Podcasts about client side

❌ Οι αναφορές σου δείχνουν λιγότερες πωλήσεις απ' όσες έχεις;❌ Οι καμπάνιες σου φαίνονται «χαμένες» ενώ το e-shop πάει καλά;Αν βασίζεσαι μόνο στο Client-Side Tracking, χάνεις 30–40% των μετατροπών.Η λύση;

Episode 158: In this episode of Critical Thinking - Bug Bounty Podcast we talk about our personal takeaways from the CTBB Charity Hackalong, and then break down some InsertScript POCs, what a $55,000 bug can look like, and if Smart People Ever Say They're Smart.Follow us on twitter at: https://x.com/ctbbpodcastGot any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!====== Links ======Follow your hosts Rhynorater, rez0 and gr3pme on X: https://x.com/Rhynoraterhttps://x.com/rez0__https://x.com/gr3pmeCritical Research Lab:https://lab.ctbb.show/ ====== Ways to Support CTBBPodcast ======Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.You can also find some hacker swag at https://ctbb.show/merch!Today's Sponsor: Join Justin at Zero Trust World in March and get $200 off registration with Code ZTWCTBB26https://ztw.com/====== Resources ======InsertScript - XSS Challenge Solutionhttps://insert-script.blogspot.com/2020/03/xss-challenge-solution-refresh-header.htmlInsertScript - Redirect AuthHeaderhttps://www.insert-script.com/examples/redirectAuthHeader/send.htmlCRLF injection on a 302 redirecthttps://x.com/0xdef1ant/status/2009040359482118500Multiple XSS in Meta Conversion API Gateway Leading to Zero-Click Account Takeoverhttps://ysamm.com/uncategorized/2025/01/13/capig-xss.htmlArcanum Hack Tipshttps://github.com/Arcanum-Sec/hack_tipsTrail of Bits Releases Claude Skillshttps://x.com/dguido/status/2011541318229533063what a $55,000 bug can look likehttps://x.com/the_IDORminator/status/2007480636244697237Pwning Claude Code in 8 Different Wayshttps://flatt.tech/research/posts/pwning-claude-code-in-8-different-ways/Do Smart People Ever Say They're Smart?https://labs.watchtowr.com/do-smart-people-ever-say-theyre-smart-smartertools-smartermail-pre-auth-rce-cve-2025-52691/====== Timestamps ======(00:00:00) Introduction(00:04:18) Technical takeaways from CT Charity Hackalong(00:22:21) InsertScript POCs & Rez0 and teknogeek's IOT Adventures(00:32:16) CRLF injection on a 302 redirect & Multiple XSS in Meta(00:41:00) Trail of Bits, what a $55,000 bug can look like, & Pwning Claude Code(00:54:16) Do Smart People Ever Say They're Smart?

Episode 158: In this episode of Critical Thinking - Bug Bounty Podcast we talk about our takeaways from the CTBB Charity Hackalong, and then break down some InsertScript POCs, what a $55,000 bug can look like, and if Smart People Ever Say They're Smart.Follow us on twitter at: https://x.com/ctbbpodcastGot any ideas and suggestions? Feel free to send us any feedback hereShoutout to YTCracker for the awesome intro music!====== Links ======Follow your hosts Rhynorater, rez0 and gr3pme on X: Crit Research Lab:====== Ways to Support CTBBPodcast ======Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.You can also find some hacker swag!Today's Sponsor: Join Justin at Zero Trust World in March and get $200 off registration with Code ZTWCTBB26https://ztw.com/====== Resources ======InsertScript - XSS Challenge SolutionInsertScript - Redirect AuthHeaderCRLF injection on a 302 redirectMultiple XSS in Meta Conversion API Gateway Leading to Zero-Click Account TakeoverArcanum Hack TipsTrail of Bits Releases Claude Skillswhat a $55,000 bug can look likePwning Claude Code in 8 Different WaysDo Smart People Ever Say They're Smart?====== Timestamps ======(00:00:00) Introduction(00:04:18) Takeaways from CT Charity Hackalong(00:22:21) InsertScript POCs & Rez0 and teknogeek's IOT Adventures(00:32:16) CRLF injection on a 302 redirect & Multiple XSS in Meta(00:41:00) Trail of Bits, what a $55,000 bug can look like, & Pwning Claude Code(00:54:16) Do Smart People Ever Say They're Smart?

Episode 151: In this episode of Critical Thinking - Bug Bounty Podcast we're covering Client-side advanced topics. Justin talks Joseph (and us) through Third-Party Cookie Nuances, Iframe Tricks, URL Parsing, and more.Follow us on twitter at: https://x.com/ctbbpodcastGot any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!====== Links ======Follow your hosts Rhynorater, rez0 and gr3pme on X:https://x.com/Rhynoraterhttps://x.com/rez0__https://x.com/gr3pme====== Ways to Support CTBBPodcast ======Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.You can also find some hacker swag at https://ctbb.show/merch!Today's Sponsor: ThreatLocker. Check out ThreatLocker Elevation Controlhttps://ctbb.show/tl-ec====== Resources ======Nowasky's Tweet #1https://x.com/nowaskyjr/status/1993421017381744974Nowasky's Tweet #2https://x.com/nowaskyjr/status/1992717862398800081rep+ in Chrome DevToolshttps://x.com/BourAbdelhadi/status/1992622964077179229Terjanq Post from 2021https://x.com/terjanq/status/1421093136022048775====== Timestamps ======(00:00:00) Introduction(00:02:58) Client-side news & AI Updates(00:12:02) Third-Party Cookie Nuances & PostMessages(00:30:09) Iframe Tricks(00:47:43) URL Parsing, CSPTS, and Client-side Routes

Episode 143: In this episode of Critical Thinking - Bug Bounty Podcast Justin brings Brandyn back to announce him as our newest co-host. We chat about recent LHE experiences, and then break down some news. Follow us on twitter at: https://x.com/ctbbpodcastGot any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!====== Links ======Follow your hosts Rhynorater and Rez0 on Twitter: https://x.com/Rhynoraterhttps://x.com/rez0__====== Ways to Support CTBBPodcast ======Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.You can also find some hacker swag at https://ctbb.show/merch!====== This Week in Bug Bounty ======YesWeHack won the European commission: https://www.yeswehack.com/news/european-commission-tender-won-yeswehackYesWeHack now have authorised cve numbering authority: https://www.yeswehack.com/news/yeswehack-authorised-cve-numbering-authorityA wide range of highly used open source bug bounty program such as Log4J, Systemd, GNOME and a lot more: https://event.yeswehack.com/events/open-the-code-source-the-bounty====== Resources ======Attributes reference inside HTMLExplaining XSS without parentheses and semi-colonsBeyond Sandbox Domains: Rendering Untrusted Web Content with SafeContentFrameOne Token to rule them allflareproxCaido 101: How to master it====== Timestamps ======(00:00:00) Introduction(00:03:16) LHE approaches and accomplishments(00:30:54) Attributes reference inside HTML & Explaining XSS without parentheses and semi-colons(00:44:33) One Token to rule them all(00:57:13) Flareprox & Caido 101

Episode 140: In this episode of Critical Thinking - Bug Bounty Podcast Justin and Joseph give an update from The Crit Research Lab, as well as some writeups on postMessage vulnerabilities, Cookie Chaos, and more.Follow us on X at: https://x.com/ctbbpodcastGot any ideas and suggestions? Send us feedback at info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!====== Links ======Follow your hosts Rhynorater and Rez0====== Ways to Support CTBBPodcast ======Hop on the CTBB Discord!Get some hacker swag here!====== This Week in Bug Bounty ======Cross-site request forgeryHackerOne New Milestone ProgramEmail santerra.holler@bugcrowd.com for media opportunities====== Resources ======Exploiting Web Worker XSS with BlobsCritical Research LabRez0's TweetCVE-2022-21703: cross-origin request forgery against GrafanaConversation about Forcing Quirks ModeAI Busniess Logic & POC or GTFOHunting postMessage Vulnerabilities – Part 1Hunting postMessage Vulnerabilities – Part 2Executive OffenseCookie Chaos: How to bypass Host and Secure cookie prefixes====== Timestamps ======(00:00:00) Introduction(00:05:48) Crit Research Update(00:13:00) Encouragement & Collaboration(00:19:37) Cross-origin request forgery & Anthropic's web fetch(00:29:17) Quirks Mode, AI Business Logic & POC or GTFO(00:44:21) Hunting postMessage & Claude Code browserbase(00:51:25) Community story, Executive Offense, & Cookie Chaos

Full show notes, transcript and AI chatbot - http://bit.ly/4oqoJNeWatch on YouTube - https://youtu.be/Leb1rjtODGc00:00:00 - Introduction 00:03:26 - Google Analytics and AI News 00:05:06 - ChatGPT Agent Tool and Pizza Ordering 00:07:06 - ChatGPT 5 Speculations 00:09:09 - Google Notebook LM and Video Generation 00:12:24 - Google AI Search in the UK 00:14:27 - Google's AI Strategy and Advertising 00:15:10 - ChatGPT Study Mode 00:16:12 - Introduction of Guest Roman Petrochenkov 00:18:00 - Roman's Background and Role at Carwow 00:20:03 - First Party Data Strategies 00:22:01 - Importance of First Party Data 00:25:35 - Collecting First Party Data 00:28:13 - Carwow's Progress with First Party Data 00:30:01 - Incentivizing Users to Share Data 00:32:10 - AI's Impact on Data Collection 00:35:06 - Technical Steps for First Party Data Strategy 00:38:21 - Challenges with User-Provided Data in GTM 00:39:37 - Direct Data Routing to Cloud Data Warehouse 00:41:07 - Implementing Enhanced Conversions 00:43:40 - Experience with Facebook CAPI 00:45:24 - Communicating Complex Data Strategies Internally-----Episode Summary:In this episode of The Measure Pod, Dara and Matt sit down with Roman Petrochenkov, a seasoned marketing analytics leader with deep expertise in data strategy and measurement. They discuss the growing importance of first-party data, unpacking strategies for its collection, ownership, and security, as well as the evolving role it plays in a post-cookie landscape. They also explore the rise of AI in analytics, its impact on incrementally measurement, and what the future holds for marketing teams and jobs in an increasingly automated world.-----About The Measure Pod:The Measure Pod is your go-to fortnightly podcast hosted by seasoned analytics pros. Join Dara Fitzgerald (Co-Founder at Measurelab) & Matthew Hooson (Head of Engineering at Measurelab) as they dive into the world of data, analytics and measurement, with a side of fun.-----If you liked this episode, don't forget to subscribe to The Measure Pod on your favourite podcast platform and leave us a review. Let's make sense of the analytics industry together!The post #126 First-party data strategy – a client side perspective (with Roman Petrochenkov at Carwow) appeared first on Measurelab.

