Podcasts about penetration tests

www.iotusecase.com#MASCHINENBAU #SECURITY #PENETRATIONTEST #IOT-PLATTFORMIn der 165. Episode des IoT Use Case Podcasts spricht Gastgeberin Ing. Madeleine Mickeleit mit Michael Buchenberg, Head of IT Security bei XITASO, über die Absicherung vernetzter Produkte im industriellen Umfeld. Am Beispiel eines Projekts mit DMG MORI und der Plattform CELOS X zeigt die Folge, wie Penetration Tests in der Praxis ablaufen, welche Angriffsvektoren im IoT-Kontext eine Rolle spielen und wie Konzepte wie DevSecOps und der Cyber Resilience Act die Entwicklung sicherer Lösungen beeinflussen.Folge 165 auf einen Blick (und Klick):(10:55) Herausforderungen, Potenziale und Status quo – So sieht der Use Case in der Praxis aus(16:08) Lösungen, Angebote und Services – Ein Blick auf die eingesetzten Technologien (22:02) Übertragbarkeit, Skalierung und nächste Schritte – So könnt ihr diesen Use Case nutzen Podcast ZusammenfassungWie sicher sind eigentlich meine digitalen Produkte im Feld? Diese Frage stellen sich viele Hersteller – spätestens, wenn es um vernetzte Maschinen, IoT-Plattformen oder Kundenportale geht. Genau darum geht es in dieser Podcastfolge mit Michael Buchenberg, Head of IT Security bei XITASO.Am Beispiel eines Projekts mit DMG MORI und der Plattform CELOS X wird praxisnah aufgezeigt, wie Penetration Tests helfen, reale Schwachstellen frühzeitig zu identifizieren – etwa in Maschinen, Cloud-Anbindungen oder Standard-Schnittstellen wie OPC UA oder MQTT. Getestet wird unter realistischen Bedingungen: direkt an der Maschine im Shopfloor.Zentrale Herausforderungen:Historisch gewachsener Code (z. B. alte SPS-Programme), der nicht für Vernetzung entwickelt wurdeMangelnde Transparenz über Risiken im Gesamtsystem – von der Maschine bis zur CloudFehlendes Schwachstellenmanagement in der ProduktentwicklungSorgen von Endkunden beim Umgang mit sensiblen ProduktionsdatenLösungsansatz: Neben klassischem Penetration Testing spricht Michael über den Ansatz DevSecOps – also das frühzeitige Mitdenken von Sicherheit in der Software- und Produktentwicklung. Entscheidend ist dabei: Wer potenzielle Schwachstellen schon in der Architektur erkennt, spart Aufwand und Kosten in späteren Phasen.Regulatorische Relevanz:Mit dem Cyber Resilience Act und der NIS-2-Richtlinie wird Sicherheit zur Pflicht. Hersteller müssen künftig aktiv nach Schwachstellen suchen, Updates bereitstellen und Sicherheit über den gesamten Produktlebenszyklus sicherstellen.Die Folge liefert klare Best Practices und einen Realitätscheck für alle, die IoT-Lösungen entwickeln oder betreiben – insbesondere im Maschinen- und Anlagenbau, aber auch darüber hinaus.-----Relevante Folgenlinks:Madeleine (https://www.linkedin.com/in/madeleine-mickeleit/)Michael (https://www.linkedin.com/in/michael-buchenberg/)CELOS X Plattform (https://de.dmgmori.com/produkte/digitalisierung/celos-x)Post-Quanten-Kryptographie (https://xitaso.com/projekte/amiquasy-migration-zu-post-quanten-kryptographie/)Penetration Tests von Fräsmaschinen (https://xitaso.com/projekte/dmg-mori-penetration-test/?utm_source=iot.website&utm_medium=podcast&utm_campaign=iot.use.case)Jetzt IoT Use Case auf LinkedIn folgen

