Security

Stay one step ahead of the hackers with strong security management, authentication, encryption and risk strategies.

  • Podcasts // May 2015

    Tap On, Tap Off: Onscreen Keyboards and Mobile Password Entry

    Password entry on mobile devices significantly impacts both usability and security, but there is a dearth of usable security research in this area, specifically for complex password entry. To address this research gap, the speaker set out to assign strength metrics to passwords for which they already had usability data,...

    Provided By SecurityTube.net

  • Podcasts // May 2015

    Unveiling the Kernel: Rootkit Discovery Using Selective Automated Kernel Memory Differencing

    As an increasing number of automated malware analysis systems become mainstream, the emphasis on the relevance of the data extracted from the analysis task increases. Conceptually, automated malware analysis systems provide information about a sample and also identify modifications caused by the sample to a computer system.

    Provided By SecurityTube.net

  • Podcasts // May 2015

    Migrating From Cisco ASA to Palo Alto Networks

    In this podcast, the speaker will show how easy it is to move to a next-generation security platform. The speaker also explains about the fundamental differences between Cisco ASA and Palo Alto Networks, and share migration best practices, examples and case studies.

    Provided By Palo Alto Medical Foundation

  • Podcasts // May 2015

    Duping the Machine - Malware Strategies, Post Sandbox Detection

    Sandboxes and automated analysis environments are key tools to combat the exponential growth of malware. There are a huge range of different solutions and they are used in a wide variety of situations throughout security companies and large IT departments across the globe.

    Provided By SecurityTube.net

  • Podcasts // May 2015

    Rethinking Mobile Security

    In this podcast, the speaker will discuss the changing threat landscape for mobile platforms, and how this drives a corresponding set of new requirements for security. Instead of being shackled to past principles and philosophies, learn about approaches to security that enable and extend (rather than restrict) access to mobile...

    Provided By Palo Alto Medical Foundation

  • Podcasts // May 2015

    VPN Pivoting With Cobalt Strike

    In this podcast, the speaker will discuss about VPN. It creates a network interface on the cobalt strike system and bridges this interface into the target's network. Through a covert VPN interface: the user system may sniff traffic on their target's network, act as a rogue server, or perform man-in-the-middle...

    Provided By SecurityTube.net

  • Podcasts // May 2015

    Warning Ahead: Security Storms are Brewing in Your JavaScript

    JavaScript controls the peoples' lives - they use it to zoom in and out of a map, to automatically schedule doctor appointments and to play online games. But have they ever properly considered the security state of this scripting language? Before dismissing the (in) security posture of JavaScript on the...

    Provided By SecurityTube.net

  • Podcasts // May 2015

    Ten Secrets to Secure Mobile Applications

    Many high profile mobile apps have been in the news for failures to use encryption, bad web service design, and privacy violations against users. Join them to get a grasp on how to threat model mobile applications and what the top vulnerabilities and solutions are for them.

    Provided By SecurityTube.net

  • Podcasts // May 2015

    Threat Modeling Made Interactive!

    Threat modeling is an important part of any secure development process. By identifying potential threats early in the development, the user can build effective mitigations into their system, rather than relying on costly patches and bug fixes. Existing techniques for modeling threats involve a whiteboard or some form of diagramming,...

    Provided By SecurityTube.net

  • Podcasts // May 2015

    Stop Chasing Vulnerabilities - Introducing Continuous Application Security

    For too long, application security has been \"Experts-only\" and practiced one-app-at-a-time. But modern software development, both technology and process, is mostly incompatible with this old approach and legacy appsec tools. Software development has been transformed by practices like continuous integration and continuous integration, and the time has come to bring...

    Provided By SecurityTube.net

  • Podcasts // May 2015

    Mobile Security Attacks: A Glimpse From the Trenches

    Hackers today apply covert and persistent techniques to attack mobile devices. In this podcast, the speaker will explain about the latest threats on mobile devices from the team who uncovered iOS malicious profiles and HTTP request hijacking. The speaker will describe and demonstrate emerging mobile security threats: from physical, through...

