Beste Web Development Podcasts (2025)

1
News 48/25: Valdi // PHP 8.5 // OWASP Top 10 // Cloudflare 50:34

2h ago50:34

50:34

Die programmier.bar-Crew hat sich wieder im Studio eingefunden und bringt euch die spannendsten News der letzten Woche mit. Fabi startet mit einem Blick auf Valdi: Snapchat hat sein hauseigenes Cross-Plattform-Framework überraschend als Open Source veröffentlicht. Warum das ein großer Move ist, wofür Valdi gedacht ist und was das Framework schon ka…

1
Closing (god2025) 4:06

1d ago4:06

4:06

Licensed to the public under https://creativecommons.org/licenses/by-sa/4.0/about this event: https://c3voc.deVon OWASP German Chapter

1
Closing (god2025) 4:06

8h ago4:06

4:06

Licensed to the public under https://creativecommons.org/licenses/by-sa/4.0/about this event: https://c3voc.deVon OWASP German Chapter

1
Closing (god2025) 4:06

3h ago4:06

4:06

Licensed to the public under https://creativecommons.org/licenses/by-sa/4.0/about this event: https://c3voc.deVon OWASP German Chapter

1
News from the Juice Shop ecosystem (god2025) 22:36

14h ago22:36

22:36

OWASP Juice Shop went through some significant renovation and enhancements over the last year in order to keep current with the underlying Node.js and Angular frameworks. MultiJuicer was entirely rewritten in GoLang and is now faster and more reliable than ever before. All Juice Shop side-projects have been migrated to TypeScript and brought to a c…

1
News from the Juice Shop ecosystem (god2025) 22:36

8h ago22:36

22:36

OWASP Juice Shop went through some significant renovation and enhancements over the last year in order to keep current with the underlying Node.js and Angular frameworks. MultiJuicer was entirely rewritten in GoLang and is now faster and more reliable than ever before. All Juice Shop side-projects have been migrated to TypeScript and brought to a c…

1
News from the Juice Shop ecosystem (god2025) 22:36

5h ago22:36

22:36

OWASP Juice Shop went through some significant renovation and enhancements over the last year in order to keep current with the underlying Node.js and Angular frameworks. MultiJuicer was entirely rewritten in GoLang and is now faster and more reliable than ever before. All Juice Shop side-projects have been migrated to TypeScript and brought to a c…

1
OWASP Top 10:2025: Aktuelle Informationen und Insights zum Projekt (god2025) 11:10

1h ago11:10

11:10

Der Kurzvortrag stellt den aktuellen Stand der OWASP Top 10:2025 vor, mit etwas Glück haben wir bis dahin schon mehr...Licensed to the public under https://creativecommons.org/licenses/by-sa/4.0/about this event: https://c3voc.deVon Torsten Gigler

1
OWASP Top 10:2025: Aktuelle Informationen und Insights zum Projekt (god2025) 11:10

1d ago11:10

11:10

Der Kurzvortrag stellt den aktuellen Stand der OWASP Top 10:2025 vor, mit etwas Glück haben wir bis dahin schon mehr...Licensed to the public under https://creativecommons.org/licenses/by-sa/4.0/about this event: https://c3voc.deVon Torsten Gigler

1
OWASP Top 10:2025: Aktuelle Informationen und Insights zum Projekt (god2025) 11:10

9h ago11:10

11:10

Der Kurzvortrag stellt den aktuellen Stand der OWASP Top 10:2025 vor, mit etwas Glück haben wir bis dahin schon mehr...Licensed to the public under https://creativecommons.org/licenses/by-sa/4.0/about this event: https://c3voc.deVon Torsten Gigler

1
Der Cyber Resilience Act: Wie OWASP für die Software-Hersteller eine entscheidende Rolle spielen kann (god2025) 21:12

9h ago21:12

21:12

Der Cyber Resilience Act, kurz CRA, ist eine neue Verordnung der EU und tritt im Dezember 2027 vollständig in Kraft. Das Kernelement der Verordnung ist die Softwaresicherheit für alle so genannten „Produkte mit digitalen Elementen“, die auf dem EU-Markt kommerziell angeboten werden. Diese umfassen sowohl vernetzte Hardware-Produkte, in denen Firmwa…

