Professionally Evil Perspective (security)

Categories

security
general

Archives

2017
July

2014
December
August
July
March
February
January

2013
October
September
August
July
June
May
April
March
February

July 2017
S M T W T F S
     
            1
2 3 4 5 6 7 8
9 10 11 12 13 14 15
16 17 18 19 20 21 22
23 24 25 26 27 28 29
30 31

Syndication

In this episode, James, Kevin and Thom discuss the topic of the mapping phase of penetration testing.  The tool of the episode is Dirbuster, with a mention of Yokoso!.

Direct download: Pep7.mp3
Category:security -- posted at: 10:04pm EDT

Kevin Johnson and James Jardine kick off the topic of attacking the web by looking at what web penetration testing is and what both sides of the test need to think about.  They discuss the need for the client to understand why they are testing, and what they are testing.  It then moves into discussing scoping techniques and some common gotchas.  A quick discussion on testing methodology, and then a quick segment on SQLMap and how it works. 

Direct download: PEP_Episode_5.mp3
Category:security -- posted at: 9:24am EDT

In this episode, James, Kevin and Nathan discuss the topic of Mobile testing.  They start of discussing the need for a lab environment and some of the hardware recommended.  They then discuss capturing network traffic with wireshark, http traffic with Burp, and the many benefits of the OWASP MobiSec project.

Direct download: PEP_Episode_4.mp3
Category:security -- posted at: 7:46pm EDT

In this Episode, Kevin, James and Jason discuss implications of using default or weak credentials on systems and applications.  In addition, they discuss some other mis-configurations regarding HTTP Methods and Web Server file accessibility (web.xml).

Direct download: PEP_Episode_3.mp3
Category:security -- posted at: 3:19pm EDT

In this podcast, James Jardine and Kevin Johnson discuss topics ranging from passwords to RSA to breaches.  We also release the new jingle as requested by @ChrisJohnRiley!

Direct download: PEP_Episode_2.mp3
Category:security -- posted at: 2:28pm EDT

In this episode, Kevin Johnson and James Jardine talk about a number of different flaws that many penetration testers and application developers miss.  They talk about how username harvesting and password resets can cause issues.  They also discuss the exposure that APIs and web services bring to applications.

Direct download: PEP_Episode_1.mp3
Category:security -- posted at: 3:21pm EDT