Security

What's worse than getting hit with a security breach? Getting hit with an easily preventable one.

  • Podcasts // Oct 2014

    Migrating From Cisco ASA to Palo Alto Networks

    In this podcast, the speaker will show how easy it is to move to a next-generation security platform. The speaker also explains about the fundamental differences between Cisco ASA and Palo Alto Networks, and share migration best practices, examples and case studies.

    Provided By Palo Alto Medical Foundation

  • Podcasts // Sep 2014

    Rethinking Mobile Security

    In this podcast, the speaker will discuss the changing threat landscape for mobile platforms, and how this drives a corresponding set of new requirements for security. Instead of being shackled to past principles and philosophies, learn about approaches to security that enable and extend (rather than restrict) access to mobile...

    Provided By Palo Alto Medical Foundation

  • Podcasts // Sep 2014

    VPN Pivoting With Cobalt Strike

    In this podcast, the speaker will discuss about VPN. It creates a network interface on the cobalt strike system and bridges this interface into the target's network. Through a covert VPN interface: the user system may sniff traffic on their target's network, act as a rogue server, or perform man-in-the-middle...

    Provided By SecurityTube.net

  • Podcasts // Sep 2014

    From the Ground Up

    In this podcast, the speaker will explain about the continuation of that proof and is aimed at developers to help them detect security vulnerabilities using live source-sink analysis. It is dependent on the code coverage and not aimed to be used in a production environment.

    Provided By SecurityTube.net

  • Podcasts // Sep 2014

    The DevOps of Everything

    Although the movement started out as a problem statement to solve developer and operations collaboration, it quickly moved into other disciplines such as security, networking and storage. In this podcast, the speaker will take a look at the DevOps affect on things like converged infrastructure, software defined networking, software defined...

    Provided By SecurityTube.net

  • Podcasts // Sep 2014

    Where the Security Rubber Meets the DevOps Road

    DevOps is a natural evolution of agile, lean, continuous integration and other patterns common amongst high performers and continuous process improvement. As someone who has helped dozens of organizations get started with DevOps patterns and tool chains, in this podcast, the speaker will explain where people get started - and...

    Provided By SecurityTube.net

  • Podcasts // Sep 2014

    Autoscaling Web Application Security in the Cloud

    Securing web applications has placed extreme demands on security professionals - in addition to understanding attack patterns and defense tactics, effectively protecting web apps requires some level of programming and database management expertise. With broad adoption of public clouds, this bar is rising once again. Today's cloud enabled applications scale-up...

    Provided By SecurityTube.net

  • Podcasts // Sep 2014

    Cloud Security at Scale and What It Means for Your Application

    Cloud computing is all the rage, but few organizations have really thought about what security means for their applications and networks in cloud-centric deployments. Netflix is amongst the largest users of public cloud resources and consumes roughly 1/3 of all the US's downstream broadband at peak. In this podcast, the...

    Provided By SecurityTube.net

  • Podcasts // Sep 2014

    Bringing a Machete to the Amazon

    With concrete examples and new techniques in this podcast, the speaker will explore \"Full stack\" vulnerabilities and their effect on security and how they create new pitfalls when migrating to and operating in an Amazon Web Services (AWS) world. From the simple (checking in the user AWS credentials to github...

    Provided By SecurityTube.net

  • Podcasts // Sep 2014

    Top 10 Web Hacking Techniques of 2013

    Every year the security community produces a stunning number of new Web hacking techniques that are published in various white papers, blog posts, magazine articles, mailing list emails, conference presentations, etc. Within the thousands of pages are the latest ways to attack websites, Web browsers, Web proxies, and their mobile...

    Provided By SecurityTube.net

  • Podcasts // Sep 2014

    Runtime Manipulation of Android and iOS Applications

    With over 1.6 million applications in the Apple AppStore and Google Play store, and around 7 billion mobile subscribers in the world, mobile application security has been shoved into the forefront of many organizations. Mobile application security encompasses many facets of security. Device security, application security, and network security all...

    Provided By SecurityTube.net

  • Podcasts // Sep 2014

    Static Analysis for Dynamic Assessments

    Today's dynamic and static web vulnerability scanners are capable of analyzing complex web applications for security weaknesses. They automate testing of much common vulnerability. However, there is a gap between static and dynamic scanners. They find different vulnerabilities. So why aren't dynamic testers running static tools? Typically, they don't have...

    Provided By SecurityTube.net

  • Podcasts // Sep 2014

    Use After Free Exploitation

    Use after free vulnerabilities is the cause of a large number of web browser and client-side compromises. Software bugs residing on the heap can be difficult to detect through standard debugging and QA. In this podcast, the speaker will first define the use after free vulnerability class, and then dive...

    Provided By SecurityTube.net

  • Podcasts // Sep 2014

    Mobile Security Attacks: A Glimpse From the Trenches

    Hackers today apply covert and persistent techniques to attack mobile devices. In this podcast, the speaker will explain about the latest threats on mobile devices from the team who uncovered iOS malicious profiles and HTTP request hijacking. The speaker will describe and demonstrate emerging mobile security threats: from physical, through...

