The AppSec Insiders
Welcome to The AppSec Insiders Podcast. This is a show where we discuss the hottest topics and latest trends in application and cloud security, and tell you what you need to know For those who don’t know who we are, we are all software developers, white-hat hackers, and code security experts. When we’re not recording the podcast, we help organizations of all sizes with their cybersecurity needs. If you’re an AppSec professional looking for an opportunity to work with some of the best in the industry, or a developer with an interest in cybersecurity, be sure to check out our careers page at ForwardSecurity.com/careers We would greatly appreciate it if you subscribed to the podcast wherever you listen to the show, and be sure to follow us on LinkedIn and Twitter at Forward Security. Links are in the show notes. • https://www.ForwardSecurity.com • https://www.linkedin.com/company/fwdsec/mycompany/verification/ • https://twitter.com/fwd_sec
Episodes
In this episode, we sit down with Dwayne McDaniel, Principal Developer Advocate at GitGuardian, to discuss the alarming rise of secret sprawl in 2025. With over 28 million hard-coded secrets leaked on public GitHub last year alone — a 34% increase year-over-year — 2025 is officially the leakiest year on record. We dig into why it's getting worse, how AI coding tools like Claude Code are contributing to the problem, and what de...
In this episode, we explore the emerging security risks of AI and LLMs in modern applications. Iman shares real-world experiences bypassing AI guardrails like LlamaGuard and OpenAI Shield, while the team discusses prompt injection attacks, system prompt exposure, excessive agency vulnerabilities, and data poisoning. Learn about the OWASP Top 10 for LLMs, why AI usage policies are critical, and how attackers are exploiting everythin...
In this episode of The AppSec Insiders Podcast, we dive into two major security stories making headlines: a fake Solidity extension that drained a developer’s crypto wallets, and Google’s AI-powered tool “Big Sleep” uncovering a critical Chrome vulnerability. From malicious packages to AI-driven defenses, we break down what these cases reveal about today’s evolving AppSec landscape.
SQL Injection to RCE: Fortinet's Critical Vulnerability Exposed | The AppSec Insiders Podcast Ep. 17
On this episode of The AppSec Insiders Podcast, we dive into CVE-2025-25257, a Fortinet FortiWeb Fabric Connector SQL injection vulnerability that escalates to RCE. We break down how this exploit works, why it’s so impactful, and what lessons organizations can learn, from proper network segmentation to the importance of SAST in your pipeline.
We also touch on broader trends, from IoT security issues to recurring mistakes in network...
In this episode, we unpack CVE-2025-49596, where prompt injection, CSRF, and localhost access were chained to achieve RCE in the MCP Inspector AI tool. Learn how the exploit worked, what it reveals about LLM security risks, and how to defend against similar threats with sandboxing, access controls, and DevSecOps monitoring.
Welcome to The AppSec Insiders Podcast. This is a show where we discuss the hottest topics and latest trends in application and cloud security, and tell you what you need to know
For those who don’t know who we are, we are all software developers, white-hat hackers, and code security experts. When we’re not recording the podcast, we help organizations of all sizes with their cybersecurity needs.
If you’re an A...
Welcome to The AppSec Insiders Podcast. This is a show where we discuss the hottest topics and latest trends in application and cloud security, and tell you what you need to know
For those who don’t know who we are, we are all software developers, white-hat hackers, and code security experts. When we’re not recording the podcast, we help organizations of all sizes with their cybersecurity needs.
If you’re an A...
In this episode, we discuss 2023 Security Threats & Newcomers Recap
In this episode, we discuss the Flipper Zero and IoT Security.
In this episode, we return to the topic from the previous episodes and continue explore the challenges of testing against the ASVS standard.
In this episode, we explore the challenges of testing against the ASVS standard - Part 3
In this episode, we continue to explore the challenges of testing against the ASVS standard.
In this episode, we sit down with Oscar van der Meer, Founder and CEO of MergeBase to discuss Software Composition Analysis (SCA) and why it is important for supply chain security.
In this episode we explore Azure Security: Raising Alarms and Reducing the Blast Radius.
In this episode we explore AWS SRA (Secure Reference Architecture).
In this episode, we explore the challenges of testing against the ASVS standard.
In this episode, we dive deep into the world of ChatGPT and AI technology. What does this mean for application security?
In this episode, we explore OWASP Top 10 and the potential attacks on the CI/CD (part 1).
In this episode, we continue our discussion about OWASP Top 10 and attacks on the CI/CD pipeline.
Popular Podcasts
If you've ever wanted to know about champagne, satanism, the Stonewall Uprising, chaos theory, LSD, El Nino, true crime and Rosa Parks, then look no further. Josh and Chuck have you covered.
Current and classic episodes, featuring compelling true-crime mysteries, powerful documentaries and in-depth investigations. Follow now to get the latest episodes of Dateline NBC completely free, or subscribe to Dateline Premium for ad-free listening and exclusive bonus content: DatelinePremium.com
The World's Most Dangerous Morning Show, The Breakfast Club, With DJ Envy, Jess Hilarious, And Charlamagne Tha God!
Saskia Inwood woke up one morning, knowing her life would never be the same. The night before, she learned the unimaginable – that the husband she knew in the light of day was a different person after dark. This season unpacks Saskia’s discovery of her husband’s secret life and her fight to bring him to justice. Along the way, we expose a crime that is just coming to light. This is also a story about the myth of the “perfect victim:” who gets believed, who gets doubted, and why. We follow Saskia as she works to reclaim her body, her voice, and her life. If you would like to reach out to the Betrayal Team, email us at betrayalpod@gmail.com. Follow us on Instagram @betrayalpod and @glasspodcasts. Please join our Substack for additional exclusive content, curated book recommendations, and community discussions. Sign up FREE by clicking this link Beyond Betrayal Substack. Join our community dedicated to truth, resilience, and healing. Your voice matters! Be a part of our Betrayal journey on Substack.
The official podcast of comedian Joe Rogan.