1
YuraScanner: Leveraging LLMs for Task-driven Web App Scanning (god2025) 22:08

1h ago22:08

22:08

Web application scanners are popular and effective black-box testing tools, automating the detection of vulnerabilities by exploring and interacting with user interfaces. Despite their effectiveness, these scanners struggle with discovering deeper states in modern web applications due to their limited understanding of workflows. This study addresse…

1
Der Cyber Resilience Act: Wie OWASP für die Software-Hersteller eine entscheidende Rolle spielen kann (god2025) 21:12

1h ago21:12

21:12

Der Cyber Resilience Act, kurz CRA, ist eine neue Verordnung der EU und tritt im Dezember 2027 vollständig in Kraft. Das Kernelement der Verordnung ist die Softwaresicherheit für alle so genannten „Produkte mit digitalen Elementen“, die auf dem EU-Markt kommerziell angeboten werden. Diese umfassen sowohl vernetzte Hardware-Produkte, in denen Firmwa…

1
Der Cyber Resilience Act: Wie OWASP für die Software-Hersteller eine entscheidende Rolle spielen kann (god2025) 21:12

6h ago21:12

21:12

Der Cyber Resilience Act, kurz CRA, ist eine neue Verordnung der EU und tritt im Dezember 2027 vollständig in Kraft. Das Kernelement der Verordnung ist die Softwaresicherheit für alle so genannten „Produkte mit digitalen Elementen“, die auf dem EU-Markt kommerziell angeboten werden. Diese umfassen sowohl vernetzte Hardware-Produkte, in denen Firmwa…

1
YuraScanner: Leveraging LLMs for Task-driven Web App Scanning (god2025) 22:08

6h ago22:08

22:08

Web application scanners are popular and effective black-box testing tools, automating the detection of vulnerabilities by exploring and interacting with user interfaces. Despite their effectiveness, these scanners struggle with discovering deeper states in modern web applications due to their limited understanding of workflows. This study addresse…

1
YuraScanner: Leveraging LLMs for Task-driven Web App Scanning (god2025) 22:08

9h ago22:08

22:08

Web application scanners are popular and effective black-box testing tools, automating the detection of vulnerabilities by exploring and interacting with user interfaces. Despite their effectiveness, these scanners struggle with discovering deeper states in modern web applications due to their limited understanding of workflows. This study addresse…

1
A CISO's Adventures in AI Wonderland (god2025) 42:22

7h ago42:22

42:22

As a CISO (or any other security expert) in the area of AI, you can find yourself in increasingly challenging and sometimes bizarre AI-related situations not unlike Alice's adventures in Wonderland.Depending on whom you speak to, people either have high (inflated?) expectations about the (magic?) benefits of AI for security efforts, or try to expla…

1
The Trust Trap - Security von Coding Assistants (god2025) 43:05

2h ago43:05

43:05

Coding Assistants wie Github Copilot, Cursor oder Claude versprechen einen Effizienzboost für die Softwareentwicklung. Doch welchen Einfluss hat die Nutzung dieser Tools auf die Software Security?Dieser Vortrag analysiert die Vor- und Nachteile von Coding Assistants in Hinblick auf die Sicherheit des entstehenden Codes. Er gibt einen Überblick über…

1
A CISO's Adventures in AI Wonderland (god2025) 42:22

2h ago42:22

42:22

As a CISO (or any other security expert) in the area of AI, you can find yourself in increasingly challenging and sometimes bizarre AI-related situations not unlike Alice's adventures in Wonderland.Depending on whom you speak to, people either have high (inflated?) expectations about the (magic?) benefits of AI for security efforts, or try to expla…

