Over the years we have produced deep, practical content on Application Security, OWASP SAMM, and related frameworks. With the help of AI we now distill that knowledge into short, easy to digest episodes. The ideas, structure, and wording come from us, AI just helps us tighten and compress. You will also find full conversations with industry experts that our team recorded. Whether you’re new to AppSec or a seasoned practitioner, we hope you’ll find value in the insights we’ve packed into each episode.
The AppSec Management Podcast
This podcast explores modern application security. We cover OWASP, secure development practice, and compliance build on security first principles. We speak with practitioners and leaders who run application security programs and push the frontier of cybersecurity in software.
Episode Library:
Embedding Security into the SDLC: How Sign In Solutions uses SAMMY & OWASP SAMM
Jason Mordeno, Director of Compliance and Security at Sign In Solutions, explains how his team embedded AppSec into the SDLC with OWASP SAMM and SAMMY.
They moved beyond ISO 27001 and SOC 2 checklists to a developer friendly, behavior driven culture, improving maturity, risk posture, and even cyber insurance premiums.
SAMM Assessment: Everything you need to know from industry experts
OWASP SAMM experts, Aram Hovsepyan, Brian Glas, Rob van der Veer, and Maxim Baele unpack how to run objective assessments.
They cover who should assess, how to prep interviewers and interviewees, practical interviewing tips, ensuring truthful answers, using SAMM in M&A, and how AI can help.
Privacy Threat Modeling: Learn all about it from two experts in the field
Kim Wuyts and Aram Hovsepyan unpack privacy threat modeling with LINDDUN, why it matters, and how to run it in practice. We cover the core steps, links to GDPR, privacy by design, and how it fits with security activities.
The guests discuss when to bring in external help, career paths for threat modelers, where startups should begin, and how Codific applies these methods.
The EU Cyber Resilience Act or CRA
This episode explains what the EU Cyber Resilience Act covers, who is affected, timelines, obligations, conformity routes, incident reporting, penalties, how fines are calculated, readiness gaps, impact on vendors and open source, and practical steps to prepare.
Voices generated by Notebook ML. Based on our CRA fines analysis article derived from the blog: https://codific.com/cra-fines/
NIST 800-53: A practical guide
A practical walkthrough of NIST SP 800-53: what it is, how control families and baselines work, and a step-by-step path from system categorization and risk assessment to tailoring controls, building the SSP, and continuous monitoring. We also touch on mapping to other frameworks and using tools to streamline adoption.
Voices generated by Notebook ML. Based on our two guides: https://codific.com/how-to-implement-nist-800-53/ & https://codific.com/what-is-nist-800-53-a-comprehensive-guide/
OWASP SAMM a comprehensive introduction
This episode introduces OWASP SAMM, the open framework for measuring and improving software assurance programs. We explain the model structure, maturity levels, and how to run assessments and build improvement roadmaps. The five business functions are Governance, Design, Implementation, Verification, and Operations.
Voices generated by Notebook ML. Based on this guide: https://codific.com/owasp-samm-comprehensive-introduction/