Beste PHP Podcasts (2025)

1
Extract: A PHP Foot-Gun Case Study (god2025) 24:37

3h ago24:37

24:37

Do you always read the documentation before using a function in your languages' standard library? This talk explores the attack surface of a special feature in PHP which is easy to misuse with unforseen consequences. The `extract` function allows to replace the value of local variables named after the keys in an array. Calling it with user-controll…

1
Closing (god2025) 4:06

5h ago4:06

4:06

Licensed to the public under https://creativecommons.org/licenses/by-sa/4.0/about this event: https://c3voc.deVon OWASP German Chapter

1
Closing (god2025) 4:06

8h ago4:06

4:06

Licensed to the public under https://creativecommons.org/licenses/by-sa/4.0/about this event: https://c3voc.deVon OWASP German Chapter

1
News from the Juice Shop ecosystem (god2025) 22:36

8h ago22:36

22:36

OWASP Juice Shop went through some significant renovation and enhancements over the last year in order to keep current with the underlying Node.js and Angular frameworks. MultiJuicer was entirely rewritten in GoLang and is now faster and more reliable than ever before. All Juice Shop side-projects have been migrated to TypeScript and brought to a c…

1
News from the Juice Shop ecosystem (god2025) 22:36

5h ago22:36

22:36

OWASP Juice Shop went through some significant renovation and enhancements over the last year in order to keep current with the underlying Node.js and Angular frameworks. MultiJuicer was entirely rewritten in GoLang and is now faster and more reliable than ever before. All Juice Shop side-projects have been migrated to TypeScript and brought to a c…

1
OWASP Top 10:2025: Aktuelle Informationen und Insights zum Projekt (god2025) 11:10

5h ago11:10

11:10

Der Kurzvortrag stellt den aktuellen Stand der OWASP Top 10:2025 vor, mit etwas Glück haben wir bis dahin schon mehr...Licensed to the public under https://creativecommons.org/licenses/by-sa/4.0/about this event: https://c3voc.deVon Torsten Gigler

1
OWASP Top 10:2025: Aktuelle Informationen und Insights zum Projekt (god2025) 11:10

9h ago11:10

11:10

Der Kurzvortrag stellt den aktuellen Stand der OWASP Top 10:2025 vor, mit etwas Glück haben wir bis dahin schon mehr...Licensed to the public under https://creativecommons.org/licenses/by-sa/4.0/about this event: https://c3voc.deVon Torsten Gigler

1
YuraScanner: Leveraging LLMs for Task-driven Web App Scanning (god2025) 22:08

9h ago22:08

22:08

Web application scanners are popular and effective black-box testing tools, automating the detection of vulnerabilities by exploring and interacting with user interfaces. Despite their effectiveness, these scanners struggle with discovering deeper states in modern web applications due to their limited understanding of workflows. This study addresse…

1
YuraScanner: Leveraging LLMs for Task-driven Web App Scanning (god2025) 22:08

6h ago22:08

22:08

Web application scanners are popular and effective black-box testing tools, automating the detection of vulnerabilities by exploring and interacting with user interfaces. Despite their effectiveness, these scanners struggle with discovering deeper states in modern web applications due to their limited understanding of workflows. This study addresse…

1
Der Cyber Resilience Act: Wie OWASP für die Software-Hersteller eine entscheidende Rolle spielen kann (god2025) 21:12

6h ago21:12

21:12

Der Cyber Resilience Act, kurz CRA, ist eine neue Verordnung der EU und tritt im Dezember 2027 vollständig in Kraft. Das Kernelement der Verordnung ist die Softwaresicherheit für alle so genannten „Produkte mit digitalen Elementen“, die auf dem EU-Markt kommerziell angeboten werden. Diese umfassen sowohl vernetzte Hardware-Produkte, in denen Firmwa…

