Scanner Results Are a Starting Point. Here's What Comes Next. - Federico Kirschbaum - ASW #386

Scanner Results Are a Starting Point. Here's What Comes Next. - Federico Kirschbaum - ASW #386

From Security Weekly Podcast Network (Audio) by Security Weekly Productions

June 9, 2026 · 1h 16m

About this episode

The episode discusses the challenges AppSec teams face in validating findings from automated testing and explores the importance of proving real vulnerabilities.

Most AppSec teams are working through more findings than their teams can validate. SAST surfaces thousands of potential issues. DAST generates alert volume that outpaces triage capacity. Somewhere in that output are the vulnerabilities that matter, the ones that are actually exploitable in production. This conversation explores why automated testing often stops short of the hardest part of the job: proving what is real. We dig into how business logic flaws and authorization vulnerabilities get missed by tools that scan without reasoning, what exploit validation looks like at runtime, and how security engineers are shifting toward findings that developers will actually act on. The segment is sponsored by XBOW. Visit https://securityweekly.com/xbow to see how autonomous AI pentesting delivers expert-quality findings in hours with real exploit validation your team can actually act on. Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw-386

People in this episode

Guest: Federico Kirschbaum

Topics covered

  • AppSec
  • vulnerability management
  • automated testing
  • exploit validation
  • business logic flaws
  • authorization vulnerabilities

Keywords

  • AppSec
  • SAST
  • DAST
  • vulnerabilities
  • exploit validation
  • security engineers
  • business logic flaws
  • authorization vulnerabilities

Sponsors

XBOW

Mentioned in this episode

Organizations: Security Weekly Productions, Security Weekly Podcast Network

More episodes of Security Weekly Podcast Network (Audio)

Explore listener stats, chart rankings, contacts and more on the Security Weekly Podcast Network (Audio) podcast page.