»Uns passiert schon nichts.« Der teuerste Satz der Digitalisierung. In dieser Folge sprechen Franzi Kunz und Cloud-Experte Erik Dommrich über: Die häufigsten Irrtümer rund um Web Security – und warum sie Unternehmen teuer zu stehen kommen. Reale Beispiele von Big Playern wie VW und Google, die zeigen: Niemand ist unverwundbar. Konkrete erste Schritte, wie ihr euer Unternehmen effektiv absichern könnt – einfach und verständlich erklärt. Eine Folge voller Aha-Momente und praxiserprobter Tipps Jetzt reinhören – und Web Security endlich zur Priorität machen! ...KAPITELMARKEN 00:00- Begrüßung | Handelskraft Digital Business Talk mit Erik Dommrich 03:38 Sprint Planning | Sketch the Sound 05:05 Entweder/Oder Fragerunde 05:38 Daily Scrum | Erklär's den Großeltern: Botnetze 07:58 Ransomware 08:56 Fishing 10:26 Die stärksten Bedrohungen für Unternehmen | Zahlen und Fakten 12:05 Die wichtigsten Maßnahmen | Content Delivery Networks 13:34 Beratung 14:47 Penetration Tests | wie funktionieren und helfen 16:07 Die häufigsten Fehler in Unternehmen 17:59 Verantwortliche und Herausforderungen 18:55 Beispiele von betroffenen Unternehmen: Denial-of-Service-Attacke und Honeypots bei Google 21:57 VW und der Chaos Computer Club 23:17 alarmierende Zahlen von bitkom 23:53 Cyber Security ist nicht sexy 24:30 USA, Trump und die europäische Datensicherheit 26:19 Microsoft, Google, AWS | Exit-Strategien für den Ernstfall 30:12 Web Security und KI | Fluch und/ oder Segen? 32:49 Wie fange ich als Unternehmen an? Verantwortlichkeiten klären 33:53 Top 3 Tipps | Bewusstsein, Sichtbarkeit, Schulung 35:49 Verabschiedung 36:07 Retrospektive

Penetration tests are probably the most common and recognized cybersecurity consulting services. Nearly every business above a certain size has had at least one pentest by an external firm. Here's the thing, though - the average ransomware attack looks an awful lot like the bog standard pentest we've all been purchasing or delivering for years. Yet thousands of orgs every year fall victim to these attacks. What's going on here? Why are we so bad at stopping the very thing we've been training against for so long? This Interview with Phillip Wylie will provide some insight into this! Spoiler: a lot of the issues we had 10, even 15 years ago remain today. Segment resources: Phillip's talk, Optimal Offensive Security Programs from Dia de los Hackers last fall It takes months to get approvals and remediate cloud issues. It can take months to fix even critical vulnerabilities! How could this be? I thought the cloud was the birthplace of agile/DevOps, and everything speedy and scalable in IT? How could cloud security be struggling so much? In this interview we chat with Marina Segal, the founder and CEO of Tamnoon - a company she founded specifically to address these problems. Segment Resources: Gartner prediction: By 2025, 75% of new CSPM purchases will be part of an integrated CNAPP offering. This highlights the growing importance of CNAPP solutions. https://www.wiz.io/academy/cnapp-vs-cspm Cloud security skills gap: Even well-intentioned teams may inadvertently leave their systems vulnerable due to the cybersecurity skills shortage. https://eviden.com/publications/digital-security-magazine/cybersecurity-predictions-2025/top-cloud-security-trends/ CNAPP market growth: The CNAPP market is expected to grow from $10.74 billion in 2025 to $59.88 billion by 2034, indicating a significant increase in demand for these solutions. https://eviden.com/publications/digital-security-magazine/cybersecurity-predictions-2025/top-cloud-security-trends/ Challenges in Kubernetes security: CSPMs and CNAPPs may have gaps in addressing Kubernetes-specific security issues, which could be relevant to the skills gap discussion. https://www.armosec.io/blog/kubernetes-security-gap-cspm-cnapp/ Addressing the skills gap: Investing in training to bridge the cybersecurity skills gap and leveraging CNAPP platforms that combine advanced tools are recommended strategies. https://www.fortinet.com/blog/business-and-technology/navigating-todays-cloud-security-challenges Tamnoon's State of Remediation 2025 report In this week's enterprise security news, Knostic raises funding The real barriers to AI adoption for security folks What AI is really getting used for in the wild Early stage startup code bases are almost entirely AI generated Hacking your employer never seems to go well should the CISO be the chief resiliency officer? proof we still need more women in tech All that and more, on this episode of Enterprise Security Weekly. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-398

