Podcasts about whitehat security

  • 38PODCASTS
  • 48EPISODES
  • 42mAVG DURATION
  • ?INFREQUENT EPISODES
  • Feb 4, 2025LATEST

POPULARITY

20172018201920202021202220232024


Best podcasts about whitehat security

Latest podcast episodes about whitehat security

The Secure Developer
Securing And Defending Like Brazilian Jiu-Jitsu With Jeremiah Grossman

The Secure Developer

Play Episode Listen Later Feb 4, 2025 36:57


Episode SummaryJoin Jeremiah Grossman, application security pioneer and former CEO of WhiteHat Security, as he reflects on decades of innovation in the industry, from the early days of OWASP to today's AI-driven development landscape. Explore critical discussions about the escalating costs of security, aligning developer incentives, and the future challenges posed by AI-generated vulnerabilities. Packed with insights, this episode dives deep into the strategies and frameworks shaping the way we build and secure modern software.Show NotesIn this episode of The Secure Developer, we sit down with Jeremiah Grossman, a pioneer in application security and former CEO of WhiteHat Security. Jeremiah shares fascinating insights from his decades of experience shaping the security landscape, including the origins of the OWASP project and his role in raising awareness about critical vulnerabilities like SQL injection and cross-site scripting.The conversation delves into how the industry has evolved over the past two decades, from the early days when nearly every application was riddled with vulnerabilities to today's more robust frameworks and heightened security awareness. Despite these advancements, Jeremiah and Danny discuss why security spending remains high while organizations continue to struggle with improving their overall security posture.Key topics include:The misalignment of incentives in software development that prioritizes speed over security.The emerging role of cyber insurance in shaping organizational security practices.The challenges of unknown assets and their contribution to breaches, highlighting the importance of asset inventory and attack surface management.The impact of AI on software development, particularly the risks and opportunities presented by AI-generated code and new attack surfaces.Jeremiah also shares his thoughts on aligning incentives for secure development, including innovative approaches like developer performance metrics and reward structures for secure coding. The episode concludes with a look at Jeremiah's current focus on venture capital and fostering innovation in security, as well as his personal passion for Brazilian jiu-jitsu and its parallels with the security industry.This episode is a deep dive into the critical challenges and opportunities facing modern security professionals, offering actionable insights and thought-provoking discussions for developers, CISOs, and security practitioners alike.LinksOWASP (Open Web Application Security Project)Black HatNode.jsBrave BrowserChromiumCornell Study on AI Code VulnerabilitiesSnyk - The Developer Security Company Follow UsOur WebsiteOur LinkedIn

Cyber Security Weekly Podcast
Episode 407 - Series Insight 1 of 4 - Bugcrowd's future plans for growth and expansion throughout the Asia Pacific

Cyber Security Weekly Podcast

Play Episode Listen Later Aug 11, 2024


Hot on the heels of Bugcrowd recently achieving Unicorn status, following their recent USD $102 million fund raise, Bugcrowd's CEO Dave Gerry and founder and Chief Strategy Officer, Casey Ellis outline Bugcrowd's vision for the future and plans for growth and expansion throughout the Asia Pacific region in 2024/5 and beyond.Dave Gerry has been in the AppSec market for nearly a decade and has held key leadership positions within several cybersecurity companies such as WhiteHat Security, Veracode, Sumo Logic, and The Herjavec Group. Dave is passionate about building programs that are repeatable, scalable, and predictable, helping to drive customer business outcomes and technical value.Casey Ellis was originally a hacker before becoming an entrepreneur, pioneering crowdsourced cybersecurity. He has advised the US Department of Defence, Australian and UK intelligence communities, plus US House and Senate legislative initiatives including pre-emptive protection of cyberspace ahead of the 2020 presidential elections.To join the series visit https://mysecuritymarketplace.com/bugcrowd-register-to-access/#bugcrowd #mysecuritytv

Paul's Security Weekly TV
Hacker Heroes - Jeremiah Grossman - PSW #828

Paul's Security Weekly TV

Play Episode Listen Later May 9, 2024 60:23


Illuminating the Cybersecurity Path: A Conversation with Jeremiah Grossman Join us for a compelling episode featuring Jeremiah Grossman, a prominent figure in the cybersecurity landscape. As a recognized expert, Jeremiah has played a pivotal role in shaping the discourse around web security and risk management. Jeremiah's journey in cybersecurity is marked by a series of influential roles, including Chief of Security Strategy at SentinelOne and Founder of WhiteHat Security. With a focus on web application security, he has been a driving force in advocating for innovative approaches to protect organizations from cyber threats. In this episode, we explore Jeremiah's vast experience and delve into his insights on the ever-evolving cybersecurity challenges. From his early days as a hacker to his current position as a sought-after industry thought leader, Jeremiah shares valuable perspectives on the strategies and philosophies that underpin effective cybersecurity practices. As a pioneer in the field, Jeremiah has contributed significantly to the development of best practices for identifying and mitigating web-related vulnerabilities. Tune in to gain a deeper understanding of the evolving threat landscape and the proactive measures organizations can take to secure their digital assets. Whether you're a cybersecurity professional, tech enthusiast, or someone eager to comprehend the complexities of online security, this podcast with Jeremiah Grossman promises to be an illuminating exploration of the past, present, and future of cybersecurity. Show Notes: https://securityweekly.com/psw-828

Paul's Security Weekly (Video-Only)
Hacker Heroes - Jeremiah Grossman - PSW #828

Paul's Security Weekly (Video-Only)

Play Episode Listen Later May 9, 2024 60:23


Illuminating the Cybersecurity Path: A Conversation with Jeremiah Grossman Join us for a compelling episode featuring Jeremiah Grossman, a prominent figure in the cybersecurity landscape. As a recognized expert, Jeremiah has played a pivotal role in shaping the discourse around web security and risk management. Jeremiah's journey in cybersecurity is marked by a series of influential roles, including Chief of Security Strategy at SentinelOne and Founder of WhiteHat Security. With a focus on web application security, he has been a driving force in advocating for innovative approaches to protect organizations from cyber threats. In this episode, we explore Jeremiah's vast experience and delve into his insights on the ever-evolving cybersecurity challenges. From his early days as a hacker to his current position as a sought-after industry thought leader, Jeremiah shares valuable perspectives on the strategies and philosophies that underpin effective cybersecurity practices. As a pioneer in the field, Jeremiah has contributed significantly to the development of best practices for identifying and mitigating web-related vulnerabilities. Tune in to gain a deeper understanding of the evolving threat landscape and the proactive measures organizations can take to secure their digital assets. Whether you're a cybersecurity professional, tech enthusiast, or someone eager to comprehend the complexities of online security, this podcast with Jeremiah Grossman promises to be an illuminating exploration of the past, present, and future of cybersecurity. Show Notes: https://securityweekly.com/psw-828

Paul's Security Weekly
Corporate Ransomware Deep Dive - Jeremiah Grossman, Mikko Hypponen - PSW #828

