Podcasts about client side

“The client's role is not to solve the problem — it's to state the problem.”What's the client's perspective in major cultural projects? What are “client user groups?” What's the difference between advocating for the client, and advocating for the project? How do you “inhabit your project?” How might a single gender-inclusive restroom project change an entire institution? Should every project have a “super contingency” in the budget?Amy Weisser (Deputy Director for Strategic Planning and Projects at Storm King Art Center) joins host Jonathan Alger (Managing Partner, C&G Partners) to discuss “The Client Side of Major Projects.”Along the way: P.P.E., trusting the hiring decisions, and a 2,000-year-old Roman theory that still works today.Talking Points:1. The Three-Legged Stool: Vision, Schedule, Budget 2. Client Advocate, Project Advocate, User Advocate 3. Museum Building Projects are Linear, Not Cyclical 4. All Projects are Transformational 5. Project Phases: Watercolors to Hard Hats 6. Disasters DO Happen 7. Build Your ValuesHow to Listen: Apple Podcastshttps://podcasts.apple.com/us/podcast/making-the-museum/id1674901311 Spotifyhttps://open.spotify.com/show/6oP4QJR7yxv7Rs7VqIpI1G Everywherehttps://makingthemuseum.transistor.fm/ Guest Bio:Amy Weisser is Deputy Director, Strategic Planning and Projects at Storm King Art Center, where she incubates projects focused on strategic growth. Weisser has spent 30 years supporting cultural institutions undergoing profound development. Prior to Storm King, Weisser led exhibition development for the National September 11 Memorial Museum from 2005 to 2017 and helped open the contemporary art museum Dia:Beacon and the American Museum of Natural History's Rose Center for Earth and Space. She has taught Museum Studies at New York University. Weisser holds a doctorate in Art History from Yale University. She is a co-author of Martin Puryear: Lookout (GRM/SKAC, 2024). About MtM: Making the Museum is hosted (podcast) and written (newsletter) by Jonathan Alger. This podcast is a project of C&G Partners | Design for Culture. Learn about the firm's creative work at: https://www.cgpartnersllc.com Links for This Episode: Amy's Email: as.weisser@stormkingartcenter.org Amy's LinkedIn:https://www.linkedin.com/in/amysweisser/ Storm King: www.stormking.org Storm King's Capital Project:https://stormking.org/capitalproject/Building Museums Symposium, a project of the Mid-Atlantic Association of Museums: https://midatlanticmuseums.org/building-museums/Links for MtM: https://www.makingthemuseum.com/contact https://www.linkedin.com/in/jonathanalger alger@cgpartnersllc.com https://www.cgpartnersllc.com Newsletter: Like the show? Try the newsletter. Making the Museum is also a one-minute email, three times a week, on exhibition planning and design for museum leaders, exhibition teams and visitor experience professionals. (And the best way to find out first about new episodes of the podcast.)Subscribe here: https://www.makingthemuseum.com 

Send us a Text Message.Title:

How prepared is your organization to tackle the growing threat of client-side attacks? In this episode of the Tech Talks Daily Podcast, I sit down with Lynn Marks, Senior Product Director at Imperva, a Thales company, to discuss the rise of Magecart attacks and the implications of the newly updated PCI DSS 4.0 standards. Client-side attacks, like Magecart, have been a looming threat since 2015, gaining significant traction as digital transformation accelerated during the global pandemic. As more businesses moved their operations online, the landscape for these attacks became increasingly fertile, putting sensitive customer data at risk. With the recent release of PCI DSS 4.0, the stakes have never been higher for organizations processing payments online. Lynn dives into the specifics of how these attacks operate, targeting vulnerable JavaScript to steal data directly from users, often without detection. We explore the key updates in PCI DSS 4.0, particularly the new requirements that demand businesses inventory, authorize, and monitor client-side scripts more rigorously. Lynn shares practical insights on how companies can navigate these requirements, mitigate risks, and enhance cross-team communication to protect against these sophisticated threats. What strategies should your business adopt to stay ahead of client-side attackers, and how can you ensure compliance with the evolving security standards? Tune in to this episode for an in-depth conversation on safeguarding your online transactions and staying resilient in the face of emerging cyber threats. After listening, I'd love to hear your thoughts—how is your organization adapting to the new PCI DSS 4.0 requirements?

تصحيحات الحلقة السابقة بعد ما اكثر من شخص تواصل معايا بخصوص بعض الاخطاء في الكلام الي قولته عن الـ JWT. الخلاصة اني نسيت انه Base64 Encoded وبالتالي اي حد يقدر يعمله decode بشكل آمن من غير ما يعرف الـ Secret Key. فلو انت بتعمل كدا علي الـ Client Side دا مش خطر. الخطر ان يكون الـ Secret Key موجود بشكل ما علي الـ Client Side زي مثلاً يكون في موضع يمكنه انه يتحقق من صحة الـ Token من غير ما يرجع للسيرفر، فدا خطر لانه بيلمح ان الـ Secret Key موجود علي الـ Client. شكرا للي تواصلوا معايا وصححولي الي انا قولته

Episode 81: In this episode of Critical Thinking - Bug Bounty Podcast Justin is joined by MatanBer to go over some recent bug reports, as well as share some tips and tricks on client-side hacking and using DevTools effectively. Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Links ------Follow your hosts Rhynorater & Teknogeek on twitter:https://twitter.com/0xteknogeekhttps://twitter.com/rhynorater------ Ways to Support CTBBPodcast ------Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.Today's Guest: https://x.com/MtnBerResources:Beyond XSShttps://aszx87410.github.io/beyond-xss/en/Web VSCode XSShttps://gitlab.com/gitlab-org/gitlab/-/issues/461328Timestamps(00:00:00) Introduction(00:05:24) Learning and Labs(00:17:29) DevTools tips and tricks(00:49:49) General Client-Side hacking tips(01:09:59) Self-XSS Storytime(01:32:16) But Reports(01:46:37) Brainstorming a Client-side HUD

Guest: Soheil Khodayari, Security Researcher, CISPA - Helmholtz Center for Information Security [@CISPA]On LinkedIn | https://www.linkedin.com/in/soheilkhodayari/On Twitter | https://x.com/Soheil__K____________________________Hosts: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/sean-martinMarco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society PodcastOn ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli____________________________Episode NotesIn this episode of On Location with Sean and Marco, co-host Sean Martin embarks on a solo journey to cover the OWASP AppSec Global event in Lisbon. Sean welcomes Soheil Khodayari, a security researcher at the CISPA Helmholtz Center for Information Security in Saarland, Germany, to discuss the intricacies of web security, particularly focusing on request forgery attacks.They dive into Soheil's background, noting his extensive research in web security and privacy, with interests spanning vulnerability detection, internet measurements, browser security, and new testing techniques. Soheil aims to share valuable insights on request forgery attacks, a prevalent issue in web security that continues to challenge developers and security professionals alike.The conversation transitions to an in-depth exploration of client-side request forgery and how these attacks differ from traditional cross-site request forgery (CSRF). Soheil elaborates on the evolution of web applications and how shifting functionalities to client-side code has introduced new, complex vulnerabilities. He identifies the critical role of input validation and the resurgence of issues related to improper handling of user inputs, which attackers can exploit to cause unintended actions on authenticated sessions.As they prepare for the upcoming OWASP Global AppSec event, Soheil highlights his session, titled "In the Same Site We Trust: Navigating the Landscape of Client-Side Request Hijacking on the Web," scheduled for Thursday, June 27th. He emphasizes the relevance of the session for developers and security professionals who are eager to learn about modern request hijacking techniques, defense mechanisms, and how to detect these vulnerabilities using automated tools.The discussion touches on the landscape of modern browsers, the effectiveness of same-site cookies as a defense-in-depth strategy, and the limitations of these measures in preventing client-side CSRF attacks. Soheil mentions the development of a vulnerability detection tool designed to mitigate these sophisticated threats and invites attendees to integrate such tools into their CI/CD pipelines for enhanced security.Sean and Soheil ultimately reflect on the importance of understanding the nuances of web application security. They encourage listeners to attend the session, engage with the community, and explore advanced security practices to safeguard their applications against evolving threats. This engaging episode sets the stage for a deep dive into the technical aspects of web security at the OWASP Global AppSec event.Top Questions AddressedWhat are request forgery attacks and how have they evolved over time?How do modern browsers and applications handle security against these attacks?What will Soheil Khodayari's session at OWASP Global AppSec cover and who should attend?Be sure to follow our Coverage Journey and subscribe to our podcasts!____________________________Follow our OWASP AppSec Global Lisbon 2024 coverage: https://www.itspmagazine.com/owasp-global-2024-lisbon-application-security-event-coverage-in-portugalOn YouTube:

Guest: Soheil Khodayari, Security Researcher, CISPA - Helmholtz Center for Information Security [@CISPA]On LinkedIn | https://www.linkedin.com/in/soheilkhodayari/On Twitter | https://x.com/Soheil__K____________________________Hosts: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/sean-martinMarco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society PodcastOn ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli____________________________Episode NotesIn this episode of On Location with Sean and Marco, co-host Sean Martin embarks on a solo journey to cover the OWASP AppSec Global event in Lisbon. Sean welcomes Soheil Khodayari, a security researcher at the CISPA Helmholtz Center for Information Security in Saarland, Germany, to discuss the intricacies of web security, particularly focusing on request forgery attacks.They dive into Soheil's background, noting his extensive research in web security and privacy, with interests spanning vulnerability detection, internet measurements, browser security, and new testing techniques. Soheil aims to share valuable insights on request forgery attacks, a prevalent issue in web security that continues to challenge developers and security professionals alike.The conversation transitions to an in-depth exploration of client-side request forgery and how these attacks differ from traditional cross-site request forgery (CSRF). Soheil elaborates on the evolution of web applications and how shifting functionalities to client-side code has introduced new, complex vulnerabilities. He identifies the critical role of input validation and the resurgence of issues related to improper handling of user inputs, which attackers can exploit to cause unintended actions on authenticated sessions.As they prepare for the upcoming OWASP Global AppSec event, Soheil highlights his session, titled "In the Same Site We Trust: Navigating the Landscape of Client-Side Request Hijacking on the Web," scheduled for Thursday, June 27th. He emphasizes the relevance of the session for developers and security professionals who are eager to learn about modern request hijacking techniques, defense mechanisms, and how to detect these vulnerabilities using automated tools.The discussion touches on the landscape of modern browsers, the effectiveness of same-site cookies as a defense-in-depth strategy, and the limitations of these measures in preventing client-side CSRF attacks. Soheil mentions the development of a vulnerability detection tool designed to mitigate these sophisticated threats and invites attendees to integrate such tools into their CI/CD pipelines for enhanced security.Sean and Soheil ultimately reflect on the importance of understanding the nuances of web application security. They encourage listeners to attend the session, engage with the community, and explore advanced security practices to safeguard their applications against evolving threats. This engaging episode sets the stage for a deep dive into the technical aspects of web security at the OWASP Global AppSec event.Top Questions AddressedWhat are request forgery attacks and how have they evolved over time?How do modern browsers and applications handle security against these attacks?What will Soheil Khodayari's session at OWASP Global AppSec cover and who should attend?Be sure to follow our Coverage Journey and subscribe to our podcasts!____________________________Follow our OWASP AppSec Global Lisbon 2024 coverage: https://www.itspmagazine.com/owasp-global-2024-lisbon-application-security-event-coverage-in-portugalOn YouTube:

Web scraping 101! Dive into the world of web scraping with Scott and Wes as they explore everything from tooling setup and navigating protected routes to effective data management. In this Tasty Treat episode, you'll gain invaluable insights and techniques to scrape (almost) any website with ease. Show Notes 00:00 Welcome to Syntax! 03:13 Brought to you by Sentry.io. 05:00 What is scraping? Socialblade. 08:01 Examples of past scrapers. Canadian Tire. 10:06 Cloud app downloader. 16:13 Other use cases. 16:58 Scraping 101. 17:28 Client Side. 19:08 Private API. Proxyman. 22:40 Server rendered. 23:27 Initial state. 24:57 What format is the data in? Google Puppeteer Extension. 27:08 Working with the DOM. 27:12 Linkedom npm package. 29:02 querySelector everything. 31:28 How to find the elements without classes. 34:08 Use XPath selectors for select by word. 34:53 Make them as flexible as you can. Classes change! 35:10 AI is good at this! 36:26 File downloading. 38:20 Working with protected routes. Proxyman. 40:41 Programatically retrieve authentication keys because they are short-lived. Fetch Cookie. 43:20 Deal-breakers. Mechanical Turk. 44:58 What happened with Amazon? Uniqlo Self-Checkout 46:42 Wes' portable refrigerator utopia. 47:25 Sick Picks & Shameless Plugs. Sick Picks Scott: KeyboardCleanTool. Wes: Yabai. Shameless Plugs Scott: Syntax on YouTube Hit us up on Socials! Syntax: X Instagram Tiktok LinkedIn Threads Wes: X Instagram Tiktok LinkedIn Threads Scott:X Instagram Tiktok LinkedIn Threads Randy: X Instagram YouTube Threads

As End-to-end encryption is becoming ever more widespread in most popular messaging services, discussions have emerged to enable the scanning of messages and files directly on end-user-devices. Carolyn Guthoff and Divyanshu Bhardwaj, usable security researchers at CISPA, have looked into these systems in their latest study on Client-Side-Scanning. They discuss potential implications such a system would bring and how Client-Side Scanning is perceived by experts, from cybersecurity researchers to law enforcement agencies. Content Warning: This episode contains mention of how Client-Side Scanning could help combat Child Sexual Abuse Material.

Understanding the complexities around client-side security is more important than ever. As businesses and individuals, we are all 'people of the web', and protecting web transactions and user-data becomes our collective responsibility. On this episode of the Brand Story Podcast, hosts Sean Martin and Marco Ciappelli discuss these complexities with Lynn Marks, Senior Product Manager from Imperva.The conversation begins with a key question: What is client-side protection?Marks explains that modern engineering teams often place much of the applicational logic into the client-side, utilizing third-party JavaScript extensively. But as the prevalence of JavaScript increases, so does its vulnerability to being hijacked. A major concern is ‘form-jacking,' where bad actors compromise JavaScript to skim sensitive information one record at a time. Due to the slow, low, and under-the-radar nature of these attacks, they often go unnoticed, emphasizing the need for proactive detection and robust prevention methods.Marks highlights that many organizations are currently blind to these client-side attacks and require visibility into their online activity. This is where Imperva's Client-Side Protection product comes in. It enables organizations to start gaining visibility, insights, and the ability to either allow or block the execution of certain actions on their client-side applications. The goal is to streamline their compliance processes, manage the auditing stages effectively, and facilitate them to make data-driven, informed decisions.Marks also discusses the importance of adhering to PCI-DSS (Payment Card Industry Data Security Standard)—specifically version 4.0. As this standard applies to all organizations processing payment information, it plays a significant role in helping organizations build programs capable of combating these attacks. Imperva's Client-Side Protection product aligns with this framework, providing necessary visibility and insights while streamlining the auditing and compliance processes.For Imperva WAF customers, the Imperva client-side solution can be activated with just one click, removing any constraints and giving back control to the security teams. As organizations implement these security measures into their regular processes, they gain the ability to forecast and manage potential threats better.Maintaining client-side security is undoubtedly a complex task, especially with the ever-increasing and evolving use of JavaScript. However, with comprehensive visibility, robust solutions, and readily-available compliance with industry standards, organizations can efficiently manage these threats and ultimately protect the end-users. By fostering a proactive stance towards cybersecurity, we can maintain the integrity of our online experiences and embrace our roles as responsible people of the web.Top Questions AddressedWhat is client-side protection?How can an organization protect itself against client-side attacks?What is the role of Imperva's Client Side Protection product in combating client-side security threats? Note: This story contains promotional content. Learn more.Guest: Lynn Marks, Senior Product Manager at Imperva [@Imperva]On Linkedin | https://www.linkedin.com/in/lynnmarks1/Blog | https://thenewstack.io/author/lynn-marks/ResourcesLearn more about Imperva and their offering: https://itspm.ag/imperva277117988Guide: The Role of Client-Side Protection: https://itspm.ag/impervlttqCatch more stories from Imperva at https://www.itspmagazine.com/directory/impervaAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story

