Join us for our conversations and interviews with some of the best hackers and security teams in the world. This feed features our ongoing "Big Bugs" podcast, interviews from events like Black Hat & DEFCON, and other conversations we have throughout the year.
In this EM360 podcast hosted by IT-Harvest Chief Research Analyst Richard Stiennon, hear Bugcrowd Founder, Chairman, and CTO Casey Ellis talk about the growing need and use cases for crowdsourced cybersecurity, and the critical, positive role of ethical hackers in the cybersecurity ecosystem.
Bakers Dozen - Episode 5 - Ross McKerchar by Bugcrowd
In this series Bugcrowd CSO David Baker talks to security leaders about their concerns, priorities, and how they are navigating this constantly changing landscape. In today’s episode Baker talks to Pinsent Masons CISO Christian Toon.
In this series Bugcrowd CSO David Baker talks to security leaders about their concerns, priorities, and how they are navigating this constantly changing landscape. In today’s episode Baker talks to Netskope Deputy Information Security Officer, James Robinson.
In this series Bugcrowd CSO David Baker talks to security leaders about their concerns, priorities, and how they are navigating this constantly changing landscape. In today’s episode Baker talks to Atlassian CISO Adrian Ludwig.
In this series Bugcrowd CSO David Baker talks to security leaders about their concerns, priorities, and how they are navigating this constantly changing landscape. In today’s episode Baker talks to VP of Information Security at InVision, Johnathan Hunt.
Community Update Podcast - November 2018 by Bugcrowd
Ryan Black, Director of Technical Operations at Bugcrowd, sits down with Sam Houston to explore how the TechOps team triages and validates all of the bug submissions that come in to Bugcrowd. This team handles tens of thousands of bugs a year, so they see a bit of everything. Tune in to learn more about how Ryan's team handles this important task!
In this podcast, we are joined by a major contributor to the CTF scene, Kevin Chung who wrote the open source CTF framework, CTFd. We'll talk about the ins-and-outs of CTFs, why people participate in them, and how easy it is to get involved.
Bugcrowd's Jason Haddix interviews Aaron Guzman, security researcher and consultant at SecureWorks about his recent connected vehicle research.
Head of Trust and Security at Bugcrowd Jason Haddix joins penetration tester and OWASP IoT author Daniel Miessler to discuss their time walking the floor at CES 2017. From automotive tech to bots, listen to this podcast to hear about top CES trends seen through a security lens.
Join Jason Haddix, Bugcrowd's Head of Trust, and AppSec industry leader, for a mini podcast series on big bugs. Throughout this series, Haddix will review some of the most noteworthy security vulnerabilities the industry has seen, including bugs received through the Bugcrowd platform. During these 30 minute podcasts, Haddix will talk about a new big bug (or group of related big bugs), how it was found, what the technical and business impact were, and how development and security teams can avoid making the same mistakes.
Back in January we interviewed Justin "Juken" Kennedy at ShmooCon 2016. Justin shares how he got into security, his experiences with bug bounties, and his work with private bug bounties. Follow Justin here: https://twitter.com/jstnkndy Learn more about Bugcrowd's hackers here: https://bugcrowd.com/hackers
Over the past 10+ years, Cross-Site Scripting has made its way into just about every ‘top-ten vulnerability' list and has consistently starred in headlines and POCs. XSS vulnerabilities are also commonly submitted through bug bounty programs, and many write them off as ‘low hanging fruit.' We're here to tell you that not all XSS are created equal. In this podcast, Haddix will… -Provide technical and historical context around ‘XSS-fatigue' -Address what makes XSS unique and the general instances in which it can be particularly impactful -Review specific XSS bugs submitted through bounty programs, how they were discovered, and the potential impact of those vulnerabilities Get full resources and references for this episode here: COMING SOON.
Over the past weeks, Pokemon Go has taken the world by storm surpassing every projected number for both player base and revenue that a mobile game can. In episode 4 of Big Bugs, Jason Haddix takes listeners on a parallel story of how the hacking scene found ways to reverse engineer the world's largest game, in epic time. Subscribe to our Podcast RSS Feed: http://bgcd.co/bcpodcastrss
With new technologies and higher stakes, many innovative retail and loss prevention solutions need to make sure they can stand up against hackers. Digital Safety (DiSa), a retail loss prevention technology out of Phoenix, Arizona works with the biggest retailers in the country, and needed to be sure that their solution couldn't be hacked. With a ‘winner-takes-all' bounty program, Bugcrowd proved that it could...