Full show notes, transcript and AI chatbot - http://bit.ly/4oqoJNe Watch on YouTube - https://youtu.be/Leb1rjtODGc 00:00:00 - Introduction 00:03:26 - Google Analytics and AI News 00:05:06 - ChatGPT Agent Tool and Pizza Ordering 00:07:06 - ChatGPT 5 Speculations 00:09:09 - Google Notebook LM and Video Generation 00:12:24 - Google AI Search in the UK 00:14:27 - Google's AI Strategy and Advertising 00:15:10 - ChatGPT Study Mode 00:16:12 - Introduction of Guest Roman Petrochenkov 00:18:00 - Roman's Background and Role at Carwow 00:20:03 - First Party Data Strategies 00:22:01 - Importance of First Party Data 00:25:35 - Collecting First Party Data 00:28:13 - Carwow's Progress with First Party Data 00:30:01 - Incentivizing Users to Share Data 00:32:10 - AI's Impact on Data Collection 00:35:06 - Technical Steps for First Party Data Strategy 00:38:21 - Challenges with User-Provided Data in GTM 00:39:37 - Direct Data Routing to Cloud Data Warehouse 00:41:07 - Implementing Enhanced Conversions 00:43:40 - Experience with Facebook CAPI 00:45:24 - Communicating Complex Data Strategies Internally ----- Episode Summary: In this episode of The Measure Pod, Dara and Matt sit down with Roman Petrochenkov, a seasoned marketing analytics leader with deep expertise in data strategy and measurement. They discuss the growing importance of first-party data, unpacking strategies for its collection, ownership, and security, as well as the evolving role it plays in a post-cookie landscape. They also explore the rise of AI in analytics, its impact on incrementally measurement, and what the future holds for marketing teams and jobs in an increasingly automated world. ----- About The Measure Pod: The Measure Pod is your go-to fortnightly podcast hosted by seasoned analytics pros. Join Dara Fitzgerald (Co-Founder at Measurelab) & Matthew Hooson (Head of Engineering at Measurelab) as they dive into the world of data, analytics and measurement, with a side of fun. ----- If you liked this episode, don't forget to subscribe to The Measure Pod on your favourite podcast platform and leave us a review. Let's make sense of the analytics industry together! The post #126 First-party data strategy – a client side perspective (with Roman Petrochenkov at Carwow) appeared first on Measurelab.

From Ogilvy and Saatchi & Saatchi, to ASOS and Bumble, this is the ultimate Agency to Client side story.The secret sauce? It turns out everyone is a storyteller (even you!) and there is a simple plot behind every brand.Get ready for the best marketing playbook you could ask for...Sponsored by RISER, your AI Career Companion.

What is “manipulative design”? How does this concept differ from “dark patterns”? How could we expand website and mobile app monitoring to a company's ad stack?  Boltive's Christine Desrosiers has joined us for another Privacy Tech interview. She is an operations and product professional with 20 years of experience building best-in-class publisher ad stacks and ops teams, and integrating ad and site stacks with Privacy Tech. She is involved in a number of industry working groups and advisory boards, working to raise the bar on privacy, security and transparency.  References: Christine Desrosiers on LinkedIn Boltive: monitor security and privacy compliance across the consumer front end (including publishing and AdTech) Jessica B. Lee, Chair of Loeb & Loeb LLP's Privacy, Security & Data Innovations practice Global Privacy Enforcement Network: 2024 “sweep” on deceptive design patterns FTC, ICPEN, GPEN Announce Results of Review of Use of Dark Patterns Affecting Subscription Services, Privacy (FTC, July 2024) Bringing Dark Patterns to Light (FTC, September 2022) Daniel Solove, A Taxonomy of Privacy (UPenn Law Review, January 2006) - see “decisional interference” Website Privacy Controls (New York State Attorney General) FTC study finds ‘dark patterns' used by a majority of subscription apps and websites (TechCrunch, July 2024) FTC vs. Amazon (“Roach Motel” pattern through the internally called “Illiad” process for consumers to cancel their Amazon Prime membership) California SB 690: A new hope for CIPA litigation overload? (Norton Rose Fulbright) Daniel Solove: On Privacy and Technology (Masters of Privacy, March 2025) Max Anderson (Ketch): Privacy Tech spotlight I – the future of CMPs, value vs. hype in privacy compliance SaaS (Masters of Privacy, April 2025) Daniel Barber (DataGrail): Privacy Tech spotlight II – widespread non-compliance, opt-out challenges, and shadow AI (Masters of Privacy, May 2025) Cillian Kieran (Ethyca): Privacy Tech spotlight III – compliance as an engineering challenge (Masters of Privacy, June 2025) Vaibhav Antil (Privado): Privacy Tech spotlight IV - from trust to evidence (Masters of Privacy, July 2025)

Episode 119: In this episode of Critical Thinking - Bug Bounty Podcast Justin does a mini deep dive into the world of iframes, starting with why they're significant, their attributes, and how to attack them.CORRECTION: Some of my comments on the latest episode of the pod were woefully inaccurate about the `csp` attribute of an iframe. Def should have read the spec more thoroughly. Please see the #corrections channel in Discord for the deets.Follow us on twitter at: https://x.com/ctbbpodcastGot any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!====== Links ======Follow your hosts Rhynorater and Rez0 on Twitter:https://x.com/Rhynoraterhttps://x.com/rez0__====== Ways to Support CTBBPodcast ======Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.You can also find some hacker swag at https://ctbb.show/merch!====== Resources ======Episode with JR0ch17ctbb.show/61Exacerbating Cross-Site Scripting: The Iframe Sandwichhttps://coopergyoung.com/exacerbating-cross-site-scripting-the-iframe-sandwich/====== Timestamps ======(00:00:00) Introduction(00:01:20) Why are Iframes useful(00:05:11) Attributes of Iframes(00:21:39) Iframe Attacks(00:29:53) Iframe Fun Facts

#ppcchat Anu Adegbola chats with in-house Paid Search expert, Helen Dooner, about how her in-house team uses AI and giving PPC-ers advice on how to approach PPC in 2025"Q1 What was the biggest shift for you in how you run PPC campaign when you moved in-houseQ2 What are your general feelings towards AIQ3 What wouldn't you allow AI to touchQ4 What has AI changed the most for youQ5 Does your Lead Gen team use Performance MaxExit questions:What's one thing you want to leave people withAdvice to freelancers wanting to pitch - what is important to you as a clientBest advice you have been givenImposter Syndrome momentThank you for listening!Please help grow the podcast - and rate/review on Spotify, Amazon, Apple Podcast & more - ⁠⁠⁠⁠⁠⁠linktr.ee/ppcchat_roundup⁠⁠

In this episode of Email After Hours, hosts Guy Hanson and Danielle Gallant are joined by Philip Storey, founder of Enchant, a leading email marketing agency in the UK.

In this episode hosts Todd Cochrane and Rob Greenlee reconnect after attending Podfest in Orlando, where they briefly discuss the unexpected cold weather during the event and provide updates on their activities since returning home. A big disclosure by Todd reveals his experimentation with chapter files to track ad engagement more effectively, detailing how he … Continue reading Client Side Tracking in Podcast Apps Live Now #615 → The post Client Side Tracking in Podcast Apps Live Now #615 appeared first on New Media Show.

