A weekly podcast of all things application security related. Hosted by Ken Johnson and Seth Law.

Weitere Episoden von „Absolute AppSec“

  • Absolute AppSec podcast

    Episode 325 - Simplified Threat Modeling, Defining A Vulnerability

    30.6.2026

    In episode 325 of Absolute AppSec, co-hosts Ken Johnson and Seth Law first break down an informal guide to threat modeling, arguing that overly prescriptive frameworks like STRIDE induce a heavy cognitive load on developers. Instead, they advocate for simplified, creative questions to expose architectural gaps, citing a historical GitHub planning flaw where private repository images were left exposed on S3 by relying solely on URL obfuscation. They warn that while rapid development in 2026 pushes toward automated lifecycles, human oversight, critical logging, and constructive friction remain essential. Next, they dissect a research paper exploring the philosophical definition of a vulnerability, framing it as a system disposition arising from a fault that manifests as a failure only when environmental and attacker conditions are jointly met. This definition sparks a debate on whether a flaw must carry immediate risk to qualify as a vulnerability, particularly when evaluating modern AI challenges like system prompt disclosures or exposed deprecated API paths.

Hol dir die ganze Welt der Podcasts mit der kostenlosen GetPodcast App.

Abonniere alle deine Lieblingspodcasts, höre Episoden auch offline und erhalte passende Empfehlungen für Podcasts, die dich wirklich interessieren.

iOS buttonAndroid button
  • Datenschutz
  • Impressum
  • Deutschland
© radio.de GmbH 2026radio.net logo
Ein Unternehmen vonMADSACK