Penetration tests are probably the most common and recognized cybersecurity consulting services. Nearly every business above a certain size has had at least one pentest by an external firm. Here's the thing, though - the average ransomware attack looks an awful lot like the bog standard pentest we've all been purchasing or delivering for years. Yet thousands of orgs every year fall victim to these attacks. What's going on here? Why are we so bad at stopping the very thing we've been training against for so long? This Interview with Phillip Wylie will provide some insight into this! Spoiler: a lot of the issues we had 10, even 15 years ago remain today. Segment resources: Phillip's talk, Optimal Offensive Security Programs from Dia de los Hackers last fall It takes months to get approvals and remediate cloud issues. It can take months to fix even critical vulnerabilities! How could this be? I thought the cloud was the birthplace of agile/DevOps, and everything speedy and scalable in IT? How could cloud security be struggling so much? In this interview we chat with Marina Segal, the founder and CEO of Tamnoon - a company she founded specifically to address these problems. Segment Resources: Gartner prediction: By 2025, 75% of new CSPM purchases will be part of an integrated CNAPP offering. This highlights the growing importance of CNAPP solutions. https://www.wiz.io/academy/cnapp-vs-cspm Cloud security skills gap: Even well-intentioned teams may inadvertently leave their systems vulnerable due to the cybersecurity skills shortage. https://eviden.com/publications/digital-security-magazine/cybersecurity-predictions-2025/top-cloud-security-trends/ CNAPP market growth: The CNAPP market is expected to grow from $10.74 billion in 2025 to $59.88 billion by 2034, indicating a significant increase in demand for these solutions. https://eviden.com/publications/digital-security-magazine/cybersecurity-predictions-2025/top-cloud-security-trends/ Challenges in Kubernetes security: CSPMs and CNAPPs may have gaps in addressing Kubernetes-specific security issues, which could be relevant to the skills gap discussion. https://www.armosec.io/blog/kubernetes-security-gap-cspm-cnapp/ Addressing the skills gap: Investing in training to bridge the cybersecurity skills gap and leveraging CNAPP platforms that combine advanced tools are recommended strategies. https://www.fortinet.com/blog/business-and-technology/navigating-todays-cloud-security-challenges Tamnoon's State of Remediation 2025 report In this week's enterprise security news, Knostic raises funding The real barriers to AI adoption for security folks What AI is really getting used for in the wild Early stage startup code bases are almost entirely AI generated Hacking your employer never seems to go well should the CISO be the chief resiliency officer? proof we still need more women in tech All that and more, on this episode of Enterprise Security Weekly. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-398

Penetration tests are probably the most common and recognized cybersecurity consulting services. Nearly every business above a certain size has had at least one pentest by an external firm. Here's the thing, though - the average ransomware attack looks an awful lot like the bog standard pentest we've all been purchasing or delivering for years. Yet thousands of orgs every year fall victim to these attacks. What's going on here? Why are we so bad at stopping the very thing we've been training against for so long? This Interview with Phillip Wylie will provide some insight into this! Spoiler: a lot of the issues we had 10, even 15 years ago remain today. Segment resources: Phillip's talk, Optimal Offensive Security Programs from Dia de los Hackers last fall Show Notes: https://securityweekly.com/esw-398

Penetration tests are probably the most common and recognized cybersecurity consulting services. Nearly every business above a certain size has had at least one pentest by an external firm. Here's the thing, though - the average ransomware attack looks an awful lot like the bog standard pentest we've all been purchasing or delivering for years. Yet thousands of orgs every year fall victim to these attacks. What's going on here? Why are we so bad at stopping the very thing we've been training against for so long? This Interview with Phillip Wylie will provide some insight into this! Spoiler: a lot of the issues we had 10, even 15 years ago remain today. Segment resources: Phillip's talk, Optimal Offensive Security Programs from Dia de los Hackers last fall Show Notes: https://securityweekly.com/esw-398

