Absolute AppSec

Virtual Practical Secure-Code Review course on March 27-28 We wanted to let you all know that Seth Law and Ken Johnson are once again virtually offering their Practical Secure-Code Review course, training students in one of the established industry-leading methodologies for performing Secure-Code Review.? This course introduces developers to this proven methodology and framework for performing a secure code review, as well as addressing common challenges in modern secure code review and incorporating AI tooling into your code-review process. Seth and Ken honed the Absolute AppSec Secure-Code Review methodology over years of performing code reviews and coming up with ways to avoid common mistakes as well as ways to map application security checklists against a code-review process that can prioritize a tester’s time in ways that devote attention to the lines of code and source files that have security implications.? Students come away with a knowledge of how to approach a codebase, how to organize time effectively so you don’t fall into traps that waste time. Key skill takeaways: 1) learn a repeatable process for conducting secure-code review that is applicable regardless of your initial familiarity with specific languages and frameworks. 2) learn how to orient yourself quickly in an unfamiliar codebase, and map out high priority routes, source-to-sink traces, and potential fruitful anti-patterns. 3) learn to develop a well informed checklist for conducting your secure-code review. 4) learn to limit time spent diving into unproductive paths for exploitation or bug hunting and focus instead on the routes or endpoints that could lead to squashing more problematic bugs in your code or attaining better bug-bounty payouts. In short, the course helps students gain the confidence to take on code-review projects, knowing how to organize their limited time, avoiding unnecessary time sinks and focusing on an application’s security-relevant files and functions, and incorporating powerful AI tools into the mix. Don't miss this opportunity to boost your confidence in taking on? code-review projects. If you’re unsure whether this course could work for you, you can see what our students are saying, “The Practical Secure-Code Review course helped me orient in the practice of bug-hunting in source code, and I was impressed that the AI agent add-on module worked on its own to help me get familiar with a range of AI tools and to see how they could empower the insights I got from digging into source code. That’s on top of the advice you get that really helps you see how to attack a code-review project. The whole course made me feel much more confident that I could add code-review to my application review toolkit. Highly recommended.”

We’re excited to announce this special episode of Absolute AppSec with Kyle Rippee, Staff Product Security Engineer at Tines.? Kyle will be joining Seth and Ken to discuss his experience both managing and working with #applicationsecurity teams, #pentesting, and software engineering. Before Tines, Kyle worked at PlanetArt, FloQast, Shutterfly, Atos, and more. During the show, we’ll look to discuss Kyle’s journey into AppSec, his insights from his security consulting & product security work, and especially we’re looking forward to digging into what’s happening at Tines. Be sure to tune in Tuesday at 12 Noon Eastern!

Consider this a heads up for learning how to level up your AppSec day-to-day work with LLMs! Ken Johnson and Seth Law are bringing the Harnessing LLMs for Application Security for a second time, and this is the only LLMs for AppSec course that could one day be endorsed by Lumon industries, kier willing This is a new stand-alone course for infosec professionals who'd like to incorporate AI agents and other LLM technologies into their day-to-day work flow. The course is being offered online once again on February 20th and 21st. Harnessing LLMs for AppSec grew out of Seth and Ken's Practical Secure Code Review course that has incorporated LLMs into the Absolute AppSec methodology for Secure Code Review because some students found the information contained regarding LLM instrumentation and fine-tuning to be both valuable and worthy of a special focus on their own.? The objectives of the course include: * Understanding Langchain and Prompt Engineering * Getting familiar with LLM types, and exploring which options can best help perform AppSec-related and other tasks. * Hands-on techniques like Retrieval-Augmented Generation (RAG) and Few-Shot Prompting for secure code analysis and threat modeling.? * Integration of AI into security tasks to identify vulnerabilities and improve overall application security. * How to fine-tune AI agent interaction so you improve the results you see To register for this training and to get more information on Seth and Ken's courses, check out the Absolute AppSec training site https://lnkd.in/gpdQQxbW . For this training, the course overview can be found here: https://lnkd.in/g9WZkPqV #LLMsforAppSec #applicationsecurity #aiagents #appliedAI

