Podcasts about php security

This week on the podcast, Eric, John, and Thomas talk about database management with GUIs and Commandline, security checkers for PHP, Crypto, and more...Links from the show: Jeff Bezos steps down as Amazon CEO DataGrip 2021.1 EAP Has Started! | JetBrains Blog CLI to Check For PHP Security Vulnerabilities - Laravel News Checking for Vulnerabilities with Composer fabpot/local-php-security-checker DBCLI mycli pgcli PHPUgly streams the recording of this podcast live. Typically every Thursday night around 9 PM PT. Come and join us, and subscribe to our Youtube Channel, Twitch, or Periscope. Also, be sure to check out our Patreon Page.Twitter Account https://twitter.com/phpuglyHost:Eric Van JohnsonJohn CongdonTom RideoutStreams:Youtube ChannelTwitchPeriscopePowered by RestreamPatreon PagePHPUgly Anthem by Harry Mack / Harry Mack Youtube Channel

196:Late Arrivalphp,coding,web development, laravel, phpunitShow #196 - 2020-06-25 - Show NotesThis week on the podcast, Eric, John, and Thomas are back to discuss facial recognition for the third week in a row, PiHoles, PHP Security and much moreTechnical Debt / Cowboy CodingStory about LeadStream issues I caused this weekFacial recognition leads to wrongful arrest of Black man in DetroitPi-hole®: A black hole for Internet advertisements – A black hole for Internet advertisementsBlock EVERY Online Ad with THIS - Pi-Hole on Raspberry Pi - YouTubePHP Security Center | Zendphp.internals: PHP 8.0.0alpha1 is ready for testingTypingOfTheDead

Announcements: https://www.workshopcon.com/     SpecterOps (red Team operations) and Tim Tomes (PWAPT)   Bsides Nashville   https://blog.secureideas.com/2019/04/we-take-security-seriously-and-other-trite-statements.html   “We take security seriously and other trite statements“   Wordpress infrastructure (supply chain failure)     WordPress plugin called Woocommerce was at fault.     Vuln late last year: https://www.bleepingcomputer.com/news/security/wordpress-design-flaw-woocommerce-vulnerability-leads-to-site-takeover/     “According to new research by Simon Scannell, a researcher for PHP Security firm RIPS Tech, when WooCommerce is installed it will create a Shop Manager role that has the "edit_users" WordPress capability/permission. This capability allows users to edit ANY WordPress user, including the Administrator account.”   “https://blog.ripstech.com/2018/wordpress-design-flaw-leads-to-woocommerce-rce/”   You (Kevin) discovered the admin accounts, but could not remove them. Was that when you considered this an ‘incident’?   Timeline:“[2019-03-22 09:03 EST] Kevin assigns members of the Secure Ideas team with reconnaissance and mapping of the AoM system. Kevin reminds these members that Secure Ideas doesn’t have permission to test AoM. They are advised not to do anything that could harm the AoM’s production environment.”     What is the line they should not cross in this case?   You did not have access to logs, you asked that an audit plugin be installed to be able to view logs. Is that permanent, and why did they not allow access to logs prior to?   [2019-03-22 13:11 EST] AoM Support fixes the audit log plugin access. AoM Support has found that a purchase of a course through a Woocommerce plugin resulted in users being granted admin access. AoM Support provides specific order numbers. They have also done an analysis of the database backups from the last 60 days and believe that the attackers did not do anything after they got access. AoM Support announces that the Secure Ideas training site will be set up on a separate server and Secure Ideas will be granted a new level of access.   Seems like working with AoM wasn’t difficult. Was giving you access to your own instance, and allowing you to administer it a big deal for them?   Lessons Learned? Anything you’d do differently next time?     Update IR plan?     Did they reach out for additional testing?     Did the people who got admin get removed?     Consult with AoM on better security implementation? Your env wasn’t damaged, but did they suffer issues with other customers? *answered*   https://www.wordfence.com/   https://en.wikipedia.org/wiki/Gremlins   Gas Station skimmer video - https://www.facebook.com/michellepedraza.journalist/videos/2135141863465247/   https://www.helpnetsecurity.com/2019/04/12/cybersecurity-incident-response-plan/ https://www.guardicore.com/2018/11/security-incident-response-plan/   https://www.zdnet.com/article/security-risks-of-multi-tenancy/   Upcoming SI events IANS forum (Wash DC) ShowmeCon Webcasts ISC2 security Congress (Wash DC)   Patreon Slack Twitter handles iTunes Google   Check out our Store on Teepub! https://brakesec.com/store Join us on our #Slack Channel! Send a request to @brakesec on Twitter or email bds.podcast@gmail.com #Brakesec Store!:https://www.teepublic.com/user/bdspodcast #Spotify: https://brakesec.com/spotifyBDS #RSS: https://brakesec.com/BrakesecRSS #Youtube Channel:  http://www.youtube.com/c/BDSPodcast #iTunes Store Link: https://brakesec.com/BDSiTunes #Google Play Store: https://brakesec.com/BDS-GooglePlay Our main site:  https://brakesec.com/bdswebsite #iHeartRadio App:  https://brakesec.com/iHeartBrakesec #SoundCloud: https://brakesec.com/SoundcloudBrakesec Comments, Questions, Feedback: bds.podcast@gmail.com Support Brakeing Down Security Podcast by using our #Paypal: https://brakesec.com/PaypalBDS OR our #Patreon https://brakesec.com/BDSPatreon #Twitter: @brakesec @boettcherpwned @bryanbrake @infosystir #Player.FM : https://brakesec.com/BDS-PlayerFM #Stitcher Network: https://brakesec.com/BrakeSecStitcher #TuneIn Radio App: https://brakesec.com/TuneInBrakesec  