    Provided By SecurityTube.net

  • Podcasts // May 2015

    Reversing Engineering a Web Application - For Fun, Behavior and WAF Detection

    Screening HTTP traffic can be something really tricky and attacks to applications are becoming increasingly complex day-by-day. By analyzing thousands upon thousands of infections, the speaker noticed that regular blacklisting is increasingly failing and started research on a new approach to mitigate the problem. Initially reverse engineering the most popular...

    Provided By SecurityTube.net

  • Podcasts // May 2015

    Catch Me If You Can: Building a Web Malware Analyzer Using Machine Learning

    With close to 10,000 new, legitimate websites being added to the Google malware blacklist every day, it's clear that infecting websites to spread malware has become the go-to choice for malicious hackers. In this podcast, the speaker will focus on how the problem is evolving, how websites are getting infected...

    Provided By SecurityTube.net

  • Podcasts // May 2015

    From the Ground Up

    In this podcast, the speaker will explain about the continuation of that proof and is aimed at developers to help them detect security vulnerabilities using live source-sink analysis. It is dependent on the code coverage and not aimed to be used in a production environment.

    Provided By SecurityTube.net

  • Podcasts // May 2015

    The DevOps of Everything

    Although the movement started out as a problem statement to solve developer and operations collaboration, it quickly moved into other disciplines such as security, networking and storage. In this podcast, the speaker will take a look at the DevOps affect on things like converged infrastructure, software defined networking, software defined...

    Provided By SecurityTube.net

  • Podcasts // May 2015

    Where the Security Rubber Meets the DevOps Road

    DevOps is a natural evolution of agile, lean, continuous integration and other patterns common amongst high performers and continuous process improvement. As someone who has helped dozens of organizations get started with DevOps patterns and tool chains, in this podcast, the speaker will explain where people get started - and...

    Provided By SecurityTube.net

  • Podcasts // May 2015

    Autoscaling Web Application Security in the Cloud

    Securing web applications has placed extreme demands on security professionals - in addition to understanding attack patterns and defense tactics, effectively protecting web apps requires some level of programming and database management expertise. With broad adoption of public clouds, this bar is rising once again. Today's cloud enabled applications scale-up...

    Provided By SecurityTube.net

  • Podcasts // May 2015

    Cloud Security at Scale and What It Means for Your Application

    Cloud computing is all the rage, but few organizations have really thought about what security means for their applications and networks in cloud-centric deployments. Netflix is amongst the largest users of public cloud resources and consumes roughly 1/3 of all the US's downstream broadband at peak. In this podcast, the...

    Provided By SecurityTube.net

  • Podcasts // May 2015

    Bringing a Machete to the Amazon

    With concrete examples and new techniques in this podcast, the speaker will explore \"Full stack\" vulnerabilities and their effect on security and how they create new pitfalls when migrating to and operating in an Amazon Web Services (AWS) world. From the simple (checking in the user AWS credentials to github...

    Provided By SecurityTube.net

  • Podcasts // May 2015

    Top 10 Web Hacking Techniques of 2013

    Every year the security community produces a stunning number of new Web hacking techniques that are published in various white papers, blog posts, magazine articles, mailing list emails, conference presentations, etc. Within the thousands of pages are the latest ways to attack websites, Web browsers, Web proxies, and their mobile...

    Provided By SecurityTube.net

  • Podcasts // May 2015

    Runtime Manipulation of Android and iOS Applications

    With over 1.6 million applications in the Apple AppStore and Google Play store, and around 7 billion mobile subscribers in the world, mobile application security has been shoved into the forefront of many organizations. Mobile application security encompasses many facets of security. Device security, application security, and network security all...

    Provided By SecurityTube.net

  • Podcasts // May 2015

    Static Analysis for Dynamic Assessments

    Today's dynamic and static web vulnerability scanners are capable of analyzing complex web applications for security weaknesses. They automate testing of much common vulnerability. However, there is a gap between static and dynamic scanners. They find different vulnerabilities. So why aren't dynamic testers running static tools? Typically, they don't have...

