Security

Stay one step ahead of the hackers with strong security management, authentication, encryption and risk strategies.

  • Podcasts // Feb 2015

    Tap On, Tap Off: Onscreen Keyboards and Mobile Password Entry

    Password entry on mobile devices significantly impacts both usability and security, but there is a dearth of usable security research in this area, specifically for complex password entry. To address this research gap, the speaker set out to assign strength metrics to passwords for which they already had usability data,...

    Provided By SecurityTube.net

  • Podcasts // Feb 2015

    Unveiling the Kernel: Rootkit Discovery Using Selective Automated Kernel Memory Differencing

    As an increasing number of automated malware analysis systems become mainstream, the emphasis on the relevance of the data extracted from the analysis task increases. Conceptually, automated malware analysis systems provide information about a sample and also identify modifications caused by the sample to a computer system.

    Provided By SecurityTube.net

  • Podcasts // Oct 2014

    Migrating From Cisco ASA to Palo Alto Networks

    In this podcast, the speaker will show how easy it is to move to a next-generation security platform. The speaker also explains about the fundamental differences between Cisco ASA and Palo Alto Networks, and share migration best practices, examples and case studies.

    Provided By Palo Alto Medical Foundation

  • Podcasts // Sep 2014

    Duping the Machine - Malware Strategies, Post Sandbox Detection

    Sandboxes and automated analysis environments are key tools to combat the exponential growth of malware. There are a huge range of different solutions and they are used in a wide variety of situations throughout security companies and large IT departments across the globe.

    Provided By SecurityTube.net

  • Podcasts // Sep 2014

    Rethinking Mobile Security

    In this podcast, the speaker will discuss the changing threat landscape for mobile platforms, and how this drives a corresponding set of new requirements for security. Instead of being shackled to past principles and philosophies, learn about approaches to security that enable and extend (rather than restrict) access to mobile...

    Provided By Palo Alto Medical Foundation

  • Podcasts // Sep 2014

    VPN Pivoting With Cobalt Strike

    In this podcast, the speaker will discuss about VPN. It creates a network interface on the cobalt strike system and bridges this interface into the target's network. Through a covert VPN interface: the user system may sniff traffic on their target's network, act as a rogue server, or perform man-in-the-middle...

    Provided By SecurityTube.net

  • Podcasts // Sep 2014

    Mobile Security Attacks: A Glimpse From the Trenches

    Hackers today apply covert and persistent techniques to attack mobile devices. In this podcast, the speaker will explain about the latest threats on mobile devices from the team who uncovered iOS malicious profiles and HTTP request hijacking. The speaker will describe and demonstrate emerging mobile security threats: from physical, through...

    Provided By SecurityTube.net

  • Podcasts // Sep 2014

    Reversing Engineering a Web Application - For Fun, Behavior and WAF Detection

    Screening HTTP traffic can be something really tricky and attacks to applications are becoming increasingly complex day-by-day. By analyzing thousands upon thousands of infections, the speaker noticed that regular blacklisting is increasingly failing and started research on a new approach to mitigate the problem. Initially reverse engineering the most popular...

    Provided By SecurityTube.net

  • Podcasts // Sep 2014

    Catch Me If You Can: Building a Web Malware Analyzer Using Machine Learning

    With close to 10,000 new, legitimate websites being added to the Google malware blacklist every day, it's clear that infecting websites to spread malware has become the go-to choice for malicious hackers. In this podcast, the speaker will focus on how the problem is evolving, how websites are getting infected...

    Provided By SecurityTube.net

  • Podcasts // Sep 2014

    From the Ground Up

    In this podcast, the speaker will explain about the continuation of that proof and is aimed at developers to help them detect security vulnerabilities using live source-sink analysis. It is dependent on the code coverage and not aimed to be used in a production environment.

    Provided By SecurityTube.net

  • Podcasts // Sep 2014

    Where the Security Rubber Meets the DevOps Road

    DevOps is a natural evolution of agile, lean, continuous integration and other patterns common amongst high performers and continuous process improvement. As someone who has helped dozens of organizations get started with DevOps patterns and tool chains, in this podcast, the speaker will explain where people get started - and...

    Provided By SecurityTube.net

  • Podcasts // Sep 2014

    Autoscaling Web Application Security in the Cloud

    Securing web applications has placed extreme demands on security professionals - in addition to understanding attack patterns and defense tactics, effectively protecting web apps requires some level of programming and database management expertise. With broad adoption of public clouds, this bar is rising once again. Today's cloud enabled applications scale-up...

    Provided By SecurityTube.net

  • Podcasts // Sep 2014

    Cloud Security at Scale and What It Means for Your Application

    Cloud computing is all the rage, but few organizations have really thought about what security means for their applications and networks in cloud-centric deployments. Netflix is amongst the largest users of public cloud resources and consumes roughly 1/3 of all the US's downstream broadband at peak. In this podcast, the...

    Provided By SecurityTube.net

  • Podcasts // Sep 2014

    Bringing a Machete to the Amazon

    With concrete examples and new techniques in this podcast, the speaker will explore \"Full stack\" vulnerabilities and their effect on security and how they create new pitfalls when migrating to and operating in an Amazon Web Services (AWS) world. From the simple (checking in the user AWS credentials to github...