1
The Trust Trap - Security von Coding Assistants (god2025) 43:05

10h ago43:05

43:05

Coding Assistants wie Github Copilot, Cursor oder Claude versprechen einen Effizienzboost für die Softwareentwicklung. Doch welchen Einfluss hat die Nutzung dieser Tools auf die Software Security?Dieser Vortrag analysiert die Vor- und Nachteile von Coding Assistants in Hinblick auf die Sicherheit des entstehenden Codes. Er gibt einen Überblick über…

1
The Trust Trap - Security von Coding Assistants (god2025) 43:05

1d ago43:05

43:05

Coding Assistants wie Github Copilot, Cursor oder Claude versprechen einen Effizienzboost für die Softwareentwicklung. Doch welchen Einfluss hat die Nutzung dieser Tools auf die Software Security?Dieser Vortrag analysiert die Vor- und Nachteile von Coding Assistants in Hinblick auf die Sicherheit des entstehenden Codes. Er gibt einen Überblick über…

1
A CISO's Adventures in AI Wonderland (god2025) 42:22

10h ago42:22

42:22

As a CISO (or any other security expert) in the area of AI, you can find yourself in increasingly challenging and sometimes bizarre AI-related situations not unlike Alice's adventures in Wonderland.Depending on whom you speak to, people either have high (inflated?) expectations about the (magic?) benefits of AI for security efforts, or try to expla…

1
How we hacked Y Combinator companies' AI agents (god2025) 24:28

2h ago24:28

24:28

We hacked 7 of the16 publicly-accessible YC X25 AI agents. This allowed us to leak user data, execute code remotely, and take over databases. All within 30 minutes each. In this session, we'll walk through the common mistakes these companies made and how you can mitigate these security concerns before your agents put your business at risk.Licensed …

1
How we hacked Y Combinator companies' AI agents (god2025) 24:28

3h ago24:28

24:28

We hacked 7 of the16 publicly-accessible YC X25 AI agents. This allowed us to leak user data, execute code remotely, and take over databases. All within 30 minutes each. In this session, we'll walk through the common mistakes these companies made and how you can mitigate these security concerns before your agents put your business at risk.Licensed …

1
"I have no idea how to make it safer": Security and Privacy Mindsets of Browser Extension Developers (god2025) 24:42

2h ago24:42

24:42

Browser extensions are a powerful part of the Web ecosystem as they extend browser functionality and let users personalize their online experience. But with higher privileges than regular web apps, extensions bring unique security and privacy risks. Much like web applications, vulnerabilities often creep in, not just through poor implementation, bu…

1
"I have no idea how to make it safer": Security and Privacy Mindsets of Browser Extension Developers (god2025) 24:42

3h ago24:42

24:42

Browser extensions are a powerful part of the Web ecosystem as they extend browser functionality and let users personalize their online experience. But with higher privileges than regular web apps, extensions bring unique security and privacy risks. Much like web applications, vulnerabilities often creep in, not just through poor implementation, bu…

1
"I have no idea how to make it safer": Security and Privacy Mindsets of Browser Extension Developers (god2025) 24:42

2h ago24:42

24:42

Browser extensions are a powerful part of the Web ecosystem as they extend browser functionality and let users personalize their online experience. But with higher privileges than regular web apps, extensions bring unique security and privacy risks. Much like web applications, vulnerabilities often creep in, not just through poor implementation, bu…

1
How we hacked Y Combinator companies' AI agents (god2025) 24:28

2h ago24:28

24:28

We hacked 7 of the16 publicly-accessible YC X25 AI agents. This allowed us to leak user data, execute code remotely, and take over databases. All within 30 minutes each. In this session, we'll walk through the common mistakes these companies made and how you can mitigate these security concerns before your agents put your business at risk.Licensed …

1
Extract: A PHP Foot-Gun Case Study (god2025) 24:37

3h ago24:37

24:37

Do you always read the documentation before using a function in your languages' standard library? This talk explores the attack surface of a special feature in PHP which is easy to misuse with unforseen consequences. The `extract` function allows to replace the value of local variables named after the keys in an array. Calling it with user-controll…