Paul's Security Weekly

Play Episode Listen Later May 8, 2024 116:15


In this RSAC 2024 South Stage Keynote, Mikko Hyppönen will look back at the past decade of ransomware evolution and explore how newer innovations, like AI, are shaping its future.   Illuminating the Cybersecurity Path: A Conversation with Jeremiah Grossman Join us for a compelling episode featuring Jeremiah Grossman, a prominent figure in the cybersecurity landscape. As a recognized expert, Jeremiah has played a pivotal role in shaping the discourse around web security and risk management. Jeremiah's journey in cybersecurity is marked by a series of influential roles, including Chief of Security Strategy at SentinelOne and Founder of WhiteHat Security. With a focus on web application security, he has been a driving force in advocating for innovative approaches to protect organizations from cyber threats. In this episode, we explore Jeremiah's vast experience and delve into his insights on the ever-evolving cybersecurity challenges. From his early days as a hacker to his current position as a sought-after industry thought leader, Jeremiah shares valuable perspectives on the strategies and philosophies that underpin effective cybersecurity practices. As a pioneer in the field, Jeremiah has contributed significantly to the development of best practices for identifying and mitigating web-related vulnerabilities. Tune in to gain a deeper understanding of the evolving threat landscape and the proactive measures organizations can take to secure their digital assets. Whether you're a cybersecurity professional, tech enthusiast, or someone eager to comprehend the complexities of online security, this podcast with Jeremiah Grossman promises to be an illuminating exploration of the past, present, and future of cybersecurity. Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw-828

Paul's Security Weekly (Podcast-Only)
Corporate Ransomware Deep Dive - Jeremiah Grossman, Mikko Hypponen - PSW #828

Paul's Security Weekly (Podcast-Only)

Play Episode Listen Later May 8, 2024 116:15


In this RSAC 2024 South Stage Keynote, Mikko Hyppönen will look back at the past decade of ransomware evolution and explore how newer innovations, like AI, are shaping its future.   Illuminating the Cybersecurity Path: A Conversation with Jeremiah Grossman Join us for a compelling episode featuring Jeremiah Grossman, a prominent figure in the cybersecurity landscape. As a recognized expert, Jeremiah has played a pivotal role in shaping the discourse around web security and risk management. Jeremiah's journey in cybersecurity is marked by a series of influential roles, including Chief of Security Strategy at SentinelOne and Founder of WhiteHat Security. With a focus on web application security, he has been a driving force in advocating for innovative approaches to protect organizations from cyber threats. In this episode, we explore Jeremiah's vast experience and delve into his insights on the ever-evolving cybersecurity challenges. From his early days as a hacker to his current position as a sought-after industry thought leader, Jeremiah shares valuable perspectives on the strategies and philosophies that underpin effective cybersecurity practices. As a pioneer in the field, Jeremiah has contributed significantly to the development of best practices for identifying and mitigating web-related vulnerabilities. Tune in to gain a deeper understanding of the evolving threat landscape and the proactive measures organizations can take to secure their digital assets. Whether you're a cybersecurity professional, tech enthusiast, or someone eager to comprehend the complexities of online security, this podcast with Jeremiah Grossman promises to be an illuminating exploration of the past, present, and future of cybersecurity. Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw-828

Unchurned
#OpenToWork series ft. Jeremy Donaldson

Unchurned

Play Episode Listen Later Mar 31, 2023 14:07


Welcome to #OTW!#OTW - OpenToWork, is a new series on [Un]churned, featuring amazing SaaS leaders and practitioners who are open and ready for their next role.This episode features, Jeremy Donaldson, a seasoned Customer Success Professional with over 10 years of SaaS experience managing over $50 million in ARR at Cornerstone OnDemand (f/k/a SumTotal Systems), Skillsoft, Synapsis (f/k/a WhiteHat Security), and Totango.He has been honored by the Customer Community as SuccessHacker's Top 25 Customer Success Influencer in 2021 and 2022.  Jeremy specializes in 1) working with Customer Success Leaders to create and enhance customer journey maps, strategic accounts engagements, scaled and pooled model teams, renewals workflows, risk mitigation, voice of the customer, and team recruitment. 2) CSM coaching and best practices.Connect with Jeremy Donaldson on Linkedin

Future of Application Security
EP 24 — Innovating Application Security with Industry Expert Eric Sheridan

Future of Application Security

Play Episode Listen Later Mar 28, 2023 29:23


In this special episode of the Future of Application Security, Harshil interviews Eric Sheridan, Tromzo's recently appointed Chief Innovation Officer. Eric shares his 20-year journey in security, from his teenage encounter with Punters (little apps that would flood the target with AIM messages and knock them offline) to developing innovative security technologies at companies including WhiteHat Security (now part of Synopsys). They discuss Eric's experience in building security testing tools, co-founding a company specializing in scanning source code for vulnerabilities, and working on various application security projects throughout his career. The conversation delves into the current challenges and future trends of software and cloud security, emphasizing the need for a holistic approach, the importance of democratizing security, and how to integrate security into the workflows of developers and decision-makers. Key topics discussed throughout the conversation: Understanding an organization's assets and the importance of a single pane of glass for visibility. The role of product security teams in providing guidance and operational support to engineering teams. The impact of developer-oriented products on security and the future role of application security engineers. Benefits of automated policy enforcement and integrating security into CI/CD pipelines. Importance of actionable insights for risk owners to effectively remediate vulnerabilities. The evolving role of application security teams in the context of democratizing security. The importance of integrating security products within non-traditional security tooling platforms, such as GitHub, GitLab, Jfrog, and Datadog.

The Changemakers
Cybersecurity special: Donna Estrin, Estrin Communications

The Changemakers

Play Episode Listen Later Dec 7, 2022 33:23


In the first episode of our cybersecurity mini-series, Dave chats with Donna Estrin, a PR and communications expert with vast experience at cyber firms large and small. After cutting her comms teeth in the PR agency world, Donna moved into tech, beginning her cybersecurity career handling analyst relations for McAfee. She then helped Neustar transform from a traditional telecommunications company to a high-tech security, data and marketing services company, before working on WhiteHat Security's acquisition by NTT and VMware's acquisition of Lastline.Most recently, Donna led comms for ReliaQuest when they acquired Digital Shadows, before departing to launch her new consultancy firm, Estrin Communications.From analyst, press and media relations to thought leadership, the role of communications is so vital in growing brand reputation and equity. Dave and Donna chat about:how to achieve this in a market that's as saturated as cybersecuritywhat really matters to CISOs, and how to engage them by being helpful and adding valuewhat genuine and authentic thought leadership really meanswhy analysts are so important, and how to build successful relationships with themthe key cybersecurity trends that we need to be aware of going into 2023Not only is Donna the perfect guest to get insight into all of the above and more - but she hails from Shaped By's home city of Bristol! We've invited her for one of our famous local craft beers next time she's over from her home in California.Stay tuned for more cybersecurity specials coming very soon, as we dive deeper into this fascinating industry that's so integral to protecting the way we all live and work.