In dieser Episode findet sich Michael wieder mit Andreas Sperber von aramido zusammen um diesmal über Tools im Umfeld von PHP Security zu sprechen.

In dieser Episode hat sich Michael mit Andreas Sperber von aramido einen Experten zum Thema Sicherheit eingeladen. Besprochene Themen sind OWSAP, aktuelle Sicherheitsprobleme und wie man mit Leaks umgehen sollte.

In this episode of the John Morris Show I share what web designers can learn from the Miss Universe gaffe, 6 common PHP security issues and their fixes, is it worth trying Upwork, answers to your questions and more: Here's the line-up: Why Web Development in 2015 Is Different and How To Win [00:44] What Web Designers Can Learn From the Miss Universe Gaffe [9:58] A Winning Mindset For Web Developers [19:31] 6 Common PHP Security Issues and Their Fixes [25:20] Is It Really Worth Trying Upwork? [33:03] Weekly WebDev Q&A [40:14] Subscribe on YouTube: http://youtube.com/johnmorrisonline Subscribe on SoundCloud: http://soundcloud.com/johnmorrisonline Subscribe on iTunes: http://goo.gl/RggnXW How to Start a Blog in 15 Minutes Or Less: http://www.johnmorrisonline.com/how-to-start-a-blog-in-15-minutes-or-less/ Let me help you publicize your blog: http://www.johnmorrisonline.com/publicity/ Here's the special discount link for Rob Percival's Complete Web Developer course: http://www.johnmorrisonline.com/coupon-code-for-the-complete-web-developer-course-on-udemy/?utm_campaign=ytHqhQWSejWt4 Get the source code in the Code Snippets section here: http://www.johnmorrisonline.com/web-developer-resources/ Training Center: http://www.johnmorrisonline.com/training

"There are a lot of security flaws in websites like Facebook and WordPress applications. Most of those flaws are because the developers first create the application and then consider the security." -- Abbas Naderi PHP is one of the most used programming languages for the web. The problem with PHP has always been that it's easy to get started programming with PHP, but that's also one of its biggest flaws when considering application security. Abbas Naderi leads the OWASP PHP Security Project, which is a sample framework to demonstrate proper usage of the tools and libraries, as well as providing guidelines for new PHP projects. In this segment of OWASP 24/7, I talk with Abbas about the PHPSEC project as well as one of his other project, RBAC. About Abbas Naderi Abbas Naderi Afooshteh is a renowned security expert in the middle east, he has ranked first in many national and global CTFs and has been in the field for more than 8 years. He is the current Iran Chapter Leader at OWASP, and has 5 years of activity in OWASP resulting in many projects such as OWASP RBAC Project, OWASP PHP Security Project, OWASP WebGoatPHP Project and etc. He has participated in many other projects such as Cheat Sheets and ESAPI. Abbas has studied software engineering and information technology in his BS and MS and is now going to CMU to study Information Security for MS+PhD. He spends many hours daily leading OWASP projects and mentoring new enthusiastics that join projects, as well as shaping bright ideas into OWASP projects.More can be found at https://abiusx.com/cv

Back in the Asadoorian residential studio for Episode 231. Joining us on another fabulous February Thursday night in Rhode Island, Stefan Esser stays up really late in Germany to discuss with us ASLR on iPhone and PHP Security or the lack there of. Episode 231 Show Notes Episode 231 part 1 Direct Audio Download All the Paul's Security Weekly episodes on our Bliptv archives. Hosts: Paul Asadoorian,John Strand,Larry Pesce Audio Feeds: