POPULARITY
6 episodes with securitytools
Picking up from Part 1, hosts Lois Houston and Nikita Abraham continue their deep dive into MySQL security with MySQL Solution Engineer Ravish Patel. In this episode, they focus on user authentication techniques and tools such as MySQL Enterprise Audit and MySQL Enterprise Firewall. MySQL 8.4 Essentials: https://mylearn.oracle.com/ou/course/mysql-84-essentials/141332/226362 Oracle University Learning Community: https://education.oracle.com/ou-community LinkedIn: https://www.linkedin.com/showcase/oracle-university/ X: https://x.com/Oracle_Edu Special thanks to Arijit Ghosh, David Wright, Kris-Ann Nansen, Radhika Banka, and the OU Studio Team for helping us create this episode. -------------------------------------------------------- Episode Transcript: 00:00 Welcome to the Oracle University Podcast, the first stop on your cloud journey. During this series of informative podcasts, we'll bring you foundational training on the most popular Oracle technologies. Let's get started! 00:25 Nikita: Welcome to the Oracle University Podcast! I'm Nikita Abraham, Team Lead of Editorial Services with Oracle University, and with me is Lois Houston, Director of Innovation Programs. Lois: Hi everyone! Last week, we began exploring MySQL security, covering regulatory compliance and common security threats. Nikita: This week, we're continuing the conversation by digging deeper into MySQL's user authentication methods and taking a closer look at some powerful security tools in the MySQL Enterprise suite. 00:57 Lois: And we're joined once again by Ravish Patel, a MySQL Solution Engineer here at Oracle. Welcome, Ravish! How does user authentication work in MySQL? Ravish: MySQL authenticates users by storing account details in a system database. These accounts are authenticated with three elements, username and hostname commonly separated with an @ sign along with a password. The account identifier has the username and host. The host identifier specifies where the user connects from. It specifies either a DNS hostname or an IP address. You can use a wild card as part of the hostname or IP address if you want to allow this username to connect from a range of hosts. If the host value is just the percent sign wildcard, then that username can connect from any host. Similarly, if you create the user account with an empty host, then the user can connect from any host. 01:55 Lois: Ravish, can MySQL Enterprise Edition integrate with an organization's existing accounts? Ravish: MySQL Enterprise authentication integrates with existing authentication mechanisms in your infrastructure. This enables centralized account management, policies, and authentication based on group membership and assigned corporate roles, and MySQL supports a wide range of authentication plugins. If your organization uses Linux, you might already be familiar with PAM, also known as Pluggable Authentication Module. This is a standard interface in Linux and can be used to authenticate to MySQL. Kerberos is another widely used standard for granting authorization using a centralized service. The FIDO Alliance, short for Fast Identify Online, promotes an interface for passwordless authentication. This includes methods for authenticating with biometrics RUSB security tokens. And MySQL even supports logging into centralized authentication services that use LDAP, including having a dedicated plugin to connect to Windows domains. 03:05 Nikita: So, once users are authenticated, how does MySQL handle user authorization? Ravish: The MySQL privilege system uses the GRANT keyword. This grants some privilege X on some object Y to some user Z, and optionally gives you permission to grant the same privilege to others. These can be global administrative privileges that enable users to perform tasks at the server level, or they can be database-specific privileges that allow users to modify the structure or data within a database. 03:39 Lois: What about database privileges? Ravish: Database privileges can be fine-grained from the largest to the smallest. At the database level, you can permit users to create, alter, and delete whole databases. The same privileges apply at the table, view, index, and stored procedure levels. And in addition, you can control who can execute stored procedures and whether they do so with their own identity or with the privileges of the procedure's owner. For tables, you can control who can select, insert, update, and delete rows in those tables. You can even specify the column level, who can select, insert, and update data in those columns. Now, any privileged system carries with it the risk that you might forget an important password and lock yourself out. In MySQL, if you forget the password to the root account and don't have any other admin-level accounts, you will not be able to administer the MySQL server. 04:39 Nikita: Is there a way around this? Ravish: There is a way around this as long as you have physical access to the server that runs the MySQL process. If you launch the MySQL process with the --skip grant tables option, then MySQL will not load the privilege tables from the system database when it starts. This is clearly a dangerous thing to do, so MySQL also implicitly disables network access when you use that option to prevent users from connecting over the network. When you use this option, any client connection to MySQL succeeds and has root privileges. This means you should control who has shell access to the server during this time and you should restart the server or enable privileged system with the command flush privileges as soon as you have changed the root password. The privileges we have already discussed are built into MySQL and are always available. MySQL also makes use of dynamic privileges, which are privileges that are enabled at runtime and which can be granted once they are enabled. In addition, plugins and components can define privileges that relate to features of those plugins. For example, the enterprise firewall plugin defines the firewall admin privilege and the audit admin privilege is defined by the enterprise audit plugin. 