Sr. Community Manager of Bugcrowd, Sam Houston, chats with Frans Rosen, hacker and founder of Swedish cybersecurity company, Detectify. In this hour long interview podcast, the two discuss the hacker community, the value of the crowd, and the nuances involved with harnessing its' power. With anecdotes, tips and tricks, learn how to better connect with the hacker community, or how to just up your game.
Episode 2 of our big bug podcast series explores recently popularized and widespread vulnerability ImageTragick. Learn about the incredible breadth of this vulnerability and the potential for it to be exploited, and how Bugcrowd was able to proactively enlist the crowd to search all public programs for this vulnerability before any scanner could.
Episode 1 of the 'Big Bugs' series with Jason Haddix explores noteworthy bugs found in cars, as well as the de-facto resources for anyone looking to get into car hacking or defending car systems. Follow Jason on Twitter: https://twitter.com/jhaddix Follow Bugcrowd on Twitter: https://twitter.com/Bugcrowd
Bugcrowd's Senior Community Manager, Sam Houston, chats with Jack Whitton about his experience with Bug Bounties and his approach to targets, how he got started, and the suggestions he has for other bounty hunters. Learn more about Bugcrowd: https://bugcrowd.com/join-the-crowd Follow Jack on Twitter: https://twitter.com/fin1te Jack's Blog: https://fin1te.net/ Follow Bugcrowd on Twitter: https://twitter.com/bugcrowd
We met up with Justin Kennedy and Steve Breen (BreenMachine) at DerbyCon 2015 right after they took home 2nd place in the CTF. Tune in to hear more about how Justin and Steve teamed up to tackle the CTF, as well as some tips for bug bounty hunters. Discuss this podcast on the Bugcrowd Forums: http://bgcd.co/1LGLWUU Make sure to check out their tool httpscreenshot: https://github.com/breenmachine/httpscreenshot Follow Justin on Twitter: https://twitter.com/jstnkndy Follow Steve on Twitter: https://twitter.com/breenmachine Follow Sam on Twitter: https://twitter.com/samhouston Check out Bugcrowd.com to learn more about joining our security researcher community: http://bugcrowd.com/researchers
We chat with Scott Robinson and Rob at the Bugcrowd Ops AMA Lounge at DEFCON 23. Scott and Rob talk about the presentations they've checked out at DEFCON, as well as a tip for bug bounty hunters. Check out the Vulnerabilities in File Formats presentation from DEFCON 23 (PDF): http://bgcd.co/1TxUbIu
We spoke with Mathias "Avlidienbrunn" Karlsson at this year's DEFCON 23. Follow Mathias on Twitter: https://twitter.com/avlidienbrunn Find Mathias on Bugcrowd: https://bugcrowd.com/avlidienbrunn Check out Bugcrowd's latest bug bounties here: https://bugcrowd.com/programs
Podcast Show Notes (what we recommend you check out): HallwayCon Network and meet your fellow security professionals and pentesters that are in Vegas. This is the best chance all year to meet others and expand your professional network. Attend talks that you're interested in and have fun at parties, but always make sure to spend time meeting new people. If you're looking for folks to hangout with at DEFCON, come to the Bugcrowd Ops AMA Lounge! Jason Haddix's notes from the Podcast - Black Hat Android Security State of the Union - Adrian Ludwig Server-side Template Injection: RCE for the Modern Web App - James Kettle Defeating Pass the Hash: Separation of Powers - Seth Moore & Baris Saydag The Tactical Application Security Program: Getting Stuff Done - Cory Scott & David Clintz Red vs Blue: Modern Active Director Attacks, Detection, and Protection - Sean Metcalf Stagefright: Scary Code in the Heart of Android - Joshua Drake Faux Disc Encryption: Realities of Secure Storage on Mobile - Daniel Mayer & Drew Suarez (BlackHat Arsenal) Intrigue.io - Jonathan Cran AH! Universal Android Rooting is Back! - Wen Xu Zigbee Exploited the Good, the Bad, and the Ugly - Tobias Zillner & Sebastian Strobl Andy White's notes from the Podcast: DEFCON Machine vs. Machine: Inside DARPA's Fully Automated CTF - Michael Walker & Jordan Wiens BSides LV AI and CND - implications for security in the era of Artificial Intelligence - Dan Mitchell Kymberlee Price's notes from the Podcast: Bugcrowd Researchers speaking: BSides LV: Josh Louden (Exodus) - Adding +10 Security to Your Scrum Agile Environment DEFCON: John Menerick (pwn) - Backdooring Git Joshua Drake (jduck) - Stagefright at Black Hat and DEFCON