Understanding the complexities around client-side security is more important than ever. As businesses and individuals, we are all 'people of the web', and protecting web transactions and user-data becomes our collective responsibility. On this episode of the Brand Story Podcast, hosts Sean Martin and Marco Ciappelli discuss these complexities with Lynn Marks, Senior Product Manager from Imperva.The conversation begins with a key question: What is client-side protection?Marks explains that modern engineering teams often place much of the applicational logic into the client-side, utilizing third-party JavaScript extensively. But as the prevalence of JavaScript increases, so does its vulnerability to being hijacked. A major concern is ‘form-jacking,' where bad actors compromise JavaScript to skim sensitive information one record at a time. Due to the slow, low, and under-the-radar nature of these attacks, they often go unnoticed, emphasizing the need for proactive detection and robust prevention methods.Marks highlights that many organizations are currently blind to these client-side attacks and require visibility into their online activity. This is where Imperva's Client-Side Protection product comes in. It enables organizations to start gaining visibility, insights, and the ability to either allow or block the execution of certain actions on their client-side applications. The goal is to streamline their compliance processes, manage the auditing stages effectively, and facilitate them to make data-driven, informed decisions.Marks also discusses the importance of adhering to PCI-DSS (Payment Card Industry Data Security Standard)—specifically version 4.0. As this standard applies to all organizations processing payment information, it plays a significant role in helping organizations build programs capable of combating these attacks. Imperva's Client-Side Protection product aligns with this framework, providing necessary visibility and insights while streamlining the auditing and compliance processes.For Imperva WAF customers, the Imperva client-side solution can be activated with just one click, removing any constraints and giving back control to the security teams. As organizations implement these security measures into their regular processes, they gain the ability to forecast and manage potential threats better.Maintaining client-side security is undoubtedly a complex task, especially with the ever-increasing and evolving use of JavaScript. However, with comprehensive visibility, robust solutions, and readily-available compliance with industry standards, organizations can efficiently manage these threats and ultimately protect the end-users. By fostering a proactive stance towards cybersecurity, we can maintain the integrity of our online experiences and embrace our roles as responsible people of the web.Top Questions AddressedWhat is client-side protection?How can an organization protect itself against client-side attacks?What is the role of Imperva's Client Side Protection product in combating client-side security threats? Note: This story contains promotional content. Learn more.Guest: Lynn Marks, Senior Product Manager at Imperva [@Imperva]On Linkedin | https://www.linkedin.com/in/lynnmarks1/Blog | https://thenewstack.io/author/lynn-marks/ResourcesLearn more about Imperva and their offering: https://itspm.ag/imperva277117988Guide: The Role of Client-Side Protection: https://itspm.ag/impervlttqCatch more stories from Imperva at https://www.itspmagazine.com/directory/impervaAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story

Scott and Wes are joined by security expert, Alex Sexton of Stripe to cover all things: client security, XSS, attack vectors, and CSP (content security policy). Show Notes 00:00 Welcome to Syntax! 00:31 Brought to you by Sentry.io. 00:57 Who is Alex Sexton? 04:44 Stripe dashboard is a work of art. 05:08 Tell us about the design system. React Aria 08:59 Who develops the iOS app? 09:50 Stripe's CSP (content security policy). 12:50 What even is a content security policy? Content Security Policy explanation 13:57 Douglas Crockford of Yahoo on security. Douglas on GitHub 15:13 Security philosophy. 16:59 What about inline styles and inline JavaScript? 19:41 How do we safely set inline styles from JS? 20:20 Setting up with meta tags. 22:52 What are common situations that require security exceptions? 26:24 Potential damage with inline style tags. 32:45 Looping vulnerabilities. 36:32 What about JavaScript injection? 37:09 Myspace Samy Worm. Myspace Samy Worm Wiki Sentry.io Security Policy Reporting 42:02 Does a CSP stop code from running in the console? 43:28 What are some general security best practices? 46:35 Strategies for rolling out a CSP. 51:49 Final tip, Strict Dynamic. Strict Dynamic 56:36 Where does the CSP live within Stripe? Original Black Friday story 59:35 One last story. 01:01:20 Sick Picks + Shameless Plugs Sick Picks + Shameless Plugs Alex: Wes Bos' Instagram Hit us up on Socials! Syntax: X Instagram Tiktok LinkedIn Threads Wes: X Instagram Tiktok LinkedIn Threads Scott:X Instagram Tiktok LinkedIn Threads Randy: X Instagram YouTube Threads

Episode 58: In this episode of Critical Thinking - Bug Bounty Podcast we finally sit down with Youssef Samouda and grill him on his various techniques for finding and exploiting client-side bugs and postMessage vulnerabilities. He shares some crazy stories about race conditions, exploiting hash change events, and leveraging scroll to text fragments. Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Links ------Follow your hosts Rhynorater & Teknogeek on twitter:https://twitter.com/0xteknogeekhttps://twitter.com/rhynorater------ Ways to Support CTBBPodcast ------Sign up for Caido using the referral code CTBBPODCAST for a 10% discount. Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc. Today's Guest: https://twitter.com/samm0uda?lang=enhttps://ysamm.com/Resources:Client-side race conditions with postMessage: https://ysamm.com/?p=742 Transferable Objectshttps://developer.mozilla.org/en-US/docs/Web/API/Web_Workers_API/Transferable_objectsEvery known way to get references to windows, in javascript:https://bluepnume.medium.com/every-known-way-to-get-references-to-windows-in-javascript-223778bede2dYoussef's interview with BBREhttps://www.youtube.com/watch?v=MXH1HqTFNm0Timestamps:(00:00:00) Introduction(00:04:27) Client-side race conditions with postMessage(00:18:12) On Hash Change Events and Scroll To Text Fragments(00:32:00) Finding, documenting, and reporting complex bugs(00:37:32) PostMessage Methodology(00:45:05) Youssef's Vuln Story(00:53:42) Where and how to look for ATO vulns(01:05:21) MessagePort(01:14:37) Window frame relationships(01:20:24) Recon and JS monitoring(01:37:03) Client-side routing(01:48:05) MITMProxy

Episode 47: In this episode of Critical Thinking - Bug Bounty Podcast, the holidays are fast approaching, and Justin and Joel discuss some of the struggles of getting back into the hacking groove during and after breaks. We also celebrate the newly launched Critical Thinking Discord Community before diving into Iframe Sandwhiches, JS Hoisting, CSP Bypasses, and a host of new tools, techniques, and tangents.Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Links ------Follow your hosts Rhynorater & Teknogeek on twitter:https://twitter.com/0xteknogeekhttps://twitter.com/rhynorater------ Ways to Support CTBBPodcast ------Sign up for Caido using the referral code CTBBPODCAST for a 10% discount.Hop on the CTBB Discord at https://ctbb.show/discord!ThankUNextjswzlRapid APISSRF Utility tool by BebiksTweet from Johan CarlssonBurp Extension from Google VRPJustin's Tweet about JS HoistingBypass CSP Using WordPressHow to trick CSP in letting you run whatever you wantTimestamps:(00:00:00) Introduction(00:01:58) Overcoming Bug Bounty struggles and getting back into the hacking groove(00:07:46) Taking notes and sticking to one program(00:14:50) Critical Thinking Discord, Community highlights, and Competition vs Collaboration(00:22:25) Secondary context bugs and Automationism(00:28:42) ThankUNext and Client-side Paths(00:33:45) Tool Tangents: Jswzl, Caido, Postman, and Rapid API(00:46:49) New SSRF Utility tool by Bebiks and the continuing evolution of hacking tools(00:51:45) Iframe Sandwiches(00:58:54) News Items(01:06:12) JS Hoisting(01:15:05) CSP Bypasses