    Provided By SecurityTube.net

  • Podcasts // May 2015

    Use After Free Exploitation

    Use after free vulnerabilities is the cause of a large number of web browser and client-side compromises. Software bugs residing on the heap can be difficult to detect through standard debugging and QA. In this podcast, the speaker will first define the use after free vulnerability class, and then dive...

    Provided By SecurityTube.net

  • Podcasts // May 2015

    Building Your Application Security Data Hub: The Imperative for Structured Vulnerability Information

    One of the reasons application security is so challenging to address is that it spans multiple teams within an organization. Development teams build software, security testing teams find vulnerabilities, security operations staff manage applications in production and IT audit organizations make sure that the resulting software meets compliance and governance...

    Provided By SecurityTube.net

  • Podcasts // May 2015

    Lean Security for Small or Medium Sized Business

    For a Small or Medium sized Business (SMB) the fallout from a security or privacy incident can be at best a PR nightmare. At their worst it can cause irrecoverable damage and end the users business by impacting sales or ad revenue. The user base may take a hit. The...

    Provided By SecurityTube.net

  • Podcasts // May 2015

    IEEE Computer Society's Center for Secure Design: Helping You Design More Secure Software

    The IEEE computer society's CSD (Center for Secure Design) was formed in 2014 with the goal of identifying common design flaws and creating tools or design patterns so architects and developers can avoid introducing those design flaws into software. The CSD aims to create artifacts to aid in the analysis...

    Provided By SecurityTube.net

  • Podcasts // May 2015

    Anatomy of Memory Scraping, Credit Card Stealing POS Malware

    Learn the nuts-and-bolts of how a memory scraping, credit card stealing Point-Of-Sale (POS) malware works and identify strategies that the user can implement to make it hard for the bad guys. Sensitive information, like credit card numbers, are encrypting on disk and also during transit. But the one place where...

    Provided By SecurityTube.net

  • Podcasts // May 2015

    Project Monterey or How We Learned to Stop Worrying and Love the Cloud

    At Netflix developers deploy code hundreds of times a day. Each code push could be a production canary taking only a percentage of the total requests or a test determining which new feature is improving customer experience the best. The large number of applications along with multiple concurrent code bases...

    Provided By SecurityTube.net

  • Podcasts // May 2015

    Red Phish, Blue Phish: Improved Phishing Detection Using Perceptual Hashing

    While lacking the sex appeal of memory corruption based attacks, phishing remains a problem for many end users. Defenses against phishing have not advanced significantly. The speakers will discuss current approaches to phishing detection, and present a new one along with accompanying tool. They will discuss several perceptual hashing algorithms,...

    Provided By SecurityTube.net

  • Podcasts // May 2015

    Blended Web and Database Attacks on Real-time, In-Memory Platforms

    It is well known there is a race going on in the \"Big data\" arena. One of the stronger competitors in the \"Big data\" market is real-time, in-memory platforms. An interesting thing about this platform and, the one the speakers will explain about specifically, is that it blends everything to...

    Provided By SecurityTube.net

  • Podcasts // May 2015

    Security Header Injection Module (SHIM)

    Client-side security headers are useful countermeasures for man-in-the-middle, clickjacking, XSS, MIME-type sniffing, and data caching vulnerabilities. In this podcast, the speakers will review several security headers (e.g. strict-transport-security, X-frame-options, X-XSS-protection, content-security-policy, and X-content-type-options) and the various options available for each header.

    Provided By SecurityTube.net

  • Podcasts // May 2015

    iOS App Integrity: Got Any?

    iOS apps are vulnerable to static analysis and attack through binary code patching. Incorporating jailbreak and debugger detection algorithms can be rendered useless with a quick binary patch. Once patched the app can be further exploited, its app data stolen, and even cloned.

    Provided By SecurityTube.net

  • Podcasts // May 2015

    Hacking the Oracle Application Framework: A Case Study in Deep-Dive Pen Testing

    The Oracle Application Framework (OAF) is the base of dozens of Oracle's web-based business applications (the e-business suite) and is used by many other organizations to develop their own in-house applications. Last year, the speaker published a major vulnerability (CVE-2013-xxxx) in the framework that allowed inspect inspection of run-time data.

