Shows
Absolute AppSecEpisode 275 - OpenGrep Summary, Secure By Design, Confusion AttacksKen and Seth are back for another episode that starts with a summary of the Semgrep and OpenGrep break. This is followed by Google's recent article titled Secure By Design: Google's Blueprint for a High-Assurance Web Framework. Google is focused on protections within the browser, given their products and business, but the controls and overall process are relevant to most application security programs. Finally, a discussion of Orange Tsai's research on Confusion Attacks within Apache that was number one in Portswigger's Top 10 Web Hacking Techniques of 2024.2025-02-1100 minAbsolute AppSecEpisode 274 - Semgrep/OpenGrep, Saying "No" in SecuritySeth and Ken return for another week to review current articles and happenings in the application security world. Specifically, they spend some time reacting to the news that the Semgrep Community version has been forked as Opengrep by a number of vendors. This occurs as a result of Semgrep changing the licenses on their open source rules to prevent use in competitor products. Also a discussion spurred by Rami McCarthy's recent article on how "No" is still appropriate and security shouldn't be a rubber stamp for any organization.2025-02-0400 minAbsolute AppSecEpisode 273 - Josh Larsen - Ghost SecurityJosh Larsen, co-founder of CTO of Ghost Security, joins Seth Law and Ken Johnson on January 28th at 12 Noon Eastern time. Before Ghost Security, Josh was a co-founder and CEO of Darkbit and before that of the Blackfin Security Group. Larsen led the GTM strategy for both startups, and Darkbit and Blackfin Security Group were acquired by Aqua Security and Symantec Corporation, respectively. Ghost Security (https://ghostsecurity.com/) was founded so development shops and AppSec teams had a tool to perform autonomous application security using Agentic AI with the goal of helping teams discover, test, and mitigate risks in real...2025-01-2800 minAbsolute AppSecEpisode 272 - New AI Tools, True Cost of False PositivesKen and Seth start with a demo and discussion on some newer tools that use integrated AI in both the code and workflow spaces. Specifically, use for code review and understanding is improving. This is followed by a wide-ranging discussion of false positives, where they come from, and how they affect application security. Seth gets up in arms about trying to deal with unrealistic expectations around reducing false positives.2025-01-2100 minAbsolute AppSecEpisode 271 - Top 10 2024 Web Hacking Techniques, Research Techniques, AppSec CareersSeth and Ken return once again to talk through the overall effectiveness and purpose of Portswigger's Top 10 Web Hacking Techniques and how it benefits the community. A short discussion on some of the current crop of techniques up for polling. Spurred by recent revelations around Snyk's approach to identifying security issues in npm packages, the duo discusses research techniques and identifying security issues without exploitation or harm. To close out, a discussion on progressing from junior to senior within the security space and challenges in the current market.2025-01-1700 minAbsolute AppSecEpisode 270 - 2025 AppSec PredictionsKen and Seth return for 2025 to review the accuracy of their predictions from 2024 and make a few new ones for this new year. Some hits and misses for last year, but overall the generic predictions for both AI/LLM growth and software supply chain security were accurate. However, they were wrong in their assumptions around LLM creation and training. For 2025, predictions on AI billing models, software supply chain attacks, OWASP Top 10 2025, and more.2025-01-0700 minAbsolute AppSecEpisode 268 w/ Clint Gibler - Curating a Newsletter, Secure DefaultsSeth and Ken are happy to announce that Clint Gibler (@clintgibler), the force behind TL;DRSec (tldrsec.com) and head of Security Research at Semgrep, will be coming on as a guest again on the Absolute AppSec podcast. The conversation starts with background on his experience with TL;DRSec and writing a newsletter. Followed up by an indepth discussion on secure defaults and how Semgrep and other tools help push security in organizations.2024-12-1000 minAbsolute AppSecEpisode 267 - w/ Kinnaird McQuade - Building a Security ProductJoin us for an episode of Absolute AppSec with Kinnaird McQuade, founder and CTO of NightVision. Kinnaird developed NightVision as a security testing tool that combines codebase analysis with DAST features. Before NightVision, Kinnaird worked as lead security engineer at both Square and Salesforce. Additionally he worked at Synopsys as Cloud Security Consulting Practice Lead. Be sure to tune into the episode as Ken Johnson and Seth Law interview Kinnaird McQuade to gain insights from his experiences and thoughts on improving security for applications and developers.2024-11-1900 minAbsolute AppSecEpisode 266 - Scope of Penetration Testing, Attack ModelingSeth (@sethlaw) and Ken (@cktricky) return for an in-depth discussion on penetration testing expectations, driven by recent posts and slack activity from Andrew Wilson. Essentially, certain clients expect that a single penetration test finds everything possible, whether or not those expectations are appropriate. The duo expounds on their experience with similar expectations and how its affected their respective careers and organizations. A followup on threat modeling and a new approach being coined as Attack Modeling.2024-11-0500 minAbsolute AppSecEpisode 265 - w/ Scott Norberg - Static AnalysisScott Norberg joins Ken Johnson and Seth Law for an episode of Absolute AppSec all about SAST. Scott is an ASP.NET Security Consultant, Author, Researcher and Speaker. In addition to running his Opperis Technologies consultancy, Scott has recently begun working as lead application security architect at CDW. Before that he worked as Lead Application Security engineer at Gallagher and was a Senior Consultant with the AppSec team at Coalfire. He has been a web security specialist for nearly two decades, and holds several certifications, including Microsoft Certified Technology Specialist (MCTS), certifications for ASP.NET and SQL Server, and a...2024-10-2900 minAbsolute AppSecEpisode 264 - w/ Jeremy Long - Software Composition AnalysisJeremy Long (@ctxt on social media), Principal Security Engineer at Service Now and project founder and lead for the OWASP Dependency Check project joins Ken Johnson (@cktricky) and Seth Law (@sethlaw). Jeremy spent a decade and a half as a lead application security engineer and principal engineer at Wells Fargo before joining ServiceNow. He has spent years developing processes for automated security analysis of software libraries and techniques for improving real-time application protection (RTAP) systems. Make sure to set time aside for a discussion on Jeremy's insights into improving security systems through dependency analysis and managing industry projects.2024-10-1700 minAbsolute AppSecEpisode 263 - WebApp Fuzzing, Mobile Testing, Secrets ManagementKen and Seth return for Episode #263 and start with a discussion around web application fuzzing and the deficiencies of vulnerability and exploit-focused dynamic testing, a common thread in Seth's ranting. This is followed by a discussion on mobile testing and attempting to control security through client-side controls, spurred by an article that compares security in the McDonald's Android app to various banking apps. The final topic is around secrets management and use of the dotenv (.env) file for storing secrets.2024-10-0800 minAbsolute AppSecEpisode 262 - w/ Ariel Shin - Building a Security ProgramAriel Shin joins Ken Johnson (@cktricky on social media) and Seth Law (@sethlaw) for a special episode of Absolute AppSec. Ariel is currently a Security Engineering Manager at Datadog after a three-year stint at Twilio where she worked as an engineering manager in product security, a product security team lead, and a senior product security engineer. This year at Bsides SF 2024, she presented on her time at Twilio in a retrospective talk entitled “Six Years in Review: Transforming Company Culture to Embrace Risk.” The video from Bsides SF can be found here: https://www.youtube.com/watch?v=cQE1OqCpeI8.
