Podcasts about rvasec

On this two part episode of the Application Security PodCast, Robert and I speak with Daniel Ramsbrock about Web App Penetration testing. In part two, we focus on the process of pen testing and web app pen testing. I (Chris) connected with Daniel through the RVASec security conference in Richmond, Virginia. Daniel has been in [...] The post Foundations: Web Application Pen Testing – Part 2 (S01E07) – Application Security PodCast appeared first on Security Journey Podcasts.

Slides Here: https://www.defcon.org/images/defcon-22/dc-22-presentations/Kouns-Eiram/DEFCON-22-Kouns-Eiram-Screw-Becoming-A-Pentester-Bug-Bounty-Hunter-UPDATED.pdf Screw Becoming A Pentester - When I Grow Up I Want To Be A Bug Bounty Hunter! Jake Kouns CISO, RISK BASED SECURITY Carsten Eiram CHIEF RESEARCH OFFICER, RISK BASED SECURITY Everywhere you turn it seems that companies are having serious problems with security, and they desperately need help. Getting into information security provides an incredible career path with what appears to be no end in sight. There are so many disciplines that you can choose in InfoSec with the fundamental argument being whether you join Team Red or Team Blue. Most people tend to decide on the Red team and that becoming a professional pentester is the way to go, as it is the most sexy (and typically pays well). However, with bug bounties currently being all the rage and providing a legal and legitimate way to profit off vulnerability research, who really wants to be a pentester, when you can have so much more fun being a bug bounty hunter! Researcher motivation in the old days and options for making money off of vulnerabilities were much different than today. This talk analyzes the history of selling vulnerabilities, the introduction of bug bounties, and their evolution. We cover many facets including the different types of programs and the ranges of money that can be made. We then focus on researchers, who have currently chosen the bug bounty hunter lifestyle and provide details on how to get involved in bug bounty programs, which likely pay the best, and which vendors you may want to avoid. What constitutes a good bug bounty program that makes it worth your time? What do you need to know to make sure that you keep yourself out of legal trouble? Ultimately, we’ll provide thoughts on the value of bug bounties, their future, and if they can be a full-time career choice instead of a more traditional position such as pentesting. Jake Kouns is the CISO for Risk Based Security and the CEO of the Open Security Foundation, that oversees the operations of the OSVDB.org and DataLossDB.org. Mr. Kouns has presented at many well-known security conferences including RSA, DEF CON, CISO Executive Summit, EntNet IEEE GlobeCom, FIRST, CanSecWest, SOURCE and SyScan. He is the co-author of the book Information Technology Risk Management in Enterprise Environments, Wiley, 2010 and The Chief Information Security Officer, IT Governance, 2011. He holds both a Bachelor of Business Administration and a Master of Business Administration with a concentration in Information Security from James Madison University. In addition, he holds a number of certifications including ISC2's CISSP, and ISACA's CISM, CISA and CGEIT. Twitter: @jkouns Carsten Eiram is the Chief Research Officer of Risk Based Security and previously worked 10 years for Secunia, managing the Research team. Carsten has a reverse engineering background and extensive experience in the field of Vulnerability Intelligence, referring to himself as a vulnerability connoisseur. He has deep insights into vulnerabilities, root causes, and trends, and is also an avid vulnerability researcher, having discovered critical vulnerabilities in high-profile products from major vendors including: Microsoft, Adobe, Symantec, IBM, Apple, Novell, SAP, Blue Coat, and Trend Micro. Carsten has been interviewed for numerous news articles about software security and has presented at conferences such as FIRST Conference, RSA Conference, DEF CON, RVAsec, as well as keynoting Defcamp 2013. He is also a regular contributor to the "Threat of the Month" column in SC Magazine, a credited contributor for the "CWE/SANS Top 25 Most Dangerous Software Errors" list, and member of the CVE Editorial Board and FIRST VRDX-SIG. Twitter: @CarstenEiram

