Absolute AppSec

And check out Coffee, Chaos & ProdSec podcast, finding them on your preferred listening platforms here: linktr.ee/coffeechaospro…

For today's livestream, you can join us here: youtube.com/watch?v=yRckee…

Coming up at 12 Noon Eastern, @sethlaw & @cktricky engage in a podcast exchange w/ Kurt Hendle & Cameron Walters butts up against multiversal time. This livestream is either a prequel or sequel, depending on how you situate tomorrow's recorded Coffee, Chaos & Prodsec episode.

@_kernelcon_ Quick hit discussion on this link is that browser development is hard, and some AI companies aren't specialists in getting security right first: techradar.com/pro/security/t…

@_kernelcon_ Discussing the risks going forward of code-generation increasing at such high rates of speed with immature guardrails, both Ken and Seth are predicting some interesting times if we push the timeline out a year or so. Expect more of this type of exposure: trufflesecurity.com/blog/google-ap…

Today on Absolute AppSec, @cktricky and @sethlaw talk about Google tokens in the news, stealing creds from ai browsers, and more. Will we also learn that, like death and taxes, AppSec will always be with us? Tune in here to see at 12 Noon ET: youtube.com/watch?v=y7Cl46…

@_kernelcon_ Ken discusses his view on the gap between security offerings in fact versus the business hype currently roiling markets. He's leading a webinar tomorrow with @jcran that could provide more of a technical perspective on what IRL security reviews: dryrun.security/webinar/securi…

@_kernelcon_ Talking through news from claude code security's release and its consequent effect on appsec stocks, Seth argues that the reaction reflects a misapprehension from orgs that AppSec was comprised mainly of SAST, DAST, and SCA tooling. It's actually much more.

Good morning, all! We got an episode of Absolute AppSec with @cktricky and @sethlaw stirring. Lots of appsecky news happening, but expect we'll cover new browser protections, our course highlights, & top-10 web hacking lists via portswigger. Link here: youtube.com/watch?v=ddz_Pi…

Seth and Ken are running now! Seth highlights several of the courses being offered right now: training.absoluteappsec.com has the full list.

If you have questions or comments for Seth and Ken, join the Absolute AppSec slack here: join.slack.com/t/absoluteapps…

Did you give that special agent in your life a V-day filled with tokens and still feel like it’s not giving you what you need? Or are you trying to make sense of @PortSwigger's Web Hacking Technique list? Maybe you should check out insights from @cktricky and @sethlaw

Ken (@cktricky) shares that there is a co-sponsored Happy Hour event (thanks @dryrunsec, @redpointsec, and @RADSecurity_) taking place on the first day of RSA. If you'll be there, snag an invite here: luma.com/9q3gdatj

Ken and Seth are running now, they go over the fairly busy upcoming conference and training schedule. A compendium of training options can be seen here: training.absoluteappsec.com

Today on the podcast, @cktricky and @sethlaw look at a range of new tooling springing up. Can Trappsec's API deception tool, mongoDB’s kingfisher, praetorian’s Augustus, inter alia help solve today's emergent AI-AppSec issues? Starting at 12 Noon ET here: youtube.com/watch?v=nSgG_8…

@_kernelcon_ Ken announces that @dryrunsec is launching their DeepScan agent, which provides a high-signal review of entire repositories, (not limited to PRs). If you'd like to try it on your own codebase, request a demo now b/c this will be waitlisted based on demand: dryrun.security/blog/announcin…

@_kernelcon_ Also, watch out for DEFCON Singapore's Harnessing LLMs for AppSec training. Registration for that is here: training.defcon.org/collections/si…

Good morning, all! Are you looking to soothe your woes given recent Groundhog-shaped disappointments? Well, we may have the right emollient for you. @cktricky and @sethlaw are cooking up a show discussing appsec skills, Moltbook/OpenClaw news, updates to the LLM course, & more.