    Provided By SecurityTube.net

  • Podcasts // Sep 2014

    Top 10 Web Hacking Techniques of 2013

    Every year the security community produces a stunning number of new Web hacking techniques that are published in various white papers, blog posts, magazine articles, mailing list emails, conference presentations, etc. Within the thousands of pages are the latest ways to attack websites, Web browsers, Web proxies, and their mobile...

    Provided By SecurityTube.net

  • Podcasts // Sep 2014

    Static Analysis for Dynamic Assessments

    Today's dynamic and static web vulnerability scanners are capable of analyzing complex web applications for security weaknesses. They automate testing of much common vulnerability. However, there is a gap between static and dynamic scanners. They find different vulnerabilities. So why aren't dynamic testers running static tools? Typically, they don't have...

    Provided By SecurityTube.net

  • Podcasts // Sep 2014

    Use After Free Exploitation

    Use after free vulnerabilities is the cause of a large number of web browser and client-side compromises. Software bugs residing on the heap can be difficult to detect through standard debugging and QA. In this podcast, the speaker will first define the use after free vulnerability class, and then dive...

    Provided By SecurityTube.net

  • Podcasts // Sep 2014

    Warning Ahead: Security Storms are Brewing in Your JavaScript

    JavaScript controls the peoples' lives - they use it to zoom in and out of a map, to automatically schedule doctor appointments and to play online games. But have they ever properly considered the security state of this scripting language? Before dismissing the (in) security posture of JavaScript on the...

    Provided By SecurityTube.net

  • Podcasts // Sep 2014

    Threat Modeling Made Interactive!

    Threat modeling is an important part of any secure development process. By identifying potential threats early in the development, the user can build effective mitigations into their system, rather than relying on costly patches and bug fixes. Existing techniques for modeling threats involve a whiteboard or some form of diagramming,...

    Provided By SecurityTube.net

  • Podcasts // Sep 2014

    Stop Chasing Vulnerabilities - Introducing Continuous Application Security

    For too long, application security has been \"Experts-only\" and practiced one-app-at-a-time. But modern software development, both technology and process, is mostly incompatible with this old approach and legacy appsec tools. Software development has been transformed by practices like continuous integration and continuous integration, and the time has come to bring...

    Provided By SecurityTube.net

  • Podcasts // Sep 2014

    Building Your Application Security Data Hub: The Imperative for Structured Vulnerability Information

    One of the reasons application security is so challenging to address is that it spans multiple teams within an organization. Development teams build software, security testing teams find vulnerabilities, security operations staff manage applications in production and IT audit organizations make sure that the resulting software meets compliance and governance...

    Provided By SecurityTube.net

  • Podcasts // Sep 2014

    Lean Security for Small or Medium Sized Business

    For a Small or Medium sized Business (SMB) the fallout from a security or privacy incident can be at best a PR nightmare. At their worst it can cause irrecoverable damage and end the users business by impacting sales or ad revenue. The user base may take a hit. The...

    Provided By SecurityTube.net

  • Podcasts // Sep 2014

    IEEE Computer Society's Center for Secure Design: Helping You Design More Secure Software

    The IEEE computer society's CSD (Center for Secure Design) was formed in 2014 with the goal of identifying common design flaws and creating tools or design patterns so architects and developers can avoid introducing those design flaws into software. The CSD aims to create artifacts to aid in the analysis...

    Provided By SecurityTube.net

  • Podcasts // Sep 2014

    Anatomy of Memory Scraping, Credit Card Stealing POS Malware

    Learn the nuts-and-bolts of how a memory scraping, credit card stealing Point-Of-Sale (POS) malware works and identify strategies that the user can implement to make it hard for the bad guys. Sensitive information, like credit card numbers, are encrypting on disk and also during transit. But the one place where...

    Provided By SecurityTube.net

  • Podcasts // Sep 2014

    Red Phish, Blue Phish: Improved Phishing Detection Using Perceptual Hashing

    While lacking the sex appeal of memory corruption based attacks, phishing remains a problem for many end users. Defenses against phishing have not advanced significantly. The speakers will discuss current approaches to phishing detection, and present a new one along with accompanying tool. They will discuss several perceptual hashing algorithms,...

    Provided By SecurityTube.net

  • Podcasts // Sep 2014

    Blended Web and Database Attacks on Real-time, In-Memory Platforms

    It is well known there is a race going on in the \"Big data\" arena. One of the stronger competitors in the \"Big data\" market is real-time, in-memory platforms. An interesting thing about this platform and, the one the speakers will explain about specifically, is that it blends everything to...

    Provided By SecurityTube.net

  • Podcasts // Sep 2014

    Security Header Injection Module (SHIM)

    Client-side security headers are useful countermeasures for man-in-the-middle, clickjacking, XSS, MIME-type sniffing, and data caching vulnerabilities. In this podcast, the speakers will review several security headers (e.g. strict-transport-security, X-frame-options, X-XSS-protection, content-security-policy, and X-content-type-options) and the various options available for each header.

