In this episode, we discuss ethics, TLS 1.3, autonomous cars and replacements for multifactor authentication. We also interview Amanda Berlin and her experience writing the book Defensive Security Handbook: Best Practices for Securing Infrastructure.

In this Professionally Evil Podcast PEPisode, we re-launch the podcast.  12 of us hang out and talk about what we are doing and whats coming up.

James and Kevin discuss a few of the events this year (breaches and otherwise), the release of Samuari 3.0 and some up-coming events.   

Is the idea of penetration testing evolving or is it staying the same?   What is the goal of a penetration test?  Does it differ by client?   James and Kevin discuss penetration testing and how it is changing. 

When it comes to reporting, what data do you include, how do you represent it, and who is your audience?  These questions and more are discussed.

We are not lawyers but want to make you aware of some of the laws that exist around data breaches.  Sometimes these laws pop up with very little media coverage and you have no idea.  

James and Kevin talk about the new office in Jacksonville, FL.  Some rambling about setting it up and how we like it.   Not so technical.. but exciting for us.

James and Kevin discuss the idea of Exploitation and its importance in the testing methodology.  Join them for a witty conversation about one of the favorite phases of the process.

Kevin and James discuss not only the issues for Healthcare.gov regarding vulnerabilities, but the real issue of the lack of security being part of the process.  This podcast covers a few different ways to build security in and reduce the risk exposure of your applications. 

James and Kevin discus the discovery aspect of the pentesting methodology as well as ramble about some other topics.   They announce the Samurai Helmet winner and talk about some upcomming events.

In this episode, James, Jason Gillam, Thom and Kevin talk about their experience at DerbyCon 2013 and the experience received at most cons that you attend.   A few talks are discussed and thoughts about the events and cons in general.

James and Kevin discuss all the naming issues seen with vulnerabilities, the release of SamuraiWTF 2.1 and a few other topics.

In this episode, James, Kevin and Thom discuss the topic of the mapping phase of penetration testing.  The tool of the episode is Dirbuster, with a mention of Yokoso!.

Kevin Johnson and James Jardine kick off the topic of attacking the web by looking at what web penetration testing is and what both sides of the test need to think about.  They discuss the need for the client to understand why they are testing, and what they are testing.  It then moves into discussing scoping techniques and some common gotchas.  A quick discussion on testing methodology, and then a quick segment on SQLMap and how it works. 

In this episode, James, Kevin and Nathan discuss the topic of Mobile testing.  They start of discussing the need for a lab environment and some of the hardware recommended.  They then discuss capturing network traffic with wireshark, http traffic with Burp, and the many benefits of the OWASP MobiSec project.

In this Episode, Kevin, James and Jason discuss implications of using default or weak credentials on systems and applications.  In addition, they discuss some other mis-configurations regarding HTTP Methods and Web Server file accessibility (web.xml).

In this podcast, James Jardine and Kevin Johnson discuss topics ranging from passwords to RSA to breaches.  We also release the new jingle as requested by @ChrisJohnRiley!

In this episode, Kevin Johnson and James Jardine talk about a number of different flaws that many penetration testers and application developers miss.  They talk about how username harvesting and password resets can cause issues.  They also discuss the exposure that APIs and web services bring to applications.