Welcome solo and group practice owners! We are Liath Dalton and Evan Dumas, your co-hosts of Group Practice Tech. In our latest episode, we share recent updates from Google Workspace that you may have questions about.  We discuss: The price changes to Google Workspace tiers Considerations for choosing the appropriate Google Workspace tier for your needs How client side encryption works using Google Gemini, Google's AI HIPAA appropriateness and ethical standards regarding AI use Communicating these standards to your team Cases where using AI would be appropriate  Google's updated appointment scheduler  Calendar sync as a contingency plan Listen here: https://personcenteredtech.com/group/podcast/ For more, visit our website. Resources Google Workspace Plan Tiers Google Workspace HIPAA Included Functionality (covered by BAA) Google Workspace HIPAA Implementation Guide About client-side encryption - Google Workspace Admin Help Learn about Gmail Client-side encryption - Gmail Help Generative AI in Google Workspace Privacy Hub Manage access to Gemini features in Workspace services PCT Resources Making Practice Life Easier and More Efficient With Google Workspace *Free* On-Demand seminar on utilizing Google Workspace to create more effective and secure systems includes PCT's Google Workspace Configuration Center & Checklist Relevant on-demand, legal-ethical CE training: The Evolving Legal-Ethical Standard of Care for the Clinical Use of Artificial Intelligence in Mental Health Gain insights into the benefits and challenges of incorporating AI technologies into their practice, understand the clinical implications, and learn how to navigate legal and ethical guidelines while maintaining compliance with HIPAA regulations. PCT's Comprehensive HIPAA Security Compliance Program (discounted) bundles: For Group Practices For Solo Practitioners PCT's HIPAA Risk Analysis & Risk Mitigation Planning service for mental health group practices -- care for your practice using our supportive, shame-free risk analysis and mitigation planning service. You'll have your Risk Analysis done within 2 hours, performed by a PCT consultant, using a tool built specifically for mental health group practice, and a mitigation checklist to help you reduce your risks. Group Practice Care Premium weekly (live & recorded) direct support & consultation service, Group Practice Office Hours -- including monthly session with therapist attorney Eric Ström, JD PhD LMHC + assignable staff HIPAA Security Awareness: Bring Your Own Device training + access to Device Security Center with step-by-step device-specific tutorials & registration forms for securing and documenting all personally owned & practice-provided devices (for *all* team members at no per-person cost) + assignable staff HIPAA Security Awareness: Remote Workspaces training for all team members + access to Remote Workspace Center with step-by-step tutorials & registration forms for securing and documenting Remote Workspaces (for *all* team members at no per-person cost) + more

In this episode, Matt and Mike dive into the world of JavaScript environments, exploring the key differences between client-side and server-side JavaScript. Whether you're a beginner curious about how JavaScript works across the browser and the server, or an experienced developer looking for a refresher, this episode has you covered. Learn about the unique roles of client-side and server-side JavaScript, their common use cases, and when to use each. Plus, discover the latest trends like serverless environments, JAMstack, and exciting tools like Astro and Deno. Don't miss this comprehensive breakdown of JavaScript's dual nature! ‍Show Notes: https://www.htmlallthethings.com/podcasts/client-side-vs-server-side-javascript Thanks to Wix Studio for sponsoring this episode! Check out Wix Studio, the web platform tailored to designers, developers, and marketers via this link: https://www.wix.com/studio

In a recent episode of Brand Story, Simon Wijckmans, founder and CEO of c/side, discussed the critical need to secure third-party scripts on websites, a frequently overlooked aspect of cybersecurity. Drawing on his experience with companies like Cloudflare and Vercel, Wijckmans outlined why traditional methods fall short in addressing dynamic threats and how c/side is redefining client-side security.Third-party scripts—commonly used for analytics, marketing, and chatbots—are vital for website functionality but come with inherent risks. These scripts operate dynamically, allowing malicious actors to inject harmful code under specific conditions, such as targeting particular users or timeframes. Existing security approaches, such as threat feeds or basic web crawlers, fail to detect these threats because they often rely on static assessments. As Wijckmans explained, these limitations result in a false sense of security, leaving businesses exposed to significant risks.C/side provides a proactive solution by placing itself between users and third-party script providers. This approach enables real-time analysis and monitoring of script behavior. Using advanced tools, including AI-driven analysis, c/side inspects the JavaScript code and flags malicious activity. Unlike other solutions, it offers complete transparency by delivering the full source code of scripts in a readable format, empowering organizations to investigate and address potential vulnerabilities comprehensively.Wijckmans stressed that client-side script security is an essential yet underrepresented aspect of the supply chain. While most security tools focus on protecting server-side dependencies, the browser remains a critical point where sensitive data is often compromised. C/side not only addresses this gap but also helps organizations meet compliance requirements like those outlined in PCI-DSS, which mandate monitoring client-side scripts executed in browsers.C/side's offerings cater to various users, from small businesses using a free tier to enterprises requiring comprehensive solutions. Its tools integrate seamlessly into cybersecurity programs, supporting developers, agencies, and compliance teams. Additionally, c/side enhances performance by optimizing script delivery, ensuring that security does not come at the cost of website functionality.With its innovative approach, c/side exemplifies how specialized solutions can tackle complex cybersecurity challenges. As Wijckmans highlighted, the modern web can be made safer with accessible, effective tools, leaving no excuse for neglecting client-side security. Through its commitment to transparency, performance, and comprehensive protection, c/side is shaping a safer digital ecosystem for businesses and users alike.Learn more about c/side: https://itspm.ag/c/side-t0g5Note: This story contains promotional content. Learn more.Guest: Simon Wijckmans, Founder & CEO, c/side [@csideai]On LinkedIn | https://www.linkedin.com/in/wijckmans/ ResourcesLearn more and catch more stories from c/side: https://www.itspmagazine.com/directory/c-sideAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story

In a recent episode of Brand Story, Simon Wijckmans, founder and CEO of c/side, discussed the critical need to secure third-party scripts on websites, a frequently overlooked aspect of cybersecurity. Drawing on his experience with companies like Cloudflare and Vercel, Wijckmans outlined why traditional methods fall short in addressing dynamic threats and how c/side is redefining client-side security.Third-party scripts—commonly used for analytics, marketing, and chatbots—are vital for website functionality but come with inherent risks. These scripts operate dynamically, allowing malicious actors to inject harmful code under specific conditions, such as targeting particular users or timeframes. Existing security approaches, such as threat feeds or basic web crawlers, fail to detect these threats because they often rely on static assessments. As Wijckmans explained, these limitations result in a false sense of security, leaving businesses exposed to significant risks.C/side provides a proactive solution by placing itself between users and third-party script providers. This approach enables real-time analysis and monitoring of script behavior. Using advanced tools, including AI-driven analysis, c/side inspects the JavaScript code and flags malicious activity. Unlike other solutions, it offers complete transparency by delivering the full source code of scripts in a readable format, empowering organizations to investigate and address potential vulnerabilities comprehensively.Wijckmans stressed that client-side script security is an essential yet underrepresented aspect of the supply chain. While most security tools focus on protecting server-side dependencies, the browser remains a critical point where sensitive data is often compromised. C/side not only addresses this gap but also helps organizations meet compliance requirements like those outlined in PCI-DSS, which mandate monitoring client-side scripts executed in browsers.C/side's offerings cater to various users, from small businesses using a free tier to enterprises requiring comprehensive solutions. Its tools integrate seamlessly into cybersecurity programs, supporting developers, agencies, and compliance teams. Additionally, c/side enhances performance by optimizing script delivery, ensuring that security does not come at the cost of website functionality.With its innovative approach, c/side exemplifies how specialized solutions can tackle complex cybersecurity challenges. As Wijckmans highlighted, the modern web can be made safer with accessible, effective tools, leaving no excuse for neglecting client-side security. Through its commitment to transparency, performance, and comprehensive protection, c/side is shaping a safer digital ecosystem for businesses and users alike.Learn more about c/side: https://itspm.ag/c/side-t0g5Note: This story contains promotional content. Learn more.Guest: Simon Wijckmans, Founder & CEO, c/side [@csideai]On LinkedIn | https://www.linkedin.com/in/wijckmans/ ResourcesLearn more and catch more stories from c/side: https://www.itspmagazine.com/directory/c-sideAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story

Unfortunately, many ERP implementations fail because they do not have an expert to guide their efforts leading to missed milestones and ill-prepared employees. Find out how leveraging a Client-Side Implementation Consultant can ensure your project gets on track and stays on track until you successfully go live. Don't let your ERP implementation fall off the rails, tune into The ERP Advisor Podcast to hear from ERP expert Shawn Windle and learn why your business will be thankful for your Client-Side Implementation Consultant this year.Connect with us!https://www.erpadvisorsgroup.com866-499-8550LinkedIn:https://www.linkedin.com/company/erp-advisors-groupTwitter:https://twitter.com/erpadvisorsgrpFacebook:https://www.facebook.com/erpadvisorsInstagram:https://www.instagram.com/erpadvisorsgroupPinterest:https://www.pinterest.com/erpadvisorsgroupMedium:https://medium.com/@erpadvisorsgroup

In this episode of Now That's Significant, a market research podcast, host Michael Howard interviews Tom Johnson, Senior Director of Consumer Insight and Analytics at Jack in the Box and Del Taco, about his journey in market research and the importance of aligning insights with business goals. Tom, with 25 years of experience on both the agency and client side, shares valuable lessons learned from building the consumer insights function at Del Taco from the ground up and navigating the complexities of a merger with Jack in the Box. Here are five key takeaways from the episode: Passion for insights can stem from inspiring mentors: Tom's journey began with a college professor who ignited his interest in market research, highlighting the impact mentors can have on shaping careers. Understanding the full impact of insights requires client-side experience: Tom transitioned to the client side to gain a deeper understanding of how insights are used to drive business decisions. Cross-functional collaboration is essential for maximizing impact: Building relationships with stakeholders across different departments allows consumer insights to influence a wider range of decisions. Strategic prioritization is crucial for managing research budgets: A "barbell strategy," balancing high-impact strategic research with efficient, tactical research, helps optimize resource allocation. Adapting to evolving consumer behavior is key for success: Understanding the nuances of consumer behavior in a changing economic and social landscape is crucial for developing effective strategies. Tune in to this episode to learn more about Tom Johnson's insights on building a successful consumer insights function and navigating the challenges of the fast-food industry. *** Infotools Harmoni is a fit-for-purpose market research analysis, visualization, and reporting platform that gives the world's leading brands the tools they need to better understand their consumers, customers, organization, and market. www.infotools.com Established in 1990, we work with some of the world's top brands around the world, including Coca-Cola, Orange, Samsung, and Mondelēz. Our powerful cloud-based platform, Harmoni, is purpose-built for market research. From data processing to investigation, dashboards to collaboration, Harmoni is a true "data-to-decision-making" solution for in-house corporate insights teams and agencies. While we don't facilitate market research surveys, provide sample, or collect data, we make it easy for market researchers to find and share compelling insights that go over-and-above what stakeholders want, inspiring them to act decisively. One of the most powerful features of Harmoni is Discover, a time-tested, time-saving, and investigative approach to data analysis. Using automated analyses to reveal patterns and trends, Discover minimizes potential research bias by removing the need for requesting and manually analyzing scores of cumbersome crosstabs – often seeing what you can't. Discover helps you easily find what differentiates groups that matter to you, uncover what makes them unique, and deliver data points that are interesting, relevant, and statistically significant, plus see things others can't. Add to all this an impending GenAI feature, and you have an extremely powerful, future-proofed tool.