A majority of ERP implementations fail due to a lack of knowledge of what the ideal scene should look like because a company rarely replaces its own ERP. Failure occurs from not knowing how the requirements gathering stage should go, or how any other stage like walkthroughs, testing, training, data migration, and much less go-live should run. However, with the right advisor, your team can sidestep becoming a statistic of failed implementations. In this episode of the ERP Advisor, Shawn Windle breaks down what role a client-side implementation consultant plays and how they are not the same as the implementation partner or the internal client PM.Connect with us!https://www.erpadvisorsgroup.com866-499-8550LinkedIn:https://www.linkedin.com/company/erp-advisors-groupTwitter:https://twitter.com/erpadvisorsgrpFacebook:https://www.facebook.com/erpadvisorsInstagram:https://www.instagram.com/erpadvisorsgroupPinterest:https://www.pinterest.com/erpadvisorsgroupMedium:https://medium.com/@erpadvisorsgroup

Welcome back to Intellicast! We have another great guest joining us on today's episode. Craig Alter, who works in consumer insights at Perfetti Van Melle, joins Brian Lamar and Producer Brian to talk about how research has evolved from a brand perspective this year. Before diving into the discussion, Craig brings us up to speed on what has happened with him since his last appearance on the podcast back in 2022. He explains how he joined Perfetti Van Melle and the reasons behind his career move. Next, Craig shares his perspective on how research has adapted this year, considering the volatile economy and tightening budgets. He mentions that the impact on Perfetti Van Melle has been minimal, and we even speculate that candy might be recession-proof. Craig also highlights Perfetti Van Melle's growth mode, citing their recent acquisitions of new brands from Mondelez earlier that week. The conversation then evolves into a discussion about how Craig and his team gather and utilize global insights, applying them to regional brands. They also explore the overlap between regional brands and tastes in different areas. In the final segment of the interview, Craig discusses how he and the team at Perfetti Van Melle are incorporating artificial intelligence into their research process. He explains their plans to use AI to test video ads by analyzing a database of previous ads to determine their potential success. It was enlightening to gain a different perspective! Thanks for tuning in. You can connect with Craig on LinkedIn here: https://www.linkedin.com/in/craig-alter/ You can learn more about Perfetti Van Melle here: https://www.perfettivanmelle.com/ Watch our most recent webinar, Dangers to Trackers in the Age of Aggregation, on-demand here: https:/us02web.zoom.us/webinar/register/4916911556997/WN_NhLDtUJRQdC5v7awO_BTAw#/registration Download our new whitepaper, Strategic Sample Blending: The Premier Methodology for Tracking Studies! You can download your free copy here: https://emi-rs.com/strategic-sample-blending-the-premier-sample-methodology-for-tracking-studies/ Learn more about your ad choices. Visit megaphone.fm/adchoices

Spostare le ricerche full-text direttamente nel browser potrebbe essere di utilità per molte applicazioni.Orama è una libreria che permette ciò e l'ho provata richiamandola da Blazor Webassembly, rimanendo stupito dalla sua semplicità di utilizzo.https://oramasearch.com/https://github.com/andreadottor/Blazor-OramaSearch

Welcome to episode 5 and our first episode with a special guest! Byron & Dave chat with Tomasz Pietrek, the NATS client team lead engineer on the powerful client libraries. We dig in to JetStream simplification, the KV & Object Store and the Micro Services API. Buckle in for our longest episode yet! Want to suggest a topic? Find us on Twitter (⁠@nats_io⁠) or our community Slack > ⁠https://slack.nats.io⁠ Useful Links ⁠https://examples.nats.io⁠ ⁠https://docs.nats.io⁠ The home of the NATS team: ⁠https://synadia.com

In this episode of Critical Thinking - Bug Bounty Podcast, we're back with Joel, fresh (haha) off of back-to-back live hack events in London and Seoul. We start with his recap of the events, and the different vibes of each LHE, then we dive into the technical thick of it, and talk web browsers, XSS vectors, new tools, CVSS 4, and much more than we can fit in this character limit. Just trust us when we say you don't want to miss it!Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Links ------Follow your hosts Rhynorater & Teknogeek on twitter:https://twitter.com/0xteknogeekhttps://twitter.com/rhynorater______Episode 26 links:https://linke.to/Episode26Notes______Timestamps:(00:00:00) Introduction(00:04:10) LHE Vibes(00:07:45) "Hunting for NGINX alias traversals in the wild"(00:12:30) Various payouts in bug bounty programs(00:16:05) New XSS vectors and popovers(00:24:15) The "magical math element" in Firefox(00:27:15) LiveOverflow's research on HTML parsing quirks(00:32:10) Mr. Tux Racer, Woocommerce, and WordPress(00:40:00) Changes in the CVSS 4 draft spec(00:45:00) TomNomNom's new tool Jsluise(00:51:15) JavaScript's import function(00:55:30) Gareth Hayes' book "JavaScript for Hackers"(01:02:24) Injecting JavaScript variables(01:09:15) Prototype pollution(01:13:15) DOM clobbering(01:18:10) Exploiting HTML injection using meta and base tags(01:25:00) CSS Games(01:28:00) Base tags

Joseph Edwin is one of the OG's of digital transformation. He has worked Client Side for Nordea and Commonwealth Bank of Australia and now is a partner at Bain & Co, focused on helping companies succeed as they transform. Joe does an incredible job of demystifying transformation and telling us about the recipe for success!

Cian Brennan is the CEO of a company called Quantum Contract Solutions. Cian was on the Dark Side, which is the Client Side of Construction, for almost two decades. Over this time he saw hundreds and hundreds of Construction Companies being bullied contractually, losing money and going out of business. In 2019, after becoming deeply concerned with the state of the Industry and having inside knowledge of how the clients manage Contractors, Cian started Quantum to help Construction Contractors. Fast forward to today, Cian has won a 40 under 40 award, a Best of Business Award for innovation and outstanding growth and a finalist for entrepreneur of the year in the CEO Magazine and business news newspaper.   Quantum, Cian's company, being on the coal face and having deep knowledge regards to risk that are being applied to construction companies, payment issues, disputes and insolvencies gives Cian a unique insight into what is really going on in the construction industry. Cian's company has the data and can see impacts on the construction industry before the issues reach the mainstream.  Due to the large number of companies that Cian works with, he can see what works contractually & strategically and more importantly, what doesn't.  26% of ALL bankruptcies are from the Construction Industry because Subcontractors are given unfair contractual risks that they can't handle.  In this episode you'll discover: Why this is the case, why its a problem and why you need to get better at your contracts Why the "returns are in the terms",  What are the 3 "company enders" you must never agree to How to avoid disputes  What "squeaky bum time" is construction and why it's the key to your construction company's success/ longevity. Resources: Quantumcontractsolutions.com constructionsecrets.io/podcast Show notes: If you enjoyed this episode, and you've learnt something or it inspired you in some way, I'd love to hear about it and know your biggest takeaway. Take a screenshot of you listening on your device, and post it to your Instagram Stories, and tag me, @elinormoshe_ or Elinor Moshe on LinkedIn.   Join the home of young guns here: https://www.facebook.com/groups/weareyoungguns   Get a copy of my book: https://amzn.to/31ILAdv

Supply chain attacks occur when hackers compromise a third-party vendor's software or hardware, which then infects the vendor's customers. Such attacks can be devastating, as they allow the attacker to gain access to the systems and data of many organisations. To mitigate the risks of supply chain attacks, organisations should perform due diligence on their vendors, monitor their vendor's security practices, and implement strict access controls and network segmentation.In this episode of the EM360 Podcast, Analyst Richard Stiennon speaks to Uri Dorot, Senior Product Marketing Manager at Radware, to discuss:Supply chain attacks from the client sideTraditional WAF vs server protections vs client side protectionsDeployment experiences

Why is server side programming harder than client side?