Befo...2024-09-3000 minAbsolute AppSecEpisode 261 - Security Economy, Password Resets, Vendor ConsolidationKen (@cktricky) and Seth (@sethlaw) are back to review this weeks news and commiserate about industry happenings. First up are their thoughts on the current economic climate and how it has affected the security industry over the last 5 years. This is followed with evolving nature of password reset requirements as frequent changes are not recommended by NIST. The duo digs into possible motives for Checkmarx's recent announcement that they are funding ZAP. Finally, some thoughts on domain takeovers.2024-09-2500 minAbsolute AppSecEpisode 259 - Special Melbourne Australia Edition w/Paul McCarty and Daniel TingSeth and Ken take the podcast global this week while traveling to Melbourne, Australia. The duo is joined this episode are joined by Paul McCarty and Daniel Ting, both involved in the local application security community. The discussion starts with a comparison of industries in Australia and the United States, both differences and similarities. This is followed by thoughts on security software supply chain, from a red and blue team perspective. Finally, some thoughts on community changes due to the pandemic and supporting local meetups.2024-09-1200 minAbsolute AppSecEpisode 258 - Engaging Developers, ALBeast, Dangerous TLDsSeth (@sethlaw) and Ken (@cktricky) are back this week with some hot takes on the recent cancellation of OWASP's San Francisco Developer Days that were running alongside Global AppSec San Francisco. OWASP has struggled to engage the development community over the years and this is no surprise for anyone in AppSec/ProdSec. This is followed by review of the ALBeast (why do all vulnerabilities have to be branded?) and how our past selves were correct in identifying dangerous TLDs as being exploitable.2024-09-0300 minAbsolute AppSecEpisode 257 - In-Person vs. Virtual Training, Compliance ViolationsKen (@cktricky) returns alongside Seth (@sethlaw) for the week. This starts with an in-depth discussion on the pros and cons of in-person and virtual trainings. In short, the duo prefers in-person due for the advantages, but understand that financial pressures come into play, so virtual is a good substitute. This is followed by thoughts on the recent lawsuit by thy government against Georgia Tech for failing to meet government cybersecurity compliance requirements, even after attesting to their existence. Third-party risk assessments may not be the most fun part of security, but what happens when an organization doesn't meet their obligations...2024-08-2700 minAbsolute AppSecEpisode 256 w/ John Poulin - Token Security, Staying Technical as a ManagerKen Johnson (@cktricky) abandons the podcast this week to attend a conference and play business, so Seth (@sethlaw) bring in Cloud Security Partners CTO John Poulin (@forced_request) as a co-host. John and Seth start off by discussing the difference in virtual and in-person training. This is followed by two articles. The first is from CrankySec, where the idea that security isn't valued over other technical business aspects. The second article is from Keith Hoodlet (also a podcast guest) detailing why staying technical as a manager is something any of us should strive towards (and how to do it).2024-08-2100 minAbsolute AppSecEpisode 255 (0xFF) - HackerSummerCamp RecapSeth and Ken are back from Vegas for Episode 0xFF (!!!!) of Absolute AppSec, sponsored by Redpoint Security (redpointsecurity.com). After spending the last week+ withering away in the desert heat while listening to industry insiders, technicians, and hackers talk about their research, the duo have returned dehydrated to share their own experiences from DEF CON 32, Blackhat, BSidesLV, and Diana Initiative. After some discussion, they dive into interesting talks, new tools, hotel searches, and badge controversies.2024-08-1300 minAbsolute AppSecEpisode 254 - Pre-Hacker Summer CampSeth and Ken return this week at a slightly unusual time help get you prepped for all things Hacker Summer Camp. As regular visitors to Las Vegas each year for Blackhat, BSidesLV, DEF CON, and other events, the duo has recommendations for making the most of your time in the desert. Specifically, download HackerTracker (https://hackertracker.app), plan out your time, take care of yourself, and have fun.2024-08-0100 minAbsolute AppSecEpisode 253 w/ Justin Collins - Managing Security, ProdSec vs. AppSecWe'd only been a dozen episodes old the last time Justin Collins (@presidentbeef) was on Absolute AppSec, so his upcoming return is certainly overdue. Justin is currently head of security at Gusto, an organization he's been helping secure for nearly five years now. Before Gusto, Justin had stints at SurveyMonkey, Twitter, AT&T interactive, among others. He also is the lead developer of the open-source Ruby-on-Rails security tool Brakeman - https://brakemanscanner.org. This show will covers the range of his deep experience regarding topics like Product Security and AppSec in organizations, static analyzers, and advice for helping organizations create...2024-07-2300 minAbsolute AppSecEpisode 252 w/ Rami McCarthy - Security Startups, JobsProduct Security and Cloud security guru Rami McCarthy (@ramimacisabird on X) comes on the Absolute AppSec podcast with Ken and Seth (@cktricky and @sethlaw)! To get to know Rami, you should first check out his website here to get acquainted with some of his latest prodigious activities: https://ramimac.me/. He’s recently delivered a talk regarding zero-touch prod at Fwd:CloudSec and finished a stint as a Security Engineer at Figma. For folks interested in questions of security consulting, management, AWS and cloud security as well as many of the other large questions in infosec, Rami is always a gr...2024-07-1600 minAbsolute AppSecEpisode 251 - Passive Scanning, Chrome Extensions, CocoaPods, NVDSeth and Ken are back with Episode 251, continuing on with their ranting over all things application security. This starts with a discussion of Mozilla's HTTP Observatory that scans sites for security-relevant headers