Where can I listen to this podcast?

This podcast is available on 10 platforms including Apple Podcasts, Spotify, and more. You can also use the RSS feed directly.

Does this podcast accept guests?

Yes, this podcast regularly features guests.

Absolute AppSec

Claim This Podcast

by Ken Johnson and Seth Law

4.9(27 reviews)

324 episodes

Updated Weekly

Accepts GuestsHas SponsorsLocation 🇺🇸

Podcast Overview

A weekly podcast of all things application security related. Hosted by Ken Johnson and Seth Law.

Language

🇺🇲

Publishing Since

1/10/2018

Visit Website View on Apple Podcasts RSS Feed

1 verified contact email on file for Absolute AppSec

Pitch yourself as a guest, propose sponsorships, or reach out directly to the host.

See contact details

Recent Episodes

June 16, 2026

Episode 324 - Three Week Trap, Malicious Extensions

Co-hosts Ken Johnson and Seth Law discuss AI security model limitations, the "three-week demo trap," and bypassing Visual Studio Code extension blocks, offering insights into modern supply chain threats.

June 9, 2026

Episode 323 - Secrets Logs, Prompt Injection Risks

Co-hosts Ken Johnson and Seth Law interview industry experts on application security vulnerabilities, secrets leaking into logs, and the inherent risks of prompt injection in generative AI systems.

May 26, 2026

Episode 322 - Megalodon, Staged Package Publishing, AI Powered Honeypots

In episode 322, the co-hosts examine critical vulnerabilities, changing security standards, and adaptive defense mechanisms. They deep dive into the recent "Megalodon" breach, identifying it as a direct poisoned pipeline execution attack. Rather than exposing a flaw inside GitHub itself , researchers at Hudson Rock traced the root cause to credentials stolen from developer desktops via infostealer malware, which allowed attackers to push base64-encoded payloads into GitHub Actions workflow YAML files. To counter these types of automated supply chain threats, the hosts praise NPM's newly released "staged publishing" pipeline, which mandates two-factor authentication from human maintainers before releasing packages pushed by automated CI/CD workflows. Shifting to framework flaws, they highlight a catastrophic, vanilla SQL injection flaw discovered in GoCMS during active exploitation. Finally, the duo reviews the emergence of AI-powered honeypots highlighted Talos Intelligence. They conclude that turning the tables on attackers by utilizing LLM-driven "hall of mirrors" environments to impersonate real systems represents an innovative, under-explored AppSec strategy designed to drain attacker resources and trigger high token costs.

324 total episodes available with 2 transcripts

Similar Podcasts

Discover related shows you might enjoy

Coffee, Chaos and ProdSec

Cameron Walters and Kurt Hendle

The Application Security Podcast

Chris Romeo and Robert Hurlbut

Risky Business

Risky Business Media

Cybersecurity Today

Jim Love

SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

Johannes B. Ullrich

Prof G Markets

Vox Media Podcast Network

The Athletic NBA Show

The Athletic

Application Security Weekly (Audio)

Mike Shema

CyberWire Daily

N2K Networks

Good Inside with Dr. Becky

Good Inside

Theology in the Raw

Better Offline

Cool Zone Media and iHeartPodcasts

Darknet Diaries

Jack Rhysider

The AI Breakdown: Daily Artificial Intelligence News and Discussions

Nathaniel Whittemore

Security Now (Audio)

TWiT

Deep-dive analytics for Absolute AppSec

Frequently asked questions

Have a different question and can't find the answer you're looking for? Reach out to our support team by sending us an email and we'll get back to you as soon as we can.

What is Absolute AppSec?: A weekly podcast of all things application security related. Hosted by Ken Johnson and Seth Law.
How often does this podcast release new episodes?: This podcast updates weekly.
Where can I listen to this podcast?: This podcast is available on 10 platforms including Apple Podcasts, Spotify, and more. You can also use the RSS feed directly.
Does this podcast accept guests?: Yes, this podcast regularly features guests.

Legal Disclaimer

Pod Engine is not affiliated with, endorsed by, or officially connected with any of the podcasts displayed on this platform. We operate independently as a podcast discovery and analytics service.

All podcast artwork, thumbnails, and content displayed on this page are the property of their respective owners and are protected by applicable copyright laws. This includes, but is not limited to, podcast cover art, episode artwork, show descriptions, episode titles, transcripts, audio snippets, and any other content originating from the podcast creators or their licensors.

We display this content under fair use principles and/or implied license for the purpose of podcast discovery, information, and commentary. We make no claim of ownership over any podcast content, artwork, or related materials shown on this platform. All trademarks, service marks, and trade names are the property of their respective owners.

While we strive to ensure all content usage is properly authorized, if you are a rights holder and believe your content is being used inappropriately or without proper authorization, please contact us immediately at hey@podengine.ai for prompt review and appropriate action, which may include content removal or proper attribution.

By accessing and using this platform, you acknowledge and agree to respect all applicable copyright laws and intellectual property rights of content owners. Any unauthorized reproduction, distribution, or commercial use of the content displayed on this platform is strictly prohibited.