1
Der Cyber Resilience Act: Wie OWASP für die Software-Hersteller eine entscheidende Rolle spielen kann (god2025) 21:12

9h ago21:12

21:12

Der Cyber Resilience Act, kurz CRA, ist eine neue Verordnung der EU und tritt im Dezember 2027 vollständig in Kraft. Das Kernelement der Verordnung ist die Softwaresicherheit für alle so genannten „Produkte mit digitalen Elementen“, die auf dem EU-Markt kommerziell angeboten werden. Diese umfassen sowohl vernetzte Hardware-Produkte, in denen Firmwa…

1
The Trust Trap - Security von Coding Assistants (god2025) 43:05

7h ago43:05

43:05

Coding Assistants wie Github Copilot, Cursor oder Claude versprechen einen Effizienzboost für die Softwareentwicklung. Doch welchen Einfluss hat die Nutzung dieser Tools auf die Software Security?Dieser Vortrag analysiert die Vor- und Nachteile von Coding Assistants in Hinblick auf die Sicherheit des entstehenden Codes. Er gibt einen Überblick über…

1
A CISO's Adventures in AI Wonderland (god2025) 42:22

7h ago42:22

42:22

As a CISO (or any other security expert) in the area of AI, you can find yourself in increasingly challenging and sometimes bizarre AI-related situations not unlike Alice's adventures in Wonderland.Depending on whom you speak to, people either have high (inflated?) expectations about the (magic?) benefits of AI for security efforts, or try to expla…

1
A CISO's Adventures in AI Wonderland (god2025) 42:22

10h ago42:22

42:22

As a CISO (or any other security expert) in the area of AI, you can find yourself in increasingly challenging and sometimes bizarre AI-related situations not unlike Alice's adventures in Wonderland.Depending on whom you speak to, people either have high (inflated?) expectations about the (magic?) benefits of AI for security efforts, or try to expla…

1
The Trust Trap - Security von Coding Assistants (god2025) 43:05

10h ago43:05

43:05

Coding Assistants wie Github Copilot, Cursor oder Claude versprechen einen Effizienzboost für die Softwareentwicklung. Doch welchen Einfluss hat die Nutzung dieser Tools auf die Software Security?Dieser Vortrag analysiert die Vor- und Nachteile von Coding Assistants in Hinblick auf die Sicherheit des entstehenden Codes. Er gibt einen Überblick über…

1
"I have no idea how to make it safer": Security and Privacy Mindsets of Browser Extension Developers (god2025) 24:42

2h ago24:42

24:42

Browser extensions are a powerful part of the Web ecosystem as they extend browser functionality and let users personalize their online experience. But with higher privileges than regular web apps, extensions bring unique security and privacy risks. Much like web applications, vulnerabilities often creep in, not just through poor implementation, bu…

1
How we hacked Y Combinator companies' AI agents (god2025) 24:28

3h ago24:28

24:28

We hacked 7 of the16 publicly-accessible YC X25 AI agents. This allowed us to leak user data, execute code remotely, and take over databases. All within 30 minutes each. In this session, we'll walk through the common mistakes these companies made and how you can mitigate these security concerns before your agents put your business at risk.Licensed …

1
"I have no idea how to make it safer": Security and Privacy Mindsets of Browser Extension Developers (god2025) 24:42

3h ago24:42

24:42

Browser extensions are a powerful part of the Web ecosystem as they extend browser functionality and let users personalize their online experience. But with higher privileges than regular web apps, extensions bring unique security and privacy risks. Much like web applications, vulnerabilities often creep in, not just through poor implementation, bu…

1
How we hacked Y Combinator companies' AI agents (god2025) 24:28

2h ago24:28

24:28

We hacked 7 of the16 publicly-accessible YC X25 AI agents. This allowed us to leak user data, execute code remotely, and take over databases. All within 30 minutes each. In this session, we'll walk through the common mistakes these companies made and how you can mitigate these security concerns before your agents put your business at risk.Licensed …

1
MCP security hot potato: how to stay secure integrating external tools to your LLM (god2025) 24:38

3h ago24:38

24:38

Model Context Protocol (MCP) is the latest hot topic in cybersecurity. Business wants it (AI is the new mantra), developers are excited (new toys, new code), and security teams are left to make it safe—often with already packed schedules. Let's treat it like just another Tuesday. Like many shiny new technologies (remember the early days of cloud?),…