Join Seth Law and Ken Johnson on Absolute AppSec this Tuesday, February 18th at 11 AM ET (9 AM MT) for a special episode with Myles Borins. Myles, Product Lead for Developer Platform at Snowflake and former GitHub Product lead for projects like Copilot Workspace for Pull Request, Codespaces, npm, and Packages, will be discussing open-source and supply-chain security among other topics. Myles also brings extensive experience from Ecma International and TC39, contributing to security and standards development in the evolution of the JavaScript language. Nota Bene: Be aware of the episode time-shift to an hour earlier than our typical time, if you want to be sure not to miss the livestream! The link is here: https://lnkd.in/gstN3Bjw?#softwaresupplychainsecurity #opensourcesecurity #applicationsecurity

Josh Larsen, co-founder of CTO of Ghost Security, is joining Seth Law and Ken Johnson on the Absolute AppSec podcast on January 28th and 12 Noon Eastern time. The link for the episode livestream is here: https://lnkd.in/grec2Xpj Before Ghost Security ??, Josh was co-founder and CEO of both Darkbit and before that?the Blackfin Security Group. Larsen led the GTM strategy for both startups and Darkbit and Blackfin Security Group were acquired by Aqua Security and Symantec Corporation, respectively. Ghost Security (https://ghostsecurity.com/) was founded to help development shops and #AppSec teams perform autonomous application security using Agentic AI with the goal of helping teams discover, test, and mitigate risks in real time. Josh (joshlarsen on LI, @josh_larsen on X/Twitter) has been in the industry working as a security program manager and consultant as well as building products that improve the security landscape. Be sure to tune in as Seth and Ken talk through his experiences in the field as well as gleaning his insights about the #futureofAppSec, using #AIAgents to empower security products, and more.?

This week on Absolute AppSec, the newsletter pulls from the archives to review episode 219 when Seth Law and Ken Johnson were joined by Jason Haddix. Catch up on that episode (and sign up for weekly updates) at https://lnkd.in/g_UQfSks

Ken Johnson has introduced a new star for Absolute AppSec training promotions! If you're interested in the Harnessing LLMs for Application Security course, check out our training page: https://lnkd.in/gpdQQxbW This second delivery of the course by Ken and Seth Law will take place on the 23rd and 24th of January. Let us know if you have questions about the training, or if you'd like to tell Milo what a good boy he is! #AIforAppSec #applicationsecurity

We've had good feedback, and Ken Johnson and Seth Law are delivering Harnessing LLMs for Application Security for a second time! This is a new stand-alone course for infosec professionals who’d like to incorporate AI agents and other LLM technologies into their day-to-day work flow. The course is being offered online once again on January 23rd-24th Harnessing LLMs for AppSec grew out of Seth and Ken’s Practical Secure Code Review course that has incorporated LLMs into the Absolute AppSec methodology for Secure Code Review course because some students found the information contained regarding LLM instrumentation and fine-tuning to be both valuable and worthy of a special focus on their own.? The objectives of the course include: ? Understanding Langchain and Prompt Engineering ? Getting familiar with LLM types, and exploring which options can best help perform AppSec-related and other tasks. ? Hands-on techniques like Retrieval-Augmented Generation (RAG) and Few-Shot Prompting for secure code analysis and threat modeling.? ? Integration of AI into security tasks to identify vulnerabilities and improve overall application security. ? How to fine-tune AI agent interaction so you improve the results you see To register for this training and to get more information on Seth and Ken’s courses, check out the Absolute AppSec training site here: https://lnkd.in/gpdQQxbW . And for this training specifically, the course overview can be found here: https://lnkd.in/g9WZkPqV? #LLMsforAppSec #AIagents #applicationsecurity #securecodereview

Hey everyone, be sure to tune in tomorrow at 12 Noon Eastern time. We're looking forward to having Clint Gibler back on the podcast!

Hello friends! Seth Law and Ken Johnson are happy to announce that Clint Gibler, the force behind tl;dr sec (tldrsec.com) and head of Security Research at Semgrep, will be coming on as a guest again on the Absolute AppSec podcast on December 10th. Join us at 12 Noon US Eastern time for this special episode. The link for the livestream is here. https://lnkd.in/egD4mUVr