OAuth 2.0 from Protecting APIs to Supporting Authorization & Authentication - Aaron Parecki - ASW #289 | Security Weekly Podcast Network (Audio) Podcast

OAuth 2.0 from Protecting APIs to Supporting Authorization & Authentication - Aaron Parecki - ASW #289: OAuth 2.0 is more than just a single spec and it's used to protect more than just APIs. We talk about challenges in maintaining a spec over a decade of changing technologies and new threat models. Not only can OAuth be challenging to secure by... by Security Weekly Podcast Network (Video)

37 min listen

OAuth 2.0 from Protecting APIs to Supporting Authorization & Authentication - Aaron Parecki - ASW #289: OAuth 2.0 is more than just a single spec and it's used to protect more than just APIs. We talk about challenges in maintaining a spec over a decade of changing technologies and new threat models. Not only can OAuth be challenging to secure by... by Application Security Weekly (Video)

37 min listen

Always Interesting - ASW #143: This week, we welcome John Morello, VP of Product at Palo Alto Networks, joins us to talk about Cloud Native Security Platforms! Modern appsec demonstrates the importance of a cloud native strategy for enterprise security and how much that strategy... by Security Weekly Podcast Network (Audio)

62 min listen

Securing your APIs using OAuth - Dan Moore - ASW #225: This segment will discuss options for protecting your APIs. First, why protect them? Second, what are the options and the tradeoffs. Segment Resources: - - - - - - - - Visit for all the latest episodes! Show Notes: by Security Weekly Podcast Network (Video)

42 min listen

Securing your APIs using OAuth - Dan Moore - ASW #225: This segment will discuss options for protecting your APIs. First, why protect them? Second, what are the options and the tradeoffs. Segment Resources: - - - - - - - - Visit for all the latest episodes! Show Notes: by Application Security Weekly (Video)

42 min listen

LLM Security and Privacy by The Cloudcast

26 min listen

ASW #225 - Dan Moore: Exposed secrets from CircleCI, web hackers target the auto industry, $100K bounty for making Google smart speakers listen, inspiration from Office Space, AWS making better defaults for S3, resources for learning Rust This segment will discuss... by Security Weekly Podcast Network (Audio)

80 min listen

Making Service Meshes Work for People - Idit Levine - ASW #267: Service meshes create the opportunity to make security a team sport. They can improve observability and service identity. Turning monoliths into micro services sounds appealing, but maybe not every monolith needs to be broken up. We'll also talk about... by Security Weekly Podcast Network (Audio)

78 min listen

ASW #231 - Neatsun Ziv: In this episode, Neatsun Ziv, co-founder and CEO of Ox security takes a deep dive into supply chain security. He focuses on the new Open Software Supply Chain Attack Reference (OSC&R), a consortium of leading cybersecurity leaders. OSC&R the... by Security Weekly Podcast Network (Audio)

80 min listen

Delivering On the Promise of Application Security - Ankur Shah - ASW #150: While the vision for app security is relatively clear, executing on that vision is still somewhat of a work in progress. Fast-moving, interdependent pieces—custom code and open source packages, infrastructure and network configurations, user... by Security Weekly Podcast Network (Video)

36 min listen

Delivering On the Promise of Application Security - Ankur Shah - ASW #150: While the vision for app security is relatively clear, executing on that vision is still somewhat of a work in progress. Fast-moving, interdependent pieces—custom code and open source packages, infrastructure and network configurations, user... by Application Security Weekly (Video)

36 min listen

OAuth, WebAuthn, & The Impact of Design Choices - Dan Moore - ASW #260: We return to discussions of OAuth and all sorts of authentication. This time around we're looking at the design of authentication protocols, the kinds of trade-offs they weigh for adoption and security, and how a standard evolves over time to keep... by Security Weekly Podcast Network (Audio)

78 min listen

How Security Tools Must Evolve - Dan Kuykendall - ASW #261: The categories of security tools that we're most familiar with have struggled to keep up with how modern apps are designed and what modern devs need. What if instead of being beholden to categories, we created tools that solved problems devs have... by Security Weekly Podcast Network (Audio)

87 min listen

All the News - Just Six Months Later - Application Security Weekly #265: We cover appsec news on a weekly basis, but sometimes that news is merely about the start of a new project, sometimes it's yet another example of a vuln class, and sometimes it's a topic we hope doesn't become a trend. So, what themes have we seen and... by Security Weekly Podcast Network (Audio)

70 min listen

Building a Scanner and a Community with Zed Attack Proxy - Simon Bennetts - ASW #254: Zed Attack Proxy is an essential tool for web app pentesting. The project just recently moved from OWASP to the Secure Software Project. Hear about the challenges of running an OSS security project, why Simon got involved in the first place, and why... by Security Weekly Podcast Network (Audio)

73 min listen

ASW #203 - Farshad Abasi: This week in the AppSec News: Apple introduces Lockdown Mode, PyPI hits 2FA trouble, cataloging cloud vulns, practical attacks on ML, NIST's post-quantum algorithms, & more! Appsec starts with the premise that we need to build secure code,... by Security Weekly Podcast Network (Audio)