and leads to a discussion of so-called "passive" scanning of internet sets for risk analysis purposes. This is followed by a walkthrough of the recent exploit of Chrome extensions for remote code execution on client browsers. Compromise of the Apple-focused CocoaPods package repository. Finally, a discussion about recent problems and headaches at the National Vulnerability Database (NVD).2024-07-0900 minAbsolute AppSecEpisode 250 - Security Startups, Polyfill TakeoverSeth and Ken are back on the podcast this week without a guest for the first time in a month and start out with an in-depth discussion on startup life based on a recent article from TLDR;Sec. This is followed by thoughts on the recent influx of cash for Portswigger and how it will affect work and the testing space over the next few years. Finally, opinions on the recent polyfill[.io] malware attack and supply chain issues. Join the newsletter at news.absoluteappsec.com for further analysis or pick up some new podcast swag at merch.absoluteappsec.com2024-07-0200 minAbsolute AppSecEpisode 249 w/ Tanya Janca - Secure GuardrailsTanya Janca (@shehackspurple on X) joins Ken Johnson (@cktricky) and Seth Law (@sethlaw) for a special episode of the Absolute AppSec podcast. Tanya is currently head of education and community at Semgrep, and is a prominent info security commenter and active contributor to improving the industry for everybody through helping spread values of diversity, inclusion and kindness. Tanya has had experience with a range of roles, startup founder, pentester, CISO, AppSec Engineer, and software developer, and she’s worked at major industry landmarks such as Microsoft, Adobe, and Nokia. She is an award-winning public speaker, the founder of We Hack Pu...2024-06-2500 minAbsolute AppSecEpisode 248 w/ Rahil Parikh - Building AppSec ProgramsRahil Parikh, manager of Security Engineering and Architecture @ Policygenius, joins Seth Law and Ken Johnson for an episode of Absolute AppSec. Rahil is long-time leader in information security who's managed security teams and application security programs at a range of organizations: Policy Genius, Zinnia, the New York Times, Frame.io (now Adobe), Jet.com (Walmart), and Gotham Digital Science (Aon). He's also organized a major technical symposium (AAHVAN 08) and has generally been strengthening the infosec community for beyond a decade. He joins the podcast for the June 18th show, so be sure to tune in to learn more about his...2024-06-1800 minAbsolute AppSecEpisode 247 - w/ Alejandro SaenzAbsolute AppSec welcomes Alejandro Saenz to join Seth Law and Ken Johnson as a guest. Alejandro has been active in application and product security fields for over a decade, most recently working in product security for Twilio. Before that he worked as a senior application security engineer and software engineer at Softrams and as an application security consultant at nVisium. Alejandro has regularly contributed to security projects for both better understanding product security metrics and monitoring assets and managing vulnerabilities.2024-06-1100 minAbsolute AppSecEpisode 245 - w/ Dustin Lehr - Security ChampionsDustin Lehr, current director of AppSec at data integration company Fivetran, joins Seth and Ken for a special episode of Absolute AppSec. Dustin has spent years helping improve companies' security cultures industry-wide, through his work co-founding Katilyst Security which focuses on helping companies create security champion programs. Additionally, in that vein, Dustin has created The Security Champion Program Success Guide and heads up the "Let's Talk Software Security" meetup. Before Fivetran, Dustin headed Application Security at Staples. To read some of his thoughts on the benefits of security champions programs as well as advice on setting it up in your...2024-05-2800 minAbsolute AppSecEpisode 244 - w/ Kyle Kelly - Software Security Supply ChainKyle Kelly joins Seth Law and Ken Johnson as a special guest on the Absolute AppSec podcast. Kyle is an Executive Cybersecurity Consultant at Bancsec, Inc, and Security Researcher at Semgrep, and founder of the wonderful Cramhacks newsletter. As a consultant and researcher, Kyle specializes in supply chain security, a speciality that informs the thoughts he publicizes, but even more so cramhacks reflects his desire to help his readers become contributors to improving the cybersecurity landscape and analysis of software security supply chains. Subscribe to Kyle's newsletter at cramhacks.com.2024-05-2100 min
Calvary Chapel Johnson CountyIsrael Update with Dr. Ken Johnson Join us this week as Dr. Ken Johnson gives an update on Israel and how it relates to biblical prophecy. 2024-05-191h 53Absolute AppSecEpisode 243 - w/ Bryan SchmidtBryan Schmidt, information security lead at Adept AI is joining Ken Johnson (@cktricky on twitter/x) and Seth Law (@Sethlaw) for a special episode of Absolute AppSec. Before Adept.AI, Bryan spent the last half decade working as a security engineering manager at, first, Flatiron Health and, later ChowNow, and he worked as a penetration tester and security consultant for that. We’ll be discussing AI during the show as Adept.ai is recently again designated as one of the AI Fortune50. Be sure to tune in to learn a little about Bryan and his trajectory into security and emerging te...2024-04-3000 minAbsolute AppSecEpisode 242 - LLMs Exploiting Vulns, State of DevSecOpsSeth and Ken return with analysis of recent research that shows LLMs exploiting known CVEs. And no, it's not completely autonomous yet. This is followed by a breakdown of DataDog's State of DevSecOps article, backing up our gut feel of current industry needs and failures.2024-04-2300 minAbsolute AppSecEpisode 241 - Secure Defaults, Using LLMs for Code Review**Video may be required**: this episode is focused on demonstrating uses of LLMs against various code. As such, listeners may want to watch the stream to see these uses rather than just listening. Also, Seth and Ken talk briefly at the beginning of the episode about a new tldr;sec project (thanks Clint!) called awesome secure defaults that lists out useful libraries and projects that are secure by default.2024-04-1600 minAbsolute AppSecEpisode 240 - Code Smells, XZ Backdoor, HallucinationsAfter a week of travel, Seth and Ken return to the podcast with a breakdown of their travel experiences at multiple conferences and teaching their first Practical Secure Code Review course using LLMs to enhance the methodology. This is followed by reinforcement of code review steps including library research, a discussion of the recent XZ backdoor, and an article reviewing LLM hallucinations when recommending libraries.2024-04-0900 minAbsolute AppSecEpisode 239 - AppSec Intel, CVEs, AuthorizationWhen Ken is away, the geeks will play. Seth is joined by podcast regular Stefan Edwards (@lojikil) to catch up on his recent work around threat hunting. This progresses into a discussion on threat intelligence and what is available for applications. A recent blog post on the utility of the CVE system spurs thoughts on the usefulness of published CVEs. Finally, opinions fly on authorization issues and how simple misconfigurations result in the many vulnerabilities or attack chains.2024-03-2600 minAbsolute AppSecEpisode 238 - AppSec vs. Enterprise Sec, Supply Chain Tool AnalysisKen and Seth are back to talk about the difference and competing priorities of Application and Enterprise Security. In short, recent news contends that Enterprise or Infrastructure security is lacking, whereas Application or Product Security is in a good state. This is followed by a discussion on supply chain security tools due to a recent analysis conducted by DoyenSec comparing false positives and negatives from the leading tools.2024-03-1900 minAbsolute AppSecEpisode 237 - Security 101, Nation State Hackers, Malicious CodeKen and Seth return for another episode, starting out with pointers on getting into security and finding a niche, all based on a recently released Microsoft project to introduce anyone to security. This is followed by a discussion on Chinese hacking groups and recent breaches among those groups. Finally, a discussion protecting the software supply chain due to recent forking and upload of malicious repositories on GitHub.2024-03-1200 minAbsolute AppSecEpisode 236 - Memory Safe Languages, LLM Supply Chain SecuritySeth and Ken review the recent Whitehouse report on going back to the basics for software security and vulnerabilities. Specifically, how is the use of memory unsafe languages like C and C++ affecting the overall security of the internet landscape. This include a discussion on formal verification and crocs and socks of software testing. Finally, thoughts are shared on the recent use of Hugging Face and Github to host malicious code/packages and how this is a natural progression for popular package repositories.2024-03-0500 minAbsolute AppSecEpisode 235 - 2023 Top 10 Web Hacking Techniques, LLM Agent HackingPodcast viewers will be familiar with Portswigger's annual list of Web Hacking Techniques. Ken and Seth take some time to digest the list and recommend reviewing not only the top 10, but also the nominations. A discussion on the use of LLM Agents as a dynamic scanning engine for identifying vulnerabilities. If you aren't already using an LLM to help speed up your AppSec, why not? Finally, a discussion on security statistics and how bad they are.2024-02-2000 minAbsolute AppSecEpisode 224 w/ Jeevan SinghJeevan Singh (@askjeevansingh) returns to join Ken Johnson (cktricky on Twitter) and Seth Law (sethlaw) as a guest on the podcast! Jeevan is currently with Rippling, was previously the Director of Product Security at Twilio, and before that Segment. He has been a long-time leader in security and development communities, and currently heads up the @owaspvancouver group. Tune in for ways to improve Threat Modeling, DevSecOps, and security programs in general.2023-11-1400 min
The Legacy PodcastThe Legacy Podcast Ep. 8This week Joel & Ken sit down and begin to discuss a book they're reading, "Outliers" by Malcom Gladwell 00:00 - 00:19 Introduction00:20 - 07:00 Legacy Athlete Shoutouts/Announcements07:01 - 19:52 Outliers by Malcom Gladwell Thank you to our sponsors:Legacy Ammoniawww.legacyammonia.comEarned Not Given Barbellwww.engbarbell.com2023-10-3019 minAbsolute AppSecEpisode 222 w/ Leif DreizlerKen Johnson (cktricky) and Seth Law (@sethlaw) welcome Leif Dreizler back on the show! Leif recently became a Senior Manager of Software Engineering at Semgrep (semgrep.dev) , spent the better part of a decade working in product security and security software engineering at Twilio and Segment (segment.io). He also is a podcast co-host for the 404 Security Not Found podcast.2023-10-2300 minThe Legacy PodcastThe Legacy Podcast Ep. 7 Chinas StrongestJoel & Ken sit down this week w/ Legacy Ammonia Athlete, Gavin Bell and discuss his journey to Shanghai, China to compete in the SBD China's Strongest 00:40 - 02:05 Introducing Gavin Bell 02:06 - 03:20 The Invite to Chinas Strongest 03:21 - 12:11 Traveling to Shanghai12:12 - 21:18 Culture, China Pizza, Local Food Experience...The Pigeon... 21:19 - 26:46 The Weight Cut26:47 - 1:00:54 Chinas Strongest 1:00:55 - 1:14:32 The Invite to Worlds 1:14:33 - 1:17:19 ClosingThank you to our sponsors;Legacy Ammonia www.legacyammonia.comEarned Not Given Barbellwww.engbarbell.comSuppz D...2023-10-131h 17Absolute AppSecEpisode 220 w/ Erik Cabetas (Include Security)Erik Cabetas, founder and managing partner of Include Security joins Ken Johnson (@cktricky on twitter) and Seth Law (@sethlaw). Erik has been running Include Security for the last decade, and before that comes from a path that includes time working with early security teams at MicroSoft and Fortify Software, blue-team stints with financial groups as well as heading security for an eCommerce firm. Join us for a wide-ranging and expertly informed discussion of Application Security in many of its facets.2023-10-1000 minThe Legacy PodcastThe Legacy Podcast Ep. 6We're back from Vegas! 