Security Architecture Podcast
MoneyBall(AppSec) - Season 03/05 - Episode #33

Security Architecture Podcast

Play Episode Listen Later Nov 11, 2021 23:56


This Season is dedicated to Application security, our guests for the show are Dino Boukouris and Setu Kulkarni. They are joining us to talk about the Application Security market. To promote our work and support the podcast, please review us here https://www.podchaser.com/podcasts/security-architecture-podcast-1313281 Season 3 KickOff episode with Tanya Janca Season 3 kickoff Episode - Application Security - Tanya Janca - YouTube About Dino: https://www.linkedin.com/in/konstantinosboukouris/ Dino Boukouris is a Founding & Managing Director at Momentum Cyber, the premier strategic advisor to the Cybersecurity industry. Dino has spent over 16 years in the technology industry with expertise in cybersecurity, finance, strategy, operations, and venture capital & private equity. Dino has been a speaker at Cybersecurity conferences across the country including the RSA Conference, Cybertech Tel Aviv, Structure Security, Global Cyberspace Coop Summit, IoT Security Panel, M&A East, as well as at numerous private events and corporate gatherings. Dino was also professional faculty at the University of California, Berkeley – Haas School of Business, where he taught a top ranked Venture Capital & Private Equity course for the MBA program. About Setu https://www.linkedin.com/in/setu-kulkarni-6552251/ Setu is a Corporate Strategy & Product Management executive with feet on the ground experience in NAM, Europe & APAC. Currently, he leads product management at Venafi, the leader in Machine Identity Management. At the time of this recording, Setu led product strategy at NTT Security. Prior to NTT Security, he established and led the corporate strategy & PM functions during critical growth years at WhiteHat Security, resulting in its acquisition by NTT Security. Earlier in his career, Setu led platform product strategy & management at TIBCO for Operation Intelligence, Cloud, SOA & BPM products. Setu is a company spokesperson, a speaker at industry & investor events, a podcast host and thought-leader in the Application Security space.

AppSec Stats Flash: A Monthly Podcast on the State of Application Security

Special Guest: Jeremiah Grossman, Founder of WhiteHat Security and current Founder and CEO at Bit DiscoveryLinks for further reading & listening:https://www.scientificamerican.com/article/rumsfelds-wisdom/https://uxdesign.cc/the-knowns-and-unknowns-framework-for-design-thinking-6537787de2c5https://www.nasa.gov/centers/ivv/ppt/172585main_SoftwareAssuranceSymposium_OConnor.pptCheck out other episodes of Security in the Fast Lane: https://www.whitehatsec.com/security-in-the-fastlane/Check out our other podcast, AppSec Stats Flash: https://www.whitehatsec.com/appsec-stats-flash/To learn more about NTT Application Security, visit us at www.whitehatsec.com

Negotiate With I.T.
Episode 45 - Privacy and Security Controls with Gabe Gumbs

Negotiate With I.T.

Play Episode Listen Later Apr 27, 2021 24:57


From solutions architecture to security, Gabe Gumbs brings wide and deep technical experience to his position as Chief Innovation Officer at Spirion. Today, he is leading the Spirion product team through strategic product development to create technologies that push data security forward in an increasingly complex digital world. Prior to his new position at Spirion, Gabe held a range of positions in security technology, including VP of Product Management at Spirion. Other prior positions include VP of Product Strategy at STEALTHbits Technologies, and Director of Research and Products at WhiteHat Security. Gabe also served on the Board of Advisors at eGRC.com.Show Notes:[01:16] Gabe shares his career journey and how he got into IT. His interest in technology actually began in high school.  [02:39] He started his IT career as a junior network admin.  About ten years ago he switched from the practitioner side to the solution provider side.  So now he builds security technologies and that is the core of what he focused on.[04:25] Chief Innovation Officer means that he sits at the head of their project strategy.  He ensures they are bringing the market the right technologies to solve their customers problems.  [05:52] They spend a lot of time understanding and examining the customer’s problem well before jumping to the solution. [06:46] He spends a lot of time digging into the problems themselves with the customer. [07:11] For the most part, your average customer understands that they are not so unique that their problems would stand out from others. [07:55] When organizations are taking very differentiated approaches to solving their own problems where they might run into unique challenges of their own.  [09:24] Privacy operations is going to become a very necessary function inside of any organization with any sizable amount of data.  [11:25] It is especially difficult when the internal business doesn't understand where all the data exists in multiple clouds. [12:57] You can have security without privacy.  On the security side you are dealing with risks that arise from unauthorized access to data.  On the privacy side you are dealing risks that arise from authorized access data. [13:37] The expectation of privacy is a bit overstated in the corporate world.  [14:38] Where is all your data and what type of data is it?[15:50] If that is data that you’re required to share with a third party, that is going to require different security and privacy controls.  [16:14] We have to link the business use of the data to the security and privacy controls.  [16:35] Align business use of the data with the data type. [17:01] Did I genuinely understand that problem and am I approaching it the right way? [17:56] The non malicious threats continue to surprise them in different ways. Underestimating human ingenuity will always get us in trouble.  [19:03] It helps to visualize the problem.   [19:51] Gabe shares his best worst boss story. [20:47] It is important to understand how the business operates and then understanding how you are going to secure the business. [22:26] Gabe’s advice is to slow down. Sometimes you have to slow down to speed up. [23:46] Spend more time in the problem space even in your personal life.  When we are under pressure we tend to want to run towards solving it, but being uncomfortable for just a little bit longer so you can understand that problem is really where we need to be. Links and Resources:State of the CIO Podcast WebsiteState of the CIO Podcast on Apple PodcastsDan on LinkedInGabe on LinkedInGabe on TwitterSpirionPrivacy Please Podcast

Tech Sales Insights
E22 - Leading From Within with Craig Hinkley, WhiteHat Security

Tech Sales Insights

Play Episode Listen Later Mar 24, 2021 40:05


He joined WhiteHat Security as CEO in early 2015, bringing more than 20 years of executive leadership in the technology sector. In this role, he is driving customer-centric focus throughout the company, broadening WhiteHat's global brand and visibility beyond the application security space and security buyers, to the world of the development organization and DevSecOps approach to application development. Prior to joining WhiteHat, he served as VP and GM of the LogLogic business unit for TIBCO Software, where he was responsible for global field sales and operations, client technical services, engineering, R&D, product design, and product management. Before TIBCO, he served as the GM of HPE's Networking Business in the Americas. Earlier in his career, he held positions at Cisco Systems and Bank of America. He earned a bachelor's degree in Information Technology from the Swinburne University of Technology in Australia. Join David Nour and Randy Seidl on this episode of the Tech Sales Insights podcast with Craig Hinkley. BTW, three quick points: Craig will be our guest on LinkedIn Live, today at Noon ET - hope you'll join us. We turn the show notes from these podcast interviews into more in-depth articles, so check them out on Sales Community. We have some fabulous guests joining us in the coming weeks including Greg Scorziello, Keegan Riley, Mary Beth Vassallo, and Cheryl Cook, so hope you'll subscribe to the #TechSalesInsights wherever you consume podcasts. Send in a voice message: https://anchor.fm/salescommunity/message

CEO Adventures in Leadership
Craig Hinkley -- Vision Mixed with Humility

CEO Adventures in Leadership

Play Episode Listen Later Nov 30, 2020 28:25


Craig Hinkley, CEO of WhiteHat Security, explores how to set a company's vision based upon collective customer needs, consulting the management team, and thinking deeply about the "unknown unknowns." Vision mixed with humility and listening are a sure road to CEO success.