    Provided By SecurityTube.net

  • Podcasts // Sep 2014

    Reversing Engineering a Web Application - For Fun, Behavior and WAF Detection

    Screening HTTP traffic can be something really tricky and attacks to applications are becoming increasingly complex day-by-day. By analyzing thousands upon thousands of infections, the speaker noticed that regular blacklisting is increasingly failing and started research on a new approach to mitigate the problem. Initially reverse engineering the most popular...

    Provided By SecurityTube.net

  • Podcasts // Sep 2014

    Catch Me If You Can: Building a Web Malware Analyzer Using Machine Learning

    With close to 10,000 new, legitimate websites being added to the Google malware blacklist every day, it's clear that infecting websites to spread malware has become the go-to choice for malicious hackers. In this podcast, the speaker will focus on how the problem is evolving, how websites are getting infected...

    Provided By SecurityTube.net

  • Podcasts // Sep 2014

    Project Monterey or How We Learned to Stop Worrying and Love the Cloud

    At Netflix developers deploy code hundreds of times a day. Each code push could be a production canary taking only a percentage of the total requests or a test determining which new feature is improving customer experience the best. The large number of applications along with multiple concurrent code bases...

    Provided By SecurityTube.net

  • Podcasts // Sep 2014

    Red Phish, Blue Phish: Improved Phishing Detection Using Perceptual Hashing

    While lacking the sex appeal of memory corruption based attacks, phishing remains a problem for many end users. Defenses against phishing have not advanced significantly. The speakers will discuss current approaches to phishing detection, and present a new one along with accompanying tool. They will discuss several perceptual hashing algorithms,...

    Provided By SecurityTube.net

  • Podcasts // Sep 2014

    IEEE Computer Society's Center for Secure Design: Helping You Design More Secure Software

    The IEEE computer society's CSD (Center for Secure Design) was formed in 2014 with the goal of identifying common design flaws and creating tools or design patterns so architects and developers can avoid introducing those design flaws into software. The CSD aims to create artifacts to aid in the analysis...

    Provided By SecurityTube.net

  • Podcasts // Sep 2014

    Anatomy of Memory Scraping, Credit Card Stealing POS Malware

    Learn the nuts-and-bolts of how a memory scraping, credit card stealing Point-Of-Sale (POS) malware works and identify strategies that the user can implement to make it hard for the bad guys. Sensitive information, like credit card numbers, are encrypting on disk and also during transit. But the one place where...

    Provided By SecurityTube.net

  • Podcasts // Sep 2014

    Building Your Application Security Data Hub: The Imperative for Structured Vulnerability Information

    One of the reasons application security is so challenging to address is that it spans multiple teams within an organization. Development teams build software, security testing teams find vulnerabilities, security operations staff manage applications in production and IT audit organizations make sure that the resulting software meets compliance and governance...

    Provided By SecurityTube.net

  • Podcasts // Sep 2014

    Lean Security for Small or Medium Sized Business

    For a Small or Medium sized Business (SMB) the fallout from a security or privacy incident can be at best a PR nightmare. At their worst it can cause irrecoverable damage and end the users business by impacting sales or ad revenue. The user base may take a hit. The...

    Provided By SecurityTube.net

  • Podcasts // Sep 2014

    Ten Secrets to Secure Mobile Applications

    Many high profile mobile apps have been in the news for failures to use encryption, bad web service design, and privacy violations against users. Join them to get a grasp on how to threat model mobile applications and what the top vulnerabilities and solutions are for them.

    Provided By SecurityTube.net

  • Podcasts // Sep 2014

    Security Header Injection Module (SHIM)

    Client-side security headers are useful countermeasures for man-in-the-middle, clickjacking, XSS, MIME-type sniffing, and data caching vulnerabilities. In this podcast, the speakers will review several security headers (e.g. strict-transport-security, X-frame-options, X-XSS-protection, content-security-policy, and X-content-type-options) and the various options available for each header.

    Provided By SecurityTube.net

  • Podcasts // Sep 2014

    Blended Web and Database Attacks on Real-time, In-Memory Platforms

    It is well known there is a race going on in the \"Big data\" arena. One of the stronger competitors in the \"Big data\" market is real-time, in-memory platforms. An interesting thing about this platform and, the one the speakers will explain about specifically, is that it blends everything to...

    Provided By SecurityTube.net

  • Podcasts // Sep 2014

    Warning Ahead: Security Storms are Brewing in Your JavaScript

    JavaScript controls the peoples' lives - they use it to zoom in and out of a map, to automatically schedule doctor appointments and to play online games. But have they ever properly considered the security state of this scripting language? Before dismissing the (in) security posture of JavaScript on the...

    Provided By SecurityTube.net

  • Podcasts // Sep 2014

    Headless Browser Hide and Seek

    Headless browsers have quietly become indispensable tools for security teams, researchers, and attackers focusing on web applications. Tools like PhantomJS enable anyone to interact with highly dynamic websites to find vulnerabilities, performance bottlenecks, and even automate attacks. This webcast will dive into the offensive use of these tools, and how...

