The AppSec Insiders

Welcome to The AppSec Insiders Podcast. This is a show where we discuss the hottest topics and latest trends in application and cloud security, and tell you what you need to know

For those who don’t know who we are, we are all software developers, white-hat hackers, and code security experts. When we’re not recording the podcast, we help organizations of all sizes with their cybersecurity needs.

If you’re an AppSec professional looking for an opportunity to work with some of the best in the industry, or a developer with an interest in cybersecurity, be sure to check out our careers page at ForwardSecurity.com/careers

We would greatly appreciate it if you subscribed to the podcast wherever you listen to the show, and be sure to follow us on LinkedIn and Twitter at Forward Security. Links are in the show notes.

• https://www.ForwardSecurity.com
• https://www.linkedin.com/company/fwdsec/mycompany/verification/
• https://twitter.com/fwd_sec

Episodes

The Leakiest Year Ever: A Deep Dive into the 2026 State of Secret | The AppSec Insiders Podcast Ep.20

In this episode, we sit down with Dwayne McDaniel, Principal Developer Advocate at GitGuardian, to discuss the alarming rise of secret sprawl in 2025. With over 28 million hard-coded secrets leaked on public GitHub last year alone — a 34% incre...

March 21, 2026 • 30:40

LLM Vulnerabilities and Prompt Injection: AppSec News Deep Dive | The AppSec Insiders Podcast Ep.19

In this episode, we explore the emerging security risks of AI and LLMs in modern applications. Iman shares real-world experiences bypassing AI guardrails like LlamaGuard and OpenAI Shield, while the team discusses prompt injection attacks, syst...

October 28, 2025 • Season 1 • Episode 19 • 28:36

Fake Extensions to AI Bug Hunters: AppSec News Deep Dive | The AppSec Insiders Podcast Ep.18

In this episode of The AppSec Insiders Podcast, we dive into two major security stories making headlines: a fake Solidity extension that drained a developer’s crypto wallets, and Google’s AI-powered tool “Big Sleep” uncovering a critic...

September 26, 2025 • Season 1 • Episode 18 • 18:49

SQL Injection to RCE: Fortinet's Critical Vulnerability Exposed | The AppSec Insiders Podcast Ep. 17

On this episode of The AppSec Insiders Podcast, we dive into CVE-2025-25257, a Fortinet FortiWeb Fabric Connector SQL injection vulnerability that escalates to RCE. We break down how this exploit works, why it’s so impactful, and what le...

August 27, 2025 • Season 1 • Episode 17 • 17:31

Prompt Injection to RCE: When AI Gets Compromised | The AppSec Insiders Ep.16

In this episode, we unpack CVE-2025-49596, where prompt injection, CSRF, and localhost access were chained to achieve RCE in the MCP Inspector AI tool. Learn how the exploit worked, what it reveals about LLM security risks, and how to de...

July 25, 2025 • 18:29

What Existing AWS Services are Important to AppSec? (Part 2 of 2) | The AppSec Insiders Ep.15

October 29, 2024 • Season 1 • Episode 15 • 33:28

What Existing AWS Services are Important to AppSec? (Part 1 of 2) | The AppSec Insiders Ep.14

October 29, 2024 • Season 1 • Episode 14 • 26:00

2023 Year-End Review

In this episode, we discuss 2023 Security Threats & Newcomers Recap

December 20, 2023 • Season 1 • Episode 12 • 39:08

The AppSec Insiders Ep. 11 - Flipper Zero and IoT Security

In this episode, we discuss the Flipper Zero and IoT Security.

November 15, 2023 • Season 1 • Episode 11 • 30:59

Exploring the Challenges of Testing Against the ASVS Standard - Part 4

In this episode, we return to the topic from the previous episodes and continue explore the challenges of testing against the ASVS standard.

October 27, 2023 • Season 1 • Episode 10 • 31:20

Exploring the Challenges of Testing Against the ASVS Standard - Part 3

In this episode, we explore the challenges of testing against the ASVS standard - Part 3

September 27, 2023 • Season 1 • Episode 9 • 33:53

Exploring the Challenges of Testing Against the ASVS Standard - Part 2

In this episode, we continue to explore the challenges of testing against the ASVS standard.

September 08, 2023 • Season 1 • Episode 8 • 32:35

Software Composition Analysis (SCA) & Supply Chain Security feat. Oscar van der Meer from MergeBase

In this episode, we sit down with Oscar van der Meer, Founder and CEO of MergeBase to discuss Software Composition Analysis (SCA) and why it is important for supply chain security.

July 22, 2023 • Season 1 • Episode 7 • 40:45

Azure Security: Raising Alarms and Reducing the Blast Radius

In this episode we explore Azure Security: Raising Alarms and Reducing the Blast Radius.

July 05, 2023 • Season 1 • Episode 6 • 33:21

AWS SRA (Secure Reference Architecture)

In this episode we explore AWS SRA (Secure Reference Architecture).

June 24, 2023 • Season 1 • Episode 5 • 27:23

Exploring the Challenges of Testing Against the ASVS Standard

In this episode, we explore the challenges of testing against the ASVS standard.

May 24, 2023 • Season 1 • Episode 4 • 38:07

Attacks on the CI/CD Pipeline (Part 2)

In this episode, we continue our discussion about OWASP Top 10 and attacks on the CI/CD pipeline.

May 10, 2023 • Season 1 • Episode 3 • 35:17

Attacks on the CI/CD Pipeline (Part 1)

In this episode, we explore OWASP Top 10 and the potential attacks on the CI/CD (part 1).

May 10, 2023 • Season 1 • Episode 2 • 40:51

ChatGPT and the Future of Application Security

In this episode, we dive deep into the world of ChatGPT and AI technology. What does this mean for application security?

May 10, 2023 • Season 1 • Episode 1 • 19:36