06:04 Are you working towards an Oracle Certification this year? Join us at one of our certification prep live events in the Oracle University Learning Community. Get insider tips from seasoned experts and learn from others who have already taken their certifications. Go to community.oracle.com/ou to jump-start your journey towards certification today! 06:28 Nikita: Welcome back! Ravish, I want to move on to MySQL Enterprise security tools. Could you start with MySQL Enterprise Audit? Ravish: MySQL Enterprise Audit is an extension available in Enterprise Edition that makes it easier to comply with regulations that require observability and control over who does what in your database servers. It provides visibility of connections, authentication, and individual operations. This is a necessary part of compliance with various regulations, including GDPR, NIS2, HIPAA, and so on. You can control who has access to the audited events so that the audits themselves are protected. As well as configuring what you audit, you can also configure rotation policies so that unmonitored audit logs don't fill up your storage space. The configuration can be performed while the server is running with minimal effect on production applications. You don't need to restart the server to enable or disable auditing or to change the filtering options. You can output the audit logs in either XML or JSON format, depending on how you want to perform further searching and processing. If you need it, you can compress the logs to save space and you can encrypt the logs to provide address protection of audited identities and data modifications. The extension is available either as a component or if you prefer, as the legacy plugin. 07:53 Lois: But how does it all work? Ravish: Well, first, as a DBA, you'll enable the audit plugin and attach it to your running server. You can then configure filters to audit your connections and queries and record who does what, when they do it, and so on. Then once the system is up and running, it audits whenever a user authenticates, accesses data, or even when they perform schema changes. The logs are recorded in whatever format that you have configured. You can then monitor the audited events at will with MySQL tools such as Workbench or with any software that can view and manipulate XML or JSON files. You can even configure Enterprise Audit to export the logs to an external Audit Vault, enabling collection, and archiving of audit information from all over your enterprise. In general, you won't audit every action on every server. You can configure filters to control what specific information ends up in the logs. 08:50 Nikita: Why is this sort of filtering necessary, Ravish? Ravish: As a DBA, this enables you to create a custom designed audit process to monitor things that you're really interested in. Rules can be general or very fine grained, which enables you to reduce the overall log size, reduces the performance impact on the database server and underlying storage, makes it easier to process the log file once you've gathered data, and filters are configured with the easily used JSON file format. 09:18 Nikita: So what information is audited? Ravish: You can see who did what, when they did it, what commands they use, and whether they succeeded. You can also see where they connected from, which can be useful when identifying man in the middle attacks or stolen credentials. The log also records any available client information, including software versions and information about the operating system and much more. 09:42 Lois: Can you tell us about MySQL Enterprise Firewall, which I understand is a specific tool to learn and protect the SQL statements that MySQL executes? Ravish: MySQL Enterprise Firewall can be enabled on MySQL Enterprise Edition with a plugin. It uses an allow list to set policies for acceptable queries. You can apply this allow list to either specific accounts or groups. Queries are protected in real time. Every query that executes is verified per server and checked to make sure that it conforms to query structures that are defined in the allow list. This makes it very useful to block SQL injection attacks. Only transactions that match well-formed queries in the allow list are permitted. So any attempt to inject other types of SQL statements are blocked. Not only does it block such statements, but it also sends an alert to the MySQL error log in real time. This gives you visibility on any security gaps in your applications. The Enterprise Firewall has a learning mode during which you can train the firewall to identify the correct sort of query. This makes it easy to create the allow list based on a known good workload that you can create during development before your application goes live. 10:59 Lois: Does MySQL Enterprise Firewall operate seamlessly and transparently with applications? Ravish: Your application simply submits queries as normal and the firewall monitors incoming queries with no application changes required. When you use the Enterprise Firewall, you