00:00-06:53 Ken discusses some health issues/Sober October/Goals for the moth06:54-27:30 Joel talks training/Goals/Impromptu Multi-Ply Powerlifting discussion27:31-33:55 A couple of bro's talking about doing a Powerlifting Meet together33:56- 40:32 Legacy Ammonia Co. & ENG Barbell News/New Scent release "GLAZED"Thank you for listening in!Thank you to our sponsors:Legacy Ammoniawww.legacyammonia.comEarned Not Given Barbellwww.engbarbell.com2023-10-0640 minThe Legacy PodcastThe Legacy Podcast Ep. 5Uploaded backwards, this should've been Episode 4 before the WRPF Nationals!This week is a solo week for Ken as he traveled to Anna, IL for the USS PRO INTERNATIONALOn this episode, Ken breaks down the events of the day, the winners and Podium finishers as well as some major announcements from USS President Willie WesselsThank you to our sponsors:Legacy Ammoniawww.legacyammonia.comEarned Not Given Barbellwww.engbarbell.com2023-10-0214 minThe Legacy PodcastThe Legacy Podcast Ep. 4 WRPF NATIONALSJoel & Ken sit down w/ Jon Sodawasser & Luke VonHollen on this special episode from Las Vegas!This episode is a blend of two parts from our time in Las Vegas for the WRPF Nationals. Pt.1 00:00-13:53 Post Weigh-ins/Pre-meet discussionPt.2 13:54-41:11 Meet Recap Thank you to our sponsors:Legacy Ammoniawww.legacyammonia.comEarned Not Given Barbellwww.engbarbell.com2023-09-2941 minAbsolute AppSecEpisode 217 w/ Shlomi Shaki - Security ToolingShlomi is back! Shlomi Shaki, GitHub’s head of Asia-Pacific-Japan advanced security sales and all around thoughtful observer of the world of application security is back on the podcast with Ken Johnson and Seth Law. A lively discussion on security vs. engineering and failures of security to meet development/business in the appropriate places. Suggestions for getting out of the way and letting security become a part of the culture instead of forcing it onto individuals.2023-09-0700 minAbsolute AppSecEpisode 216 - Security SDLC, Time ManagementKen and Seth are back with another episode where they try _not_ to cover more on LLMs and AI. Specifically, talk about the basics of implementing security into an SDLC. A long conversation and personal experience from both Ken and Seth on time management and how to get into a flow when working on technical problems. Finally, some answers to questions on the future of AI in AppSec.2023-08-2900 minAbsolute AppSecEpisode 212 - Evan Johnson of RunRevealWith some interesting developments going on at RunReveal, Evan Johnson joins Seth and Ken to discuss monitoring of security logs (hurray! Seth's favorite Crocs and Socks topic) and RunReveal's open beta (as well as other AppSec topics).2023-07-1100 minAbsolute AppSecEpisode 211 - Brian Walter of OpenContextKen Johnson (@cktricky) and Seth Law (@sethlaw) host Brian Walter (@bdwalter), co-founder and CEO of OpenContext (opencontext.com), tech industry veteran with leadership stints at device-reputation company iovation (acquired by TransUnion), Xerox, Siemens, Sun Microsystems, Lockheed Martin, among others. Discussion focuses on establishing product requirements for all aspects of an application, including development, security, availability and more.2023-06-2000 minAbsolute AppSecEpisode 206 - RSA, Artificial Intelligence, Spidering ToolsSeth Law and Ken Johnson are back this week. In this show, Seth and Ken discuss what the RSA conference did (and did not) reveal about the current state of #applicationsecurity, #appsec, #crocsandsocks. Also a discussion of the ChatGPT breach as well as AI's role in generating ever more content (in this case with news sites).2023-05-0400 minAbsolute AppSecEpisode 204 - Logging, Edge Cases, Client API ExposureThe dynamite duopoly that is Ken and Seth are back to take the AppSec news by storm. Starting with Seth's favorite topic of Auditing or Logging, Ken brings up the recent Okta vulnerability report related to plaintext logging of usernames and passwords. This is followed by a review of Troy Hunt's recent post on edge cases when interacting with 3rd-party services, which the duo extrapolates to security edge cases and things they have seen recently. Finally, a discussion on manipulation of client single page applications to expose administrative endpoints from a recent twitter thread on reported and identified bug bounty...2023-03-2800 minAbsolute AppSecEpisode 202 w/ Haseeb Awan - Mobile SecurityKen Johnson (@cktricky on twitter) and Seth Law (@sethlaw) interview Haseeb Awan (@haseeb) founder and CEO of Efani, a mobile service provider focused on security.2023-03-1400 min
Competing for Christ PodcastSharing the Gospel in Sports with Former Indianapolis Colts Chaplain and Pastor Ken JohnsonOur biggest job as Christians in sport is to share the good news of the Gospel. Everything else is secondary compared to that. 2 Corinthians 5: 20 says, "We are therefore Christ’s ambassadors, as though God were making his appeal through us. We implore you on Christ’s behalf: Be reconciled to God." With this in mind, it's our duty to live out the Gospel, even (especially) as we participate in athletics. Pastor Ken Johnson joins the show today to talk about ways we as Christians can practically share and spread the Gospel to teammates, opponents, and anyone that watc...2023-01-2546 minAbsolute AppSecEpisode 192 - Blogs, GoLang Security, ChatGPTWhat do _you_ want for an AppSec Christmas! Another episode featuring Ken and Seth, for sure. The duo starts the conversation talking about useful AppSec and Security Blogs while featuring a recent GoLang Security post from Cole Cornford. Followed by an in-depth discussion on ChatGPT to welcome our new AI overlords. Finally, Seth and Ken both talk about what they wish to see this next year for AppSec-mas.2022-12-1300 min
Ken Johnson FocusUp PodcastEp10. The 3 Stages of a ManagerThe 3 Stages of a Leading Manager:
About KEN JOHNSON AND THE FACTOR OF FOCUSUP I help entrepreneurs, leaders, and managers become more Focused leaders with a no-Bs approach. It’s time to FocusUp and keep forging your path. It’s the leader’s duty and obligation to activate the factor in one another, to become the best version of you NO matter your story, struggle, or whatever challenges you face, events, and situations in front of you.