This is going to be a spicy episode as we get into the debate around threaded chats. Steve and I disagree on this one so stay tuned! Click here to learn all about the Google ChromeOS Administrator Certification and how to pass it: https://youtu.be/KHPy_n0qVk8 Silent Releases Improving Filters in Google Sheets Programmatically manage and apply Google Drive label taxonomy changes Expanding noise cancellation to phone participants Published Releases Save time with suggested work locations in Google Calendar All newly created spaces in Google Chat will be in-line threaded beginning March 13, 2023 Expanding noise cancellation in Google Meet to more devices Client-side encryption for Gmail is now generally available Google Keep notes now available on home screen of Android devices Other Topics Share your feedback on Emoji Reactions in Google Meet Google adds Client Side encryption to Gmail and Calendar. Should you care? First look at Google Chrome's Blink engine running on an iPhone Introducing Google Workspace security guidance to address Canadian data security requirements tabGeeks Resources

This week kicks off with another look at client-side path traversal attacks, this time with some more case-studies. Then we get into some mobile issues, one a cool desync between DER processors resulting in an iOS privilege escalation. The other a Bundle processing issue in Android that provides an almost use-after-free like primitive but in Java. Links and vulnerability summaries for this episode are available at: https://dayzerosec.com/podcast/179.html [00:00:00] Introduction [00:00:27] Full Team Takeover [00:04:20] Fetch Diversion [00:13:39] Practical Example Of Client Side Path Manipulation [00:17:50] DER Entitlements: The (Brief) Return of the Psychic Paper [00:30:47] Privilege escalation to system app via LazyValue using Parcel after recycle() [CVE-2022-20452] [00:47:38] Critical Thinking - A Bug Bounty Podcast by Justin Gardner (Rhynorater) The DAY[0] Podcast episodes are streamed live on Twitch twice a week: -- Mondays at 3:00pm Eastern (Boston) we focus on web and more bug bounty style vulnerabilities -- Tuesdays at 7:00pm Eastern (Boston) we focus on lower-level vulnerabilities and exploits. We are also available on the usual podcast platforms: -- Apple Podcasts: https://podcasts.apple.com/us/podcast/id1484046063 -- Spotify: https://open.spotify.com/show/4NKCxk8aPEuEFuHsEQ9Tdt -- Google Podcasts: https://www.google.com/podcasts?feed=aHR0cHM6Ly9hbmNob3IuZm0vcy9hMTIxYTI0L3BvZGNhc3QvcnNz -- Other audio platforms can be found at https://anchor.fm/dayzerosec You can also join our discord: https://discord.gg/daTxTK9

Welcome solo and group practice owners! We are Liath Dalton and Evan Dumas, your co-hosts of Group Practice Tech. In our latest episode, we dig into Google's new email feature, client side encryption within Google Workspace.  We discuss what client side encryption really is; who will have access to this new feature; whether it meets the application needs for mental health group practices; TLS, or transport layer security; what to have in place with clients before sending email; and email best practices to keep everything HIPAA hunky dory.  Listen here: https://personcenteredtech.com/group/podcast/ For more, visit our website. Resources Google brings client-side encryption to Gmail for Workspace Google's "about client side encryption" Google's Transparency Report on Email Encryption in Transit PCT's Request for Non-Secure Communications Form (free!) PCT's free Service Selection Workbook for Group Practices PCT's Group Practice Care Premium service with Group Practice Office Hours direct support and consultation service CE training: Smooth and Secure Use of Phone, Text, Email, and Video to Meet Modern Clients Where They Are: Legal-Ethical and Real-World Considerations

Happy Hannukah and Happy Holidays! One last hurrah for the year from Google this week with 6 Published releases and 3 silent ones. We will be doing a show next week to wrap up the year so stay tuned! Silent Releases Drive approvals available on Android and iOS apps New keyboard shortcuts for Google Sheets on Android Additional functionality for storage management Published Releases Facet Enhancements for Cloud Search Easily format and display code in Google Docs Email notifications from Google now available in the Alert Center Enjoy improved call performance with intelligent network switching in Google Voice Expanded language support for captions and translated captions in Google Meet Client-side encryption for Gmail available in beta Other Topics Google Looking into AI chat space for 2023 Google Pixel Tablet and speaker dock prototypes leak on Facebook Marketplace Lenovo Ideapad 3i Chromebook has a bigger display thinner bezels and a backlit keyboard Lenovos new laptops will make you choose between a bigger screen or a nicer screen Why is Google making a Pixel Tablet Pro? tabGeeks Resources

This episode reports on improved privacy for Gmail, a new business email scams, security updates for Samba and more

On this episode of Loud And Clear, Victoria Petrella talks about how her journey from Argentina to the United States led her on a path that helped her become a successful advertising executive into a the client side. She is currently leading the Domino's Pizza brand as Vice President of International Marketing. Loud and Clear brings this conversation to try and reveal how ad women and men can bring value to the evolution of brands and their process by being an insider and getting things done. Join us as we talk about the digitalization transition of a brand that even reinvented its recipe to the evolution of consumer habits around the "always loved" pizza consumption. A conversation that is slightly over 30 minutes (not free pizza, sorry) to get a glimpse of how the change at Domino's happened, how it was executed at an international level, and appealing to the Hispanic consumer in the United States. As a bonus, get some tips into what Victoria cares about and what she considers a way to bring value to brands no matter what side of the aisle you're in. Guest: Victoria Petrella, Vice President of International Marketing at Domino's Producer: Rolf Ruiz, Digital Strategist, Creative Technologist & Agricultor at LERMA/ Host: Francisco Cardenas, Principal of Digital and Social Strategy at LERMA/ Co-Host: Maria Díaz, Brand Creative Art Director Music: Pedro Lerma and the Band, LERMA/ --- Send in a voice message: https://anchor.fm/lerma-agency/message

- ¿Cómo se carga una página web?: 03:50 - Server Side Rendering: 12:25 -> Ventajas y desventajas del Server Side Rendering: 24:26 - Client Side Rendering: 29:52 -> Ventajas y desventajas del Client Side Rendering: 36:37 - ¿Cuál elegir?: 47:33 - La importancia de la experiencia de usuario: 57:06 - Cierre: 1:03:21 –––––––––––––––––––––––––––––– Para Contribuir PAYPAL : https://www.paypal.me/codetime Mercado Pago $100: https://mpago.la/1Zqo3G9 Mercado Pago $500: https://mpago.la/2MZ3oz3 Mercado Pago $1000: https://mpago.la/333qhPp –––––––––––––––––––––––––––––– Curso completo de desarrollo en Swift 4 desde cero https://www.udemy.com/curso-completo-de-swift-4-desde-cero/?couponCode=YOUTUBE_1 Curso de desarrollo de aplicaciones para iOS 11 desde cero https://www.udemy.com/desarrollo-de-aplicaciones-para-ios-11-desde-cero/?couponCode=YOUTUBE_1 –––––––––––––––––––––––––––––– Medios de contacto: Twitter / Telegram: @DavidGiordana Correo Electrónico: davidgiordana0@gmail.com Grupo en Telegram: https://t.me/joinchat/C-YEzBGu5Jh-mu8ejM2toA –––––––––––––––––––––––––––––– Canciones Utilizadas OP: Adventures by A Himitsu https://soundcloud.com/a-himitsu Creative Commons — Attribution 3.0 Unported— CC BY 3.0 Free Download / Stream: http://bit.ly/2Pj0MtT Music released by Argofox https://youtu.be/8BXNwnxaVQE Music promoted by Audio Library https://youtu.be/MkNeIUgNPQ8 ED: See You Tomorrow by GoSoundtrack http://www.gosoundtrack.com Creative Commons — Attribution 4.0 International — CC BY 4.0 Free Download / Stream: http://bit.ly/see-you-tomorrow Music promoted by Audio Library https://youtu.be/idlqqMHd0W4