Privacy Please
Ep. 45 - Jeremiah Grossman, CEO at Bit Discovery

Privacy Please

Play Episode Listen Later Nov 25, 2020 64:25


Special guest and friend, Jeremiah Grossman, CEO at Bit Discovery joins the podcast with a fantastic back and forth conversation that doesn't seem to let up. He is also the founder of WhiteHat Security, a World-Renowned Professional Hacker, former Yahoo, Brazilian Jiu-Jitsu Black Belt, published Author, Influential Blogger, and an Off-Road Race Car Driver. Ladies and gentlemen, what can't he do? - Mr. Jeremiah Grossman!In this episode, we learn more about all his special talents, ideas, thoughts, backstories, and how he ended up at Bit Discovery. We dive into infosec budgets not increasing at the same rate as the attack surface of an organization and what this means for protecting the individual, analyzing attack surface maps, industry hitting peak prevention relating to sentiment attackers, why Jeremiah doesn't listen to music, and much more! -Cam

CXOInsights by CXOCIETY
PodChats for FutureCIO: Making a business case for DevSecOps

CXOInsights by CXOCIETY

Play Episode Listen Later Oct 18, 2020 16:04


DevSecOps attempts to bring security into the DevOps methodology by integrating security testing into the continuous integration and continuous delivery pipelines. As a practice, DevSecOps is still very nascent in development teams. According to the WhiteHat Security report, 2019 Application Security Statistics Report, an average of more than 50% of apps are always vulnerable for organisations that have not adopted DevSecOps. FutureCIO spoke to Gina Smith, research manager at IDC Asia to get her perspective on the state of DevSecOps in the region. 

CISO to CISO Cybersecurity Talk
Episode 3 - Yaron Levi - CISO of Blue Cross and Blue Shield of Kansas City

CISO to CISO Cybersecurity Talk

Play Episode Listen Later Jul 31, 2020 27:28


Yaron is the CISO of Blue Cross and Blue Shield of Kansas City, who has more than 20 years of experience in cyber security and Information technology. Yaron held venture advisor roles for SideChannel Security, Cyberstarts, YL Ventures, and is on the board of advisors of Glilot Capital Partners, SafeBreach, Optiv Inc, WhiteHat Security, IntSights. Yaron specializes in creating and managing security strategies, building and maturing security practices, cyber defense teams and DevSecOps practices, embedding security into the organization’s DNA, and educating organization’s on matters of security, privacy and risk management. Michael and Yaron will talk about Yaron's journey in the field of security, the challenge of 3rd party security assessments and how these need to change, trends in security innovation, advice for someone aspiring to the CISO role.

Compliance and Coronavirus
Gabe Gumbs on Data Privacy and Data Protection Going Forward

Compliance and Coronavirus

Play Episode Listen Later Jun 17, 2020 13:43


Welcome to the newest addition to the Compliance Podcast Network, Compliance and Coronavirus. In this episode, I am joined by Gabe Gumbs. Gabe is the Chief Innovation Officer at Spirion. He leads the Spirion product team through strategic product development to create technologies that push data security forward in an increasingly complex digital world. Prior to his new position at Spirion, Gumbs held a range of positions in security technology, including VP of Product Management at Spirion. Other prior positions include VP of Product Strategy at STEALTHbits Technologies, and Director of Research and Products at WhiteHat Security. Gumbs also served on the Board of Advisors at eGRC.com.  In this episode, we consider some of the challenges around data in the age of Coronavirus. Gabe discusses some of the top questions he and his team are hearing from customers during this time of Coronavirus and economic dislocation around data privacy and data protection during the economic dislocation. Gabe observes that trends which were in play have been largely amplified as a result of Covid-19 and the attendant economic dislocation increased trends in cybersecurity compliance. We conclude with a discussion of Spirion's Data Discovery Agent and it can assist companies at this point in time and into Q3 and Q4. For more information on Spirion, check out their website here. Check out Spirion’s Data Discovery Agent, here.

Cyber Security Interviews
#090 – Anthony Bettini: Building What No One Else Has

Cyber Security Interviews

Play Episode Listen Later Jun 8, 2020 38:53


WhiteHat Security (https://www.whitehatsec.com/author/anthony/) , the leader in Application Security, enabling businesses to protect critical data, ensure compliance, and manage risk. Previously, Anthony ran Tenable Research where Anthony joined via Tenable’s acquisition of FlawCheck – a leading Container Security startup where Anthony was the CEO & Founder. Before its acquisition by Symantec, Anthony was CEO & Founder of Appthority, a leading Mobile Security startup, and winner of the “Most Innovative Company of the Year” award at the RSA Conference. In this episode, we discuss managing a remote team, web application security, DevSec, responsible vulnerability disclosure, Artificial Intelligence (AI), how to focus your career, being a founder, and so much more! Where you can find Anthony: LinkedIn (https://www.linkedin.com/in/anthonybettini/) WhiteHat Blog (https://www.whitehatsec.com/author/anthony/)

Over Quota
David Gerry--Epitomizes Sales Leadership During Transition Periods And Uncertain Times

Over Quota

Play Episode Listen Later Mar 16, 2020 47:00


David Gerry is the CRO of WhiteHat Security, a leading application security provider committed to securing digital businesses.  If you're a sales leader who has ever been tasked with turning around a struggling sales organization you'll want to listen to this episode. Furthermore, if your turnaround leads to a successful exit, like a strategic acquisition, then you'll want to hear how David did it in a way that was not only good for the company, but also his sales team as well. Finally, if you've ever wondered what it would be like to part of a team lead by someone knows how to put the people on his team in a position to win, and win big, then you'll want to listen to this episode. All that and, of course, find how what he says differentiates the top sales people he’s managed from everyone else. Over Quota is sponsored by the j. David Group, a software sales recruiting firm. If you're looking to hire a sales leader or individual contributor, click here. to schedule a call. On the other hand, if you're an overachieving sales leader or sales rep, click here to discuss potential opportunities that would be a good fit for you.  

DevOps Chat
DevSecOps Survey Results with Eric Sheridan, WhiteHat Security

DevOps Chat

Play Episode Listen Later Jan 29, 2020 17:44


WhiteHat Security is one of the pioneers in AppSec. As such they were an early advocate for DevSecOps. They have been doing annual surveys of the security and developer space for several years. In this years survey the good news is that we are seeing real progress in DevSecOps adoption by developers and security teams. But all is not roses. Some of the same old issues are still there, including how long it takes us to fix vulnerabilities and security issues. In this DevOps Chats we speak with Eric Sheridan, Chief Scientist of WhiteHat about the survey results and what they mean. Have a listen to find out Eric's take on the foundings.

Cyber Work
What does a vulnerability verification specialist do?

Cyber Work

Play Episode Listen Later Jul 22, 2019 23:53


Lauren McCaslin, vulnerability verification team lead for the Threat Research Center at WhiteHat Security, discusses her path to becoming a vulnerability verification specialist and what it's like to have a career focused on cybersecurity vulnerabilities. Join us in the fight against cybercrime: https://www.infosecinstitute.com. Special offer for Cyber Work listeners: https://www.infosecinstitute.com/podcast.