Control 18 has only five safeguards, yet you can spend an entire year preparing for it. Matt Lee of Pax8 and I will help you understand each safeguard and the importance of getting this right and the pitfalls to avoid. --- Support this podcast: https://podcasters.spotify.com/pod/show/msp1337/support

Guest: Cassie Crossley, VP, Supply Chain Security, Schneider Electric [@SchneiderElec]On LinkedIn | https://www.linkedin.com/in/cassiecrossley/On Twitter | https://twitter.com/Cassie_CrossleyOn Mastodon | https://mastodon.social/@Cassie_Crossley____________________________Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martinView This Show's Sponsors___________________________Episode NotesIn this episode of the Redefining CyberSecurity Podcast, host Sean Martin chats with Cassie Crossley, Vice President for Supply Chain Security at Schneider Electric, and author of the book "Software Supply Chain Security". Crossley emphasizes the need for increased awareness and understanding of software supply chain security, not just among technology companies but also in the broader business sector including procurement, legal, and MBA graduates.Crossley highlights the intricate complexities involved in securing IT, OT and IoT ecosystems. These include dealing with decades-old equipment that can't easily be upgraded, and accounting for the constantly evolving nature of cybersecurity threats, which she likens to a 'Wild West' environment.Crossley brings attention to the importance of businesses understanding the risks and impacts associated with cyber vulnerabilities in their supply chain. She touches on the potential vulnerabilities of pre-installed apps on iPhones, the need for more memory-safe languages, and the complexities of patch management in OT environments.Additionally, Crossley talks about the potential for cyber disasters and the importance of robust disaster recovery processes. Discussing the EU Cyber Resilience Act, she raises an important issue about the lifespan of tech devices and the potential impact on the security status of older devices.To help businesses navigate these challenges, Crossley's book provides a holistic overview of securing end-to-end supply chains for software, hardware, firmware, and hardware; it is designed to serve as a practical guide for anyone from app developers to procurement professionals. She aims to enlighten and equip businesses to proactively address supply chain security, rather than treating it as an afterthought.Key Questions Addressed:What is the importance of software supply chain security in businesses?What are the challenges presented by OT environments when implementing cybersecurity measures?How can businesses proactively navigate these challenges and strengthen their supply chain security?___________________________Watch this and other videos on ITSPmagazine's YouTube ChannelRedefining CyberSecurity Podcast with Sean Martin, CISSP playlist:

Guest: Cassie Crossley, VP, Supply Chain Security, Schneider Electric [@SchneiderElec]On LinkedIn | https://www.linkedin.com/in/cassiecrossley/On Twitter | https://twitter.com/Cassie_CrossleyOn Mastodon | https://mastodon.social/@Cassie_Crossley____________________________Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martinView This Show's Sponsors___________________________Episode NotesIn this episode of the Redefining CyberSecurity Podcast, host Sean Martin chats with Cassie Crossley, Vice President for Supply Chain Security at Schneider Electric, and author of the book "Software Supply Chain Security". Crossley emphasizes the need for increased awareness and understanding of software supply chain security, not just among technology companies but also in the broader business sector including procurement, legal, and MBA graduates.Crossley highlights the intricate complexities involved in securing IT, OT and IoT ecosystems. These include dealing with decades-old equipment that can't easily be upgraded, and accounting for the constantly evolving nature of cybersecurity threats, which she likens to a 'Wild West' environment.Crossley brings attention to the importance of businesses understanding the risks and impacts associated with cyber vulnerabilities in their supply chain. She touches on the potential vulnerabilities of pre-installed apps on iPhones, the need for more memory-safe languages, and the complexities of patch management in OT environments.Additionally, Crossley talks about the potential for cyber disasters and the importance of robust disaster recovery processes. Discussing the EU Cyber Resilience Act, she raises an important issue about the lifespan of tech devices and the potential impact on the security status of older devices.To help businesses navigate these challenges, Crossley's book provides a holistic overview of securing end-to-end supply chains for software, hardware, firmware, and hardware; it is designed to serve as a practical guide for anyone from app developers to procurement professionals. She aims to enlighten and equip businesses to proactively address supply chain security, rather than treating it as an afterthought.Key Questions Addressed:What is the importance of software supply chain security in businesses?What are the challenges presented by OT environments when implementing cybersecurity measures?How can businesses proactively navigate these challenges and strengthen their supply chain security?___________________________Watch this and other videos on ITSPmagazine's YouTube ChannelRedefining CyberSecurity Podcast with Sean Martin, CISSP playlist:

You may have heard of Penetration Tests. You may know you need one. You may have had one or more. But do you know there's more than one type? More than one take? More than one test? On this episode of the SecureAF Podcast, Alias Principal Security Engineer Tanner Shinn and CISO Jonathan Kimmitt discuss the types of Pen Tests, how they're conducted, what they measure, and why they are needed. You'll walk away more informed about this important cybersecurity topic and more ready to know what you need to secure your environment.  We're always here as a resource to educate, empower, and offer the best services to fit your needs.Watch the full video at youtube.com/@aliascybersecurity.Catch the whole episode now at https://bit.ly/47eYPTKListen on Apple Podcasts, Spotify and anywhere you get you're podcasts.

Hey friends, today I share my experience working with ChatGPT, Ollama.ai, PentestGPT and privateGPT to help me pentest Active Directory, as well as a machine called Pilgrimage from HackTheBox. Will AI replace pentesters as we know them today? In my humble opinion: not quite yet. Check out today's episode to hear more, and please join me on Wednesday, December 6 for my Webinar on this topic with Netwrix called Hack the Hackers: Exploring ChatGPT and PentestGPT in Penetration Testing!

In this episode Brad, Spencer and Tyler discuss the major differences and pros and cons of Security Assessments and Penetration Tests. In the end they are both very different types of assessments and require different skill sets to perform. If you're in charge of IT or Security at your organization, this is a must-listen episode!Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://twitter.com/cyberthreatpovWork with Us: https://securit360.com

Die letzte Folge des Jahres 2022 widmet sich dem Thema Red Teaming. Da Kim und Robert bei Red Team Engangements nicht über die Rolle des interessierten Beisitzers hinauskommen, haben wir uns echte Expertise dazugeholt. Andreas Krüger ist CEO von Laokoon SecurITy - einem, auf offensive Security spezialisiertes, Unternehmen. Gemeinsam mit Andreas diskutieren wir die Grundlagen von Red Teaming Engangements, die Unterschiede zu Penetration Tests und berichten aus der Praxis.Laokoon SecurITy: https://laokoon-security.com/Andreas auf LinkedIn: https://www.linkedin.com/in/andreas-k-lsec1337/

How To Choose A Cybersecurity Provider. Learn tips on what to ask for and what to look for. Penetration Tests vs. Vulnerability Scans, Pricing, Zero Trust Technology and The Latest Takeaways from the recent FTX Crypto Exchange Hack.Please like, subscribe and visit all of our properties at:YouTube: https://www.youtube.com/channel/UC8Hgyv0SzIqLfKqQ03ch0BgYouTube: https://www.youtube.com/channel/UCa9l3tgOOHMJ6dClNn8BiqQ Podcasts: https://petronellatech.com/podcasts/ Website: https://compliancearmor.comWebsite: https://blockchainsecurity.comLinkedIn: https://www.linkedin.com/in/cybersecurity-compliance/ Visit https://ComplianceArmor.com for the latest in Cybersecurity and Training.NO INVESTMENT ADVICE - The Content is for informational purposes only, you should not construe any such information or other material as legal, tax, investment, financial, or other advice. Nothing contained on our Site or podcast constitutes a solicitation, recommendation, endorsement, or offer by PTG.Please be sure to Call 877-468-2721 or visit https://petronellatech.com

Warum sollte mane etwas manuell machen, wenn man es automatisieren kann? Automatisierte Penetration Tests sind jetzt nichts neues. Aber teilweise werden solche Marketingtechnisch stark in den Fokus gerückt. Ist das nun gerechtfertigt? Welche Gründe sprechen gegen automatisierte Penetration Tests und welche eher dafür? Andreas Wisler und Sandro Müller bringen Licht ins Dunkle. Wie gewohnt: Fachmännisch kompetent und mit einer Prise Humor.

