Express
Episode: How AI Is Reshaping Identity Security at the Infrastructure Layer - Ev Kontsevoy, Neha Duggal, Amit Masand - ASW #388
Matias Madou
CTO and co-founder of Secure Code Warrior
Secure Code Warrior
Episode: Why Does It Matter Who or What Created the Code? - Matias Madou - ASW #387
Federico Kirschbaum
Head of the XBOW Security Lab; cybersecurity expert
XBOW
Episode: Scanner Results Are a Starting Point. Here's What Comes Next. - Federico Kirschbaum - ASW #386
Scott Clinton
Co-chair and co-founder of OWASP GenAI Security Project
OWASP GenAI Security Project
Episode: AppSec Conversations on Agents, LLMs, and OWASP from RSAC - Scott Clinton, Janet Worthington, Merritt Maxim - ASW #384
Merritt Maxim
VP Research Director at Forrester
Forrester
Episode: AppSec Conversations on Agents, LLMs, and OWASP from RSAC - Scott Clinton, Janet Worthington, Merritt Maxim - ASW #384

Hosts

Mike Shema
Host of the show
John Kinsella
Co-host

Reviews

4.9 out of 5 stars from 8 ratings
  • Occasional good content

    Keith occasionally has something worth saying, but he lacks solid experience with hardcore software development, and knows almost nothing about lean/agile. He approaches software like an operations problem.

    Paul is unpleasant to listen to and seldom adds anything of value. I wouild not listent to this podcast at all if Paul was the only contributor.

    This week's episode is particularlt vexing, as the bros bray on about American Football. Please find another forum for that. Your listeners are he... more

    Apple Podcasts
    2
    jdtangney
    United States7 years ago

Listeners Say

Key themes from listener reviews, highlighting what works and what could be improved about the show.

Overall, strong technical depth and timely topics, but some listeners want deeper hardcore AppSec focus.
Guests are generally solid experts though pacing and chemistry can vary by episode.
Audiences may seek more examples and measurable outcomes from episodes.
Content is highly relevant for teams building secure software in AI-enabled environments.
Sponsors help bring practical tooling discussions but may color some segments.

Chart Rankings

How this podcast ranks in the Apple Podcasts, Spotify and YouTube charts.

Apple Podcasts
#215
Canada/News/Tech News
Apple Podcasts
#217
Australia/News/Tech News
Apple Podcasts
#31
Finland/News/Tech News
Apple Podcasts
#39
Saudi Arabia/News/Tech News
Apple Podcasts
#46
Netherlands/News/Tech News
Apple Podcasts
#54
Philippines/News/Tech News

Talking Points

Recent interactions between the hosts and their guests.

Why Does It Matter Who or What Created the Code? - Matias Madou - ASW #387
Q: Can we train LLMs to stop writing vulnerabilities, or avoid certain flaws entirely?
Yes, to some extent: researchers are creating rules and guardrails, and some systems attempt to restrict specific classes of vulnerabilities, but the AI's non-deterministic nature and the complexity of programming mean we may never eliminate all vulnerabilities purely through prompts or training.
Why Does It Matter Who or What Created the Code? - Matias Madou - ASW #387
Q: Why does it matter who writes the code in the context of LLMs?
Because the source of code affects traceability, accountability, and the potential repetition of mistakes; LLMs introduce non-determinism and variability that complicates security, so organizations must decide how much trust to place in AI versus human developers and how to govern the process.
Scanner Results Are a Starting Point. Here's What Comes Next. - Federico Kirschbaum - ASW #386
Q: What role do humans play when LLMs are doing the heavy lifting?
Humans provide creativity, judgment, and the ability to set strategic targets and interpret results; LLMs handle large-scale triage, recall, and systematic exploration, while humans guide direction and validate outcomes.
Scanner Results Are a Starting Point. Here's What Comes Next. - Federico Kirschbaum - ASW #386
Q: Federico, how do you see vuln research changing with the advent of LLMs and harnesses?
LLMs plus smart harnesses allow us to tailor probes to the target, ask the right questions, and prioritize fixes by economic value and risk, moving from volume-based brute force to context-driven testing and rapid patching.
Top 10 Web Hacking Techniques of 2025 and a Hint for 2026 - James Kettle - ASW #380
Q: How do you view the balance between AI-generated findings and human oversight in ensuring novelty and usefulness?
The host and James discuss that while AI can unlock rapid exploration, human judgment is essential to validate novelty and avoid mislabeling routine findings as new, with governance and open-source practices helping to balance innovation with responsibility.