70 min listen

ASW #207 - Chen Gour Arie: In today's high-tech industries, security is struggling to keep up with rapidly changing production systems and the chaos that agile development introduces into workflows. Application security (AppSec) teams are fighting an uphill battle to gain... by Security Weekly Podcast Network (Audio)

78 min listen

ASW #229 - Nick Selby: Organizations spend hundreds of work hours to build applications and services that will benefit customers and employees alike. Whether the application/service is externally facing or for internal use only, it is mandatory to identify and understand... by Security Weekly Podcast Network (Audio)

81 min listen

Episode 154: ZK for authentication with Nolan and Locke from NuID: In this week’s episode, Anna spoke with Nolan Smith and Locke Brown, co-founders at NuID - a zero knowledge authentication solution. They explore the use-case of zero knowledge powered password management and how this relates to Identity. by Zero Knowledge

53 min listen

How Can Security Be Smart About Using AI? - Jeff Pollard - ASW #253: We go deep on LLMs and generative AIs to shine a light on areas that security leaders should focus on. There are technical concerns like prompt injection and access controls, and privacy concerns in training and usage. But there are also areas where... by Security Weekly Podcast Network (Video)

39 min listen

How Can Security Be Smart About Using AI? - Jeff Pollard - ASW #253: We go deep on LLMs and generative AIs to shine a light on areas that security leaders should focus on. There are technical concerns like prompt injection and access controls, and privacy concerns in training and usage. But there are also areas where... by Application Security Weekly (Video)

39 min listen

Data Integrity Lights the Way: Security With the Decentralized Web - Davi Ottenheimer - PSW #753: There's a lot of worry about "fakes" especially in a world rapidly adopting AI/ML, so it's time for solutions. "Solid" is the W3C open standard, extending HTTPS, to upgrade the Web with security paradigms that solve for data integrity. Distributed... by Security Weekly Podcast Network (Video)

71 min listen

Starting with Appsec -- Is It More of a Position or a Process? - ASW #264: This year we've talked about vulns, clouds, breaches, presentations, and all the variations of Dev, Sec, and Ops. As we end the year, let's talk about starting things -- like starting an appsec program or an appsec career. But is there still a need... by Security Weekly Podcast Network (Audio)

74 min listen

Drink Our Own Champagne - ASW #157: In the AppSec news, a password manager makes predictable mistakes, Trusted Types terminate DOM XSS, waking up from PrintNightmare, understanding hardware fault injections. The truth is, most web app and API security tools were designed for a... by Security Weekly Podcast Network (Audio)

73 min listen

Inside the OWASP Top 10 for LLM Applications - Sandy Dunn, Mike Fey, Josh Lemos - ASW #285: Everyone is interested in generative AIs and LLMs, and everyone is looking for use cases and apps to apply them to. Just as the early days of the web inspired the original OWASP Top 10 over 20 years ago, the experimentation and adoption of LLMs has... by Security Weekly Podcast Network (Audio)

67 min listen

ASW #222 - Aviv Grafi: Android platform certs leaked, SQL injection to leaked credentials to cross-tenant access in IBM's Cloud Database, hacking cars through web-based APIs, technical and social considerations when getting into bug bounties, a brief note on memory safety... by Security Weekly Podcast Network (Audio)

81 min listen

Leveraging AI & The Role Identity Plays - BSW #350: AI is more than just a buzzword. Done right, AI can improve decision making and scale your identity security platform to manage every identity, human and machine, physical and digital. Learn about how Saviynt’s #1 Identity Security platform is... by Security Weekly Podcast Network (Video)

34 min listen

ASW #188 - Farshad Abasi: Cybersecurity is a large and often complex domain, traditionally focused on the infrastructure and general information security, with little or no attention to Application Security. Security providers usually tack-on AppSec services to their existing... by Security Weekly Podcast Network (Audio)

76 min listen

ASW #223 - Jeevan Singh: FreeBSD joins the ping of death list, exploiting a SQL injection through JSON manipulation, Apple's design for iCloud encryption, attacks against machine learning systems and AIs like ChatGPT Threat modeling is an important part of a security... by Security Weekly Podcast Network (Audio)

81 min listen

OT Security - Huxley Barbee - ASW #259: It's no surprise that OT security has fared poorly over the last 30+ years. To many appsec folks, these systems have uncommon programming languages, unfamiliar hardware, and brittle networking stacks. They also tend to have different threat scenarios.... by Security Weekly Podcast Network (Audio)

79 min listen

Discover this podcast and so much more

OAuth 2.0 from Protecting APIs to Supporting Authorization & Authentication - Aaron Parecki - ASW #289

OAuth 2.0 from Protecting APIs to Supporting Authorization & Authentication - Aaron Parecki - ASW #289

Description

Titles in the series (100)

More Episodes from Security Weekly Podcast Network (Audio)

Related podcast episodes