It's an unfortunate truth that we see these common high risk findings time and time again on internal pentests. We find these issues on super-maximum secured environments as well in less hardened environments. The end result though is the same. Tune in to learn more about these common high risk findings and most importantly, how to mitigate them for free!Blog: https://offsec.blog/Youtube: https://www.youtube.com/channel/UCCWmudG_CTNAFBaV48vIcfwTwitter: https://twitter.com/cyberthreatpovWork with Us: https://securit360.com

Welcome to The VanRein Compliance Podcast: the Podcast that will secure your business with a clear plan to reduce your risk.This week our hosts Dawn and Rob Van Buskirk discuss Penetration Tests with our own Pen Tester James Kashevos, Owner of Tetsu Enterprises;In this week's episode we unpack the following topics:What is a Penetration Test and why do you need oneWIll discuss the negative side effects of a Penetration TestWhat are the risks to your business if you do not complete a Penetration testWhat types of risks does James find when performing a Pen TestYou can contact James at Testsu.Tech to learn more about his services. As always you can reach out to the VanRein Team to schedule a Discovery Call with one of our compliance guides. Every week The VanRein Compliance Podcast will help you simplify compliance, secure your business, and reduce your risk all while having some fun.  Thanks for joining us!Thank You for Listening to the VRC Podcast!Visit us at VanRein ComplianceYou can Book a 15min Call with a GuideFollow us on LinkedInFollow us on TwitterFollow us on Facebook

Welcome to The VanRein Compliance Podcast: the Podcast that will secure your business with a clear plan to reduce your risk.This week our hosts Dawn and Rob Van Buskirk discuss Penetration Tests with our own Pen Tester James Kashevos, Owner of Tetsu Enterprises;In this week's episode we unpack the following topics:What is a Penetration Test and why do you need oneWIll discuss the negative side effects of a Penetration TestWhat are the risks to your business if you do not complete a Penetration testWhat types of risks does James find when performing a Pen TestYou can contact James at Testsu.Tech to learn more about his services. As always you can reach out to the VanRein Team to schedule a Discovery Call with one of our compliance guides. Every week The VanRein Compliance Podcast will help you simplify compliance, secure your business, and reduce your risk all while having some fun.  Thanks for joining us!Thank You for Listening to the VRC Podcast!Visit us at VanRein ComplianceYou can Book a 15min Call with a GuideFollow us on LinkedInFollow us on TwitterFollow us on Facebook

Neelu works as Security Practice Lead with ThoughtWorks India. Her array of experience spans across Vulnerability Assessments and Penetration Tests of Web Applications & Network along-with Red Team engagements, Source Code Reviews, Threat Modelling and Design Reviews of web applications & APIs, Data Leakage Investigations, Configuration reviews, Social Engineering engagements, etc. She has been a trainer at BlackHat US, organized ReconVillage at Defcon & Social Engineering Village at Nullcon. Currently in the Review Panel for NullCon. She has been actively involved with the Indian security Community and have moderated Null Mumbai and Bengaluru chapters. You can find her on twitter by the handle @NeeluTripathy.

This week in the final part of our Penetration Test Mini-Series, the guys discuss the realities of automated vs. manual penetration tests and what those terms actually mean. They also talk about timeframes, approaches, and situations that seem to cause some confusion for companies undergoing their first penetration test. Pick up your copy of Cyber Rants on Amazon.Looking to take your Cyber Security to the next level? Visit us at www.silentsector.com. Be sure to rate the podcast, leave us a review, and subscribe! 