Innovation comes in many areas, and compliance professionals must be ready for and embrace it. Join Tom Fox, the Voice of Compliance, as he visits with top innovative minds, thinkers, and creators in the award-winning Innovation in Compliance podcast. Host Tom Fox takes things differently in this episode by welcoming Rui Ribeiro, Co-Founder and CEO at Jscrambler, the podcast's sponsor. Rui discusses innovative measures in client-side security and PCI DSS compliance, his professional background, and the significance of the PCI DSS Version 4 update in enhancing client-side environments, mainly focusing on controlling third-party vendors to prevent unauthorized data access. The discussion outlines the strides taken in making transactions secure and offers insights into the broader implications of data privacy and compliance trends. Listeners will gain a comprehensive understanding of the intersection between technology and compliance in the context of data security alongside the evolving regulatory landscape. Key highlights: Exploring Client-Side Security and PCI DSS Compliance The Importance of PCI DSS Version 4 Challenges and Solutions in Client-Side Security Jscrambler's Role and Customer Engagement Future of Client-Side Security and Compliance Resources: Rui Ribeiro on LinkedIn Jscrambler Tom Fox Instagram Facebook YouTube Twitter LinkedIn

Episode 95: In this episode of Critical Thinking - Bug Bounty Podcast In this episode, Justin is joined by MatanBer to delve into the intricacies of browser extensions. We talk about the structure and threat models, and cover things like service workers, extension pages, and isolated worlds.Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Links ------Follow your hosts Rhynorater & Teknogeek on twitter:https://twitter.com/0xteknogeekhttps://twitter.com/rhynorater------ Ways to Support CTBBPodcast ------Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.Today's Sponsor - AssetNote. Listen to their podcast https://www.criticalthinkingpodcast.io/sspodToday's Guest: https://x.com/MtnBerResourcesUniversal Code Execution by Chaining Messages in Browser Extensionshttps://spaceraccoon.dev/universal-code-execution-browser-extensions/DOMLogger++https://github.com/kevin-mizu/domloggerppBBRE Metamask bughttps://youtu.be/HnI0w156rtw?si=QixP8SX6JuRFz6PABench Press: Leaking Text Nodes with CSShttps://blog.pspaul.de/posts/bench-press-leaking-text-nodes-with-css/Timestamps:(00:00:00) Introduction(00:03:08) Structure & Threat Model for Browser Extension(00:28:28) Extension Attack scenarios(01:01:26) Attacking Extension Pages(01:26:35) Attacking Service Workers(01:46:23) Getting source code and dynamic debugging

Liam Eagen (Alpen Labs), Robin Linus (Zero Sync, BitVM) & Jonas Nick (Blockstream, Taproot) talk about their groundbreaking research paper about Shielded Client-Side Validation – a new way to bring privacy & scalability to Bitcoin. –––––––––––––––––––––––––– Time stamps: Introduction (00:00:51)
 What is Client-Side Validation? (00:02:09)
 Trade-offs in Client-Side Validation (00:04:20)
 Comparison with Existing Protocols (00:05:18)
 On-chain Throughput and Privacy (00:09:21)
 Connecting Bitcoin and Shielded CSV (00:09:55)
 User Interaction with the Protocol (00:11:07)
 Challenges with the Lightning Network (00:12:22)
 Atomic Swaps and Compatibility (00:14:56)
 Shielded CSV vs Monero & Zcash (00:16:12)
 Discussion on STARKs (00:19:28)
 OP_CAT and Covenants (00:21:46)
 OP_CAT and Functional Encryption (00:24:03)
 Exploration of BitcoinOS (00:25:21)
 Potential of BitVM (00:26:11) Bitcoin as a Currency (00:28:21)
 Funding for CSV Projects (00:30:40)
 Taint Concept in Shielded Transactions (00:31:14)
 Adoption and Privacy Protocols (00:34:08)
 Transaction Fees in Shielded Transactions (00:35:08)
 Throughput and Base Layer Efficiency (00:36:04)
 Node Behavior During Transactions (00:38:12)
 Comparison with MimbleWimble (00:39:41)
 CryptoSteel's New Device (00:40:29)
 Drivechains (00:41:04)
Discussion about crypto steel backups and a sponsor, Layer Two Labs, promoting drive chains. Concerns Over Soft Forks (00:43:51)
 Rough Consensus Definition (00:45:04)
 Challenges of Soft Fork Implementation (00:46:15)
 Balancing Stability and Innovation (00:47:29)
 Miner Incentives and Fee Structures (00:48:38)
 Future of Post-Quantum Proposals (00:49:44)
 Increasing Block Size for CSV (00:50:00)
 Ideal Block Size Debate (00:53:08)
 Quantum Computing Threat (00:59:02)
 Potential Consequences of Quantum Attacks (01:00:24)
 Post-Quantum Solutions (01:02:23)
 Quantum Computing Timeline (01:02:50)
 Complexity of Quantum Computers (01:03:31)
 Quantum Records and Limitations (01:05:44)
 Chat Question on Shielding Protocol (01:06:12)
 Hodling.ch (01:06:45)
 Self-Custody Security (01:09:15)
 Threat Models in Security (01:09:58)
 Hardware Wallet Cautionary Tale (01:10:33)
 Conference Discussions (01:12:05)
 Shielded CSV Funding and Development Timeline (01:13:58)
 Prototype Development Outlook (01:15:29)
 Concerns Over Adoption (01:17:31)
 Scalability vs. Privacy Debate (01:19:34)
 Tether on Shielded CSV? (01:22:04)
 Revenue Models Discussion (01:22:22)
 Transaction Fees and Profitability (01:23:25)
 Publisher Fees in CSV Protocol (01:24:16)
 Competition and Business Models (01:25:40)
 Soft Fork Proposals for Improvement (01:26:07)
 Script Restoration and Arithmetic Improvements (01:27:30)
 Future of Shielded Client-Side Validation (01:37:23)
 Keeping Up with Developments (01:38:44)
 Self-Promotion and Team Dynamics (01:41:05)
 Proof of Stake? (01:42:51)
 Rare Pepes in Shielded CSV (01:43:56)
 Acknowledgment of Guests (01:46:18)
 Call to Action: Shield Emoji (01:47:57)
 Importance of Learning Bitcoin (01:48:07) Resources for Learning Bitcoin (01:48:31) Commentary on Peter Wuille (01:49:26) Block Size Debate (01:50:02) Optimizing Bitcoin for Global Use (01:51:05)


#ppcchat Anu Adegbola chats with in-house Paid Search expert Brooke Osmundson, about the latest updates in Search Marketing, giving PPC-ers advice on how to approach PPC in 2024" Q1 How much would you say you're keeping up with all the updates from Google, Microsoft and the world of Ai Q2 With all the people worrying about enhanced CPC's, how have you felt about it and how should people approach it? Q3 Do you use performance max and how are you finding it? Q4 How do you use Ai - How often do you find yourself in Chat GTP, Claude or do you have an alternative? Q5 What would you say to paid search advertisers who feel that Ai may take their jobs? Q6 How do you keep yourself interested in the new Ai updates happening? Q7 Has your workload changed and who are the people you need to push back on? Q8 How important is it to actually know the business goals? Q9 What advice have you been given that was not for you? Q10 How do you deal with imposter syndrome? Q11 What are the important things you want to hear when an agency is pitching to win business? Thank you for listening! Please help grow the podcast - and rate/review on Spotify, Amazon, Apple Podcast & more - linktr.ee/ppcchat_roundup

In this episode of the Security Podcast of Silicon Valley, a YSecurity production, hosts Jon McLachlan and Sasha Sinkevich dive into an engaging conversation with Simon Wijckmans, Founder and CEO of cside.dev. Simon shares his journey from working at Hydra, Vercel, and Cloudflare to founding cside.dev, a security startup focused on client-side security. He discusses the evolution of web security, the unique challenges of client-side attacks, and how cside.dev is pioneering solutions to make web security more accessible. Simon's insights into the dynamic landscape of cybersecurity and his passion for innovative solutions make this episode a must-listen. Join us as we explore the future of web security with one of the industry's brightest minds.

