AppSec Serialized by Invicti

The cybersecurity podcast about application security and those who practice it. Hosted by tech industry veterans Frank Catucci and Dan Murphy, AppSec Serialized by Invicti puts a new spin on the ”two guys talking” format by starting each episode with a security-themed fiction story in the style of old-time radio shows. Each episode focuses on a specific area of cybersecurity, with the hosts and their guests sharing their practitioners’ experiences and opinions, sprinkled liberally with a solid dose of humor and anecdotes.

Listen on:

  • Apple Podcasts
  • Podbean App
  • Spotify
  • Amazon Music
  • iHeartRadio
  • PlayerFM
  • Listen Notes
  • Podchaser
  • BoomPlay

Episodes

Hot Cross-Site Fun

Tuesday Sep 10, 2024

Tuesday Sep 10, 2024

Cross-site scripting (XSS) is one of the oldest web vulnerability types and still a very real threat.
In this episode, Frank Catucci and Dan Murphy talk about the origins of cross-site scripting, some high-profile attacks, and best practices to test for and also prevent XSS in applications. In the fiction segment, Mallory the hacker uses XSS to inject script into an old and vulnerable leaderboard server—but she has to work hard to get around the WAF first.

Thursday Oct 24, 2024

Knowing what sites, apps, and APIs you’re exposing to the Internet is crucial for determining your realistic risk level and making accurate security decisions.
In this episode, Frank Catucci and Dan Murphy are joined by special guest Bogdan Calin, Principal Security Researcher at Invicti, to talk about ways of determining an organization’s web attack surface and the resulting risk level. In particular, they discuss the pro and cons of various AI and ML approaches to this problem and go deeper into the workings of the pioneering Predictive Risk Scoring feature that Bogdan helped design and build.
In the fiction segment, it’s Bob the CISO’s first day at a new company and from the first cursory check, he’s worried that the org is exposing a lot more that it should be. A call with Alice the head developer does nothing to put his mind at ease—quite the opposite...

APIs Wide Open

Tuesday Nov 19, 2024

Tuesday Nov 19, 2024

APIs are the secret door through which so many application attacks are executed in recent years. Compared to graphical user interfaces, they are far easier to build and deploy but far harder to test and secure, making API security a top concern.
In this episode, Frank Catucci and Dan Murphy dive into the world of API security, discussing high-profile breaches and looking at ways to discover and test the API part of your web applications. In the fiction segment, Mallory the hacker finds a shadow API being exposed by MegaHelix Corp.

Another Code Brick in the Wall

Tuesday Dec 17, 2024

Tuesday Dec 17, 2024

Software supply-chain security is one aspect of cybersecurity that affects every sizable application out there and also every organization that uses web apps and APIs. Application frameworks and libraries make up much of the running code base of modern software—and it only takes one vulnerable or compromised component to create a critical security gap.
In this episode, Frank Catucci and Dan Murphy go into supply-chain security and look at several high-profile breaches caused by insecure components and dependencies. In the fiction segment, Alice the head dev realizes that vulnerable library the CISO is asking about is used in lots and lots of places...

CISO on the Seesaw

Tuesday Jan 21, 2025

Tuesday Jan 21, 2025

The role of Chief Information Security Officer, or CISO, is crucial for any sizable organization yet often misunderstood as purely a compliance paperwork post. In reality, CISOs have to balance multiple aspects of information security to minimize risk, ensure timely incident response, maintain compliance, and more—all with finite resources and competing priorities.
In this episode, Frank Catucci and Dan Murphy talk to a real-life CISO, Invicti’s own Matthew Sciberras, discussing the balancing skills required to define and apply application security policies with limited resources. In the story segment, Alice the head dev realizes her cherished new project will be delayed due to vulnerabilities—if only she had scanned earlier…

AppSec Tech Below the Deck

Tuesday Feb 25, 2025

Tuesday Feb 25, 2025

Application security engineers connect security to engineering in more ways than one. Without their efforts, skills, and tools, even the best-laid application security policies and programs would remain mere CISO wishlists. 
In this episode, Invicti’s Frank Catucci and Dan Murphy talk to application security engineer Paul Good to learn what a day in the life of an AppSec guy looks like when you need to balance internal and external security needs. In the story segment, Mallory the hacker realizes that vulnerabilities are not given once and for all—because while you’re probing a gap, someone might already be fixing it…

Image

Visit the home of AppSec Serialized!

For full episode transcripts and other bonus content, check out the AppSec Serialized site: https://www.invicti.com/podcasts/ 

Copyright 2024 Invicti Security. All rights reserved.

Podcast Powered By Podbean

Version: 20241125