Powerful Conversations: Insights from leaders, coaches, and entrepreneurs on living a life that matters
Competition vs. Collaboration: Your Strategy for Success w/ Bill Reichert & Tim Draper

Powerful Conversations: Insights from leaders, coaches, and entrepreneurs on living a life that matters

Play Episode Listen Later Jun 18, 2019 57:34


What does it take to make it as an entrepreneur? What do you need to know to create rapid, sustainable growth while also being a boss who everyone loves and respects? How do you create a vision and culture that is connected to your values while always trying to get ahead? Can you win through collaboration?Join me in an interview with leading entrepreneurs and venture capitalists - Bill Reichert, managing director of Garage Technology Ventures, and Tim Draper, founder of Draper Associates, DFJ, and Draper University.   About Bill Reichert Bill Reichert has over 20 years of experience as an entrepreneur and operating executive. He joined in 1998 and focused on early-stage IT and materials science companies. He has been a board director or board observer at CaseStack, WhiteHat Security, ClearFuels Technology, Simply Hired, ThermoCeramix, and several others.   Prior to Garage, Bill was a co-founder or senior executive in several venture-backed tech startups, including Trademark Software, The Learning Company, and Academic Systems. Earlier in his career, he worked at McKinsey & Company, Brown Brothers Harriman & Co., and the World Bank.   Bill earned a B.A. at Harvard and an M.B.A. from Stanford. He was a founding board member and a Chairman of the Churchill Club, and a Board Member of the Silicon Valley Association of Startup Entrepreneurs.   Currently, he is the Chairman of the Small Fund Roundtable of the VC Taskforce and a member of the Council on Foreign Relations.   About Tim Draper:   Tim Draper, legendary Silicon Valley venture capitalist founded  in 2012 with a vision and belief that in order to change the world we have to change education.Draper University aims to teach entrepreneurship globally in an entirely new way. Through hands-on training, an innovative curriculum and thought leadership Tim Draper brings together young entrepreneurs, startup founders, executives and investors all under one roof.Tim Draper has deep roots in entrepreneurship and venture capital with a rich background that started by founding Draper Associates in 1985. Venture successes include Skype, Overture, Baidu, Tesla, Theranos, Parametric Technology, Hotmail, Digidesign, Twitch.tv, and hundreds of others.Tim is thrilled to be leading the charge to disrupt entrepreneurship education and is excited to have Draper University as the star of the show in the new ABC Family series: StartupU.     Links:         Follow Monica on | | |

Cyber 9/11 with Dr. Eric Cole
15 - Interview with Jeremiah Grossman

Cyber 9/11 with Dr. Eric Cole

Play Episode Listen Later May 31, 2019 48:27


Jeremiah Grossman's career spans nearly 20 years and has lived a literal lifetime in computer security to become one of the industry's biggest names. He is the Founder of WhiteHat Security, a world-renowned professional hacker, and published Author among many other things. Tune in for this week's interview!

founders whitehat security jeremiah grossman
Unsupervised Learning
A Political Discussion with Jeremiah Grossman

Unsupervised Learning

Play Episode Listen Later Apr 14, 2019 105:46


Today's standalone episode of Unsupervised Learning is a political conversation with Jeremiah Grossman, who many of you will know as the founder of Whitehat Security, current CEO of BitDiscovery, Jujitsu Blackbelt, and all-around great individual. In this episode, however, we’re not going to be talking about Information Security, but Politics. We have remarkably different and similar views on politics, which we’ve been discussing in private for years, and we thought now was the perfect time to show that it’s possible to disagree with someone, respect them, and have a conversation about those disagreements in a positive and useful way. This is the first experiment of this kind on Unsupervised Learning, and I’m quite pleased with how it turned out. So with that, Here’s Jeremiah Grossman.

10 on Tech
046 – ‘We’re Not Getting Better’ When it Comes to Application Security

10 on Tech

Play Episode Listen Later Feb 4, 2019 13:25


The central idea behind DevOps is speed: the speed of development, and the speed of delivering and integrating that software into the organization’s operations. This is a good thing. But of course, it’s not all good. As Joseph Feiman of WhiteHat Security says, “With DevOps, developers are introducing even more vulnerabilities than before.” He says the application security posture isn’t improving, and this calls for action. Feiman dives into this topic with ActualTech Media’s James Green on this episode of “10 on Tech. ” Find out why Feiman says “We’re not getting better,” and that what’s needed now is “DevSecOps.” Highlights of the show include: The top application vulnerabilities, and why they haven’t changed since 2010 How long it takes companies to fix critical vulnerabilities like SQL injection attacks What DevSecOps means in practice The right time in the development cycle to start applying security measures What businesses should be focusing on going forward in application security Resource links from the show: WhiteHat Security -- https://www.whitehatsec.com/ Joseph Feiman biography -- https://www.whitehatsec.com/company/leadership/joseph-feiman/ DevSecOps Manifesto -- https://www.devsecops.org/ We hope you enjoy this episode; and don’t forget to subscribe to the show on iTunes, Google Play, or Stitcher.

Paul's Security Weekly
The Land Down Under - Enterprise Security Weekly #110

Paul's Security Weekly

Play Episode Listen Later Oct 12, 2018 65:03


This week, in the Enterprise News, Paul is joined by Joff Thyer to discuss WhiteHat Security's single page application scanning, Palo Alto Networks acquires RedLock to build out Cloud Security, KnowBe4 boosts security awareness training, Symantec brings workload assurance security to the cloud, and Splunk unveils first IoT platform for Customers! In our final segment, we air a Pre Recorded interview from Microsoft Ignite with Secure Digital Life host Doug White and CTO of Microsoft, Mark Russinovich!   Full Show Notes: https://wiki.securityweekly.com/ES_Episode110   Visit https://www.securityweekly.com/esw for all the latest episodes!   Visit https://www.activecountermeasures/esw to sign up for a demo or buy our AI Hunter!   →Follow us on Twitter: https://www.twitter.com/securityweekly →Like us on Facebook: https://www.facebook.com/secweekly

Enterprise Security Weekly (Audio)
The Land Down Under - Enterprise Security Weekly #110

Enterprise Security Weekly (Audio)

Play Episode Listen Later Oct 12, 2018 65:03


This week, in the Enterprise News, Paul is joined by Joff Thyer to discuss WhiteHat Security's single page application scanning, Palo Alto Networks acquires RedLock to build out Cloud Security, KnowBe4 boosts security awareness training, Symantec brings workload assurance security to the cloud, and Splunk unveils first IoT platform for Customers! In our final segment, we air a Pre Recorded interview from Microsoft Ignite with Secure Digital Life host Doug White and CTO of Microsoft, Mark Russinovich!   Full Show Notes: https://wiki.securityweekly.com/ES_Episode110   Visit https://www.securityweekly.com/esw for all the latest episodes!   Visit https://www.activecountermeasures/esw to sign up for a demo or buy our AI Hunter!   →Follow us on Twitter: https://www.twitter.com/securityweekly →Like us on Facebook: https://www.facebook.com/secweekly

Paul's Security Weekly TV
Gabriel Gumbs, STEALTHbits - Enterprise Security Weekly #97

Paul's Security Weekly TV

Play Episode Listen Later Jun 29, 2018 33:45


Gabriel Gumbs is the VP of Product Strategy at STEALTHbits Technologies. With a 16 year tenure in CyberSecurity, he has spent more than a decade of that as a security practitioner at companies like Pfizer before moving into the B2B Security space in 2011 with WhiteHat Security. Full Show Notes: https://wiki.securityweekly.com/ES_Episode97 Visit http://securityweekly.com/esw for all the latest episodes!

interview cybersecurity pfizer product strategy whitehat security enterprise security weekly gabriel gumbs stealthbits stealthbits technologies
Enterprise Security Weekly (Video)
Gabriel Gumbs, STEALTHbits - Enterprise Security Weekly #97

Enterprise Security Weekly (Video)

Play Episode Listen Later Jun 28, 2018 33:45


Gabriel Gumbs is the VP of Product Strategy at STEALTHbits Technologies. With a 16 year tenure in CyberSecurity, he has spent more than a decade of that as a security practitioner at companies like Pfizer before moving into the B2B Security space in 2011 with WhiteHat Security. Full Show Notes: https://wiki.securityweekly.com/ES_Episode97 Visit http://securityweekly.com/esw for all the latest episodes!