“The client's role is not to solve the problem — it's to state the problem.”What's the client's perspective in major cultural projects? What are “client user groups?” What's the difference between advocating for the client, and advocating for the project? How do you “inhabit your project?” How might a single gender-inclusive restroom project change an entire institution? Should every project have a “super contingency” in the budget?Amy Weisser (Deputy Director for Strategic Planning and Projects at Storm King Art Center) joins host Jonathan Alger (Managing Partner, C&G Partners) to discuss “The Client Side of Major Projects.”Along the way: P.P.E., trusting the hiring decisions, and a 2,000-year-old Roman theory that still works today.Talking Points:1. The Three-Legged Stool: Vision, Schedule, Budget 2. Client Advocate, Project Advocate, User Advocate 3. Museum Building Projects are Linear, Not Cyclical 4. All Projects are Transformational 5. Project Phases: Watercolors to Hard Hats 6. Disasters DO Happen 7. Build Your ValuesHow to Listen: Apple Podcastshttps://podcasts.apple.com/us/podcast/making-the-museum/id1674901311 Spotifyhttps://open.spotify.com/show/6oP4QJR7yxv7Rs7VqIpI1G Everywherehttps://makingthemuseum.transistor.fm/ Guest Bio:Amy Weisser is Deputy Director, Strategic Planning and Projects at Storm King Art Center, where she incubates projects focused on strategic growth. Weisser has spent 30 years supporting cultural institutions undergoing profound development. Prior to Storm King, Weisser led exhibition development for the National September 11 Memorial Museum from 2005 to 2017 and helped open the contemporary art museum Dia:Beacon and the American Museum of Natural History's Rose Center for Earth and Space. She has taught Museum Studies at New York University. Weisser holds a doctorate in Art History from Yale University. She is a co-author of Martin Puryear: Lookout (GRM/SKAC, 2024). About MtM: Making the Museum is hosted (podcast) and written (newsletter) by Jonathan Alger. This podcast is a project of C&G Partners | Design for Culture. Learn about the firm's creative work at: https://www.cgpartnersllc.com Links for This Episode: Amy's Email: as.weisser@stormkingartcenter.org Amy's LinkedIn:https://www.linkedin.com/in/amysweisser/ Storm King: www.stormking.org Storm King's Capital Project:https://stormking.org/capitalproject/Building Museums Symposium, a project of the Mid-Atlantic Association of Museums: https://midatlanticmuseums.org/building-museums/Links for MtM: https://www.makingthemuseum.com/contact https://www.linkedin.com/in/jonathanalger alger@cgpartnersllc.com https://www.cgpartnersllc.com Newsletter: Like the show? Try the newsletter. Making the Museum is also a one-minute email, three times a week, on exhibition planning and design for museum leaders, exhibition teams and visitor experience professionals. (And the best way to find out first about new episodes of the podcast.)Subscribe here: https://www.makingthemuseum.com 

Send us a Text Message.Title:

How prepared is your organization to tackle the growing threat of client-side attacks? In this episode of the Tech Talks Daily Podcast, I sit down with Lynn Marks, Senior Product Director at Imperva, a Thales company, to discuss the rise of Magecart attacks and the implications of the newly updated PCI DSS 4.0 standards. Client-side attacks, like Magecart, have been a looming threat since 2015, gaining significant traction as digital transformation accelerated during the global pandemic. As more businesses moved their operations online, the landscape for these attacks became increasingly fertile, putting sensitive customer data at risk. With the recent release of PCI DSS 4.0, the stakes have never been higher for organizations processing payments online. Lynn dives into the specifics of how these attacks operate, targeting vulnerable JavaScript to steal data directly from users, often without detection. We explore the key updates in PCI DSS 4.0, particularly the new requirements that demand businesses inventory, authorize, and monitor client-side scripts more rigorously. Lynn shares practical insights on how companies can navigate these requirements, mitigate risks, and enhance cross-team communication to protect against these sophisticated threats. What strategies should your business adopt to stay ahead of client-side attackers, and how can you ensure compliance with the evolving security standards? Tune in to this episode for an in-depth conversation on safeguarding your online transactions and staying resilient in the face of emerging cyber threats. After listening, I'd love to hear your thoughts—how is your organization adapting to the new PCI DSS 4.0 requirements?

Episode 81: In this episode of Critical Thinking - Bug Bounty Podcast Justin is joined by MatanBer to go over some recent bug reports, as well as share some tips and tricks on client-side hacking and using DevTools effectively. Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Links ------Follow your hosts Rhynorater & Teknogeek on twitter:https://twitter.com/0xteknogeekhttps://twitter.com/rhynorater------ Ways to Support CTBBPodcast ------Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.Today's Guest: https://x.com/MtnBerResources:Beyond XSShttps://aszx87410.github.io/beyond-xss/en/Web VSCode XSShttps://gitlab.com/gitlab-org/gitlab/-/issues/461328Timestamps(00:00:00) Introduction(00:05:24) Learning and Labs(00:17:29) DevTools tips and tricks(00:49:49) General Client-Side hacking tips(01:09:59) Self-XSS Storytime(01:32:16) But Reports(01:46:37) Brainstorming a Client-side HUD

Guest: Soheil Khodayari, Security Researcher, CISPA - Helmholtz Center for Information Security [@CISPA]On LinkedIn | https://www.linkedin.com/in/soheilkhodayari/On Twitter | https://x.com/Soheil__K____________________________Hosts: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/sean-martinMarco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society PodcastOn ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli____________________________Episode NotesIn this episode of On Location with Sean and Marco, co-host Sean Martin embarks on a solo journey to cover the OWASP AppSec Global event in Lisbon. Sean welcomes Soheil Khodayari, a security researcher at the CISPA Helmholtz Center for Information Security in Saarland, Germany, to discuss the intricacies of web security, particularly focusing on request forgery attacks.They dive into Soheil's background, noting his extensive research in web security and privacy, with interests spanning vulnerability detection, internet measurements, browser security, and new testing techniques. Soheil aims to share valuable insights on request forgery attacks, a prevalent issue in web security that continues to challenge developers and security professionals alike.The conversation transitions to an in-depth exploration of client-side request forgery and how these attacks differ from traditional cross-site request forgery (CSRF). Soheil elaborates on the evolution of web applications and how shifting functionalities to client-side code has introduced new, complex vulnerabilities. He identifies the critical role of input validation and the resurgence of issues related to improper handling of user inputs, which attackers can exploit to cause unintended actions on authenticated sessions.As they prepare for the upcoming OWASP Global AppSec event, Soheil highlights his session, titled "In the Same Site We Trust: Navigating the Landscape of Client-Side Request Hijacking on the Web," scheduled for Thursday, June 27th. He emphasizes the relevance of the session for developers and security professionals who are eager to learn about modern request hijacking techniques, defense mechanisms, and how to detect these vulnerabilities using automated tools.The discussion touches on the landscape of modern browsers, the effectiveness of same-site cookies as a defense-in-depth strategy, and the limitations of these measures in preventing client-side CSRF attacks. Soheil mentions the development of a vulnerability detection tool designed to mitigate these sophisticated threats and invites attendees to integrate such tools into their CI/CD pipelines for enhanced security.Sean and Soheil ultimately reflect on the importance of understanding the nuances of web application security. They encourage listeners to attend the session, engage with the community, and explore advanced security practices to safeguard their applications against evolving threats. This engaging episode sets the stage for a deep dive into the technical aspects of web security at the OWASP Global AppSec event.Top Questions AddressedWhat are request forgery attacks and how have they evolved over time?How do modern browsers and applications handle security against these attacks?What will Soheil Khodayari's session at OWASP Global AppSec cover and who should attend?Be sure to follow our Coverage Journey and subscribe to our podcasts!____________________________Follow our OWASP AppSec Global Lisbon 2024 coverage: https://www.itspmagazine.com/owasp-global-2024-lisbon-application-security-event-coverage-in-portugalOn YouTube:

Guest: Soheil Khodayari, Security Researcher, CISPA - Helmholtz Center for Information Security [@CISPA]On LinkedIn | https://www.linkedin.com/in/soheilkhodayari/On Twitter | https://x.com/Soheil__K____________________________Hosts: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/sean-martinMarco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society PodcastOn ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli____________________________Episode NotesIn this episode of On Location with Sean and Marco, co-host Sean Martin embarks on a solo journey to cover the OWASP AppSec Global event in Lisbon. Sean welcomes Soheil Khodayari, a security researcher at the CISPA Helmholtz Center for Information Security in Saarland, Germany, to discuss the intricacies of web security, particularly focusing on request forgery attacks.They dive into Soheil's background, noting his extensive research in web security and privacy, with interests spanning vulnerability detection, internet measurements, browser security, and new testing techniques. Soheil aims to share valuable insights on request forgery attacks, a prevalent issue in web security that continues to challenge developers and security professionals alike.The conversation transitions to an in-depth exploration of client-side request forgery and how these attacks differ from traditional cross-site request forgery (CSRF). Soheil elaborates on the evolution of web applications and how shifting functionalities to client-side code has introduced new, complex vulnerabilities. He identifies the critical role of input validation and the resurgence of issues related to improper handling of user inputs, which attackers can exploit to cause unintended actions on authenticated sessions.As they prepare for the upcoming OWASP Global AppSec event, Soheil highlights his session, titled "In the Same Site We Trust: Navigating the Landscape of Client-Side Request Hijacking on the Web," scheduled for Thursday, June 27th. He emphasizes the relevance of the session for developers and security professionals who are eager to learn about modern request hijacking techniques, defense mechanisms, and how to detect these vulnerabilities using automated tools.The discussion touches on the landscape of modern browsers, the effectiveness of same-site cookies as a defense-in-depth strategy, and the limitations of these measures in preventing client-side CSRF attacks. Soheil mentions the development of a vulnerability detection tool designed to mitigate these sophisticated threats and invites attendees to integrate such tools into their CI/CD pipelines for enhanced security.Sean and Soheil ultimately reflect on the importance of understanding the nuances of web application security. They encourage listeners to attend the session, engage with the community, and explore advanced security practices to safeguard their applications against evolving threats. This engaging episode sets the stage for a deep dive into the technical aspects of web security at the OWASP Global AppSec event.Top Questions AddressedWhat are request forgery attacks and how have they evolved over time?How do modern browsers and applications handle security against these attacks?What will Soheil Khodayari's session at OWASP Global AppSec cover and who should attend?Be sure to follow our Coverage Journey and subscribe to our podcasts!____________________________Follow our OWASP AppSec Global Lisbon 2024 coverage: https://www.itspmagazine.com/owasp-global-2024-lisbon-application-security-event-coverage-in-portugalOn YouTube:

