Absolute AppSec

By: Ken Johnson and Seth Law
Listen for free

  • Summary

  • A weekly podcast of all things application security related. Hosted by Ken Johnson and Seth Law.
    Show more Show less
Show more Show less
Episodes
  • Episode 283 - Intentionally-Vulnerable MCP Server, Hallucinating Software Packages

    Episode 283 - Intentionally-Vulnerable MCP Server, Hallucinating Software Packages
    Apr 22 2025
    Ok, so vulnerable MCP tools are a thing now? Ken demonstrates installing and running an intentionally vulnerable MCP server with a bunch of example issues. Following is a discussion of the recent article and research around hallucinations of 3rd party dependencies/libraries in AI-Generated Python and JavaScript. New attack targets all dependent on how creative the LLM is allowed to be. A short aside on why we talk about AI and LLMs so much.
    Show more Show less
    Less than 1 minute
  • Episode 282 - Model Context Protocol, A2A, NHI Authentication

    Episode 282 - Model Context Protocol, A2A, NHI Authentication
    Apr 15 2025
    It is time to talk about Model Context Protocol (MCP), Google's Agent 2 Agent specification, and get back to the crocs and socks of authentication for Non-Human Identities (NHIs). MCP servers have exploded over the last few weeks and provide a standard mechanism for LLMs to interact with pretty much _anything_. Seth and Ken talk about the risks, exposures, and where things could go from here.
    Show more Show less
    Less than 1 minute
  • Episode 281 - Signing Models, Vibe Coding, GitHub Action Abuse

    Episode 281 - Signing Models, Vibe Coding, GitHub Action Abuse
    Apr 8 2025
    The duo are back for a discussion on securing machine learning models using Sigstore, based on a recent blog post from Google Security. Followed by some spicy takes on opinions on vibe coding and its effects on application and product security. Finally, short-lived tokens used to exploit RCE against the GitHub CodeQL Action.
    Show more Show less
    Less than 1 minute
adbl_web_global_use_to_activate_webcro768_stickypopup

What listeners say about Absolute AppSec

Average customer ratings

Reviews - Please select the tabs below to change the source of reviews.

Audible.com reviews

Amazon reviews
No Reviews are Available