    Provided By SecurityTube.net

  • Podcasts // May 2015

    Headless Browser Hide and Seek

    Headless browsers have quietly become indispensable tools for security teams, researchers, and attackers focusing on web applications. Tools like PhantomJS enable anyone to interact with highly dynamic websites to find vulnerabilities, performance bottlenecks, and even automate attacks. This webcast will dive into the offensive use of these tools, and how...

    Provided By SecurityTube.net

  • Podcasts // May 2015

    Modernizing Network Security in SCADA and Industrial Control Systems

    In this podcast, the speaker will discuss the nature of both existing and emerging cyber threats to ICS and why asset owners need to pay attention to them, strategies and frameworks for defending the user's ICS against these threats and next-generation technologies that enable fine-grain visibility, role-based access control, and...

    Provided By Palo Alto Medical Foundation

  • Podcasts // May 2015

    How Evolved \"419 Scammers\" Are Targeting the Enterprise

    In this podcast, the speaker will focus on these key takeaways: Remote Administration Tools (RATs) such as NetWire, that provide complete control over infected systems, silver spaniel attacks are specifically designed to evade traditional antivirus programs and indicators of compromise were observed for the NetWire RAT, and unit 42 recommends...

    Provided By Palo Alto Medical Foundation

  • Podcasts // May 2015

    Hiding in Plain Sight - What's Really Happening on Your Network

    Today's cyber threats hide in plain sight amidst the user's network traffic, making them nearly impossible to defend against. In this podcast, the speaker will analyze the intertwined relationship between cyber attacks and applications based on recent data collected from over 2,200 networks. The speaker also gives information on how...

    Provided By Palo Alto Medical Foundation

  • Podcasts // May 2015

    CryptoLocker - The Ransomware Trojan

    The CryptoLocker malware encrypts certain files with a private key and demands payment to regain access to the files. In this podcast, the speaker will presents deep dive into CryptoLocker and looks at the latest information around what is called one of the two most sophisticated and destructive forms of...

    Provided By SecurityTube.net

  • Podcasts // May 2015

    Digging Deeper Into the IE Vulnerability

    Web browser vulnerabilities remain a fertile ground for hackers to harvest and mount attacks. Latest vulnerabilities found in Internet Explorer (IE) and urgent response from Microsoft highlights the fact that despite end of life announcements for old and less secure products, millions of users remain exposed to threats.

    Provided By SecurityTube.net

  • Podcasts // May 2015

    McKesson Cloud Automation Podcast

    Download the podcast on how McKesson accomplished a multi-year, pan-IT management transformation. Learn how McKesson's performance journey, from 2005 to the present, has enabled it to better leverage an agile, hybrid cloud model. How McKesson gained a standardized services orientation to achieve agility in deploying its many active applications is...

    Provided By Hewlett-Packard (HP)

  • Podcasts // May 2015

    Manually Removing Viruses and Malware from Windows 7

    Getting a virus on the users' computer is a pain and they are becoming ever more difficult to remove. In this podcast, the speaker explains manually and safely removing viruses and malware from the users' computer without damaging their files or windows itself.

    Provided By O'Reilly

  • Podcasts // May 2015

    Use Cobalt Strike's Payloads with Veil's Evasion

    The Veil framework is a collection of red team tools, focused on evading detection. In this podcast, the speaker shows how to use Veil Evasion to generate an anti-virus safe payload that delivers Cobalt Strike's Beacon payload. The method allows Veil to take advantage of Cobalt Strike's custom shellcode to...

    Provided By SecurityTube.net

  • Podcasts // May 2015

    Digging Deeper Into the IE Vulnerability

    Web browser vulnerabilities remain a fertile ground for hackers to harvest and mount attacks. Latest vulnerabilities found in Internet Explorer (IE) and urgent response from Microsoft highlights the fact that despite end of life announcements for old and less secure products, millions of users remain exposed to threats.