don't need to change your application. It can submit statements as normal to the MySQL server. This adds an extra layer of protection in your applications without requiring any additional application code so that you can protect against malicious SQL injection attacks. This not only applies to your application, but also to any client that configured user runs. 11:37 Nikita: How does this firewall system work? Ravish: When the application submits a SQL statement, the firewall verifies that the statement is in a form that matches the policy defined in the allow list before it passes to the server for execution. It blocks any statement that is in a form that's outside of policy. In many cases, a badly formed query can only be executed if there is some bug in the application's data validation. You can use the firewall's detection and alerting features to let when it blocks such a query, which will help you quickly detect such bugs, even when the firewall continues to block the malicious queries. 12:14 Lois: Can you take us through some of the encryption and masking features available in MySQL Enterprise Edition? Ravish: Transparent data encryption is a great way to protect against physical security disclosure. If someone gains access to the database files on the file system through a vulnerability of the operating system, or even if you've had a laptop stolen, your data will still be protected. This is called Data at Rest Encryption. It protects not only the data rows in tablespaces, but also other locations that store some version of the data, such as undo logs, redo logs, binary logs and relay logs. It is a strong encryption using the AES 256 algorithm. Once we enable transparent data encryption, it is, of course, transparent to the client software, applications, and users. Applications continue to submit SQL statements, and the encryption and decryptions happen in flight. The application code does not need to change. All data types, table structure, and database names remain the same. It's even transparent to the DBAs. The same data types, table structure, and so on is still how the DBA interacts with the system while creating indexes, views, and procedures. In fact, DBAs don't even need to be in possession of any encryption keys to perform their admin tasks. It is entirely transparent. 13:32 Nikita: What kind of management is required for encryption? Ravish: There is, of course, some key management required at the outside. You must keep the keys safe and put policies in place so that you store and rotate keys effectively, and ensure that you can recover those keys in the event of some disaster. This key management integrates with common standards, including KMIP and KMS. 13:53 Lois: Before we close, I want to ask you about the role of data masking in MySQL. Ravish: Data masking is when we replace some part of the private information with a placeholder. You can mask portions of a string based on the string position using the letter X or some other character. You can also create a table that contains a dictionary of suitable replacement words and use that dictionary to mask values in your data. There are specific functions that work with known formats of data, for example, social security numbers as used in the United States, national insurance numbers from the United Kingdom, and Canadian social insurance numbers. You can also mask various account numbers, such as primary account numbers like credit cards or IBAN numbers as used in the European Bank system. There are also functions to generate random values, which can be useful in test databases. This might be a random number within some range, or an email address, or a compliant credit card number, or social security number. You can also create random information using the dictionary table that contains suitable example values. 14:58 Nikita: Thank you, Ravish, for taking us through MySQL security. We really cannot overstate the importance of this, especially in today's data-driven world. Lois: That's right, Niki. Cyber threats are increasingly sophisticated these days. You really have to be on your toes when it comes to security. If you're interested in learning more about this, the MySQL 8.4 Essentials course on mylearn.oracle.com is a great next step. Nikita: We'd also love to hear your thoughts on our podcast so please feel free to share your comments, suggestions, or questions by emailing us at ou-podcast_ww@oracle.com. That's ou-podcast_ww@oracle.com. In our next episode, we'll journey into the world of MySQL backups. Until then, this is Nikita Abraham… Nikita: And Lois Houston, signing off! 15:51 That's all for this episode of the Oracle University Podcast. If you enjoyed listening, please click Subscribe to get all the latest episodes. We'd also love it if you would take a moment to rate and review us on your podcast app. See you again on the next episode of the Oracle University Podcast.
Welcome to our Channel where we explain what is BloodHound, how to install it, and guide you through the setup process. Bloodhound is a powerful and widely-used open-source tool for analyzing Active Directory (AD) infrastructures. By leveraging graph theory, it provides insights into potential attack paths and vulnerabilities within your network. In this tutorial, we will walk you through the step-by-step installation process of BloodHound. Starting from downloading the necessary files to configuring the required dependencies, we will ensure you have a smooth experience. Once installed, we will demonstrate how to configure BloodHound for your specific AD environment.