    Provided By SecurityTube.net

  • Podcasts // Sep 2014

    Hacking the Oracle Application Framework: A Case Study in Deep-Dive Pen Testing

    The Oracle Application Framework (OAF) is the base of dozens of Oracle's web-based business applications (the e-business suite) and is used by many other organizations to develop their own in-house applications. Last year, the speaker published a major vulnerability (CVE-2013-xxxx) in the framework that allowed inspect inspection of run-time data.

    Provided By SecurityTube.net

  • Podcasts // Sep 2014

    iOS App Integrity: Got Any?

    iOS apps are vulnerable to static analysis and attack through binary code patching. Incorporating jailbreak and debugger detection algorithms can be rendered useless with a quick binary patch. Once patched the app can be further exploited, its app data stolen, and even cloned.

    Provided By SecurityTube.net

  • Podcasts // Sep 2014

    Stop Chasing Vulnerabilities - Introducing Continuous Application Security

    For too long, application security has been \"Experts-only\" and practiced one-app-at-a-time. But modern software development, both technology and process, is mostly incompatible with this old approach and legacy appsec tools. Software development has been transformed by practices like continuous integration and continuous integration, and the time has come to bring...

    Provided By SecurityTube.net

  • Podcasts // Sep 2014

    Threat Modeling Made Interactive!

    Threat modeling is an important part of any secure development process. By identifying potential threats early in the development, the user can build effective mitigations into their system, rather than relying on costly patches and bug fixes. Existing techniques for modeling threats involve a whiteboard or some form of diagramming,...

    Provided By SecurityTube.net

  • Podcasts // Sep 2014

    Modernizing Network Security in SCADA and Industrial Control Systems

    In this podcast, the speaker will discuss the nature of both existing and emerging cyber threats to ICS and why asset owners need to pay attention to them, strategies and frameworks for defending the user's ICS against these threats and next-generation technologies that enable fine-grain visibility, role-based access control, and...

    Provided By Palo Alto Medical Foundation

  • Podcasts // Sep 2014

    How Evolved \"419 Scammers\" Are Targeting the Enterprise

    In this podcast, the speaker will focus on these key takeaways: Remote Administration Tools (RATs) such as NetWire, that provide complete control over infected systems, silver spaniel attacks are specifically designed to evade traditional antivirus programs and indicators of compromise were observed for the NetWire RAT, and unit 42 recommends...

    Provided By Palo Alto Medical Foundation

  • Podcasts // Jul 2014

    Hiding in Plain Sight - What's Really Happening on Your Network

    Today's cyber threats hide in plain sight amidst the user's network traffic, making them nearly impossible to defend against. In this podcast, the speaker will analyze the intertwined relationship between cyber attacks and applications based on recent data collected from over 2,200 networks. The speaker also gives information on how...

    Provided By Palo Alto Medical Foundation

  • Podcasts // Jun 2014

    CryptoLocker - The Ransomware Trojan

    The CryptoLocker malware encrypts certain files with a private key and demands payment to regain access to the files. In this podcast, the speaker will presents deep dive into CryptoLocker and looks at the latest information around what is called one of the two most sophisticated and destructive forms of...

    Provided By SecurityTube.net

  • Podcasts // May 2014

    Digging Deeper Into the IE Vulnerability

    Web browser vulnerabilities remain a fertile ground for hackers to harvest and mount attacks. Latest vulnerabilities found in Internet Explorer (IE) and urgent response from Microsoft highlights the fact that despite end of life announcements for old and less secure products, millions of users remain exposed to threats.

    Provided By SecurityTube.net

  • Podcasts // Jan 2014

    Virtual Event: Test without writing a single line of code…really

    Testing business-critical packaged applications is a high priority for many organizations. These applications must meet the same aggressive project time frames and operations benchmarks as internally-developed software. In this session, you will learn how Turnkey Solutions is helping Iron Mountain increase the speed and effectiveness of its packaged apps testing...

    Provided By Hewlett-Packard (HP)

  • Podcasts // Jan 2014

    McKesson Cloud Automation Podcast

    Download the podcast on how McKesson accomplished a multi-year, pan-IT management transformation. Learn how McKesson's performance journey, from 2005 to the present, has enabled it to better leverage an agile, hybrid cloud model. How McKesson gained a standardized services orientation to achieve agility in deploying its many active applications is...

    Provided By Hewlett-Packard (HP)

  • Podcasts // Jan 2014

    Thinking ahead: Pragmatic steps for successful cloud transformations virtual event

    Public, private, or hybrid, the cloud is creating an array of opportunities for business and IT. And it’s reshaping IT as we know it. But incorporating cloud technology and services into the data center can entail multi-year transformations. The key to successful cloud transformations is developing a pragmatic strategy and...

    Provided By Hewlett-Packard (HP)

  • Podcasts // Jan 2014

    IBM SmartCloud Entry for Power Systems

    The IBM SmartCloud™ Entry on Power Systems™ solution provides a cost-competitive, entry-level private cloud solution that helps speed time to value of your service deployments on your IBM Power Systems servers.

    Provided By IBM