    Provided By SecurityTube.net

  • Podcasts // May 2015

    CryptoLocker - The Ransomware Trojan

    The CryptoLocker malware encrypts certain files with a private key and demands payment to regain access to the files. In this podcast, the speaker will presents deep dive into CryptoLocker and looks at the latest information around what is called one of the two most sophisticated and destructive forms of...

    Provided By SecurityTube.net

  • Podcasts // May 2015

    AirSnare - Intrusion Detection Software for Windows

    In this podcast, the speaker explains about the AirSnare. It helps the user will learn about how to use AirSnare tool for Intrusion Detection System (IDS) setup. AirSnare is a very powerful and very useful for network IDS.

    Provided By SecurityTube.net

  • Podcasts // May 2015

    Kippo-SSH Honeypot and Kippo-Graphs

    In this podcast, the speaker shows how to set up and enable an SSH honeypot on the default port of 22 and move the actual SSH service to a different port. Also they set an IP tables rule to redirect incoming traffic on port 22 to the honeypot which is...

    Provided By SecurityTube.net

  • Podcasts // May 2015

    Panic! Hysteria! No Malware Required!

    Security is no longer something the user's organization can have complete control over. In this podcast, the speaker will demonstrate how most large corporations can be compromised in moments, even without phishing. The speaker also discusses how many attackers are moving away from exploits and malware.

    Provided By SecurityTube.net

  • Podcasts // May 2015

    Sick Anti Forensics Mechanisms in the Wild

    In this podcast, the speaker explains about malware analysis. The extraction of runtime behavior of malicious code to understand: how it works, how to identify it, how to defeat or eliminate it. The value is supply signatures (IOCs) to detect systems and provide evidence for recovery and cleanup.

    Provided By SecurityTube.net

  • Podcasts // May 2015

    Hacking with Python 3 - Zip Password Cracker

    In this podcast, the speaker explains about how to crack ZIP password using python script. This speaker also teaches the user how to create their own tool using python programming language.

    Provided By SecurityTube.net

  • Podcasts // May 2015

    OWASP PHP Security

    OWASP PHP security project is an effort by a group of PHP developers in securing PHP web applications, using a collection of decoupled flexible secure PHP libraries, as well as a collection of PHP tools.

    Provided By SecurityTube.net

  • Podcasts // May 2015

    VPN Pivoting With Cobalt Strike

    In this podcast, the speaker will discuss about VPN. It creates a network interface on the cobalt strike system and bridges this interface into the target's network. Through a covert VPN interface: the user system may sniff traffic on their target's network, act as a rogue server, or perform man-in-the-middle...

    Provided By SecurityTube.net

  • Podcasts // May 2015

    Migrating From Cisco ASA to Palo Alto Networks

    In this podcast, the speaker will show how easy it is to move to a next-generation security platform. The speaker also explains about the fundamental differences between Cisco ASA and Palo Alto Networks, and share migration best practices, examples and case studies.

    Provided By Palo Alto Medical Foundation

  • Podcasts // May 2015

    Rethinking Mobile Security

    In this podcast, the speaker will discuss the changing threat landscape for mobile platforms, and how this drives a corresponding set of new requirements for security. Instead of being shackled to past principles and philosophies, learn about approaches to security that enable and extend (rather than restrict) access to mobile...

    Provided By Palo Alto Medical Foundation

  • Podcasts // May 2015

    Modernizing Network Security in SCADA and Industrial Control Systems

    In this podcast, the speaker will discuss the nature of both existing and emerging cyber threats to ICS and why asset owners need to pay attention to them, strategies and frameworks for defending the user's ICS against these threats and next-generation technologies that enable fine-grain visibility, role-based access control, and...

    Provided By Palo Alto Medical Foundation

  • Podcasts // May 2015

    How Evolved \"419 Scammers\" Are Targeting the Enterprise

    In this podcast, the speaker will focus on these key takeaways: Remote Administration Tools (RATs) such as NetWire, that provide complete control over infected systems, silver spaniel attacks are specifically designed to evade traditional antivirus programs and indicators of compromise were observed for the NetWire RAT, and unit 42 recommends...