Hosts Chris Gerling –@secbitchris Christopher Mills –@TheChrisAM Guests Jeremy Lynch and Tyler Bennett of ArchAssault Linux! Topics Drones and ARM fun! ArchAssault Linux Kali-like environment with the ability for heavy niche customization and swapping of environments. Modular. Can overlay any part of the distro onto your own Arch Linux installation Bleeding edge packages Great for setting up remote dropboxes via ARM devices IE Exploit Heartbleed wrap-up RVAsec CTF prizes! (Thanks Hak5!) BsidesChicago Post-mortem Upcoming guests! Use Our Discount Codes Use code SecuraBit5_SANS to get 5 percent off of ANY training course. The discount code is good for all SANS courses in all formats. Register for any SANSFIRE 2014 course and receive 5% off using coupon code SecuraBit5_SANS. The training event takes place in Baltimore, MD – June 21 - 30, 2014. Upcoming events http://www.secore.info Links www.gh0st.net/wiki - 24/7 Penetration Testing learning environment, FREE. Chat with us on IRC at irc.freenode.net #securabit iTunes Podcast –http://itunes.apple.com/us/podcast/securabit/id280048405 iPhone App Now Available –http://itunes.apple.com/us/app/securabit-mobile/id382484512?mt=8

Hosts Chris Gerling – @secbitchris Christopher Mills – @TheChrisAM   Guests Rob Andersen -- @nola_con Topics NolaCon June 19-22, 2014 in New Orleans, LA Use coupon code “securabit” to get $50 off registration! RVAsec CTF Banter   Use Our Discount Codes Use code SecuraBit5_SANS to get 5 percent off of ANY training course. The discount code is good for all SANS courses in all formats. Register for any SANS 2014 course and receive 5% off using coupon code SecuraBit5_SANS. The training event takes place in Orlando, FL – April 5 - 14, 2014.   Upcoming events http://www.secore.info   Links NolaCon - NolaCon 2014 Website www.gh0st.net/wiki - 24/7 Penetration Testing learning environment, FREE.   Chat with us on IRC at irc.freenode.net #securabit iTunes Podcast –http://itunes.apple.com/us/podcast/securabit/id280048405

Hosts Chris Gerling – @secbitchris Andrew Borel – @andrew_secbit Mike Bailey –@mpbailey1911 Guests Banasidhe - @banasidhe Topics THOTCON http://www.thotcon.org/ BSides Las Vegas http://www.securitybsides.com/w/page/57632393/BSidesLV2013 Shout out to Tenable, Trustwave, and Risk I/O for sponsoring it! U.S. Army Corps of Engineers’ Dam database breached http://www.wired.com/threatlevel/2013/05/hacker-breached-dam-database/ U.S. Department of Labor hack http://labs.alienvault.com/labs/index.php/2013/u-s-department-of-labor-website-hacked-and-redirecting-to-malicious-code/ BitCoin RVASec http://rvasec.com/ CTF Hackers in Uganda: A Documentary http://www.kickstarter.com/projects/1456247168/hackers-in-uganda-a-documentary SECore.info https://secore.info/ Use Our Discount Codes Use code SecuraBit_05 to get 5 percent off of ANY training course. The discount code is good for all SANS courses in all formats. Register for any SANSFIRE 2013 course and receive 5% off using coupon code SecuraBit_05 The training event takes place in Washington, DC – June 15-22, 2013. Upcoming events http://www.secore.info Links http://www.gh0st.net Chat with us on IRC at irc.freenode.net #securabit iTunes Podcast – http://itunes.apple.com/us/podcast/securabit/id280048405 iPhone App Now Available – http://itunes.apple.com/us/app/securabit-mobile/id382484512?mt=8

SecuraBit Episode 117: The Internet is on Fire! March 27th, 2013 Hosts Chris Gerling – @secbitchris Chris Mills - @thechrisam Andrew Borel – @andrew_secbit Mike Bailey –@mpbailey1911 Guests Jamie Duncan - @jamieeduncan  Hack.RVA (pre-recorded) Topics Hack.RVA events, news, and RVAsec badges! CTF is being put together for offline.  Register at http://securabit.com/ctf/ Security Awareness training Who should provide more than just basic training? Security Vendors Security focused organizations? News Items SPamhaus and Cloud flare’s stupid super DDoS - peaked at 300Gb/sec Missouri court rules against $440,000 cyberheist victim 2009 case.  Reason: Bank did not have 2 people sign off on transfer. Use Our Discount Codes Use code SecuraBit_5 to get 5 percent off of ANY training course. The discount code is good for all SANS courses in all formats. Register for any SANSFIRE 2013 course and receive 5% off using coupon code SecuraBit_5 The training event takes place in Washington, DC – June 15-22, 2013. Upcoming events http://www.secore.info Links http://www.gh0st.net Chat with us on IRC at irc.freenode.net #securabit iTunes Podcast – http://itunes.apple.com/us/podcast/securabit/id280048405 iPhone App Now Available – http://itunes.apple.com/us/app/securabit-mobile/id382484512?mt=8

Hosts Chris Gerling – @secbitchris Mike Bailey –@mpbailey1911 Guests Michael D. Angelo - @mfa0007 Brad Bowers - @warezjoe Topics NetIQ Internet History Privacy and Social Media Egypt’s revolution Data management and risk in the cloud Building Automation BacNET protocol dissection Shmoocon, RSA, and upcoming cons! The PenLab is back up! CTF Pre-registration for RVAsec 2013 will be coming soon! News Items Brian Krebs gets SWATed More 0-days CarolinaCon! Use Our Discount Codes Use code SecuraBit_5 to get 5 percent off of ANY training course. The discount code is good for all SANS courses in all formats. Register for any SANSFIRE 2013 course and receive 5% off using coupon code SecuraBit_5 The training event takes place in Washington, DC – June 15-22, 2013. Upcoming events http://www.secore.info Links http://www.gh0st.net Chat with us on IRC at irc.freenode.net #securabitiTunes Podcast – http://itunes.apple.com/us/podcast/securabit/id280048405iPhone App Now Available – http://itunes.apple.com/us/app/securabit-mobile/id382484512?mt=8

After nearly 4 years dormant, we're bringing back the SecuraByte!  These are designed to cover things that can't wait for our normal podcast cycle.  In our 7th iteration, we interview Jake Kouns regarding the RVAsec security conference he is organizing in Richmond, VA which will be hosted again at VCU! Host: Chris Gerling – @secbitchris Guest: Jake Kouns - @jkouns- http://www.rvasec.com/ What you need to know: RVASec Call for Papers ends February 4th @ 11:59PM.  Get your submissions in now! We expand on some more details regarding the Capture the Flag event that will be at the conference. Forensics training announced today!  Only 12 seats so register now! 2 day conference this year.  Parking and nourishment are included. Registration is open!  If you register by the end of today using coupon code "early" you will save $25! Links: RVAsec richSEC

Hosts Chris Gerling – @secbitchris Chris Mills - @thechrisam Andrew Borel – @andrew_secbit Mike Bailey – @mpbailey1911 Topics News The Lab News Items (no particular favoritism of non source links) Red October Multiple writeups at: http://www.kaspersky.com/about/news/virus/2013/Kaspersky_Lab_Identifies_Operation_Red_October_an_Advanced_Cyber_Espionage_Campaign_Targeting_Diplomatic_and_Government_Institutions_Worldwide http://malware.lu/page/articles.html http://www.informationweek.com/security/attacks/operation-red-october-attackers-wielded/240146621 Java 0-day Writeups at: https://blogs.oracle.com/security/entry/security_alert_for_cve_2013 http://krebsonsecurity.com/2013/01/zero-day-java-exploit-debuts-in-crimeware/ Developer outsources his job.  Review your logs! Writeup at: http://securityblog.verizonbusiness.com/2013/01/14/case-study-pro-active-log-review-might-be-a-good-idea/ The Lab CTF at RVASec Lab upgrades and changes. Use Our Discount Codes Use code SecuraBit_Connect to get $150.00 off of ANY training course. The discount code is good for all SANS courses in all formats. FREE OnDemand Bundle with corresponding course purchase for SANS Network Security 2012 with code SecuraBit_NS12OD Use code 36449 for 20% off your Syngress order! Upcoming events http://www.secore.info Also check out the RSS feed on the right hand side of the main site! Links http://www.gh0st.net http://www.securabit.com Chat with us on IRC at irc.freenode.net #securabitiTunes Podcast – http://itunes.apple.com/us/podcast/securabit/id280048405iPhone App Now Available – http://itunes.apple.com/us/app/securabit-mobile/id382484512?mt=8

Hosts Chris Gerling – @secbitchris Chris Mills - @thechrisam Andrew Borel – @andrew_secbit Guests Deviant Ollam - @deviantollam http://deviating.net/ Topics TOOOL - The Open Organisation Of Lockpickers http://toool.us/ Physical Security and the Three R's New edition of Practical Lockpicking coming soon! News ItemsCoders' Rights At Risk in the European Parliamenthttps://www.eff.org/deeplinks/2012/06/eff-european-parliament-directive-attack-information-systemsDepartment of Homeland Security and U.S Navy hackedhttp://thehackernews.com/2012/06/department-of-homeland-security-and-us.htmlUS-CERT discloses security flaw in Intel chipshttp://m.csoonline.com/article/708568/us-cert-discloses-security-flaw-in-intel-chips  FEMA pushes cyber attack game for businesseshttp://www.v3.co.uk/v3-uk/the-frontline-blog/2184608/fema-pushes-cyber-attack-game-businessesUnited States Department of Defense data leaked by Anonymous hackershttp://thehackernews.com/2012/06/united-states-department-of-defense.htmlKeepTheWebOpen.comhttp://keepthewebopen.com/digital-bill-of-rightsAttacks Targeting US Defense Contractors and Universities Tied to Chinahttp://threatpost.com/en_us/blogs/attacks-targeting-us-defense-contractors-and-universities-tied-china-06131210000 Twitter User oauth token hacked and Exposed by Anonymoushttp://thehackernews.com/2012/06/10000-twitter-user-oauth-token-hacked.htmlPassword flaw leaves MySQL, MariaDB open to brute force attackhttp://go.theregister.com/feed/www.theregister.co.uk/2012/06/11/mysql_mariadb_password_flaw/Use Our Discount Codes Use code SecuraBit_Connect to get $150.00 off of ANY training course. The discount code is good for all SANS courses in all formats. FREE exam attempt with corresponding qualifying course purchase for SANSFIRE 2012 with code SecuraBit_SFGIAC (Expires July 6th!) Use code 36449 for 20% off your Syngress order! Upcoming events http://www.secore.info Links http://www.richsec.com http://www.gh0st.net Chat with us on IRC at irc.freenode.net #securabitiTunes Podcast – http://itunes.apple.com/us/podcast/securabit/id280048405iPhone App Now Available – http://itunes.apple.com/us/app/securabit-mobile/id382484512?mt=8

Hosts Chris Gerling –@secbitchris Chris Mills - @chrisam Andrew Borel – @andrew_secbit Guests Tom Eston - @agent0x0 Mobile App/Device Security and Security Justice. Topics Lab Contests Banter News Items Skype User IP Address Disclosure http://pastebin.com/rBu4jDm8 Google knew street cars were slurping wifi (Marius Milner was the engineer, of NetStumbler fame) http://www.theregister.co.uk/2012/04/30/google_slurp_ok/ http://www.theregister.co.uk/2012/05/01/slurp_engineer_doe_named/ Mozilla is first major tech company to denounce CISPA http://news.cnet.com/8301-1009_3-57425719-83/mozilla-is-first-major-tech-company-to-denounce-cispa/?tag=txt;title Mac Flashback trojan still making $10,000 a day http://www.darkreading.com/insider-threat/167801100/security/attacks-breaches/232901268/apple-mac-flashback-trojan-gang-still-making-money.html Indictment Returned for Jeremy Hammond in Chicago Anonymous case http://abcnews.go.com/Technology/wireStory/indictment-returned-nyc-computer-hacking-case-16264667#.T6HRSqtSTlw Use Our Discount Codes Use code SecuraBit_Connect to get $150.00 off of ANY training course. The discount code is good for all SANS courses in all formats. FREE exam attempt with corresponding course purchase for SANSFIRE 2012 with code SecuraBit_SFGIAC Use code 36449 for 20% off your Syngress order! Upcoming events http://www.secore.info Links http://www.rvasec.com http://www.richsec.com http://www.gh0st.net Chat with us on IRC at irc.freenode.net #securabitiTunes Podcast – http://itunes.apple.com/us/podcast/securabit/id280048405iPhone App Now Available – http://itunes.apple.com/us/app/securabit-mobile/id382484512?mt=8

Join us as we talk with Robin Wood (@digininja) about his recent survey of IT Security professionals!  Our show notes can be found here:  http://wiki.securabit.com/ShowNotes/EP101