1
MCP security hot potato: how to stay secure integrating external tools to your LLM (god2025) 24:38

3h ago24:38

24:38

Model Context Protocol (MCP) is the latest hot topic in cybersecurity. Business wants it (AI is the new mantra), developers are excited (new toys, new code), and security teams are left to make it safe—often with already packed schedules. Let's treat it like just another Tuesday. Like many shiny new technologies (remember the early days of cloud?),…

1
MCP security hot potato: how to stay secure integrating external tools to your LLM (god2025) 24:38

3h ago24:38

24:38

Model Context Protocol (MCP) is the latest hot topic in cybersecurity. Business wants it (AI is the new mantra), developers are excited (new toys, new code), and security teams are left to make it safe—often with already packed schedules. Let's treat it like just another Tuesday. Like many shiny new technologies (remember the early days of cloud?),…

1
MCP security hot potato: how to stay secure integrating external tools to your LLM (god2025) 24:38

2h ago24:38

24:38

Model Context Protocol (MCP) is the latest hot topic in cybersecurity. Business wants it (AI is the new mantra), developers are excited (new toys, new code), and security teams are left to make it safe—often with already packed schedules. Let's treat it like just another Tuesday. Like many shiny new technologies (remember the early days of cloud?),…

1
Extract: A PHP Foot-Gun Case Study (god2025) 24:37

3h ago24:37

24:37

Do you always read the documentation before using a function in your languages' standard library? This talk explores the attack surface of a special feature in PHP which is easy to misuse with unforseen consequences. The `extract` function allows to replace the value of local variables named after the keys in an array. Calling it with user-controll…

1
Extract: A PHP Foot-Gun Case Study (god2025) 24:37

2h ago24:37

24:37

Do you always read the documentation before using a function in your languages' standard library? This talk explores the attack surface of a special feature in PHP which is easy to misuse with unforseen consequences. The `extract` function allows to replace the value of local variables named after the keys in an array. Calling it with user-controll…

1
Pwn My Ride: Jailbreaking Cars with CarPlay (god2025) 40:58

3h ago40:58

40:58

Apple CarPlay is a widely known protocol that connects smartphones to car multimedia systems. Based on AirPlay, CarPlay is installed in millions of cars, as it is supported by hundreds of car models from dozens of different manufacturers across the globe. In our talk, we will share how we managed to exploit all devices running CarPlay using a singl…

1
Pwn My Ride: Jailbreaking Cars with CarPlay (god2025) 40:58

1d ago40:58

40:58

Apple CarPlay is a widely known protocol that connects smartphones to car multimedia systems. Based on AirPlay, CarPlay is installed in millions of cars, as it is supported by hundreds of car models from dozens of different manufacturers across the globe. In our talk, we will share how we managed to exploit all devices running CarPlay using a singl…

1
The Automation Illusion? What Machines Can't Do in Threat Modeling (god2025) 39:58

3h ago39:58

39:58

Threat modeling stands at a critical juncture. While essential for creating secure systems, it remains mostly manual, handcrafted, and often too slow for today's development cycles. At the same time, automation and AI offer new levels of speed and scalability— but how much can we rely on them?This talk explores the tension between automation and hu…

1
The Automation Illusion? What Machines Can't Do in Threat Modeling (god2025) 39:58

3h ago39:58

39:58

Threat modeling stands at a critical juncture. While essential for creating secure systems, it remains mostly manual, handcrafted, and often too slow for today's development cycles. At the same time, automation and AI offer new levels of speed and scalability— but how much can we rely on them?This talk explores the tension between automation and hu…

1
Pwn My Ride: Jailbreaking Cars with CarPlay (god2025) 40:58

3h ago40:58

40:58

Apple CarPlay is a widely known protocol that connects smartphones to car multimedia systems. Based on AirPlay, CarPlay is installed in millions of cars, as it is supported by hundreds of car models from dozens of different manufacturers across the globe. In our talk, we will share how we managed to exploit all devices running CarPlay using a singl…

1
The Automation Illusion? What Machines Can't Do in Threat Modeling (god2025) 39:58

3h ago39:58

39:58

Threat modeling stands at a critical juncture. While essential for creating secure systems, it remains mostly manual, handcrafted, and often too slow for today's development cycles. At the same time, automation and AI offer new levels of speed and scalability— but how much can we rely on them?This talk explores the tension between automation and hu…