Because of that belief, I created a tool that does just that. The Factor of FocusUp, a tool for competi...2022-11-1311 minKen Johnson FocusUp PodcastEp9. 🚨 NEVER TAKE OWNERSHIP FOR GRANTED! 🚨 The Owner's Perspective: Elon Musk🚨 NEVER TAKE OWNERSHIP FOR GRANTED! 🚨 The Owner's Perspective: Elon Musk.
It’s just business and it’s just Leadership, taking Ownership! (Break Down at Twitter) Elon Musk; Let's look a little deeper at what is going on with Twitter and Elon Musk. It’s just business and it’s just Leadership, taking Ownership! (Break Down at Twitter) with Elon Musk and his new changes. This is not about what he is doing and what should he do. It's more about learning from the team that got fired and a Leader who has an impact. This is not about what he i...2022-11-0609 minKen Johnson FocusUp PodcastEp8. LEADING UP - PART 2In this episode, we're going to tackle out listeners with this most commonly asked question. How do I lead when I'm not in charge?
.
Ken Johnson "AMERICAN DREAM" meets "DEUTSCHE EFFIZIENZ“ I want, and I choose to deliver “on-the-ground information” that you can immediately put into action.
FocusUp Do The Work Be Great2022-11-0306 minKen Johnson FocusUp PodcastEp7. LEADING UP - PART 1In this episode, we're going to tackle out listeners with this most commonly asked question. How do I lead when I'm not in charge?
.
Ken Johnson "AMERICAN DREAM" meets "DEUTSCHE EFFIZIENZ“ I want, and I choose to deliver “on-the-ground information” that you can immediately put into action.
.
FocusUp Do The Work Be Great2022-10-0904 minKen Johnson FocusUp PodcastEp7. How To Make Decisions Faster!ENTREPRENEURS AND BUSINESS LEADERS WITH A PASSION FOR HELPING BUSINESS OWNERS AMPLIFY THEIR VISION AND IMPACT, THROUGH BELIEF, STRATEGY, AND TEAM ALIGNMENT.
WHY I MAKE THESE VIDEOS: Because I’ve achieved what others dream of. l have led and grown million-dollar companies in the past 25 years in Germany. My goal and focus are to freely help as many entrepreneurs, and businesses as possible reach 3-14M in revenue in a year, entrepreneurs who want more in life. Managers who would like to dominate their market, earn 20% more on their pay check.
MAKE THIS MOMENT COUNT, Tr...2022-09-3007 minKen Johnson FocusUp PodcastEp6. How To Make Decisions Faster and Better!Ep6. How To Make Decisions Faster and Better! We all want to make faster and better Decisions in life and business. so here is one How. FocusUp
👇
Hey, this is Ken Johnson's FocusUp no-BS approach and I speak about Leadership, Entrepreneurship, and Management.
.
One thing I hate is the “Cotton Candy Fluff” and the “BCE”. I Focus on “The Good, The Bad, and The Ugly side”. And I Believe, I want, and I choose to deliver “on the ground information” that you can immediately put into action, activating the factor in you and others. Join...2022-09-1607 minKen Johnson FocusUp PodcastEp5. Quiet Quitting Your Job: This Is What You Should Know. Trending NewsQuiet Quitting Your Job: This Is What You Should Know. Trending News
.
👇👇👇👇
Hey, this is Ken Johnson's FocusUp no-BS approach and I speak about Leadership, Entrepreneurship, and Management. One thing I hate is the “Cotton Candy Fluff” and the “BCE”. I Focus on “The Good, The Bad, and The Ugly side”. And I Believe, I want, and I choose to deliver “on the ground information” that you can immediately put into action, activating the factor in you and others.
Join me on this journey if this is what you are looking for! a no-Hold-BS approach!
.
Connect with Ken Johnson : Instagram: https://www.instagram.com/kenjoh...2022-09-0911 minKen Johnson FocusUp PodcastEp4. Distraction was Killing Me: Four Ways to Get FocusedEp4. Distraction was Killing Me: Four Ways to Get Focused
FocusUp with Ken and Don't Fear to Share, take a moment and think of all the distracting things you've given your attention and time to today. Leave a Message, Focus, Be Great.2022-09-0324 min
Ken Johnson FocusUp PodcastEp3. The Common Mistakes of New Managers You Want to Avoid.EP3. The Common Mistakes of New Managers You Want to Avoid.
.
It's time to leave your comfort zone! Ken Johnson delivers a powerful look on getting after your goals and taking control of your life once and for all.
.
If you know someone who could use this video, share it with them! To get notified of new videos, click the subscribe button!
.
Ken Johnson FocusUp no-BS approach in activating the Factor in you. I’m Leadership Forged and battle ready. I speak about Leadership, Entrepreneurship, and Management, and One thing I hate is the “Cotton Candy Fluff” and the “BCE”. I focus on...2022-08-2215 minKen Johnson FocusUp PodcastEp2. My First Team Meeting and This Is What I Done...Ep2. My First Team Meeting and This Is What I Done...
Thank you for joining the Ken Johnson Leadership Forged no-BS approach Podcast! This is 3 Myths About Leadership.
Hey, this was Ken Johnson with Leadership Forged, no-BS approach. Leadership with Ken and I believe if you’re not training, you’re not going to be prepared and when you’re not prepared, you overreact when you overreact that causes problems. Focus Up, Do The Work, and don’t forget to leave a like, hit the subscribe button and help me build this mass movement. Feel the power of the Factor helping...2022-08-1207 min
Ken Johnson FocusUp PodcastEp1. 3 Myths About LeadershipEp 1. 3 Myths About Leadership
Thank you for joining the Ken Johnson Leadership Forged no-BS approach Podcast! This is 3 Myths About Leadership.