interview cybersecurity pfizer product strategy whitehat security enterprise security weekly gabriel gumbs stealthbits stealthbits technologies
Cyber Security Interviews
#052 – Jeremiah Grossman: The Cavalry Is Not Coming

Cyber Security Interviews

Play Episode Listen Later Apr 30, 2018 33:37


Bit Discovery (https://bitdiscovery.com/) . Jeremiah's career spans nearly 20 years and has lived a literal lifetime in computer security to become one of the industry's biggest names. Since Jeremiah earned a Brazilian Jiu-Jitsu black belt, the media has described him as "the embodiment of converged IT and physical security.” In 2001, Jeremiah founded WhiteHat Security (https://www.whitehatsec.com/) , which today has one of the largest professional hacking armies on the planet. Jeremiah has received a number of industry awards, been publicly thanked by Microsoft, Mozilla, Google, Facebook, and many others for privately informing them of weaknesses in their systems -- a polite way of saying, ‘hacking them'. In this episode we discuss RSAC 2018, starting in infosec, web application vulnerabilities, what to look for in application security developers, building security development metrics, why you need to inventory websites, making time to contribute to the community, and so much more. Where you can find Jer: LinkedIn (https://www.linkedin.com/in/grossmanjeremiah/) Twitter (https://twitter.com/jeremiahg) Blog (http://blog.jeremiahgrossman.com/) Jeremiahgrossman.com (https://www.jeremiahgrossman.com/)

Paul's Security Weekly TV
Gabriel Gumbs, STEALTHbits - Enterprise Security Weekly #40

Paul's Security Weekly TV

Play Episode Listen Later Apr 16, 2017 27:04


Gabriel Gumbs is the VP of Product Strategy at STEALTHbits Technologies. With a 16-year tenure in cybersecurity, Gabriel spent more than a decade as a security practitioner at companies like Pfizer before moving into the B2B Security space in 2011 with WhiteHat Security. Full Show Notes: http://wiki.securityweekly.com/wiki/index.php/ES_Episode40 Visit http://securityweekly.com/esw for all the latest episodes!

interview man news security enterprise pfizer hacking product strategy whitehat security asadoorian enterprise security weekly gabriel gumbs stealthbits stealthbits technologies es episode40 visit
Enterprise Security Weekly (Video)
Gabriel Gumbs, STEALTHbits - Enterprise Security Weekly #40

Enterprise Security Weekly (Video)

Play Episode Listen Later Apr 14, 2017 27:04


Gabriel Gumbs is the VP of Product Strategy at STEALTHbits Technologies. With a 16-year tenure in cybersecurity, Gabriel spent more than a decade as a security practitioner at companies like Pfizer before moving into the B2B Security space in 2011 with WhiteHat Security. Full Show Notes: http://wiki.securityweekly.com/wiki/index.php/ES_Episode40 Visit http://securityweekly.com/esw for all the latest episodes!

interview man news security enterprise pfizer hacking product strategy whitehat security asadoorian enterprise security weekly gabriel gumbs stealthbits stealthbits technologies es episode40 visit
Strikedeck Radio: Customer Success Live
Ep 6 - Mark Pecoraro, CS Executive - Part 2

Strikedeck Radio: Customer Success Live

Play Episode Listen Later Mar 9, 2017 30:31


Mark Pecoraro, who has previously led Customer Success teams at companies like SOASTA, Conviva, and WhiteHat Security, and now serves as an advisor to Strikedeck, explains how he sees Customer Success working cross-functionally with other departments like Finance, Customer Enablement/Professional Services, and Support, and trend and best practices to implement.

finance executives customer success whitehat security soasta strikedeck
Strikedeck Radio: Customer Success Live
Ep 5 - Mark Pecoraro, CS Executive

Strikedeck Radio: Customer Success Live

Play Episode Listen Later Feb 10, 2017 44:07


Mark Pecoraro, who has previously led Customer Success teams at companies like SOASTA, Conviva, and WhiteHat Security, and now serves as an advisor to Strikedeck, explains how he sees Customer Success working cross-functionally with other departments like Sales, Marketing, and Product.

marketing sales executives product customer success whitehat security soasta strikedeck
Command and Control
Jeremiah Grossman Interview – Command and Control Episode 4

Command and Control

Play Episode Listen Later May 12, 2016 50:14


Interview with Jeremiah Grossman, one of Application Security’s leading figures and founder of WhiteHat Security. We discuss his career, his recommendations for protecting yourself and your web apps, and hear his outlook for the future of the InfoSec industry. Show Notes

Command and Control
Jeremiah Grossman Interview – Command and Control Episode 4

Command and Control

Play Episode Listen Later May 12, 2016 50:14


Interview with Jeremiah Grossman, one of Application Security’s leading figures and founder of WhiteHat Security.

Command and Control
Top 10 Web Hacks 2015 - Command and Control Episode 3

Command and Control

Play Episode Listen Later Apr 30, 2016 29:07


Interview with the Johnathan Kuskos of WhiteHat Security to discuss the Top Ten Web Hacks of 2015 – WhiteHat’s annual compilation of the year’s best research into hacking web applications. Show Notes

Command and Control
Top 10 Web Hacks 2015 – Command and Control Episode 3

Command and Control

Play Episode Listen Later Apr 30, 2016 29:06


Interview with the Johnathan Kuskos of WhiteHat Security to discuss the Top Ten Web Hacks of 2015

DevelopSec: Developing Security Awareness
Ep. 32: Dynamic Analysis: An Overview

DevelopSec: Developing Security Awareness

Play Episode Listen Later Nov 21, 2015 22:28


James Jardine provides an overview of Dynamic Analysis and why it is important.  Like any automation, there are pros and cons.   Listen to find out why dynamic analysis is useful.    Some links to some dynamic analysis options that are available: WhiteHat Security (http://www.whitehatsec.com) HP - Web Inspect (http://www8.hp.com/us/en/software-solutions/webinspect-dynamic-analysis-dast/) IBM App Scan (http://www-03.ibm.com/software/products/en/appscan) Veracode (http://www.veracode.com) Acunetix (https://www.acunetix.com/)

Down the Security Rabbithole Podcast
DtSR Episode 132 - Good Guys, Bad Guys, and Reality

Down the Security Rabbithole Podcast

Play Episode Listen Later Mar 2, 2015 58:20


In this episode... We learn the origins of "RSnake" as told by Rob himself Rob gives us a peek into the dark side, from his contacts and experiences We discuss the black-hat economy as it's verticalized, specialized, and matured Rob discusses the balancing act of the good vs. bad and why the situation is as bad as it needs to be We discuss some of the things businesses and defenders really need to worry about Rob gives us his view of the inevitability of security from SMB to enterprise -- and why things are so good, or bad, or just right We discuss the different ways security is being understood, implemented and matured and why it's futile to chase absolutes Michael and Rob dive into the labor shortage in security - real, perceived, or misunderstood? Rob gives us his outlook on where things are going over the next decade or so   Guest Robert "RSnake" Hansen - ( @RSnake ) - Strategic. Web security expert. Visionary. Robert brings more than 20 years of web application and browser security experience, innovation, and vision to the WhiteHat Security team. Under Robert’s leadership, WhiteHat Labs successfully launched Aviator, the most secure browser available, for Mac and Windows, quickly racking up more than 170,000 downloads in less than six months. When asked about WhiteHat Labs’ mission, Hansen said, “Labs will strive to provide prototypes that go beyond customer expectations, to delight the user.” Before WhiteHat, Robert was the CEO of SecTheory and Falling Rock Networks. Robert has co-authored several books including XSS Exploits and Website Security for Dummies. Robert is also the author of Detecting Malice. He is a member of WASC, APWG, IACSP, ISSA, APWG and has contributed to several OWASP projects, including originating the XSS Cheat Sheet. When he is not breaking the web to make it stronger, Robert enjoys watching Formula One racing.