1
Extract: A PHP Foot-Gun Case Study (god2025) 24:37

3h ago24:37

24:37

Do you always read the documentation before using a function in your languages' standard library? This talk explores the attack surface of a special feature in PHP which is easy to misuse with unforseen consequences. The `extract` function allows to replace the value of local variables named after the keys in an array. Calling it with user-controll…

1
MCP security hot potato: how to stay secure integrating external tools to your LLM (god2025) 24:38

3h ago24:38

24:38

Model Context Protocol (MCP) is the latest hot topic in cybersecurity. Business wants it (AI is the new mantra), developers are excited (new toys, new code), and security teams are left to make it safe—often with already packed schedules. Let's treat it like just another Tuesday. Like many shiny new technologies (remember the early days of cloud?),…

1
The Automation Illusion? What Machines Can't Do in Threat Modeling (god2025) 39:58

3h ago39:58

39:58

Threat modeling stands at a critical juncture. While essential for creating secure systems, it remains mostly manual, handcrafted, and often too slow for today's development cycles. At the same time, automation and AI offer new levels of speed and scalability— but how much can we rely on them?This talk explores the tension between automation and hu…

1
The Automation Illusion? What Machines Can't Do in Threat Modeling (god2025) 39:58

3h ago39:58

39:58

Threat modeling stands at a critical juncture. While essential for creating secure systems, it remains mostly manual, handcrafted, and often too slow for today's development cycles. At the same time, automation and AI offer new levels of speed and scalability— but how much can we rely on them?This talk explores the tension between automation and hu…

1
Pwn My Ride: Jailbreaking Cars with CarPlay (god2025) 40:58

3h ago40:58

40:58

Apple CarPlay is a widely known protocol that connects smartphones to car multimedia systems. Based on AirPlay, CarPlay is installed in millions of cars, as it is supported by hundreds of car models from dozens of different manufacturers across the globe. In our talk, we will share how we managed to exploit all devices running CarPlay using a singl…

1
Pwn My Ride: Jailbreaking Cars with CarPlay (god2025) 40:58

3h ago40:58

40:58

Apple CarPlay is a widely known protocol that connects smartphones to car multimedia systems. Based on AirPlay, CarPlay is installed in millions of cars, as it is supported by hundreds of car models from dozens of different manufacturers across the globe. In our talk, we will share how we managed to exploit all devices running CarPlay using a singl…

1
Phishing for Passkeys: An Analysis of WebAuthn and CTAP (god2025) 19:24

4h ago19:24

19:24

WebAuthn was supposed to replace swords on the web: uniform, secure, manageable authentication for everyone! One of its unique selling points was supposed to be the impossibility of phishing attacks. When passkeys were introduced, some of WebAuthn's security principles were watered down in order to achieve some usability improvements and thus reach…

1
Phishing for Passkeys: An Analysis of WebAuthn and CTAP (god2025) 19:24

2h ago19:24

19:24

WebAuthn was supposed to replace swords on the web: uniform, secure, manageable authentication for everyone! One of its unique selling points was supposed to be the impossibility of phishing attacks. When passkeys were introduced, some of WebAuthn's security principles were watered down in order to achieve some usability improvements and thus reach…

1
OWASP Cumulus: Threat Modeling the Ops of DevOps (god2025) 26:08

4h ago26:08

26:08

In this presentation, we will highlight how threat modeling, as a proactive measure, can increase security in DevOps projects.We will introduce OWASP Cumulus, a threat modeling card game designed for threat modeling the Ops part of DevOps processes. This game (in combination with similar games like Elevation of Privilege or OWASP Cornucopia) enable…

1
OWASP Cumulus: Threat Modeling the Ops of DevOps (god2025) 26:08

4h ago26:08

26:08

In this presentation, we will highlight how threat modeling, as a proactive measure, can increase security in DevOps projects.We will introduce OWASP Cumulus, a threat modeling card game designed for threat modeling the Ops part of DevOps processes. This game (in combination with similar games like Elevation of Privilege or OWASP Cornucopia) enable…