Erlend has worked as a developer and security consultant for over 14 years, trying to build and break many different types of systems. He spends some of his free time on security research and open source tools, and is the main author behind retire.js - a free and open source scanner for JavaScript. He is also the chapter leader of the Norwegian OWASP chapter.For more SecTools podcast episodes, visit https://infoseccampus.com
Specially built for businesses with up to 300 employees, go beyond traditional AV to proactively protect your devices, to help prevent attacks, and respond to sophisticated threats with the newly announced Microsoft Defender for Business. If you're a partner, see how you can get a unified dashboard for managing multiple customers in one view with Microsoft 365 Lighthouse. Security CVP, Rob Lefferts, joins Jeremy Chapman to show you quick steps anyone can take to set it up. - Designed especially for businesses up to 300 employees - Auto detect and remediate majority of threats - Monitor threats in real-time ► QUICK LINKS: 00:00 - Introduction 01:59 - How is Defender different? 03:34 - Walk through the experience 06:55 - What happens during an attack 10:43 - Logged actions 11:18 - Defender for Microsoft IT partners 14:21 - Wrap up ► Link References: Try out Microsoft Defender for Business at https://aka.ms/DefenderforBusiness ► Unfamiliar with Microsoft Mechanics? We are Microsoft's official video series for IT. You can watch and share valuable content and demos of current and upcoming tech from the people who build it at Microsoft. Subscribe to our YouTube: https://www.youtube.com/c/MicrosoftMechanicsSeries?sub_confirmation=1 Join us on the Microsoft Tech Community: https://techcommunity.microsoft.com/t5/microsoft-mechanics-blog/bg-p/MicrosoftMechanicsBlog Watch or listen via podcast here: https://microsoftmechanics.libsyn.com/website ► Keep getting this insider knowledge, join us on social: Follow us on Twitter: https://twitter.com/MSFTMechanics Follow us on LinkedIn: https://www.linkedin.com/company/microsoft-mechanics/
Joxean Koret has been working for the past 15 years in many different computing areas. He started as a database software developer and DBA for a number of different RDBMS. Eventually he turned towards reverse engineering and applied this DB insights to discover dozens of vulnerabilities in major database products, especially Oracle. He also worked in areas like malware analysis, anti-malware software development and developing IDA Pro at Hex-Rays. He is currently a senior security engineer. Joxean is the author and maintainer for Diaphora and Pigaios projects focused on diffing techniques. For more SecTools podcast episodes, visit https://infoseccampus.com
Chris Em (also known as Cookie Engineer) has almost 2 decades of experience in IT and security industry. He specializes in multiple domains including web intelligence, network security and forensics. During spare time, Chris is working on the Web of Knowledge with his project called the [Tholian Network](https://tholian.network), which aims to automate the Semantic Web whilst using a unique distributed peer-to-peer Network Architecture combined with (co-)evolutionary adaptive AI methodologies and compositional game theory ideas to learn and adapt from user interactions with the Web.Chris has contributed to various open source projects including steganography, network security, drones, adblock proxy and other automation works as well. https://cookie.engineer/#/open-source For more SecTools podcast episodes, visit https://infoseccampus.com
Paulino Calderon (@calderpwn) is a published author and international speaker with over 12 years of experience in network and application security. When he isn't traveling to security conferences or consulting for Fortune 500 companies with Websec, a company he co-founded in 2011, he spends peaceful days enjoying the beach in Cozumel, Mexico. He loves open-source software and has contributed to many projects, including Nmap, Metasploit, OWASP Mobile Security Testing Guide (MSTG), OWASP Juice Shop, and OWASP IoT Goat. More SecTools podcast episode here https://infoseccampus.com/
Anastasios Stasinopoulos is a Senior Penetration Tester at Obrela Labs - Obrela Security Industries and has a professional experience over 6 years in the field of Information Security working exclusively as a Penetration Tester. Anastasios earned the Bachelor of Science (B.Sc.) degree in "Surveying & Geoinformatics Engineering" from Technological Institution of Athens, the Master of Science (M.Sc.) degree in "Security of Digital Systems" from the Department of Digital Systems of University of Piraeus and also served as Ph.D. candidate at the same department.Anastasios is the author of Commix Project, an automated tool that can be used from web developers, penetration testers or even security researchers in order to test web-based applications with the view to find bugs, errors or vulnerabilities related to command injection attacks.