DevSecOps Podcast Series
John Melton and the OWASP AppSensor Project

DevSecOps Podcast Series

Play Episode Listen Later Feb 13, 2015 18:57


The OWASP AppSensor Project has just released version 2.0. In this broadcast we speak with John Melton, project code lead, on the latest features in the release and what the future looks like for the project. About John Melton John is one of the co-leaders for the OWASP AppSensor project and leads the software implementation. For his day job, he is a principal security researcher for WhiteHat Security, working in the SAST space. His background is in software and security engineering.

DevSecOps Podcast Series
AppSec USA 2013: Jim Manico - Life after OWASP Podcasting

DevSecOps Podcast Series

Play Episode Listen Later Jan 7, 2014 13:01


"For an organization to really mature around application security, they need to be building security into their software from day one." -- Jim Manico Jim Manico started the OWASP podcast series in 2008. In that time, he has recorded close to 100 interviews to keep the community updated on the lastest project development within OWASP. As Jim reaches his 100th episode, he reminisces about how the series was started, what his original vision was and what he's going to do now that he has passed the reins over and moves on to other projects. We start with a question about the origins of the project and how it grew. "It's easy to talk about to talk about the 'purity' of software development, but managing a fleet of already insecure apps is an equally difficult problem." -- Jim Manico About Jim Manico Jim Manico wasl elected as an OWASP Global Board Member as of January 1, 2013. He been an active member of OWASP since 2008. He is the VP of Security Architecture at WhiteHat Security. Jim's main passion at OWASP is supporting projects that help developers write secure code.

united states podcasting owasp security architecture whitehat security jim manico appsec usa
Black Hat Briefings, Japan 2005 [Audio] Presentations from the security conference
Jeremiah Grossman: Phishing with Super Bait (English)

Black Hat Briefings, Japan 2005 [Audio] Presentations from the security conference

Play Episode Listen Later Oct 31, 2006 65:44


"The use of phishing/cross-site scripting (XSS) hybrid attacks for financial gain is spreading. It?s imperative that security professionals familiarize themselves with these new threats to protect their websites and confidential corporate information. This isn't just another presentation about phishing scams or cross-site scripting. We?re all very familiar with each of those issues. Instead, we?ll discuss the potential impact when the two are combined to form new attack techniques. Phishers are beginning to exploit these techniques, creating new phishing attacks that are virtually impervious to conventional security measures. Secure sockets layer (SSL), blacklists, token-based authentication, browser same-origin policy, and monitoring / take-down services offer little protection. Even eyeballing the authenticity of a URL is unlikely to help. By leveraging cross-site scripting, the next level of phishing scams will be launched not from look-alike web pages, but instead from legitimate websites! This presentation will demonstrate how these types of attacks are being achieved. We'll also demonstrate the cutting edge exploits that can effectively turn your browser into spyware with several lines of JavaScript. And, we'll give you the steps you need to take to protect your websites from these attacks. Jeremiah Grossman is the founder and Chief Technology Officer of WhiteHat Security (http://www.whitehatsec.com), where he is responsible for web application security R&D and industry evangelism. As a seven-year industry veteran and well-known security expert, Mr. Grossman is a frequent international conference speaker at the Blackhat Briefings, ISSA, ISACA, NASA, and many other industry events. Mr. Grossman's research, writings, and discoveries have been featured in USA Today, VAR Business, NBC, ABC News (AU), ZDNet, eWeek, BetaNews, etc. Mr. Grossman is also a founder of the Web Application Security Consortium (WASC), as well as a contributing member of the Center for Internet Security Apache Benchmark Group. Prior to WhiteHat, Mr. Grossman was an information security officer at Yahoo!, responsible for performing security reviews on the company's hundreds of websites."

Black Hat Briefings, Las Vegas 2005 [Audio] Presentations from the security conference

The use of phishing/cross-site scripting hybrid attacks for financial gain is spreading. It's imperative that security professionals familiarize themselves with these new threats to protect their websites and confidential corporate information. This isn't just another presentation about phishing scams or cross-site scripting. We're all very familiar with each of those issues. Instead, we'll discuss the potential impact when the two are combined to form new attack techniques. Phishers are beginning to exploit these techniques, creating new phishing attacks that are virtually impervious to conventional security measures. Secure sockets layer (SSL), blacklists, token-based authentication, browser same-origin policy, and monitoring / take-down services offer little protection. Even eyeballing the authenticity of a URL is unlikely to help. By leveraging cross-site scripting, the next level of phishing scams will be launched not from look-alike web pages, but instead from legitimate websites! This presentation will demonstrate how these types of attacks are being achieved. We'll also demonstrate the cutting edge exploits that can effectively turn your browser into spyware with several lines of JavaScript. And, we'll give you the steps you need to take to protect your websites from these attacks. Jeremiah Grossman is the founder and Chief Technology Officer of WhiteHat Security (http://www.whitehatsec.com), where he is responsible for web application security Rresearch and developmentD and industry evangelism. As a seven-year industry veteran and well-known security expert, Mr. Grossman is a frequent conference speaker at the BlackHat Briefings, ISSA, ISACA, NASA, and many other industry events. Mr. Grossman's research, writings, and discoveries have been featured in USA Today, VAR Business, NBC, ZDNet, eWeek, BetaNews, etc. Mr. Grossman is also a founder of the Web Application Security Consortium (WASC), as well as a contributing member of the Center for Internet Security Apache Benchmark Group. Prior to WhiteHat, Mr. Grossman was an information security officer at Yahoo!, responsible for performing security reviews on the company's hundreds of websites.