Penetration tests are vital for nearly every organization to see how secure they really can be. While the demand for them is higher than ever, it can be a bit tricky on deciding what test which penetration test provider is best for you, along with figuring out if a penetration test is right for you. This week, the guys answer these questions and give their own advice on how to guide yourself through the world of Penetration Tests. Pick up your copy of Cyber Rants on Amazon.Looking to take your Cyber Security to the next level? Visit us at www.silentsector.com. Be sure to rate the podcast, leave us a review, and subscribe! 

Making secure technology is really hard. The security community hosts some unusual-sounding and counterintuitive events to help make the world’s technology safer and more secure. How does practicing to be a hacker help? Why would you attack something you’re trying to defend? When is paying hackers to find vulnerabilities in your software a good idea? In this episode, Josh Lospinoso, Scott Shreve, and Brian McCord discuss what CTFs, penetration tests, and bug bounties are and why they’re great tools for improving cybersecurity.

In this episode, Fred and Garrett discuss the last CIS Control, Penetration Tests and Red Team Exercises. This control focuses on testing the security measures already in place within your organization. Penetration Tests and Red Team Exercises are most impactful when a company has taken action against the first 19 CIS Controls (following the CIS Top 20 Cybersecurity Controls).

The upheaval caused by Covid-19 could very well have put your firm at risk for a data breach. Lawyers can’t simply hope they won’t become a target for hackers. Taking steps to maintain your security is your ethical obligation and vital to your clients’ security. John Simek and Sharon Nelson talk with Mike Maschke about how to assess your cybersecurity and the role of penetration tests in discovering weaknesses in your systems. Mike Maschke is the chief executive officer and director of cybersecurity and digital forensics at Sensei Enterprises, Inc. Special thanks to our sponsor, Logikcull and PInow.

The upheaval caused by Covid-19 could very well have put your firm at risk for a data breach. Lawyers can’t simply hope they won’t become a target for hackers. Taking steps to maintain your security is your ethical obligation and vital to your clients’ security. John Simek and Sharon Nelson talk with Mike Maschke about how to assess your cybersecurity and the role of penetration tests in discovering weaknesses in your systems. Mike Maschke is the chief executive officer and director of cybersecurity and digital forensics at Sensei Enterprises, Inc. Special thanks to our sponsor, Logikcull and PInow.

In this episode of Coffee With Adel, Anthony DeGraw and Adel Strauss discuss IT due diligence, what companies should keep in mind before getting a Penetration Test, and the benefits of making relationships.

Welcome to the Cybertalk podcast! My co-host is Cristi Vlad and together where we will be covering all your questions related to Infosec and Cyber-security. If you want your question answered/featured in the next episode, you can post them in the Google form linked below.   Google form (Post your questions here): https://forms.gle/hK5o7ucQy7iNuz8p7 YouTube Channel: […] The post Cybertalk – EP2 – CEH vs CISSP, Cybersecurity Degrees & CTFs vs Penetration Tests appeared first on HackerSploit Blog.

Welcome to the second episode of Cybertalk! My co-host is Cristi Vlad and together where we will be covering all your questions related to Infosec and Cyber-security. If you want your question answered/featured in the next episode, you can post them in the Google form linked below. In this episode, we discuss the differences between CEH and CISSP, the relevance of cyber-security degrees and the fundamental differences between CTFs and traditional penetration testing. Google form (Post your questions here): https://forms.gle/hK5o7ucQy7iNuz8p7

Penetration tests are an important aspect of application security but they can be overwhelming. A report came out that claimed, and I agree, that most of identified problems are easily fixed. This episode talks about that.  Source. Be aware, be safe. Become A Patron! Patreon Page *** Support the podcast with a cup of coffee *** - Ko-Fi Security In Five Don't forget to subscribe to the Security In Five Newsletter. —————— Where you can find Security In Five —————— Security In Five Reddit Channel r/SecurityInFive Binary Blogger Website Security In Five Website Security In Five Podcast Page - Podcast RSS Twitter @securityinfive iTunes, YouTube, TuneIn, iHeartRadio,