Steve Springett is the Senior Security Architect at ServiceNow, Chicago. Steve educates teams on the strategy and specifics of developing secure software. He practices security at every stage of the development lifecycle by leading sessions on threat modeling, secure architecture and design, static/dynamic/component analysis, offensive research, and defensive programming techniques.Steve's passionate about helping organizations identify and reduce risk from the use of third-party and open source components. He is an open source advocate and leads the OWASP Dependency-Track project, OWASP Software Component Verification Standard (SCVS) project, CycloneDX software bill-of-material specification, and participates in several related projects and working groups.- https://dependencytrack.org/- https://cyclonedx.org/- https://owasp.org/scvs
Craig discusses one of the security tools he uses and why you should use it too. For more tech tips, news, and updates, visit - CraigPeterson.com --- Trojan Malware Targets Trump Supporters Nmap 7.90 released: New fingerprints, NSE scripts, and Npcap 1.0.0 Tyler Technologies finally paid the ransom to receive the decryption key 5G in the US averages 51Mbps while other countries hit hundreds of megabits Apple’s T2 security chip has an unfixable flaw Verizon Payment Security Report is a Wake-up Call: Time to Refocus on PCI DSS Compliance Android Ransomware Has Picked Up Some Ominous New Trick --- Automated Machine-Generated Transcript: Craig Peterson: [00:00:00] Remember everybody, don't open those email attachments. I'm going to talk about a new tool released out there that if you're involved with security, you probably need it. So here we go. Hi everybody. Craig Peterson here. I want to talk right now about this great tool that I've been using for decades now, I think. It's called Nmap. Now it's something that I cover. In my cybersecurity mastery course, but it's something you can do to learn a lot about yourself online. There are YouTube videos about it and many others. But the idea behind Nmap is to be able to check and see what's on your network and not just what's on your network, it'll also tell you about what that particular device is, and it just does a whole bunch of things for threat management. It'll check ports. Some of this stuff can go so far as to actually try and break into the systems. Now, Nmap isn't designed to do that. It really is using fingerprints to figure out the operating system that's in use, which is really handy. Particularly for the internet of things devices that might be attached to your network. This is great for home use, as well. If you're a little bit of a techie, they have new protocol libraries. They've got payloads. Now that they've added for host discovery, port scanning version detection, which is really important to make sure that you have the latest version of different software on your systems. So you're not running something outdated. They've fixed a whole bunch of bugs. They've got some different improvements and code quality improvements. But one of the biggest things is that they're using a new driver for raw packet capturing and sending out on the windows side and the Unix side it's been stable forever, but on the windows side, there's never been a really great way to do this. There's something called WinPCap, but that driver has not been updated in the last seven or eight years. It doesn't always work on windows 10. It's using deprecated Windows APIs. I know this is a lot of. TLAs write three-letter acronyms for everybody out there. But bottom line, there is a new driver that lets software like Nmap send and receive its own packets it creates. Normally if you are writing just regular old software where you would open a network connection to a server and then speak whatever protocol you wanted to. You would ask the operating system, Hey, open up a TCP session on port 82, this web server, and so on that remote server. Obviously, I had to get them an IP address, ultimately on that far server. There's a web server and it's listening for requests on port 80. That TCP session requires five packets going back and forth, and then it's established, and then you send your get requests. So it would be like getting space HTTPS slash one dot one or whatever it might be. Whatever version of the HTTP protocol you're trying to use space. then the file you want and the server name. Then the remote server responds. It goes back and forth. There are a lot of packets that are exchanged between your computer and the remote computer, whether it's a web server remotely, or might be a file server remotely could be almost anything remotely. There's a lot going on if you're trying to do diagnosis on the network, if you're trying to figure stuff out, you want to get down to that level. Really. Remember I said, though, that the initial TCP session took five packets in order to set it up. That takes quite a bit of time in internet time because those packets have to go back and forth. Google, in fact, came up with a new version of the protocol that requires less handshaking going on. Software like Nmap that is going to connect to that web server itself wants to see all of the packets. It does not want the operating system to be sitting there, setting up the connections, and sending the data back and forth. It wants to do it. That's the whole idea behind the raw packet capturing and creating is all about. On, the Unix world, which includes Linux, Mac OOS, solarise BSD they've had great packet capture. Code running forever, but this is brand new for Windows. So if you've tried it before and it didn't always work, try it again. Nmap N M A P online, just do a search for it, or you can