Black Hat Briefings, Las Vegas 2006 [Video] Presentations from the security conference
Jeremiah Grossman: Hacking Intranet websites from the outside: Malware just got a lot more dangerous

Black Hat Briefings, Las Vegas 2006 [Video] Presentations from the security conference

Play Episode Listen Later Jun 4, 2006 54:51


Imagine you’re visiting a popular website and invisible JavaScript exploit code steals your cookies, captures your keystrokes, and monitors every web page that you visit. Then, without your knowledge or consent, your web browser is silently hijacked to transfer out bank funds, hack other websites, or post derogatory comments in a public forum. No traces, no tracks, no warning sirens. In 2005’s "Phishing with Superbait" presentation we demonstrated that all these things were in fact possible using nothing more than some clever JavaScript. And as bad as things are already, further web application security research is revealing that outsiders can also use these hijacked browsers to exploit intranet websites. Most of us assume while surfing the Web that we are protected by firewalls and isolated through private NAT'ed IP addresses. We assume the soft security of intranet websites and that the Web-based interfaces of routers, firewalls, printers, IP phones, payroll systems, etc. even if left unpatched, remain safe inside the protected zone. We believe nothing is capable of directly connecting in from the outside world. Right? Well, not quite. Web browsers can be completely controlled by any web page, enabling them to become launching points to attack internal network resources. The web browser of every user on an enterprise network becomes a stepping stone for intruders. Now, imagine visiting a web page that contains JavaScript malware that automatically reconfigures your company’s routers or firewalls, from the inside, opening the internal network up to the whole world. Even worse, common Cross-Site Scripting vulnerabilities make it possible for these attacks to be launched from just about any website we visit and especially those we trust. The age of web application security malware has begun and it’s critical that understand what it is and how to defend against it. During this presentation we'll demonstrate a wide variety of cutting-edge web application security attack techniques and describe bestpractices for securing websites and users against these threats. You’ll see: * Port scanning and attacking intranet devices using JavaScript * Blind web server fingerprinting using unique URLs * Discovery NAT'ed IP addresses with Java Applets * Stealing web browser history with Cascading Style Sheets * Best-practice defense measures for securing websites * Essential habits for safe web surfing Jeremiah Grossman is the founder and Chief Technology Officer of WhiteHat Security (http://www.whitehatsec.com), where he is responsible for web application security R&D and industry evangelism. As an well-known and internationally recognized security expert, Mr. Grossman is a frequent speaker at the Black Hat Briefings, ISSA, ISACA, NASA, and many other industry events. Mr. Grossman's research, writing, and interviews have been published in dozens of publications including USA Today, VAR Business, NBC, ABC News (AU), ZDNet, eWeek, Computerworld and BetaNews. Mr. Grossman is also a founder of the Web Application Security Consortium (WASC), as well as a contributing member of the Center for Internet Security Apache Benchmark Group. Prior to WhiteHat, Mr. Grossman was an information security officer at Yahoo!, responsible for performing security reviews on the company's hundreds of websites. T.C. Niedzialkowski is a Senior Security Engineer at WhiteHat Security in Santa Clara, California. In this role, he oversees WhiteHat Sentinel, the company's continuous vulnerability assessment and management service for web applications. Mr. Niedzialkowski has extensive experience in web application assessment and is a key contributor to the design of WhiteHat's scanning technology."

Black Hat Briefings, Las Vegas 2006 [Audio] Presentations from the security conference
Jeremiah Grossman: Hacking Intranet websites from the outside: Malware just got a lot more dangerous

Black Hat Briefings, Las Vegas 2006 [Audio] Presentations from the security conference

Play Episode Listen Later Jun 4, 2006 54:51


"Imagine you’re visiting a popular website and invisible JavaScript exploit code steals your cookies, captures your keystrokes, and monitors every web page that you visit. Then, without your knowledge or consent, your web browser is silently hijacked to transfer out bank funds, hack other websites, or post derogatory comments in a public forum. No traces, no tracks, no warning sirens. In 2005’s "Phishing with Superbait" presentation we demonstrated that all these things were in fact possible using nothing more than some clever JavaScript. And as bad as things are already, further web application security research is revealing that outsiders can also use these hijacked browsers to exploit intranet websites. Most of us assume while surfing the Web that we are protected by firewalls and isolated through private NAT'ed IP addresses. We assume the soft security of intranet websites and that the Web-based interfaces of routers, firewalls, printers, IP phones, payroll systems, etc. even if left unpatched, remain safe inside the protected zone. We believe nothing is capable of directly connecting in from the outside world. Right? Well, not quite. Web browsers can be completely controlled by any web page, enabling them to become launching points to attack internal network resources. The web browser of every user on an enterprise network becomes a stepping stone for intruders. Now, imagine visiting a web page that contains JavaScript malware that automatically reconfigures your company’s routers or firewalls, from the inside, opening the internal network up to the whole world. Even worse, common Cross-Site Scripting vulnerabilities make it possible for these attacks to be launched from just about any website we visit and especially those we trust. The age of web application security malware has begun and it’s critical that understand what it is and how to defend against it. During this presentation we'll demonstrate a wide variety of cutting-edge web application security attack techniques and describe bestpractices for securing websites and users against these threats. You’ll see: * Port scanning and attacking intranet devices using JavaScript * Blind web server fingerprinting using unique URLs * Discovery NAT'ed IP addresses with Java Applets * Stealing web browser history with Cascading Style Sheets * Best-practice defense measures for securing websites * Essential habits for safe web surfing Jeremiah Grossman is the founder and Chief Technology Officer of WhiteHat Security (http://www.whitehatsec.com), where he is responsible for web application security R&D and industry evangelism. As an well-known and internationally recognized security expert, Mr. Grossman is a frequent speaker at the Black Hat Briefings, ISSA, ISACA, NASA, and many other industry events. Mr. Grossman's research, writing, and interviews have been published in dozens of publications including USA Today, VAR Business, NBC, ABC News (AU), ZDNet, eWeek, Computerworld and BetaNews. Mr. Grossman is also a founder of the Web Application Security Consortium (WASC), as well as a contributing member of the Center for Internet Security Apache Benchmark Group. Prior to WhiteHat, Mr. Grossman was an information security officer at Yahoo!, responsible for performing security reviews on the company's hundreds of websites. T.C. Niedzialkowski is a Senior Security Engineer at WhiteHat Security in Santa Clara, California. In this role, he oversees WhiteHat Sentinel, the company's continuous vulnerability assessment and management service for web applications. Mr. Niedzialkowski has extensive experience in web application assessment and is a key contributor to the design of WhiteHat's scanning technology."

Black Hat Briefings, Las Vegas 2005 [Video] Presentations from the security conference

The use of phishing/cross-site scripting hybrid attacks for financial gain is spreading. It's imperative that security professionals familiarize themselves with these new threats to protect their websites and confidential corporate information. This isn't just another presentation about phishing scams or cross-site scripting. We're all very familiar with each of those issues. Instead, we'll discuss the potential impact when the two are combined to form new attack techniques. Phishers are beginning to exploit these techniques, creating new phishing attacks that are virtually impervious to conventional security measures. Secure sockets layer (SSL), blacklists, token-based authentication, browser same-origin policy, and monitoring / take-down services offer little protection. Even eyeballing the authenticity of a URL is unlikely to help. By leveraging cross-site scripting, the next level of phishing scams will be launched not from look-alike web pages, but instead from legitimate websites! This presentation will demonstrate how these types of attacks are being achieved. We'll also demonstrate the cutting edge exploits that can effectively turn your browser into spyware with several lines of JavaScript. And, we'll give you the steps you need to take to protect your websites from these attacks. Jeremiah Grossman is the founder and Chief Technology Officer of WhiteHat Security (http://www.whitehatsec.com), where he is responsible for web application security Rresearch and developmentD and industry evangelism. As a seven-year industry veteran and well-known security expert, Mr. Grossman is a frequent conference speaker at the BlackHat Briefings, ISSA, ISACA, NASA, and many other industry events. Mr. Grossman's research, writings, and discoveries have been featured in USA Today, VAR Business, NBC, ZDNet, eWeek, BetaNews, etc. Mr. Grossman is also a founder of the Web Application Security Consortium (WASC), as well as a contributing member of the Center for Internet Security Apache Benchmark Group. Prior to WhiteHat, Mr. Grossman was an information security officer at Yahoo!, responsible for performing security reviews on the company's hundreds of websites.