Adobe Vulnerability PoC Released https://isc.sans.edu/forums/diary/Is+it+Time+to+Uninstall+Flash+If+you+havent+already/24382/ WatchOS Update https://support.apple.com/en-us/HT209343 Data Exfiltration During Pentests https://isc.sans.edu/forums/diary/Data+Exfiltration+in+Penetration+Tests/24354/ PoC Exploit for Kubernetes Vulnerability https://github.com/evict/poc_CVE-2018-1002105 Preston Ackerman: Marketing 2FA https://www.sans.org/reading-room/whitepapers/authentication/swipe-tap-marketing-easier-2fa-increase-adoption-38695

Adobe Vulnerability PoC Released https://isc.sans.edu/forums/diary/Is+it+Time+to+Uninstall+Flash+If+you+havent+already/24382/ WatchOS Update https://support.apple.com/en-us/HT209343 Data Exfiltration During Pentests https://isc.sans.edu/forums/diary/Data+Exfiltration+in+Penetration+Tests/24354/ PoC Exploit for Kubernetes Vulnerability https://github.com/evict/poc_CVE-2018-1002105 Preston Ackerman: Marketing 2FA https://www.sans.org/reading-room/whitepapers/authentication/swipe-tap-marketing-easier-2fa-increase-adoption-38695

Mit René 'Lynx' Pfeiffer zu Penetration Tests in Firmen, dem Faktor Mensch, was in WLANs schiefgehen kann, wo alleingelassene Laptops nicht auffallen und wie spannend Schnittstellen sein können. Nebst Malware in Atomkraftwerken und Flugzeugcockpits.

We conclude the Critical Security Control series with number twenty. Penetration tests. You have all the other controls in place, your teams running with synergy, and you are protected. Now you need to prove it through testing. Actively, and in a controlled manner, you need to test your controls. This episode talks about the last control and why Penetration Tests are the final step in a mature security program. Be aware, be safe. ------------------------------------ Website - https://www.binaryblogger.com Podcast RSS - http://securityinfive.libsyn.com/rss Twitter @binaryblogger - https://www.twitter.com/binaryblogger iTunes - https://itunes.apple.com/us/podcast/security-in-five-podcast/id1247135894?mt=2 YouTube - https://www.youtube.com/binaryblogger TuneIn Radio - 

"ScarabMon is a new tool and framework for simplifying web application pentests. It makes the process of finding many common webapp flaws much easier. The user simply navigates the target site while using the WebScarab proxy and ScarabMon constantly updates the user with information on discovered flaws. ScarabMon is written in Python and all code and modules will be released at the conference. ScarabMon is alseasily extensible, with useful checks often only requiring 5-10 lines of Python code. I wrote ScarabMon because I couldn't find anything like it. Historically the standard web proxies have been @Stake's WebProxy (which is totally unavailable anymore as Symantec killed it after the acquisition), SpikeProxy and WebScarab. Those have have recently been joined by twother apps, WebScarab-NG and Pantera. The latter are not ready for serious usage yet. Pantera development seems thave stalled and WebScarab-NG is missing major features, though it shows the most promise. The latest date on any of the SPIKEProxy files is from 2003. Sbasically everyone uses WebScarab for web application pen tests. WebScarab is obnoxious tprogram for, as you have twrite dozens of lines of Java code (BeanShell) for the simplest tasks. BeanShell is alsoften unstable. ScarabMon is currently designed twork with WebScarab, but could be ported twork with any of the above should the need arise. Instead of acting as a proxy, it just monitors the output of the proxy and opportunistically performs tests. Some tests are things people have seen before in other tools (like finding directories that support PUT) and others aren't anything I've seen in any other tool such as finding values that were set as cookies over SSL that later wind up as a query string parameter. The best thing is that you get all of this for free. You don't have tchange *anything* about your current testing methodology. You just run ScarabMon in the background and it sees the servers and files you're accessing and generates findings.