Checking in on the State of Appsec in 2025 - Sandy Carielli, Janet Worthington - ASW #338

Update: 2025-07-08

Description

Appsec still deals with ancient vulns like SQL injection and XSS. And now LLMs are generating code along side humans. Sandy Carielli and Janet Worthington join us once again to discuss what all this new code means for appsec practices. On a positive note, the prevalence of those ancient vulns seems to be diminishing, but the rising use of LLMs is expanding a new (but not very different) attack surface. We look at where orgs are investing in appsec, who appsec teams are collaborating with, and whether we need security awareness training for LLMs.

Resources:

https://www.forrester.com/blogs/application-security-2025-yes-ai-just-made-it-harder-to-do-this-right/

Show Notes: https://securityweekly.com/asw-338

Comments

In Channel

Design Errors in Entra ID, Design Defenses in iOS, Design Difficulties in DeepSeek - ASW #349

2025-09-2358:43

How OWASP's GenAI Security Project keeps up with the pace of AI/Agentic changes - Scott Clinton - ASW #348

2025-09-1601:08:00

Limitations and Liabilities of LLM Coding - Ted Shorter, Seemant Sehgal - ASW #347

2025-09-0901:17:09

AI, APIs, and the Next Cyber Battleground: Black Hat 2025 - Michael Callahan, Idan Plotnik, Josh Lemos, Chris Boehm - ASW #346

2025-09-0201:08:11

Translating Security Regulations into Secure Projects - Emily Fox, Roman Zhukov - ASW #345

2025-08-2601:13:31

Managing the Minimization of a Container Attack Surface - Neil Carpenter - ASW #344

2025-08-1901:08:17

The Future of Supply Chain Security - Janet Worthington - ASW #343

2025-08-1242:13

Uniting software development and application security - Jonathan Schneider, Will Vandevanter - ASW #342

2025-08-0558:07

How Product-Led Security Leads to Paved Roads - Julia Knecht - ASW #341

2025-07-2901:04:11

Rise of Compromised LLMs - Sohrob Kazerounian - ASW #340

2025-07-2201:06:35

Getting Started with Security Basics on the Way to Finding a Specialization - ASW #339

2025-07-1501:07:50

Checking in on the State of Appsec in 2025 - Sandy Carielli, Janet Worthington - ASW #338

2025-07-0801:07:15

Simple Patterns for Complex Secure Code Reviews - Louis Nyffenegger - ASW #337

2025-07-0138:26

How Fuzzing Barcodes Raises the Bar for Secure Code - Artur Cygan - ASW #336

2025-06-2401:01:18

Threat Modeling With Good Questions and Without Checklists - Farshad Abasi - ASW #335

2025-06-1701:08:00

Bringing CISA's Secure by Design Principles to OT Systems - Matthew Rogers - ASW #334

2025-06-1001:09:09

AIs, MCPs, and the Acutal Work that LLMs Are Generating - ASW #333

2025-06-0339:06

AI in AppSec: Agentic Tools, Vibe Coding Risks & Securing Non-Human Identities - Mo Aboul-Magd, Brian Fox, Mark Lambert, Shahar Man - ASW #332

2025-05-2701:04:35

Appsec News & Interviews from RSAC on Identity and AI - Charlotte Wylie, Rami Saas - ASW #331

2025-05-2001:01:48

Secure Code Reviews, LLM Coding Assistants, and Trusting Code - Rey Bango, Karim Toubba, Gal Elbaz - ASW #330

2025-05-1301:09:38

00:00

1.0x

Checking in on the State of Appsec in 2025 - Sandy Carielli, Janet Worthington - ASW #338

#box-pro-ellipsis-175886374547085{-webkit-line-clamp:2;}Checking in on the State of Appsec in 2025 - Sandy Carielli, Janet Worthington - ASW #338

Checking in on the State of Appsec in 2025 - Sandy Carielli, Janet Worthington - ASW #338

Checking in on the State of Appsec in 2025 - Sandy Carielli, Janet Worthington - ASW #338