download it from the Nmap.org, N M A P.org. As I said, this is one of the tools we teach and answer questions about in my cybersecurity mastery course, because it's just so important. So Nmap is basically a command-line type program, but there's something called Zenmap that you can get as well as right there on the Nmap.org site that gives you a graphical front end. If you would like to tinker you probably we should grab it and download it. It's already compiled. Although you can get the source code for you can also check signatures, GPG, signatures, and SHA one hash is for the different releases they've got install, guides, everything. They try and make it very easy for you. The idea is once you have it there on your computer, You can then go ahead and run the latest release, which is right there on the homepage again. Nmap that's November Mike Alpha, Papa N M A P.org. You can just download it from right there and you're off and running. It is very handy. So you run it against your network. It's gonna come back now and show you a whole bunch of information that you need on your network. So there are penetration testing uses, Nmap defense, of course, uses Nmap. There's a bunch of stuff. Password audits, vulnerability, scanners, just all kinds of stuff that you can use right there. On the Nmap.org site. This is going to take you off-site. Now, if you're on a Unix distribution, like a Linux distribution, You can just grab RPMs for your distribution, whatever it might need be. If you're on a Mac, I think brew has it use brew. That's what I use all of the time for managing third-party software. Like this open-source stuff. It'll just download and install it for you, which is really cool. Use the least concept of least privilege. Which is what you really want to do. They've got a, they've got a reference guide that's showing you absolutely everything. There's an SSH service that it discovered on this machine. It's going to tell you which version of SSH it is. It's going to tell you what the operating system is. It's going to give you a key that you can use now to distinctly or uniquely, I should say, I say, identify what it is. I'm looking right now at a scan and it's showing me there's an SSH service. That's what I use in order to connect remotely to a computer and do command line stuff. It's showing me that there is an open Apache server, which is a web server. And it even tells me the version it's HTTPD protocol, a 2.2 0.14 running Ubuntu. Very handy stuff, because you can then feed this into other tools to know. Is it up to date? Do I need to do updates? In fact, this Nmap stuff is used as the basis for the code that uses. Cause we'll use Nmap, it'll do scans, it'll find stuff and create a database. Then we take that database back. If you have us do an audit for you, for instance, you give us the database. We don't even have to run the software. You just run it. It does all of his scans, puts it in a database. You send the database back to us in a zip file. We run it into a whole bunch of process software that lets us know exactly what's going on and also compares the versions. Check it out. Nmap. November Mike alpha, Papa dot org. Absolutely valuable tool for everybody. Hey, we're going to talk about paying ransoms when we get back in and what Tyler technologies did and why. So stick around. --- More stories and tech updates at: www.craigpeterson.com Don't miss an episode from Craig. Subscribe and give us a rating: www.craigpeterson.com/itunes Follow me on Twitter for the latest in tech at: www.twitter.com/craigpeterson For questions, call or text: 855-385-5553
This week, I am joined by Jeff Man for the Enterprise News, to talk about Ping Identity offering advanced API cyber protection, AppDynamics keeps expanding monitoring vision, eSentire announces managed endpoint defense powered by Carbon Black, and Juniper Networks signs a deal with IBMs! In the Technical Segment, we will discuss some Open-Source and Free Collaboration Security Tools for Project Planning, Ticketing Systems, Remote System Monitoring, RSS feeds, and Documentation! Full Show Notes: https://wiki.securityweekly.com/ES_Episode123 Visit https://www.securityweekly.com/esw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly
This week, I am joined by Jeff Man for the Enterprise News, to talk about Ping Identity offering advanced API cyber protection, AppDynamics keeps expanding monitoring vision, eSentire announces managed endpoint defense powered by Carbon Black, and Juniper Networks signs a deal with IBMs! In the Technical Segment, we will discuss some Open-Source and Free Collaboration Security Tools for Project Planning, Ticketing Systems, Remote System Monitoring, RSS feeds, and Documentation! Full Show Notes: https://wiki.securityweekly.com/ES_Episode123 Visit https://www.securityweekly.com/esw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly
Paul and Jeff Man talk about Open-Source and free collaboration security tools. 1. Project Planning - OrangeScrum 2. Ticketing - Mantis Bug Tracker 3. Documentation - MediaWiki 4. Zabbix - Remote System Monitoring 5. Feedly - Share stories and RSS feed 6. Slack - Free! Full Show Notes: https://wiki.securityweekly.com/ES_Episode123 Visit http://securityweekly.com/esw for all the latest episodes!
Paul and Jeff Man talk about Open-Source and free collaboration security tools. 1. Project Planning - OrangeScrum 2. Ticketing - Mantis Bug Tracker 3. Documentation - MediaWiki 4. Zabbix - Remote System Monitoring 5. Feedly - Share stories and RSS feed 6. Slack - Free! Full Show Notes: https://wiki.securityweekly.com/ES_Episode123 Visit http://securityweekly.com/esw for all the latest episodes!
© 2020-2025 Ivy Podcast Discovery LLC