Hey, this was Ken Johnson with Leadership Forged, no-BS approach. Leadership with Ken and I believe if you’re not training, you’re not going to be prepared and when you’re not prepared then you overreact when you overreact that causes problems. Focus Up, Do The Work, and don’t forget to leave a like, hit the subscribe button and help me build this mass movement. Feel the power of the Factor helping you have a positive impact in this...2022-08-0304 min
All Out War#133 - Dead Sea Scrolls The Church Fathers And So Much More With Special Guest Ken JohnsonYou can find Ken at his website here --> https://biblefacts.org/His youtube --> https://www.youtube.com/user/biblefactsorgTelegram --> https://t.me/biblefactsorg2022-07-181h 40Absolute AppSecEpisode 173 - Enumeration Attacks!Yet ANOTHER episode of Absolute AppSec with Seth and Ken! User enumeration vulnerabilities are the order of the day. Seth digs in on an interesting #talesfromconsulting where security questions, and the different way they appeared for real users and invalid users, revealed valid user accounts on an application. Further enumeration flaws using WAF bypasses in production systems. A story from Ken on a case where an application only checked that password-reset token was valid, but not tied to an account, allowing for unauthorized password reset of _any_ user account.2022-05-2400 minAbsolute AppSecEpisode 171 - Ruby Deserialization Walkthrough, Domain TakeoversKen and Seth are back to talk about potential of package hijacking based on DNS takeovers due to domain expirations. Ken provides a walkthrough of Ruby Deserialization techniques based on recent news articles.2022-05-1000 minAbsolute AppSecEpisode 167 - Ken Toler - Cryptocurrency, Spring4ShellA pair of Kens. A quick discussion on Spring4Shell and how the exploit takes advantage of Java's dynamic configuration options along with a data binding aka mass assignment vulnerabilities. Ken Toler (@relotnek) joins the show to discus the current web3 security landscape and how security can be involved in cryptocurrency projects. "There is a place for you in crypto" - @relotnek2022-04-0500 min
Ken Johnson FocusUp PodcastHow to use Speaking as a strategy for Management and LeadershipHow to use Speaking as a strategy for Management and Leadership
The Nr. One way to drive performance in your business and generate new customers, is to get in front of people with a powerful message and conviction.
Ken Johnson
I BELIEVE WHEN THE LEADER GETS BETTER EVERYONE GETS BETTER, EXPERIENCE THE FACTOR OF FOCUSUP, AND ACTIVATE THE FACTOR IN YOU. Ken has been leading and managing companies and teams in Germany, recognized as one of the best at what he doe’s, bringing empowering insights and easy-to-understand takeaways you can use to gro...2022-02-2810 min
You Call Those Tactics?Episode 14: BraveheartYou can do it, I'll hold em down! SGT Ken discusses the excellence that is Braveheart, while having to trash the inaccuracies but done so in the loving way that only he can. Next week is the Battle of Sterling Bridge and Falkirk.2021-06-2728 min
You Call Those Tactics?Episode 13: Battle of StalingradSGT Ken dives into the history of the Battle of Stalingrad. 2021-06-2029 min
You Call Those Tactics?Episode 12: Enemy at the GatesSGT Ken is back in the saddle. This time from his temporary place in the Sunshine State. SGT Ken breaks down Enemy at the Gates as a preamble for next week's episode on the Battle of Stalingrad.2021-06-1337 min
You Call Those Tactics?Episode 11: Custer's Last StandSGT Ken pulls a Last Action Hero and jumps into the Real World today with an analysis of The Battle of Little Big Horn. The climactic culmination of the life of a noteworthy Colonel, and the defense of a people led by Sitting Bull. Trying out something new this week. Hope you like it!2021-02-1127 min
You Call Those Tactics?Episode 11: Kingdom of HeavenGod Wills It!!! Today SGT Ken gets medieval on the film. Also SGT Ken discusses a possible future of the show as he thinks of going through real life battles from history to check on the tactics of his predecessors... Email us at youcallthosetactics@gmail.com with your suggestions!
---
This episode is sponsored by
· Anchor: The easiest way to make a podcast. https://anchor.fm/app2021-02-0426 min
You Call Those Tactics?Episode 10: DoomWelcome back friends and fans of the cast. After a long hiatus SGT Ken returns for the amazingly bad Doom. Come and have a hunk of machismo with the BFG!
---
This episode is sponsored by
· Anchor: The easiest way to make a podcast. https://anchor.fm/app2021-01-2822 min
You Call Those Tactics?Episode 9: BasicLive on location for military training SGT Ken talks Basic, the movie about a military training exercise.... Hmmm interesting. azM8Zu4WkbgRhmjXPsZz
---
This episode is sponsored by
· Anchor: The easiest way to make a podcast. https://anchor.fm/app2020-11-0828 min
You Call Those Tactics?Episode 8: PredatorHappy Halloween all, what better way of celebrating this spooky holiday then by watching 6 greased up manly men mow down a jungle in a hail of gunfire. SGT Ken is joined by both Speas brothers John and Adam of the BFOP (Blast From Our Past) fame.
---
This episode is sponsored by
· Anchor: The easiest way to make a podcast. https://anchor.fm/app2020-10-301h 29
You Call Those Tactics?Ep. 7: CommandoLet off some steam Bennet!!! That's right this week's episode is none other than what could be called the most 80s of movies Commando. This week SGT Ken is joined by Adam Speas, or as I call him the other brother of the Blast from our Past Podcast. Prepare some chips for all the cheesy goodness of this review.
---
This episode is sponsored by
· Anchor: The easiest way to make a podcast. https://anchor.fm/app2020-09-271h 21
You Call Those Tactics?Episode 6-Red DawnSGT Ken is joined by an old war buddy Matthew Hickey. Matt and Ken served together in Afghanistan and as such share similar experiences with irregular forces, so what movie would be better to review than Red Dawn!!! Join the guest in reminiscing in this 80s classic of Cold War paranoia.