1
Continuous Vulnerability Scanning with OWASP secureCodeBox (god2025) 24:21

3h ago24:21

24:21

The OWASP secureCodeBox project aims to provide a unified way to run and automate open-source scanning tools like nmap, nuclei, zap, ssh-audit, and sslyze to continuously scan the code and infrastructure of entire organizations.This allows setting up automated scans that will regularly scan internal networks and internet-facing systems for vulnerab…

1
Introducing Passkeys - Strategies and Challenges for Developers (god2025) 22:18

3h ago22:18

22:18

The future of authentication is passwordless - Passkeys are the key technology. This talk supports developers in implementing Passkeys in their organizations and helps with the decision between in-house development, SDK, or Passkey-as-a-Service solutions. You will learn how to design recovery flows and fallback mechanisms in a user-friendly way, ho…

1
Continuous Vulnerability Scanning with OWASP secureCodeBox (god2025) 24:21

3h ago24:21

24:21

The OWASP secureCodeBox project aims to provide a unified way to run and automate open-source scanning tools like nmap, nuclei, zap, ssh-audit, and sslyze to continuously scan the code and infrastructure of entire organizations.This allows setting up automated scans that will regularly scan internal networks and internet-facing systems for vulnerab…

1
Introducing Passkeys - Strategies and Challenges for Developers (god2025) 22:18

3h ago22:18

22:18

The future of authentication is passwordless - Passkeys are the key technology. This talk supports developers in implementing Passkeys in their organizations and helps with the decision between in-house development, SDK, or Passkey-as-a-Service solutions. You will learn how to design recovery flows and fallback mechanisms in a user-friendly way, ho…

1
LangSec for AppSec folks (god2025) 29:24

4h ago29:24

29:24

Die von LangSec beschrieben grundlegenden Sicherheitsprinzipien erklären die Hauptursachen vieler Sicherheitslücken und wie man diese beheben kann. LangSec sieht die anhaltende Schwachstellen-Epidemie in Software als eine Folge der ad-hock Entwicklung von Code, der Ein- und Ausgaben verarbeitet. Gemäß LangSec besteht der Schlüssel zur Entwicklung v…

1
All the WAF power to the devs - why it reduces friction… and where it backfires (god2025) 34:16

4h ago34:16

34:16

Web application firewalls are often seen as a hindrance when going live, as perimeter WAFs can clash with GitOps-driven platforms. Empowering development teams with an application-centric WAF setup allows them to run and tune the WAF throughout the entire development lifecycle. It also enables full integration into any CI/CD pipeline or GitOps appr…

1
All the WAF power to the devs - why it reduces friction… and where it backfires (god2025) 34:16

4h ago34:16

34:16

Web application firewalls are often seen as a hindrance when going live, as perimeter WAFs can clash with GitOps-driven platforms. Empowering development teams with an application-centric WAF setup allows them to run and tune the WAF throughout the entire development lifecycle. It also enables full integration into any CI/CD pipeline or GitOps appr…

1
LangSec for AppSec folks (god2025) 29:24

4h ago29:24

29:24

Die von LangSec beschrieben grundlegenden Sicherheitsprinzipien erklären die Hauptursachen vieler Sicherheitslücken und wie man diese beheben kann. LangSec sieht die anhaltende Schwachstellen-Epidemie in Software als eine Folge der ad-hock Entwicklung von Code, der Ein- und Ausgaben verarbeitet. Gemäß LangSec besteht der Schlüssel zur Entwicklung v…

1
How the EU created Electronic Invoices without considering Security (god2025) 27:51

5h ago27:51

27:51

Companies within the European Union are increasingly required to be able to issue and process electronic invoices according to EU standards. For example, since January 2025, companies in Germany have been required to support electronic invoices in B2B contexts.While it is desirable to standardize invoice data formats, the EU standards have severe p…