Web scraping 101! Dive into the world of web scraping with Scott and Wes as they explore everything from tooling setup and navigating protected routes to effective data management. In this Tasty Treat episode, you'll gain invaluable insights and techniques to scrape (almost) any website with ease. Show Notes 00:00 Welcome to Syntax! 03:13 Brought to you by Sentry.io. 05:00 What is scraping? Socialblade. 08:01 Examples of past scrapers. Canadian Tire. 10:06 Cloud app downloader. 16:13 Other use cases. 16:58 Scraping 101. 17:28 Client Side. 19:08 Private API. Proxyman. 22:40 Server rendered. 23:27 Initial state. 24:57 What format is the data in? Google Puppeteer Extension. 27:08 Working with the DOM. 27:12 Linkedom npm package. 29:02 querySelector everything. 31:28 How to find the elements without classes. 34:08 Use XPath selectors for select by word. 34:53 Make them as flexible as you can. Classes change! 35:10 AI is good at this! 36:26 File downloading. 38:20 Working with protected routes. Proxyman. 40:41 Programatically retrieve authentication keys because they are short-lived. Fetch Cookie. 43:20 Deal-breakers. Mechanical Turk. 44:58 What happened with Amazon? Uniqlo Self-Checkout 46:42 Wes' portable refrigerator utopia. 47:25 Sick Picks & Shameless Plugs. Sick Picks Scott: KeyboardCleanTool. Wes: Yabai. Shameless Plugs Scott: Syntax on YouTube Hit us up on Socials! Syntax: X Instagram Tiktok LinkedIn Threads Wes: X Instagram Tiktok LinkedIn Threads Scott:X Instagram Tiktok LinkedIn Threads Randy: X Instagram YouTube Threads

Understanding the complexities around client-side security is more important than ever. As businesses and individuals, we are all 'people of the web', and protecting web transactions and user-data becomes our collective responsibility. On this episode of the Brand Story Podcast, hosts Sean Martin and Marco Ciappelli discuss these complexities with Lynn Marks, Senior Product Manager from Imperva.The conversation begins with a key question: What is client-side protection?Marks explains that modern engineering teams often place much of the applicational logic into the client-side, utilizing third-party JavaScript extensively. But as the prevalence of JavaScript increases, so does its vulnerability to being hijacked. A major concern is ‘form-jacking,' where bad actors compromise JavaScript to skim sensitive information one record at a time. Due to the slow, low, and under-the-radar nature of these attacks, they often go unnoticed, emphasizing the need for proactive detection and robust prevention methods.Marks highlights that many organizations are currently blind to these client-side attacks and require visibility into their online activity. This is where Imperva's Client-Side Protection product comes in. It enables organizations to start gaining visibility, insights, and the ability to either allow or block the execution of certain actions on their client-side applications. The goal is to streamline their compliance processes, manage the auditing stages effectively, and facilitate them to make data-driven, informed decisions.Marks also discusses the importance of adhering to PCI-DSS (Payment Card Industry Data Security Standard)—specifically version 4.0. As this standard applies to all organizations processing payment information, it plays a significant role in helping organizations build programs capable of combating these attacks. Imperva's Client-Side Protection product aligns with this framework, providing necessary visibility and insights while streamlining the auditing and compliance processes.For Imperva WAF customers, the Imperva client-side solution can be activated with just one click, removing any constraints and giving back control to the security teams. As organizations implement these security measures into their regular processes, they gain the ability to forecast and manage potential threats better.Maintaining client-side security is undoubtedly a complex task, especially with the ever-increasing and evolving use of JavaScript. However, with comprehensive visibility, robust solutions, and readily-available compliance with industry standards, organizations can efficiently manage these threats and ultimately protect the end-users. By fostering a proactive stance towards cybersecurity, we can maintain the integrity of our online experiences and embrace our roles as responsible people of the web.Top Questions AddressedWhat is client-side protection?How can an organization protect itself against client-side attacks?What is the role of Imperva's Client Side Protection product in combating client-side security threats? Note: This story contains promotional content. Learn more.Guest: Lynn Marks, Senior Product Manager at Imperva [@Imperva]On Linkedin | https://www.linkedin.com/in/lynnmarks1/Blog | https://thenewstack.io/author/lynn-marks/ResourcesLearn more about Imperva and their offering: https://itspm.ag/imperva277117988Guide: The Role of Client-Side Protection: https://itspm.ag/impervlttqCatch more stories from Imperva at https://www.itspmagazine.com/directory/impervaAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story

Understanding the complexities around client-side security is more important than ever. As businesses and individuals, we are all 'people of the web', and protecting web transactions and user-data becomes our collective responsibility. On this episode of the Brand Story Podcast, hosts Sean Martin and Marco Ciappelli discuss these complexities with Lynn Marks, Senior Product Manager from Imperva.The conversation begins with a key question: What is client-side protection?Marks explains that modern engineering teams often place much of the applicational logic into the client-side, utilizing third-party JavaScript extensively. But as the prevalence of JavaScript increases, so does its vulnerability to being hijacked. A major concern is ‘form-jacking,' where bad actors compromise JavaScript to skim sensitive information one record at a time. Due to the slow, low, and under-the-radar nature of these attacks, they often go unnoticed, emphasizing the need for proactive detection and robust prevention methods.Marks highlights that many organizations are currently blind to these client-side attacks and require visibility into their online activity. This is where Imperva's Client-Side Protection product comes in. It enables organizations to start gaining visibility, insights, and the ability to either allow or block the execution of certain actions on their client-side applications. The goal is to streamline their compliance processes, manage the auditing stages effectively, and facilitate them to make data-driven, informed decisions.Marks also discusses the importance of adhering to PCI-DSS (Payment Card Industry Data Security Standard)—specifically version 4.0. As this standard applies to all organizations processing payment information, it plays a significant role in helping organizations build programs capable of combating these attacks. Imperva's Client-Side Protection product aligns with this framework, providing necessary visibility and insights while streamlining the auditing and compliance processes.For Imperva WAF customers, the Imperva client-side solution can be activated with just one click, removing any constraints and giving back control to the security teams. As organizations implement these security measures into their regular processes, they gain the ability to forecast and manage potential threats better.Maintaining client-side security is undoubtedly a complex task, especially with the ever-increasing and evolving use of JavaScript. However, with comprehensive visibility, robust solutions, and readily-available compliance with industry standards, organizations can efficiently manage these threats and ultimately protect the end-users. By fostering a proactive stance towards cybersecurity, we can maintain the integrity of our online experiences and embrace our roles as responsible people of the web.Top Questions AddressedWhat is client-side protection?How can an organization protect itself against client-side attacks?What is the role of Imperva's Client Side Protection product in combating client-side security threats? Note: This story contains promotional content. Learn more.Guest: Lynn Marks, Senior Product Manager at Imperva [@Imperva]On Linkedin | https://www.linkedin.com/in/lynnmarks1/Blog | https://thenewstack.io/author/lynn-marks/ResourcesLearn more about Imperva and their offering: https://itspm.ag/imperva277117988Guide: The Role of Client-Side Protection: https://itspm.ag/impervlttqCatch more stories from Imperva at https://www.itspmagazine.com/directory/impervaAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story

Scott and Wes are joined by security expert, Alex Sexton of Stripe to cover all things: client security, XSS, attack vectors, and CSP (content security policy). Show Notes 00:00 Welcome to Syntax! 00:31 Brought to you by Sentry.io. 00:57 Who is Alex Sexton? 04:44 Stripe dashboard is a work of art. 05:08 Tell us about the design system. React Aria 08:59 Who develops the iOS app? 09:50 Stripe's CSP (content security policy). 12:50 What even is a content security policy? Content Security Policy explanation 13:57 Douglas Crockford of Yahoo on security. Douglas on GitHub 15:13 Security philosophy. 16:59 What about inline styles and inline JavaScript? 19:41 How do we safely set inline styles from JS? 20:20 Setting up with meta tags. 22:52 What are common situations that require security exceptions? 26:24 Potential damage with inline style tags. 32:45 Looping vulnerabilities. 36:32 What about JavaScript injection? 37:09 Myspace Samy Worm. Myspace Samy Worm Wiki Sentry.io Security Policy Reporting 42:02 Does a CSP stop code from running in the console? 43:28 What are some general security best practices? 46:35 Strategies for rolling out a CSP. 51:49 Final tip, Strict Dynamic. Strict Dynamic 56:36 Where does the CSP live within Stripe? Original Black Friday story 59:35 One last story. 01:01:20 Sick Picks + Shameless Plugs Sick Picks + Shameless Plugs Alex: Wes Bos' Instagram Hit us up on Socials! Syntax: X Instagram Tiktok LinkedIn Threads Wes: X Instagram Tiktok LinkedIn Threads Scott:X Instagram Tiktok LinkedIn Threads Randy: X Instagram YouTube Threads

Episode 58: In this episode of Critical Thinking - Bug Bounty Podcast we finally sit down with Youssef Samouda and grill him on his various techniques for finding and exploiting client-side bugs and postMessage vulnerabilities. He shares some crazy stories about race conditions, exploiting hash change events, and leveraging scroll to text fragments. Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Links ------Follow your hosts Rhynorater & Teknogeek on twitter:https://twitter.com/0xteknogeekhttps://twitter.com/rhynorater------ Ways to Support CTBBPodcast ------Sign up for Caido using the referral code CTBBPODCAST for a 10% discount. Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc. Today's Guest: https://twitter.com/samm0uda?lang=enhttps://ysamm.com/Resources:Client-side race conditions with postMessage: https://ysamm.com/?p=742 Transferable Objectshttps://developer.mozilla.org/en-US/docs/Web/API/Web_Workers_API/Transferable_objectsEvery known way to get references to windows, in javascript:https://bluepnume.medium.com/every-known-way-to-get-references-to-windows-in-javascript-223778bede2dYoussef's interview with BBREhttps://www.youtube.com/watch?v=MXH1HqTFNm0Timestamps:(00:00:00) Introduction(00:04:27) Client-side race conditions with postMessage(00:18:12) On Hash Change Events and Scroll To Text Fragments(00:32:00) Finding, documenting, and reporting complex bugs(00:37:32) PostMessage Methodology(00:45:05) Youssef's Vuln Story(00:53:42) Where and how to look for ATO vulns(01:05:21) MessagePort(01:14:37) Window frame relationships(01:20:24) Recon and JS monitoring(01:37:03) Client-side routing(01:48:05) MITMProxy

Episode 47: In this episode of Critical Thinking - Bug Bounty Podcast, the holidays are fast approaching, and Justin and Joel discuss some of the struggles of getting back into the hacking groove during and after breaks. We also celebrate the newly launched Critical Thinking Discord Community before diving into Iframe Sandwhiches, JS Hoisting, CSP Bypasses, and a host of new tools, techniques, and tangents.Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Links ------Follow your hosts Rhynorater & Teknogeek on twitter:https://twitter.com/0xteknogeekhttps://twitter.com/rhynorater------ Ways to Support CTBBPodcast ------Sign up for Caido using the referral code CTBBPODCAST for a 10% discount.Hop on the CTBB Discord at https://ctbb.show/discord!ThankUNextjswzlRapid APISSRF Utility tool by BebiksTweet from Johan CarlssonBurp Extension from Google VRPJustin's Tweet about JS HoistingBypass CSP Using WordPressHow to trick CSP in letting you run whatever you wantTimestamps:(00:00:00) Introduction(00:01:58) Overcoming Bug Bounty struggles and getting back into the hacking groove(00:07:46) Taking notes and sticking to one program(00:14:50) Critical Thinking Discord, Community highlights, and Competition vs Collaboration(00:22:25) Secondary context bugs and Automationism(00:28:42) ThankUNext and Client-side Paths(00:33:45) Tool Tangents: Jswzl, Caido, Postman, and Rapid API(00:46:49) New SSRF Utility tool by Bebiks and the continuing evolution of hacking tools(00:51:45) Iframe Sandwiches(00:58:54) News Items(01:06:12) JS Hoisting(01:15:05) CSP Bypasses

A majority of ERP implementations fail due to a lack of knowledge of what the ideal scene should look like because a company rarely replaces its own ERP. Failure occurs from not knowing how the requirements gathering stage should go, or how any other stage like walkthroughs, testing, training, data migration, and much less go-live should run. However, with the right advisor, your team can sidestep becoming a statistic of failed implementations. In this episode of the ERP Advisor, Shawn Windle breaks down what role a client-side implementation consultant plays and how they are not the same as the implementation partner or the internal client PM.Connect with us!https://www.erpadvisorsgroup.com866-499-8550LinkedIn:https://www.linkedin.com/company/erp-advisors-groupTwitter:https://twitter.com/erpadvisorsgrpFacebook:https://www.facebook.com/erpadvisorsInstagram:https://www.instagram.com/erpadvisorsgroupPinterest:https://www.pinterest.com/erpadvisorsgroupMedium:https://medium.com/@erpadvisorsgroup

Welcome back to Intellicast! We have another great guest joining us on today's episode. Craig Alter, who works in consumer insights at Perfetti Van Melle, joins Brian Lamar and Producer Brian to talk about how research has evolved from a brand perspective this year. Before diving into the discussion, Craig brings us up to speed on what has happened with him since his last appearance on the podcast back in 2022. He explains how he joined Perfetti Van Melle and the reasons behind his career move. Next, Craig shares his perspective on how research has adapted this year, considering the volatile economy and tightening budgets. He mentions that the impact on Perfetti Van Melle has been minimal, and we even speculate that candy might be recession-proof. Craig also highlights Perfetti Van Melle's growth mode, citing their recent acquisitions of new brands from Mondelez earlier that week. The conversation then evolves into a discussion about how Craig and his team gather and utilize global insights, applying them to regional brands. They also explore the overlap between regional brands and tastes in different areas. In the final segment of the interview, Craig discusses how he and the team at Perfetti Van Melle are incorporating artificial intelligence into their research process. He explains their plans to use AI to test video ads by analyzing a database of previous ads to determine their potential success. It was enlightening to gain a different perspective! Thanks for tuning in. You can connect with Craig on LinkedIn here: https://www.linkedin.com/in/craig-alter/ You can learn more about Perfetti Van Melle here: https://www.perfettivanmelle.com/ Watch our most recent webinar, Dangers to Trackers in the Age of Aggregation, on-demand here: https:/us02web.zoom.us/webinar/register/4916911556997/WN_NhLDtUJRQdC5v7awO_BTAw#/registration Download our new whitepaper, Strategic Sample Blending: The Premier Methodology for Tracking Studies! You can download your free copy here: https://emi-rs.com/strategic-sample-blending-the-premier-sample-methodology-for-tracking-studies/ Learn more about your ad choices. Visit megaphone.fm/adchoices

In this episode of Critical Thinking - Bug Bounty Podcast, we're back with Joel, fresh (haha) off of back-to-back live hack events in London and Seoul. We start with his recap of the events, and the different vibes of each LHE, then we dive into the technical thick of it, and talk web browsers, XSS vectors, new tools, CVSS 4, and much more than we can fit in this character limit. Just trust us when we say you don't want to miss it!Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Links ------Follow your hosts Rhynorater & Teknogeek on twitter:https://twitter.com/0xteknogeekhttps://twitter.com/rhynorater______Episode 26 links:https://linke.to/Episode26Notes______Timestamps:(00:00:00) Introduction(00:04:10) LHE Vibes(00:07:45) "Hunting for NGINX alias traversals in the wild"(00:12:30) Various payouts in bug bounty programs(00:16:05) New XSS vectors and popovers(00:24:15) The "magical math element" in Firefox(00:27:15) LiveOverflow's research on HTML parsing quirks(00:32:10) Mr. Tux Racer, Woocommerce, and WordPress(00:40:00) Changes in the CVSS 4 draft spec(00:45:00) TomNomNom's new tool Jsluise(00:51:15) JavaScript's import function(00:55:30) Gareth Hayes' book "JavaScript for Hackers"(01:02:24) Injecting JavaScript variables(01:09:15) Prototype pollution(01:13:15) DOM clobbering(01:18:10) Exploiting HTML injection using meta and base tags(01:25:00) CSS Games(01:28:00) Base tags

Joseph Edwin is one of the OG's of digital transformation. He has worked Client Side for Nordea and Commonwealth Bank of Australia and now is a partner at Bain & Co, focused on helping companies succeed as they transform. Joe does an incredible job of demystifying transformation and telling us about the recipe for success!

Welcome solo and group practice owners! We are Liath Dalton and Evan Dumas, your co-hosts of Group Practice Tech. In our latest episode, we dig into Google's new email feature, client side encryption within Google Workspace.  We discuss what client side encryption really is; who will have access to this new feature; whether it meets the application needs for mental health group practices; TLS, or transport layer security; what to have in place with clients before sending email; and email best practices to keep everything HIPAA hunky dory.  Listen here: https://personcenteredtech.com/group/podcast/ For more, visit our website. Resources Google brings client-side encryption to Gmail for Workspace Google's "about client side encryption" Google's Transparency Report on Email Encryption in Transit PCT's Request for Non-Secure Communications Form (free!) PCT's free Service Selection Workbook for Group Practices PCT's Group Practice Care Premium service with Group Practice Office Hours direct support and consultation service CE training: Smooth and Secure Use of Phone, Text, Email, and Video to Meet Modern Clients Where They Are: Legal-Ethical and Real-World Considerations

This episode reports on improved privacy for Gmail, a new business email scams, security updates for Samba and more

On this episode of Loud And Clear, Victoria Petrella talks about how her journey from Argentina to the United States led her on a path that helped her become a successful advertising executive into a the client side. She is currently leading the Domino's Pizza brand as Vice President of International Marketing. Loud and Clear brings this conversation to try and reveal how ad women and men can bring value to the evolution of brands and their process by being an insider and getting things done. Join us as we talk about the digitalization transition of a brand that even reinvented its recipe to the evolution of consumer habits around the "always loved" pizza consumption. A conversation that is slightly over 30 minutes (not free pizza, sorry) to get a glimpse of how the change at Domino's happened, how it was executed at an international level, and appealing to the Hispanic consumer in the United States. As a bonus, get some tips into what Victoria cares about and what she considers a way to bring value to brands no matter what side of the aisle you're in. Guest: Victoria Petrella, Vice President of International Marketing at Domino's Producer: Rolf Ruiz, Digital Strategist, Creative Technologist & Agricultor at LERMA/ Host: Francisco Cardenas, Principal of Digital and Social Strategy at LERMA/ Co-Host: Maria Díaz, Brand Creative Art Director Music: Pedro Lerma and the Band, LERMA/ --- Send in a voice message: https://anchor.fm/lerma-agency/message