---
This episode is sponsored by
· Anchor: The easiest way to make a podcast. https://anchor.fm/app2020-09-2059 min
You Call Those Tactics?Episode 5: Under SiegeFor his second guest SGT Ken brings on the progenitor of his name Kenneth Johnson sr. Yes he brought on his father, so it can't possibly go wrong.. SGT Ken and his dad discuss Under Siege. The great Segal movie from 1992.
---
This episode is sponsored by
· Anchor: The easiest way to make a podcast. https://anchor.fm/app2020-09-1931 min
You Call Those Tactics?Episode 4: Black Hawk DownSGT Ken is joined by John Speas from the Blast From Our Past podcast to review the tactics of Black Hawk Down2020-09-062h 11You Call Those Tactics?You Call Those Tactics TrailerSGT Ken introduces you to the podcast. Please like and subscribe us wherever you listen to your podcasts such as Apple Podcast, Google Podcasts, Anchor, and Spotify
---
This episode is sponsored by
· Anchor: The easiest way to make a podcast. https://anchor.fm/app2020-08-3001 min
You Call Those Tactics?Episode 3 Uncommon ValorSGT Ken tackles the 1983 film Uncommon Valor. The 80s were strong with this one.
---
This episode is sponsored by
· Anchor: The easiest way to make a podcast. https://anchor.fm/app2020-08-3026 min
You Call Those Tactics?Episode 2 The PatriotSGT Ken opens this episode by showcasing his reverence for the Film, but even emotional attachment shouldn't keep from analyzing how this film could be inaccurate. Step back in time to the Revolutionary war for some talk on guerrilla tactics vs conventional time period specific.
Please like and follow on Spotify, Breaker, and Anchor.
Send reviews and feedback to youcallthosetactics@gmail.com
---
This episode is sponsored by
· Anchor: The easiest way to make a podcast. https://anchor.fm/app2020-08-2333 min
You Call Those Tactics?You Call Those Tactics Ep 1. The Hurt LockerSergeant Ken tries out this Podcast thing. This is the first episode of the podcast, I outline the flow and go through the magnificent dumpster fire that is the Hurt Locker.
---
This episode is sponsored by
· Anchor: The easiest way to make a podcast. https://anchor.fm/app2020-08-1930 minAbsolute AppSecEpisode 101: Mike McCabe, Ken Toler, Cloud SecuritySeth and Ken are joined by Mike McCabe (@mccabe615) and Ken Toler (@relotnek) to break down their talk on Cloud Security. Discussions revolves around cloud security, but touches legacy systems, application inventory, virtual conferences, and more.2020-06-2300 min
Good GrowingEp. 12 Your Home Gardening Questions Answered with Ken and KatieOn this spring episode of the Good Growing podcast we answer questions we received from Illinois home gardeners. Ken Johnson, horticulture educator, and Katie Parker, local foods & small farms educator, join Chris to answer the following questions:
1. Dealing with squash bugs
2. What to do about landscape fabric and rock mulch
3. Can you garden where a house burned down?
4. Protecting apple trees from spring freezes.
Check out our blog chocked full of articles on home gardening, landscaping, conservation, and so much more! https://extension.illinois.edu/blogs/good-growing
Email us your questions
Chris cenroth@illinois.edu
Ken kjohnso@illinois.edu
Katie...2020-04-1019 minAbsolute AppSecEpisode 88: Kevin Johnson - Secure Ideas, Star Wars, Passing it OnKevin Johnson of Secure Idea joins Seth and Ken in a discussion on his path into security, Star Wars (yes, really), and giving back to the community. This includes passing on teaching, sharing knowledge, and mentoring those that ask for it.2020-03-1700 minAbsolute AppSecEpisode 71: Evan Johnson, Cloudflare and LastpassEric Johnson (@ejcx_), one of the first podcast guests to join Seth and Ken revisits to talk about recent industry revelations, including the Lastpass vulnerability from Google's Project Zero. Further discussions on Cloudflare Access and ranging topics including Coke's 80s lawsuit involving trade secrets.2019-09-1700 minAbsolute AppSecEpisode 56: Learn to Code / Loco Moco Sec RecapSeth and Ken get back together to talk about Loco Moco Sec and recent industry news. Specifically, should all security people be able to code? Is it a strict requirement? Ken gives his take on the talks from LocomocoSec and why we should all be there in 2020.2019-04-2300 minAbsolute AppSecEpisode 49: Subdomain Takeovers, DNS SSRF, Oauth Best Practices, Top 10 Web Hacking Techniques of 2019Seth and Ken talk through subdomain takeovers vulnerabilities at large companies and identification of DNS SSRF. Ken walks through a few oauth best practices. A look at the Portswigger list of Top 10 Web Hacking Techniques of 2018.2019-03-0600 minAbsolute AppSecEpisode 44: AppSec California, running a Bug Bounty program, and David CourseySeth and Ken are joined once again by David Coursey (@dacoursey) to review topics from AppSec California 2019, including building developer relationships and the OWASP ZAP HUD. Ken and Dave answer questions about the time investment required to support a Bug Bounty program. David discusses his role at Allstate.2019-01-3000 minAbsolute AppSecEpisode 33: John MeltonSeth and Ken go over fully vetting functions during code reviews. John Melton (@_jtmelton) talks with Ken and Seth about static analysis tools, building an appsec program, open source, and more.2018-10-0300 minAbsolute AppSecEpisode 32: Eric JohnsonSetup tips for starting an assessment with Burp Suite Professional. Eric Johnson (@emjohn20) talks with Ken and Seth about Roslyn, building Puma Scan, SANS, and more.2018-09-1900 minAbsolute AppSecEpisode 23: Ken TolerKen and Seth are joined by Ken Toler (@relotnek) and talk security champions and security program management.2018-07-1100 minAbsolute AppSecEpisode 4: Evan JohnsonFeaturing Guest Evan Johnson2018-01-3100 minGood GrowingGuest Ken Johnson talks Japanese BeetlesExtension Horticulture Educator, Ken Johnson, sits down with Chris to talk everyones favorite bug to hate, the Japanese beetle.2017-09-0624 min