- Presentación del tema: 20:35 - ¿Cómo se carga una página web?: 24:10 - Server Side Rendering: 32:45 -> Ventajas y desventajas del Server Side Rendering: 44:47 - Client Side Rendering: 50:12 -> Ventajas y desventajas del Client Side Rendering: 57:00 - ¿Cuál elegir?: 1:07:53 - La importancia de la experiencia de usuario: 1:17:26 - Post podcast: 1:23:42 - Cierre: 1:36:06 –––––––––––––––––––––––––––––– Para Contribuir PAYPAL : https://www.paypal.me/codetime Mercado Pago $100: https://mpago.la/1Zqo3G9 Mercado Pago $500: https://mpago.la/2MZ3oz3 Mercado Pago $1000: https://mpago.la/333qhPp –––––––––––––––––––––––––––––– Curso completo de desarrollo en Swift 4 desde cero https://www.udemy.com/curso-completo-de-swift-4-desde-cero/?couponCode=YOUTUBE_1 Curso de desarrollo de aplicaciones para iOS 11 desde cero https://www.udemy.com/desarrollo-de-aplicaciones-para-ios-11-desde-cero/?couponCode=YOUTUBE_1 –––––––––––––––––––––––––––––– Medios de contacto: Twitter / Telegram: @DavidGiordana Correo Electrónico: davidgiordana0@gmail.com Grupo en Telegram: https://t.me/joinchat/C-YEzBGu5Jh-mu8ejM2toA –––––––––––––––––––––––––––––– Canciones Utilizadas OP: Adventures by A Himitsu https://soundcloud.com/a-himitsu Creative Commons — Attribution 3.0 Unported— CC BY 3.0 Free Download / Stream: http://bit.ly/2Pj0MtT Music released by Argofox https://youtu.be/8BXNwnxaVQE Music promoted by Audio Library https://youtu.be/MkNeIUgNPQ8 ED: See You Tomorrow by GoSoundtrack http://www.gosoundtrack.com Creative Commons — Attribution 4.0 International — CC BY 4.0 Free Download / Stream: http://bit.ly/see-you-tomorrow Music promoted by Audio Library https://youtu.be/idlqqMHd0W4

Welcome back to Intellicast! On today's episode, Brian Lamar and Producer Brian are joined by Craig Alter, Consumer Insights at Bon Secours Mercy Health. Craig is a 20-year veteran of client-side market research, having held roles at Luxxotica, Tyson Foods, and Bon Secours Mercy Health. He joins us to talk about some of the challenges the client-side or market research faces. Kicking off the interview, we talk to Craig about his background and what led him to market research. He, like many we have talked to, kind of fell into market research after many years in finance and marketing.  We then talk to Craig about some of the challenges he faces as a client-side market researcher, everything from being in small departments (like a department of 1), having to be the expert in everything research for his organization, to talking about where he goes to learn and grow as a researcher. He discusses how he needs to sell the benefits of market research to the leaders in his organization. Craig then gets into some specific challenges being a client-side researcher in healthcare. He talks about how HIPPA compliance can often make research more difficult. He also touches on the need for storytelling, and how crafting an insightful, engaging, but concise, story is super beneficial when providing insights, and the “so what?” to his organization. In the last part of the interview, we bring back an old favorite and do a new round of the 4 P's. We find out that Craig plays pop songs on the piano. We also learn that he loves to travel and that he got back into working out because of the pandemic. This is a great episode for anyone who wants to better understand client-side research and their challenges. You can connect with Craig on LinkedIn here: https://www.linkedin.com/in/craig-alter/ Thanks for listening! You can register for our upcoming webinar, Dispelling the Myth: All Panel are the Same, on Wednesday, September 14, 2022, at 2:00 PM EDT, where we bust the myth that sample is a commodity. Register here: https://us02web.zoom.us/webinar/register/WN_ysZOaYSeRoyA73QRJTubyA MI's annual report on the sample industry, The Sample Landscape, is now available! Get your copy here: https://emi-rs.com/the-sample-landscape/ Want to catch up on our blogs? Click here. Missed one of our webinars or want to get some of our whitepapers and reports? You can find it all on our Resources page on our website here. Learn more about your ad choices. Visit megaphone.fm/adchoices

Aside from doing brand deals, there's other ways you can use your passions to work with brands and diversify your income. I'm joined by Contra's Isabella Lampson (Influencer Marketing Lead) and Samantha Taylor (Head of Social Strategy) to chat more about how creators can enter the freelance world and build brand relationships through your many talents (like copywriting, social media strategy, content creation, graphic design, and more!). Sign up for Contra to start working with brands! ----- YOUR SOLUTION TO GROWING AS A CREATOR (CODE: KINDLYGIFTED for 10% off your lifetime subscription): Scaling your influencer career doesn't have to be a lonely journey of figuring everything out yourself. The MOBsters is a supportive community of like-minded creators + industry pioneers at your fingertips to guide you through your building your personal brand, navigating brand deals, and so much more! Waving buh-bye to gatekeeping, The MOBsters is a high-value, low investment community for emerging creators looking for support from industry leaders and each other to MAKE MOVES. Connect with real people experiencing the same things as you

Original blog post More articles at cloud.google.com/blog

On May 11, the European Commission announced a new proposal designed to combat online child sexual abuse material. The proposal has drawn notable criticism from major member states, especially Germany, and has raised concerns about the national security risks it could create.To talk through the issues at hand, former Lawfare managing editor Jacob Schulz sat down with two experts, each of whom wrote Lawfare articles about the EU's proposal back in June: Robert Gorwa, postdoctoral research fellow at the WZB Berlin Social Science Center who specializes in platform governance and transnational digital policy issues, and Susan Landau, Bridge Professor of Cybersecurity and Policy in The Fletcher School and at the School of Engineering, Department of Computer Science at Tufts University. They discussed the European proposal in the context of child sexual abuse material, as well as within other contexts, such as that of terrorism. And they walked through the practical, legal, and technical implications of the draft regulation, as well as what its evolution reveals more broadly about policymaking in the digital sphere.Support this show http://supporter.acast.com/lawfare. See acast.com/privacy for privacy and opt-out information.

Mike Churchill and I worked in Kansas City on a few gigs when he was an Agency Producer. His creativity and production prowess shined from prep through post. Now Mike is an Executive Producer at the iconic General Mills. Enjoy Mike's journey and absorb his passion for making great ads. Great chat! Romcom "Diamond In The Rough" streams on the Creator+ platform starting now! Please support my wife filmmaker Jeannette Godoy's romcom debut. It's "Mean Girls" meets "Happy Gilmore" and crowds love it. Here's the trailer. How to Pitch Agencies and Win! I'm doing a live zoom course July 19th, that's a Tuesday, at 2pm Pacific. Sign up as it will sell out. SOLD OUT!!! My first annual Filmmaker Retreat Joshua Tree!   Next Commercial Directing Bootcamp is January 7th, 2023 in Los Angeles. Save $100 if you've completed either of my Masterclass or Shadow online courses.   Online Commercial Directing Masterclass as well as my Commercial Directing Shadow course have received 100% 5 star reviews. Plus we do a free filmmaker consultation call with either course. Win a chance to shadow me on a real shoot! DM for details.   Check out the new Commercial Director Mega Bundle for serious one-on-one mentoring and career growth. It's everything and more.   Thanks,   Jordan    This episode is 75 minutes.   My cult classic mockumentary, “Dill Scallion” is online so I'm giving 100% of the money to St. Jude Children's Hospital. I've decided to donate the LIFETIME earnings every December, so the the donation will grow and grow. Thank you!

