Scanner Results Are a Starting Point. Here's What Comes Next. - Federico Kirschbaum - ASW #386
From Security Weekly Podcast Network (Audio) by Security Weekly Productions
June 9, 2026 · 1h 16m
About this episode
The episode discusses the challenges AppSec teams face in validating findings from automated testing and explores the importance of proving real vulnerabilities.
Most AppSec teams are working through more findings than their teams can validate. SAST surfaces thousands of potential issues. DAST generates alert volume that outpaces triage capacity. Somewhere in that output are the vulnerabilities that matter, the ones that are actually exploitable in production. This conversation explores why automated testing often stops short of the hardest part of the job: proving what is real. We dig into how business logic flaws and authorization vulnerabilities get missed by tools that scan without reasoning, what exploit validation looks like at runtime, and how security engineers are shifting toward findings that developers will actually act on. The segment is sponsored by XBOW. Visit https://securityweekly.com/xbow to see how autonomous AI pentesting delivers expert-quality findings in hours with real exploit validation your team can actually act on. Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw-386
People in this episode
Guest: Federico Kirschbaum
Topics covered
- AppSec
- vulnerability management
- automated testing
- exploit validation
- business logic flaws
- authorization vulnerabilities
Keywords
- AppSec
- SAST
- DAST
- vulnerabilities
- exploit validation
- security engineers
- business logic flaws
- authorization vulnerabilities
Sponsors
XBOW
Mentioned in this episode
Organizations: Security Weekly Productions, Security Weekly Podcast Network
More episodes of Security Weekly Podcast Network (Audio)
- Phones, Sarlaccs, Maine, Chinese Sites, Ivanti, Bitlocker, Peoplesoft, and More - SWN #589 · June 12, 2026 · 32 min
- Trolling Microsoft With Vulnerabilities - PSW #930 · June 11, 2026 · 2h 3m
- Innovation Without Data Security Risk as AI Unlocks Budgets and Identity Challenges - Tony Kelly - BSW #451 · June 10, 2026 · 1h 1m
- Geinbot, SolarWinds, Brave, UNK_Deaddrop, durabletask, Insta, Aaran Leyland... - SWN #588 · June 9, 2026 · 28 min
- The State of AI in SecOps, the Unintended Consequences of Vulnmaxxing, and the News - Filip Stojkovski - ESW #462 · June 8, 2026 · 1h 38m
- Local AI, Salesforce, Fluttershell, Aspose, http/2, Cisco, Used Tech, Josh Marpet - SWN #587 · June 5, 2026 · 42 min
Explore listener stats, chart rankings, contacts and more on the Security Weekly Podcast Network (Audio) podcast page.