1
How the EU created Electronic Invoices without considering Security (god2025) 27:51

5h ago27:51

27:51

Companies within the European Union are increasingly required to be able to issue and process electronic invoices according to EU standards. For example, since January 2025, companies in Germany have been required to support electronic invoices in B2B contexts.While it is desirable to standardize invoice data formats, the EU standards have severe p…

1
From Startup to Scale: Choosing the Right AppSec Path (god2025) 21:17

5h ago21:17

21:17

Security teams often inherit their organisation's structure - for better or worse. The way you design your AppSec programme and choose your team topology can determine whether security becomes a trusted enabler or a frustrating bottleneck.In this story-driven session, we follow Alex, who begins as the only security person in a 50-person startup. At…

1
From Startup to Scale: Choosing the Right AppSec Path (god2025) 21:17

5h ago21:17

21:17

Security teams often inherit their organisation's structure - for better or worse. The way you design your AppSec programme and choose your team topology can determine whether security becomes a trusted enabler or a frustrating bottleneck.In this story-driven session, we follow Alex, who begins as the only security person in a 50-person startup. At…

1
The Surprising Complexity of Finding Known Vulnerabilities (god2025) 23:35

5h ago23:35

23:35

With the increasing reliance on third-party software components, ensuring their security against known vulnerabilities has become a daily challenge for individuals and organizations. Despite the availability of a variety of tools and databases, we found all of them fall short when applied to real-world scenarios - raising questions about their effe…

1
The Surprising Complexity of Finding Known Vulnerabilities (god2025) 23:35

5h ago23:35

23:35

With the increasing reliance on third-party software components, ensuring their security against known vulnerabilities has become a daily challenge for individuals and organizations. Despite the availability of a variety of tools and databases, we found all of them fall short when applied to real-world scenarios - raising questions about their effe…

1
Keynote: Code Dark Age (god2025) 39:37

6h ago39:37

39:37

Generative AI is supposed to make our lives easier. But what if it's really just coding us straight into a new Dark Age? We hand over our systems to AI agents, only to watch them invent backdoors nobody asked for. Developers are left with the glamorous job of bug janitors, while attackers get new exploits. It's hard not to feel like we are front-ro…

1
Keynote: Code Dark Age (god2025) 39:37

6h ago39:37

39:37

Generative AI is supposed to make our lives easier. But what if it's really just coding us straight into a new Dark Age? We hand over our systems to AI agents, only to watch them invent backdoors nobody asked for. Developers are left with the glamorous job of bug janitors, while attackers get new exploits. It's hard not to feel like we are front-ro…

1
Welcome (god2025) 9:21

2h ago9:21

9:21

Licensed to the public under https://creativecommons.org/licenses/by-sa/4.0/about this event: https://c3voc.deVon OWASP German Chapter

1
Welcome (god2025) 9:21

5h ago9:21

9:21

Licensed to the public under https://creativecommons.org/licenses/by-sa/4.0/about this event: https://c3voc.deVon OWASP German Chapter

1
Revision 690: AI Frontend Generatoren 1:25:45

29m ago1:25:45

1:25:45

Hans und Schepp sprechen darüber, wie weit „Vibe-Coding“ im Vergleich zu AI-Assist in der IDE wirklich trägt. Hans bringt sein Experiment mit, dokumentiert im Blogpost, und wir ordnen ein, wo AI uns Tempo schenkt, wo wir kontrollieren und nachschärfen müssen und warum die Dead Framework Theory im Code-Output der Generatoren so sichtbar wird. Unser …

1
Revision 689: React – Heilsbringer oder Höllenmaschine? 1:48:51

6d ago1:48:51

1:48:51

Um ein für allemal zu klären, ob React die beste oder die schlimmste Erfindung seit geschnitten Brot ist, luden sich Stefan und Peter den bekennenden React-Ultra Hans-Christian Otto ein! Schaunotizen [00:01:11] React Um den eher semibrillianten Artikel React Won by Default entspann sich eine Pro/Contra-React-Diskussion in unserem Community-Slack (s…

Podcasts, die es wert sind, gehört zu werden

PHP Podcasts

Podcasts, die es wert sind, gehört zu werden

Kurzanleitung