Audience Metrics

Listeners, social reach, demographics and more for this podcast.

Listeners per Episode
Gender Skew
Location
Interests
Professions
Age Range
Household Income
Social Media Reach

Frequently Asked Questions About Application Security Weekly

What is Application Security Weekly about and what kind of topics does it cover?

This show covers application security, DevSecOps, and related security tooling with a practical, defender-focused lens. Episodes frequently explore proactive defense, AI-assisted security, software supply chain, and secure development practices, often featuring practitioners or researchers explaining how to implement guardrails, threat modeling, and secure-by-design workflows at scale. A notable pattern is hosting technical guests who bring hands-on expertise and real-world anecdotes, along with sponsor segments that anchor practical guidance for enterprise AppSec programs. The format tends to blend deep-dive technical discussion with industry context, making it useful for security teams, developers, and product security and DevOps leaders ... more

Where can I find podcast stats for Application Security Weekly?

Rephonic provides a wide range of podcast stats for Application Security Weekly. We scanned the web and collated all of the information that we could find in our comprehensive podcast database. See how many people listen to Application Security Weekly and access YouTube viewership numbers, download stats, audience demographics, chart rankings, ratings, reviews and more.

How many listeners does Application Security Weekly get?

Rephonic provides a full set of podcast information for three million podcasts, including the number of listeners. View further listenership figures for Application Security Weekly, including podcast download numbers and subscriber numbers, so you can make better decisions about which podcasts to sponsor or be a guest on. You will need to upgrade your account to access this premium data.

What are the audience demographics for Application Security Weekly?

Rephonic provides comprehensive predictive audience data for Application Security Weekly, including gender skew, age, country, political leaning, income, professions, education level, and interests. You can access these listener demographics by upgrading your account.

How many subscribers and views does Application Security Weekly have?

To see how many followers or subscribers Application Security Weekly has on Spotify and other platforms such as Castbox and Podcast Addict, simply upgrade your account. You'll also find viewership figures for their YouTube channel if they have one.

Which podcasts are similar to Application Security Weekly?

These podcasts share a similar audience with Application Security Weekly:

1. Risky Business
2. Cybersecurity Headlines
3. CyberWire Daily
4. Cybersecurity Today
5. Cyber Hack

How many episodes of Application Security Weekly are there?

Application Security Weekly launched 8 years ago and published 718 episodes to date. You can find more information about this podcast including rankings, audience demographics and engagement in our podcast database.

How do I contact Application Security Weekly?

Our systems regularly scour the web to find email addresses and social media links for this podcast. We scanned the web and collated all of the contact information that we could find in our podcast database. But in the unlikely event that you can't find what you're looking for, our concierge service lets you request our research team to source better contacts for you.

Where can I see ratings and reviews for Application Security Weekly?

Rephonic pulls ratings and reviews for Application Security Weekly from multiple sources, including Spotify, Apple Podcasts, Castbox, and Podcast Addict.

View all the reviews in one place instead of visiting each platform individually and use this information to decide if a show is worth pitching or not.

How do I access podcast episode transcripts for Application Security Weekly?

Rephonic provides full transcripts for episodes of Application Security Weekly. Search within each transcript for your keywords, whether they be topics, brands or people, and figure out if it's worth pitching as a guest or sponsor. You can even set-up alerts to get notified when your keywords are mentioned.

What guests have appeared on Application Security Weekly?

Recent guests on Application Security Weekly include:

1. Itamar Apelblat
2. David Goldschlag
3. Ev Kontsevoy
4. Neha Duggal
5. Amit Masand
6. Matias Madou
7. Federico Kirschbaum
8. Scott Clinton

To view more recent guests and their details, simply upgrade your Rephonic account. You'll also get access to a typical guest profile to help you decide if the show is worth pitching.

Find and pitch the right podcasts

We help savvy brands, marketers and PR professionals to find the right podcasts for any topic or niche. Get the data and contacts you need to pitch podcasts at scale and turn listeners into customers.
Try it free for 7 days