Mike Churchill and I worked in Kansas City on a few gigs when he was an Agency Producer. His creativity and production prowess shined from prep through post. Now Mike is an Executive Producer at the iconic General Mills. Enjoy Mike's journey and absorb his passion for making great ads. Great chat! Check out this heartfelt Nature Valley spot we…

Shahin chats with Tim Beveridge, Founder and CEO of Modern Marketing Group and CMO of Versent about whether you should choose an agency role or work on the client side. Tim is an innovative and commercially focused marketing consultant with 20+ years of experience helping deliver consumer centric and profitable growth. His experiences include leveraging his skills through digital experience agencies, creative advertising agencies, MarTech businesses, media agencies, and client-side roles across almost every category of B2B and B2C marketing. Resources mentioned in this episode: For starting out in your marketing career, Tim recommends: 22 immutable laws of marketing by Al Ries & Jack TroutTruth, lies, and advertising: The art of account planning by Jon Steel Midway through your career: Get an MBA at a good school (MBS or AGSM) - don't let the finances scare you away OR Mini MBA in Marketing with Mark RitsonData Smart: Using Data Science to Transform Information into Insight by John W. Foreman Later in your career: Network - the best resource you could have Although there is no set playbook, they can still be helpful as long as you don't get distracted by the tactics, focus on strategy. Tim recommends: Andy Raskin's Strategic NarrativeThe Challenger Sale by Matthew Dixon & Brent Adamson Some of Tim's influencers in the marketing space include: Mark RitsonLes Binet & Peter FieldByron SharpElon MuskJohnny HarrisTroy MuirJuan Mendoza Join the Slack channel: https://growthcolony.org/slack Hosted & Produced by Shahin Hoda & Alexander Hipwell, from xGrowth We would love to get your questions, ideas and feedback about Growth Colony, email podcast@xgrowth.com.au

In this episode of the Kontent Rocks podcast, Brian McKeiver brings back Andy Thompson, CTO and Kontent MVP at Luminary. Brian and Andy answer the question of is CSR, or Client Side Rendering, on a JAMStack site good for SEO. The two discuss some challenges with the common answer of, "Sure Google can execute JavaScript on a client side app". They then express their opinions and experience as to why just because Google can execute JavaScript, that doesn't just mean you will have good SEO.  

"Developers aren't cryptographers. We can only do so much security training, and frankly, they shouldn't have to make hard choices about this encryption mode or that encryption mode. It should just, like, work," said Kenneth White,  a security principal at MongoDB, explaining the need for MongoDB's new Queryable Encryption feature.  In this latest edition of The New Stack Makers podcast, we discuss [sponsor_inline_mention slug="mongodb" ]MongoDB[/sponsor_inline_mention]'s new end-to-end client-side encryption, which allows an application to query an encrypted database and keep the queries in transit encrypted, an industry first, according to the company. White discussed this technology in depth to TNS publisher Alex Williams, in a conversation recorded at MongoDB World, held last week in New York.   MongoDB has offered the ability to encrypt and decrypt documents since MongoDB 4.2, though this release is the first to allow an application to query the encrypted data. Developers with no expertise in encryption can write apps that use this capability on the client side, and the capability itself (available in preview mode for MongoDB 6.0) adds no noticeable overhead to application performance, so claims the company. Data remains encrypted all times, even in memory and in the CPU; The keys never leave the application and cannot be accessed by the server. Nor can the database or cloud service administrator be able to look at the raw data. For organizations, queryable encryption greatly expands the utility of using MongoDB for all sorts of sensitive and secret data. Customer service reps, for instance, could use the data to help customers with issues around sensitive data, such as social security numbers or credit card numbers. In this podcast, White also spoke about the considerable engineering effort to make this technology possible — and make it easy to use for developers. "In terms of how we got here, the biggest breakthroughs weren't cryptography, they were the engineering pieces, the things that make it so that you can scale to do key management, to do indexes that really have these kinds of capabilities in a practical way," Green said.  It was necessary to serve a user base that needs maximum scalability in their technologies. Many have "monster workloads," he notes. "We've got some customers that have over 800 shards, meaning 800 different physical servers around the world for one system. I mean, that's massive," he said. "So it was a lot of the engineering over the last year and a half [has been] to sort of translate those math and algorithm techniques into something that's practical in the database."

This segment will be an opportunity to discuss web application client-side security with subject matter expert Matt McGuirk from Source Defense. Modern web applications have a massive and misunderstood attack surface that exists within the webpages they serve. Potential discussion topics: - A visual overview of the problem - A simulated client-side attack - How to evaluate client-side risk on a given web site - What technologies are available to defend against client-side attacks - Historical case studies of landmark attacks   Segment Resources: "Magecart 101" - a courseware-style overview of the problem for security practioners: https://www.youtube.com/watch?v=T4al8idAE_M A quick five minute explainer on the problem and Source Defense's solution: https://www.youtube.com/watch?v=f8MO45EQcKY Source Defense's brand new (as of 5/25/22) "State of the Industry" report for client-side security: https://info.sourcedefense.com/third-party-digital-supply-chain-report-white-papere   This segment is sponsored by Source Defense. Visit https://securityweekly.com/sourcedefense to learn more about them!   Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw743

Web applications have a new and dangerous security gap which requires attention: client-side security. The code and content that a web application delivers into a web browser is a ripe attack surface and requires different consideration, tools, and knowledge than required by traditional web application security. This segment will explore what client-side security is, why client-side attacks are so dangerous, and what options are available to defend ourselves from this new threat.   Segment Resources: "Magecart 101" - a courseware-style overview of the problem for security practioners: https://www.youtube.com/watch?v=T4al8idAE_M A quick five minute explainer on the problem and Source Defense's solution: https://www.youtube.com/watch?v=f8MO45EQcKY Source Defense's brand new (as of 5/25/22) "State of the Industry" report for client-side security: https://info.sourcedefense.com/third-party-digital-supply-chain-report-white-paper   This segment is sponsored by Source Defense. Visit https://securityweekly.com/sourcedefense to learn more about them!   Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw276

Web applications have a new and dangerous security gap which requires attention: client-side security. The code and content that a web application delivers into a web browser is a ripe attack surface and requires different consideration, tools, and knowledge than required by traditional web application security. This segment will explore what client-side security is, why client-side attacks are so dangerous, and what options are available to defend ourselves from this new threat.   Segment Resources: "Magecart 101" - a courseware-style overview of the problem for security practioners: https://www.youtube.com/watch?v=T4al8idAE_M A quick five minute explainer on the problem and Source Defense's solution: https://www.youtube.com/watch?v=f8MO45EQcKY Source Defense's brand new (as of 5/25/22) "State of the Industry" report for client-side security: https://info.sourcedefense.com/third-party-digital-supply-chain-report-white-paper   This segment is sponsored by Source Defense. Visit https://securityweekly.com/sourcedefense to learn more about them!   Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw276