1
OWASP Cumulus: Threat Modeling the Ops of DevOps (god2025) 26:08

4h ago26:08

26:08

In this presentation, we will highlight how threat modeling, as a proactive measure, can increase security in DevOps projects.We will introduce OWASP Cumulus, a threat modeling card game designed for threat modeling the Ops part of DevOps processes. This game (in combination with similar games like Elevation of Privilege or OWASP Cornucopia) enable…

1
Phishing for Passkeys: An Analysis of WebAuthn and CTAP (god2025) 19:24

2h ago19:24

19:24

WebAuthn was supposed to replace swords on the web: uniform, secure, manageable authentication for everyone! One of its unique selling points was supposed to be the impossibility of phishing attacks. When passkeys were introduced, some of WebAuthn's security principles were watered down in order to achieve some usability improvements and thus reach…

1
Phishing for Passkeys: An Analysis of WebAuthn and CTAP (god2025) 19:24

4h ago19:24

19:24

WebAuthn was supposed to replace swords on the web: uniform, secure, manageable authentication for everyone! One of its unique selling points was supposed to be the impossibility of phishing attacks. When passkeys were introduced, some of WebAuthn's security principles were watered down in order to achieve some usability improvements and thus reach…

1
OWASP Cumulus: Threat Modeling the Ops of DevOps (god2025) 26:08

4h ago26:08

26:08

In this presentation, we will highlight how threat modeling, as a proactive measure, can increase security in DevOps projects.We will introduce OWASP Cumulus, a threat modeling card game designed for threat modeling the Ops part of DevOps processes. This game (in combination with similar games like Elevation of Privilege or OWASP Cornucopia) enable…

1
Phishing for Passkeys: An Analysis of WebAuthn and CTAP (god2025) 19:24

2h ago19:24

19:24

WebAuthn was supposed to replace swords on the web: uniform, secure, manageable authentication for everyone! One of its unique selling points was supposed to be the impossibility of phishing attacks. When passkeys were introduced, some of WebAuthn's security principles were watered down in order to achieve some usability improvements and thus reach…

1
OWASP Cumulus: Threat Modeling the Ops of DevOps (god2025) 26:08

2h ago26:08

26:08

In this presentation, we will highlight how threat modeling, as a proactive measure, can increase security in DevOps projects.We will introduce OWASP Cumulus, a threat modeling card game designed for threat modeling the Ops part of DevOps processes. This game (in combination with similar games like Elevation of Privilege or OWASP Cornucopia) enable…

1
Continuous Vulnerability Scanning with OWASP secureCodeBox (god2025) 24:21

3h ago24:21

24:21

The OWASP secureCodeBox project aims to provide a unified way to run and automate open-source scanning tools like nmap, nuclei, zap, ssh-audit, and sslyze to continuously scan the code and infrastructure of entire organizations.This allows setting up automated scans that will regularly scan internal networks and internet-facing systems for vulnerab…

1
Introducing Passkeys - Strategies and Challenges for Developers (god2025) 22:18

3h ago22:18

22:18

The future of authentication is passwordless - Passkeys are the key technology. This talk supports developers in implementing Passkeys in their organizations and helps with the decision between in-house development, SDK, or Passkey-as-a-Service solutions. You will learn how to design recovery flows and fallback mechanisms in a user-friendly way, ho…

1
Introducing Passkeys - Strategies and Challenges for Developers (god2025) 22:18

3h ago22:18

22:18

The future of authentication is passwordless - Passkeys are the key technology. This talk supports developers in implementing Passkeys in their organizations and helps with the decision between in-house development, SDK, or Passkey-as-a-Service solutions. You will learn how to design recovery flows and fallback mechanisms in a user-friendly way, ho…

Podcasts, die es wert sind, gehört zu werden

Web Development Podcasts

Podcasts, die es wert sind, gehört zu werden

Kurzanleitung