Welcome back to Intellicast! On today's episode, Brian Lamar and Producer Brian are joined by Craig Alter, Consumer Insights at Bon Secours Mercy Health. Craig is a 20-year veteran of client-side market research, having held roles at Luxxotica, Tyson Foods, and Bon Secours Mercy Health. He joins us to talk about some of the challenges the client-side or market research faces. Kicking off the interview, we talk to Craig about his background and what led him to market research. He, like many we have talked to, kind of fell into market research after many years in finance and marketing.  We then talk to Craig about some of the challenges he faces as a client-side market researcher, everything from being in small departments (like a department of 1), having to be the expert in everything research for his organization, to talking about where he goes to learn and grow as a researcher. He discusses how he needs to sell the benefits of market research to the leaders in his organization. Craig then gets into some specific challenges being a client-side researcher in healthcare. He talks about how HIPPA compliance can often make research more difficult. He also touches on the need for storytelling, and how crafting an insightful, engaging, but concise, story is super beneficial when providing insights, and the “so what?” to his organization. In the last part of the interview, we bring back an old favorite and do a new round of the 4 P's. We find out that Craig plays pop songs on the piano. We also learn that he loves to travel and that he got back into working out because of the pandemic. This is a great episode for anyone who wants to better understand client-side research and their challenges. You can connect with Craig on LinkedIn here: https://www.linkedin.com/in/craig-alter/ Thanks for listening! You can register for our upcoming webinar, Dispelling the Myth: All Panel are the Same, on Wednesday, September 14, 2022, at 2:00 PM EDT, where we bust the myth that sample is a commodity. Register here: https://us02web.zoom.us/webinar/register/WN_ysZOaYSeRoyA73QRJTubyA MI's annual report on the sample industry, The Sample Landscape, is now available! Get your copy here: https://emi-rs.com/the-sample-landscape/ Want to catch up on our blogs? Click here. Missed one of our webinars or want to get some of our whitepapers and reports? You can find it all on our Resources page on our website here. Learn more about your ad choices. Visit megaphone.fm/adchoices

On May 11, the European Commission announced a new proposal designed to combat online child sexual abuse material. The proposal has drawn notable criticism from major member states, especially Germany, and has raised concerns about the national security risks it could create.To talk through the issues at hand, former Lawfare managing editor Jacob Schulz sat down with two experts, each of whom wrote Lawfare articles about the EU's proposal back in June: Robert Gorwa, postdoctoral research fellow at the WZB Berlin Social Science Center who specializes in platform governance and transnational digital policy issues, and Susan Landau, Bridge Professor of Cybersecurity and Policy in The Fletcher School and at the School of Engineering, Department of Computer Science at Tufts University. They discussed the European proposal in the context of child sexual abuse material, as well as within other contexts, such as that of terrorism. And they walked through the practical, legal, and technical implications of the draft regulation, as well as what its evolution reveals more broadly about policymaking in the digital sphere.Support this show http://supporter.acast.com/lawfare. See acast.com/privacy for privacy and opt-out information.

Mike Churchill and I worked in Kansas City on a few gigs when he was an Agency Producer. His creativity and production prowess shined from prep through post. Now Mike is an Executive Producer at the iconic General Mills. Enjoy Mike's journey and absorb his passion for making great ads. Great chat! Check out this heartfelt Nature Valley spot we…

Mike Churchill and I worked in Kansas City on a few gigs when he was an Agency Producer. His creativity and production prowess shined from prep through post. Now Mike is an Executive Producer at the iconic General Mills. Enjoy Mike's journey and absorb his passion for making great ads. Great chat! Romcom "Diamond In The Rough" streams on the Creator+ platform starting now! Please support my wife filmmaker Jeannette Godoy's romcom debut. It's "Mean Girls" meets "Happy Gilmore" and crowds love it. Here's the trailer. How to Pitch Agencies and Win! I'm doing a live zoom course July 19th, that's a Tuesday, at 2pm Pacific. Sign up as it will sell out. SOLD OUT!!! My first annual Filmmaker Retreat Joshua Tree!   Next Commercial Directing Bootcamp is January 7th, 2023 in Los Angeles. Save $100 if you've completed either of my Masterclass or Shadow online courses.   Online Commercial Directing Masterclass as well as my Commercial Directing Shadow course have received 100% 5 star reviews. Plus we do a free filmmaker consultation call with either course. Win a chance to shadow me on a real shoot! DM for details.   Check out the new Commercial Director Mega Bundle for serious one-on-one mentoring and career growth. It's everything and more.   Thanks,   Jordan    This episode is 75 minutes.   My cult classic mockumentary, “Dill Scallion” is online so I'm giving 100% of the money to St. Jude Children's Hospital. I've decided to donate the LIFETIME earnings every December, so the the donation will grow and grow. Thank you!

Are you trying to improve your client retention rate? How often do you communicate with your clients? Building a good relationship with your clients starts immediately after they sign on to work with your agency. Today's guest takes us through his process of creating a level of trust with clients that make them want to stay. With clear goals set from the start and constant communication, they've only lost one client in ten years! Jeff Barnes is Chairman of Barnes Health, the strategic healthcare marketing, and public relations agency be started in 2003. He began his career in the healthcare marketing and public relations space on the client side 34 years ago. Being able to look at things from the client's perspective has been a plus for him as he has really focused on building good relationships with them. He sets clear goals and always makes them feel like they are the priority. In this episode, we'll discuss: Keeping client churn rates at a minimum. Why constant communication and a clear process are the key. Why you should strive to find clients that really fit with your agency. Sponsors and Resources E2M Solutions: Today's episode of the Smart Agency Masterclass is sponsored by E2M Solutions, a web design and development agency that has provided white label services for the past 10 years to agencies all over the world. Check out e2msolutions.com/smartagency and get 10% off for the first three months of service. Subscribe Apple | Spotify | iHeart Radio | Stitcher | Radio FM Jumping From the Client-Side to Agency-Side Jeff had been working in healthcare marketing and public relations for 15 years before joining “the dark side” of the agency world. Basically, he wanted the freedom and more flexible hours of being an agency owner. Back then, there weren't many marketing firms in the healthcare niche, so he saw a good opportunity. Barnes Health started with one client and the agency has grown significantly since. He still has that first client and, actually, a total of four legacy clients that have worked with the agency for 20 years. Jeff has always preferred to work with a retainer pricing model. Some agencies may feel clients take advantage of working under a retainer expecting too many services under the retainer umbrella. However, the most important advantage for Jeff is having a guaranteed revenue, which helps him sleep at night. Nowadays, retainer clients account for about 95% of the agency's revenue. How to Keep Agency Client Turnover Rate At a Minimum The average agency turnover is 25% for a variety of reasons. With these statistics, Jeff usually gets bewildered looks when he says he's only lost 1 client in 10 years. What's his secret? Well, he's learned from speaking with his clients most agencies are exceptionally good at the front end. They sell their services with a dynamic attitude and promise that gets clients excited for working with them. However, client success is an important KPI and many agencies fail when it comes to customer service. There are two components to an agency 1) client acquisition and 2) client service. It is a lot easier to retain an existing client than to get a new one, so Jeff focuses on providing great customer service to keep the turnover rate at a minimum. He has trained his team to communicate with clients on a regular basis and have a quick response time for any questions they may have. Each client, big or small, should feel like they're the #1 most important client. Remember if you neglect clients, they'll probably start wondering why they're working with you and start looking for other opportunities. Answer the unasked questions -- and if you don't communicate it, they don't know it happened. Setting Clear Goals to Get Clients On Board With Your Strategy The moment a client agrees to work with your agency, you should quit promoting yourself and immediately transition to learning as much as you can about that client. Focus especially on their goals, objectives, and the criteria under which your work will be measured for success. The more educated and informed you are about every aspect of their operations, the more valuable you can be to your clients. Jeff's team typically gets clients to sign off on the strategic plan that they build together. They list the goals and objectives with clarity on who is responsible, the timeframe, and how success is to be measured. The overall strategy is documented and everyone on the team and the client is familiar with each step. It may be revised from time to time, but the client should always have access to the documents. Maintaining A Good Relationship With Clients Jeff favors constant communication with clients on a regular basis, even daily at times. In his opinion, this shows the agency is a very valuable resource for them. If there is no communication for three or four days, his team reaches out to make sure everything is in order - follow up on an email or run an idea by them. He also emphasizes how important it is to do this with both smaller and bigger clients. The amount of attention should not vary based on size or a client's portion to topline revenue. Moreover, this way of working helps you be more selective with your clients. If you don't feel like communicating constantly with your clients, then there's probably an issue there. Don't take in clients that you don't want to communicate with. You'll start resenting them and feel burnt out. Adapting Your Agency To a Changing Market The one constant in life changes, and in the agency world, you better be ready to adapt to a changing market. Jeff has had a long career and in those years he has learned to adapt to the internet, websites, and social media. New things are coming now with novelties like the Metaverse and NFTs which he says he will leave to his team to understand and educate him. To adapt to changing times, he likes to hire young professionals who understand and are using the newest technologies. It's so important to stay ahead of  new trends because a lot of the work marketing firms do has to do with consultation. Staying on top of emerging technology, educating and informing clients about new tools is the best way to present new ideas to your clients. However, Jeff says he is careful to not portray his team as being good at everything. It's better to actually be great at one thing than to pretend to be good at everything. As a client, he always asked agencies what they were great at. If they answered everything, he knew they weren't a good fit. Your Goals Should Reflect the People You Want to Work With It's important to have clear goals of what you want to accomplish in your agency. Your goals should go beyond a revenue level. Go deeper with your goals and really create a future vision. What type of lifestyle and freedom do you hope to have? What do you need in order to really love your work and your business? Do you know what sort of people you want to work with? For his part, Jeff credits his love for the business a being selective with which clients his agency takes on. In 20 years, he has been fortunate to never have felt like quitting. Regular communication with clients does not frustrate him because he actually likes the people he's working with and doesn't have any “nightmare clients.” Want the Support of Amazing Digital Agency Owners? Do you want to be around amazing agency owners that can see you may not be able to see and help you grow your agency? Then go to the Digital Agency Elite to learn all about our exclusive mastermind.