Our guest Josh Palau - digital media expert, marketing team builder, advisor - shares his  perspective on how to maximize your marketing career in both agency and client side roles. Josh shares his marketing career tips and advice on ..The two outcomes you can expect when asking a lot of questionsHow to be a 'C-suite whisperer' and get your ideas sold The  two most important things you should prepare for an interview Connect with Josh Palau:via Linkedin: linkedin.com/in/joshuapalau/ -- (mention The Marketing Careers podcast!)Other Marketing Career Resources:Get the guided support you need in your marketing career with dedicated TMH+ mentorship:- themarketinghelp.co/membership“The best investment I ever made in my career. The mentoring alone allows for guidance from someone that has ‘been there, done that' in every marketing scenario where I need help. My confidence is much higher and would recommend any marketer serious about their career to consider joining.” - Kisha V. - Director of Content MarketingAccess 200+ Marketing Career Resources - and more - as a Free TMH Member:- themarketinghelp.co/signup

Are you trying to improve your client retention rate? How often do you communicate with your clients? Building a good relationship with your clients starts immediately after they sign on to work with your agency. Today's guest takes us through his process of creating a level of trust with clients that make them want to stay. With clear goals set from the start and constant communication, they've only lost one client in ten years! Jeff Barnes is Chairman of Barnes Health, the strategic healthcare marketing, and public relations agency be started in 2003. He began his career in the healthcare marketing and public relations space on the client side 34 years ago. Being able to look at things from the client's perspective has been a plus for him as he has really focused on building good relationships with them. He sets clear goals and always makes them feel like they are the priority. In this episode, we'll discuss: Keeping client churn rates at a minimum. Why constant communication and a clear process are the key. Why you should strive to find clients that really fit with your agency. Sponsors and Resources E2M Solutions: Today's episode of the Smart Agency Masterclass is sponsored by E2M Solutions, a web design and development agency that has provided white label services for the past 10 years to agencies all over the world. Check out e2msolutions.com/smartagency and get 10% off for the first three months of service. Subscribe Apple | Spotify | iHeart Radio | Stitcher | Radio FM Jumping From the Client-Side to Agency-Side Jeff had been working in healthcare marketing and public relations for 15 years before joining “the dark side” of the agency world. Basically, he wanted the freedom and more flexible hours of being an agency owner. Back then, there weren't many marketing firms in the healthcare niche, so he saw a good opportunity. Barnes Health started with one client and the agency has grown significantly since. He still has that first client and, actually, a total of four legacy clients that have worked with the agency for 20 years. Jeff has always preferred to work with a retainer pricing model. Some agencies may feel clients take advantage of working under a retainer expecting too many services under the retainer umbrella. However, the most important advantage for Jeff is having a guaranteed revenue, which helps him sleep at night. Nowadays, retainer clients account for about 95% of the agency's revenue. How to Keep Agency Client Turnover Rate At a Minimum The average agency turnover is 25% for a variety of reasons. With these statistics, Jeff usually gets bewildered looks when he says he's only lost 1 client in 10 years. What's his secret? Well, he's learned from speaking with his clients most agencies are exceptionally good at the front end. They sell their services with a dynamic attitude and promise that gets clients excited for working with them. However, client success is an important KPI and many agencies fail when it comes to customer service. There are two components to an agency 1) client acquisition and 2) client service. It is a lot easier to retain an existing client than to get a new one, so Jeff focuses on providing great customer service to keep the turnover rate at a minimum. He has trained his team to communicate with clients on a regular basis and have a quick response time for any questions they may have. Each client, big or small, should feel like they're the #1 most important client. Remember if you neglect clients, they'll probably start wondering why they're working with you and start looking for other opportunities. Answer the unasked questions -- and if you don't communicate it, they don't know it happened. Setting Clear Goals to Get Clients On Board With Your Strategy The moment a client agrees to work with your agency, you should quit promoting yourself and immediately transition to learning as much as you can about that client. Focus especially on their goals, objectives, and the criteria under which your work will be measured for success. The more educated and informed you are about every aspect of their operations, the more valuable you can be to your clients. Jeff's team typically gets clients to sign off on the strategic plan that they build together. They list the goals and objectives with clarity on who is responsible, the timeframe, and how success is to be measured. The overall strategy is documented and everyone on the team and the client is familiar with each step. It may be revised from time to time, but the client should always have access to the documents. Maintaining A Good Relationship With Clients Jeff favors constant communication with clients on a regular basis, even daily at times. In his opinion, this shows the agency is a very valuable resource for them. If there is no communication for three or four days, his team reaches out to make sure everything is in order - follow up on an email or run an idea by them. He also emphasizes how important it is to do this with both smaller and bigger clients. The amount of attention should not vary based on size or a client's portion to topline revenue. Moreover, this way of working helps you be more selective with your clients. If you don't feel like communicating constantly with your clients, then there's probably an issue there. Don't take in clients that you don't want to communicate with. You'll start resenting them and feel burnt out. Adapting Your Agency To a Changing Market The one constant in life changes, and in the agency world, you better be ready to adapt to a changing market. Jeff has had a long career and in those years he has learned to adapt to the internet, websites, and social media. New things are coming now with novelties like the Metaverse and NFTs which he says he will leave to his team to understand and educate him. To adapt to changing times, he likes to hire young professionals who understand and are using the newest technologies. It's so important to stay ahead of  new trends because a lot of the work marketing firms do has to do with consultation. Staying on top of emerging technology, educating and informing clients about new tools is the best way to present new ideas to your clients. However, Jeff says he is careful to not portray his team as being good at everything. It's better to actually be great at one thing than to pretend to be good at everything. As a client, he always asked agencies what they were great at. If they answered everything, he knew they weren't a good fit. Your Goals Should Reflect the People You Want to Work With It's important to have clear goals of what you want to accomplish in your agency. Your goals should go beyond a revenue level. Go deeper with your goals and really create a future vision. What type of lifestyle and freedom do you hope to have? What do you need in order to really love your work and your business? Do you know what sort of people you want to work with? For his part, Jeff credits his love for the business a being selective with which clients his agency takes on. In 20 years, he has been fortunate to never have felt like quitting. Regular communication with clients does not frustrate him because he actually likes the people he's working with and doesn't have any “nightmare clients.” Want the Support of Amazing Digital Agency Owners? Do you want to be around amazing agency owners that can see you may not be able to see and help you grow your agency? Then go to the Digital Agency Elite to learn all about our exclusive mastermind.

Unusual question? Well, apparently it's not an unusual assumption. Sometimes it's even a lamentation from clients: "how come do the people who work for me agency side are paid more than I am?" In this episode, Rachel and Shann discuss whether this thinking has merit, what may be driving it, and also where it may be taking the service industry.

In their 30th episode, Kelly and Julia are tackling the age-old question for marketing and advertising professionals – what's better, agency side or in-house? There are pros and cons for both sides, so join in on the conversation to figure out what's your best next move.

This is one of the Facebook "mailbag" episodes where we discuss situational SEO - this originally was posted in an SEO Facebook group. While I think it is common for business owners who are used to employees to make the mistake that SEO is all about motivation. They leave out a vital component in their calculation. I devised a way for business owners to adjust their review process so that they can better find the right SEO for their business. Hope you enjoy it and feel free to send in any comments or feedback to confessions@AmericanWayMedia.com You can find me on Linkedin - Carolyn Holzman. American Way Media AmericanWayMedia.com Austin, TX Photo by Jose Francisco Morales on Unsplash --- Support this podcast: https://podcasters.spotify.com/pod/show/confessions-of-an-seo/support

If you've ever wondered what it's like to work at an agency and then go client side in global brand marketing and communications, this episode is for you. Amy Hufft works for one of the fastest growing companies in the world, Shopify. She shares her career journey from writing celebrity profiles and movie reviews for magazines, working at agencies, working with founders, and then sharing more about her role as Head of Global Brand Marketing and Communications. I am so excited for you to listen in. Did you enjoy today's episode? Leave us a rating and review! Learn more about Sarina here: https://withsarina.com/about Shopify Careers at Shopify Shopify Compass The Job Seeker Lab withSarina - Enrollment Is Now Open! Sarina's Free Networking & Job Search Tracker