We're rolling now! The Practical Secure-Code Review course is being offered virtually on July 17-18th this month. Register now for one of the remaining spots at

We're starting up any minute now with Sean Varga. Among the things we're discussing is the reality that AppSec sales increasingly requires levels of security expertise. The livestream link is here:

We wanted to keep you all aware of the episode we have with Sean Varga from Cycode. We're time-shifting this a bit due to schedules, so tune in tomorrow at 11:30 AM Eastern. We're discussing Sean's proposal for a "OWASP Top Ten of AppSec Sales":.

@AppSec_Village @shehackspurple @Jhaddix First article for discussion, is highlighted by @sethlaw. Authentication fatigue, Is there a pill for that? More details here from Twilio's Anurag Dodeja:

Big announcement! The @AppSec_Village at DEFCON will be hosting our "State of (absolute) AppSec" panel! Joining Seth and Ken for that panel are @shehackspurple and @Jhaddix!.

Seth and Ken will be at DEFCON offering in-person training of the Harnessing LLMs for AppSec course (which is always being updated with the latest tools and tricks that seth and ken discover in their day-to-day work). More info and registration here:

Annoucements! Be aware that the virtual practical secure-code review course will be offered July 17th-18th. To register or find our more, visit the site.

Good July day to all our friends! This is a heads up that @cktricky and @sethlaw are going live now any moment for another dive into the fascinating world of appsec. Join us at the following link here:

@sethlaw Stefan points out that some vulnerabilities within a report could be more deserving of org attention due to important context. He brings up as a good check for such considerations.

@sethlaw We're diving into CVSS vs CWSS, how it's used (or effectively not) within organizations.

@sethlaw Also, be aware that Seth and Ken are bringing a special in-depth version to DEFCON training this year. More information on that course can be found here:

We're rolling now! @sethlaw reminds that Seth and Ken are running a virtual Practical Secure-Code Review training that enhanced with AI tooling on July 17th and 18th. Visit to sign up or learn more information.

Oops! We meant to say 3:30 ET! You haven't missed the bulk of the show if you had concerns that was the case. Sorry about any confusions.

Due to some travel logistics, we've sadly missed out on @cktricky today, so we're running an afternoon podcast at 2:30PM ET/12:30 Mountain with @lojikil heroically filling in to discuss the latest appsec things with @sethlaw. Tune in here:

@sethlaw @MaikaThoughts Seth shares an article on a browser edge case: He emphasises the need to think through the security implications of new features.

@sethlaw For the first topic, Seth and Ken have been discussing what is changing with AI capabilities. There is more uncertainty than the two remember over the course of their time in the industry. This article from @maikathoughts is prompting discussion:

@sethlaw Also be aware that an in-depth version of Seth and Ken's new Harnessing LLMs for AppSec course will be offered at DEFCON. For registration, more information, check out the link here:

We're rolling now! @sethlaw reminds that Seth and Ken are offering some trainings upcoming, and provides a bit of context to the Practical Secure-Code Review course that has evolved with the industry over the last 8 years or so. Visit for more.

Hello all, @cktricky and @sethlaw are back on this fine day. We'll be covering a few things, including discussing what new AI abilities means for redteaming, pentesting, and other security jobs. Is it simple benign help or will it be replacing human work?.

And jump into the absolute appsec slack channel if you have any questions for Hayden today: