Application Security Weekly Subscribe

Application security, Supply chain, AI/ML

Appsec Predictions for 2025 – Cody Scott – ASW #314

January 21, 2025

Full Audio

View Show Index

Segments

1. Appsec Predictions for 2025 – Cody Scott – ASW #314

What’s in store for appsec in 2025? Sure, there'll be some XSS and SQL injection, but what about trends that might influence how appsec teams plan? Cody Scott shares five cybersecurity and privacy predictions and we take a deep dive into three of them. We talk about finding value to appsec from AI, why IoT and OT need both programmatic and technical changes, and what the implications of the next XZ Utils attack might be.

Segment resources:

https://www.forrester.com/blogs/predictions-2025-cybersecurity-risk-privacy/

Announcements

Paul's Security Weekly has been nominated for a SANs Difference Maker Award for Podcast, Livestream, or Video Series of the year! Thank you to all of our listeners for helping us continue this podcast for the past 19 years! We would appreciate it if you'd vote for us before October 4th by visiting https://securityweekly.com/DMA
Want to shape the future of identity? Identiverse 2025 is looking for dynamic speakers like you to share groundbreaking ideas with over 3,000 identity and access management leaders. Join the most influential voices in IAM and help drive innovation in our industry. Submit your presentation proposal today at securityweekly.com/idvcfp

Guest

Senior Analyst at Forrester

Cody is a senior analyst at Forrester serving security and risk professionals. He covers cyber risk management with a focus on cyber risk quantification, enterprise risk management, and governance, risk, and compliance. In this role, Cody helps Forrester clients tailor and implement effective risk management strategies, processes, and technologies that innovate their security programs, strengthen operational resilience, and deliver business value.

Cody has 10 years of experience in the security field leading complex projects, building high-performing teams, and transforming cybersecurity and privacy programs. Prior to Forrester, Cody served as the first chief cybersecurity risk officer of the National Aeronautics and Space Administration (NASA), where he led a team focused on building a world-class cyber risk and resilience program. Before joining the civil service, Cody worked as a consultant supporting technology projects and programs across the US Department of Homeland Security, the Transportation Security Administration, and NASA. He has been a featured speaker at leading conferences, including RSA Conference, FAIRCON, and DOE CyberCon.

Hosts

Tech Lead at Block

Adrian Sanabria

Principal Researcher at The Defenders Initiative

https://adriansanabria.com

Application Security Engineer at Zipline

Related

Application security

New SLAP & FLOP Attacks, OCSP Fades Away, DeepSeek’s ClickHouse, OAuth 2.0 Security – ASW #316

February 4, 2025

Speculative data flow attacks demonstrated against Apple chips with SLAP and FLOP, the design and implementation choices that led to OCSP's demise, an appsec angle on AI, updating the threat model and recommendations for implementing OAuth 2.0, and more!

Application security

Threat Modeling That Helps the Business – Sandy Carielli, Akira Brand – ASW #316

February 4, 2025

Threat modeling has been in the appsec toolbox for decades. But it hasn't always been used and it hasn't always been useful. Sandy Carielli shares what she's learned from talking to orgs about what's been successful, and what's failed, when they've approached this practice. Akira Brand joins to talk about her direct experience with building threat ...

Application security

Opengrep & Semgrep, Hacking Subarus, Hacking Synths, Stealing Cookies, and RANsacked – ASW #315

January 28, 2025

An open source security project forks in response to license changes (and an echo of how we've been here before), car hacking via spectacularly insecure web apps, hacking a synth via spectacularly cool MIDI messages, cookie parsing problems, the RANsacked paper of 100+ LTE/5G vulns found from fuzzing, and more!