    Provided By SecurityTube.net

  • Podcasts // Sep 2014

    iOS App Integrity: Got Any?

    iOS apps are vulnerable to static analysis and attack through binary code patching. Incorporating jailbreak and debugger detection algorithms can be rendered useless with a quick binary patch. Once patched the app can be further exploited, its app data stolen, and even cloned.

    Provided By SecurityTube.net

  • Podcasts // Sep 2014

    Hacking the Oracle Application Framework: A Case Study in Deep-Dive Pen Testing

    The Oracle Application Framework (OAF) is the base of dozens of Oracle's web-based business applications (the e-business suite) and is used by many other organizations to develop their own in-house applications. Last year, the speaker published a major vulnerability (CVE-2013-xxxx) in the framework that allowed inspect inspection of run-time data.

    Provided By SecurityTube.net

  • Podcasts // Sep 2014

    Headless Browser Hide and Seek

    Headless browsers have quietly become indispensable tools for security teams, researchers, and attackers focusing on web applications. Tools like PhantomJS enable anyone to interact with highly dynamic websites to find vulnerabilities, performance bottlenecks, and even automate attacks. This webcast will dive into the offensive use of these tools, and how...

    Provided By SecurityTube.net

  • Podcasts // Sep 2014

    Modernizing Network Security in SCADA and Industrial Control Systems

    In this podcast, the speaker will discuss the nature of both existing and emerging cyber threats to ICS and why asset owners need to pay attention to them, strategies and frameworks for defending the user's ICS against these threats and next-generation technologies that enable fine-grain visibility, role-based access control, and...

    Provided By Palo Alto Medical Foundation

  • Podcasts // Sep 2014

    How Evolved \"419 Scammers\" Are Targeting the Enterprise

    In this podcast, the speaker will focus on these key takeaways: Remote Administration Tools (RATs) such as NetWire, that provide complete control over infected systems, silver spaniel attacks are specifically designed to evade traditional antivirus programs and indicators of compromise were observed for the NetWire RAT, and unit 42 recommends...

    Provided By Palo Alto Medical Foundation

  • Podcasts // Jul 2014

    Hiding in Plain Sight - What's Really Happening on Your Network

    Today's cyber threats hide in plain sight amidst the user's network traffic, making them nearly impossible to defend against. In this podcast, the speaker will analyze the intertwined relationship between cyber attacks and applications based on recent data collected from over 2,200 networks. The speaker also gives information on how...

    Provided By Palo Alto Medical Foundation

  • Podcasts // Jun 2014

    CryptoLocker - The Ransomware Trojan

    The CryptoLocker malware encrypts certain files with a private key and demands payment to regain access to the files. In this podcast, the speaker will presents deep dive into CryptoLocker and looks at the latest information around what is called one of the two most sophisticated and destructive forms of...

    Provided By SecurityTube.net

  • Podcasts // May 2014

    Digging Deeper Into the IE Vulnerability

    Web browser vulnerabilities remain a fertile ground for hackers to harvest and mount attacks. Latest vulnerabilities found in Internet Explorer (IE) and urgent response from Microsoft highlights the fact that despite end of life announcements for old and less secure products, millions of users remain exposed to threats.

    Provided By SecurityTube.net

  • Podcasts // Jan 2014

    Top Ten Proactive Web Application Controls

    The OWASP proactive control is a \"Top 10 like document\" aimed to help developers build secure applications. In this podcast, the speaker will explain the fundamental controls in critical software categories such as authentication, access control, validation, encoding, query parameterization, data protection, secure requirements, secure architecture and secure design.

    Provided By SecurityTube.net

  • Podcasts // Jan 2014

    Running At 99% Surviging An Application DoS

    Application-level Denial-of-Service (DoS) attacks are a threat to nearly everyone hosting content on the internet. DoS attacks are simple to launch, but can be difficult to defend against. Modern websites are a diverse set of moving parts, and a malicious actor only needs to find the point at which any...

    Provided By SecurityTube.net

  • Podcasts // Jan 2014

    Attacking CAPTCHAs for Fun and Profit

    CAPTCHAs are a potent mechanism to prevent web applications against automated form submissions. To analyze the strength of CAPTHA deployments on the internet, a research spanning hundreds of high traffic websites and several CAPTCHA service providers was conducted.

    Provided By SecurityTube.net

  • Podcasts // Jan 2014

    Application Security at DevOps Speed and Portfolio Scale

    Software development is moving much faster than application security with new platforms, languages, frameworks, paradigms, and methodologies like agile and Devops. Unfortunately, software assurance hasn't kept up with the times. Although the people making progress in application security, the gains are much slower than the stunning advances in software development.

    Provided By SecurityTube.net

  • Podcasts // Jan 2014

    Million Browser Botnet

    Online advertising networks can be a web hacker's best friend. For mere pennies per thousand impressions (that means browsers) there are service providers who allow the users' to broadly distribute arbitrary JavaScript - even malicious JavaScript. The users' are supposed to use this feature to show ads, to track users,...

    Provided By SecurityTube.net