    Provided By Palo Alto Medical Foundation

  • Podcasts // May 2015

    Hiding in Plain Sight - What's Really Happening on Your Network

    Today's cyber threats hide in plain sight amidst the user's network traffic, making them nearly impossible to defend against. In this podcast, the speaker will analyze the intertwined relationship between cyber attacks and applications based on recent data collected from over 2,200 networks. The speaker also gives information on how...

    Provided By Palo Alto Medical Foundation

  • Podcasts // May 2015

    A Look at \"Bring Your Own\" Devices in the Enterprise

    In this podcast, the speaker explains about how empowered workers are driving the desktop revolution and how new, alternative devices are accelerating the need for BYO deployments. Learn how desktop virtualization plays a critical role in enabling BYO and gain insight into considerations and best practices for successfully implementing a...

    Provided By Citrix Systems

  • Podcasts // May 2015

    Building Your Application Security Data Hub: The Imperative for Structured Vulnerability Information

    One of the reasons application security is so challenging to address is that it spans multiple teams within an organization. Development teams build software, security testing teams find vulnerabilities, security operations staff manage applications in production and IT audit organizations make sure that the resulting software meets compliance and governance...

    Provided By SecurityTube.net

  • Podcasts // May 2015

    Lean Security for Small or Medium Sized Business

    For a Small or Medium sized Business (SMB) the fallout from a security or privacy incident can be at best a PR nightmare. At their worst it can cause irrecoverable damage and end the users business by impacting sales or ad revenue. The user base may take a hit. The...

    Provided By SecurityTube.net

  • Podcasts // May 2015

    IEEE Computer Society's Center for Secure Design: Helping You Design More Secure Software

    The IEEE computer society's CSD (Center for Secure Design) was formed in 2014 with the goal of identifying common design flaws and creating tools or design patterns so architects and developers can avoid introducing those design flaws into software. The CSD aims to create artifacts to aid in the analysis...

    Provided By SecurityTube.net

  • Podcasts // May 2015

    Anatomy of Memory Scraping, Credit Card Stealing POS Malware

    Learn the nuts-and-bolts of how a memory scraping, credit card stealing Point-Of-Sale (POS) malware works and identify strategies that the user can implement to make it hard for the bad guys. Sensitive information, like credit card numbers, are encrypting on disk and also during transit. But the one place where...

    Provided By SecurityTube.net

  • Podcasts // May 2015

    Project Monterey or How We Learned to Stop Worrying and Love the Cloud

    At Netflix developers deploy code hundreds of times a day. Each code push could be a production canary taking only a percentage of the total requests or a test determining which new feature is improving customer experience the best. The large number of applications along with multiple concurrent code bases...

    Provided By SecurityTube.net

  • Podcasts // May 2015

    Red Phish, Blue Phish: Improved Phishing Detection Using Perceptual Hashing

    While lacking the sex appeal of memory corruption based attacks, phishing remains a problem for many end users. Defenses against phishing have not advanced significantly. The speakers will discuss current approaches to phishing detection, and present a new one along with accompanying tool. They will discuss several perceptual hashing algorithms,...

    Provided By SecurityTube.net

  • Podcasts // May 2015

    Blended Web and Database Attacks on Real-time, In-Memory Platforms

    It is well known there is a race going on in the \"Big data\" arena. One of the stronger competitors in the \"Big data\" market is real-time, in-memory platforms. An interesting thing about this platform and, the one the speakers will explain about specifically, is that it blends everything to...

    Provided By SecurityTube.net

  • Podcasts // May 2015

    Security Header Injection Module (SHIM)

    Client-side security headers are useful countermeasures for man-in-the-middle, clickjacking, XSS, MIME-type sniffing, and data caching vulnerabilities. In this podcast, the speakers will review several security headers (e.g. strict-transport-security, X-frame-options, X-XSS-protection, content-security-policy, and X-content-type-options) and the various options available for each header.

    Provided By SecurityTube.net

  • Podcasts // May 2015

    iOS App Integrity: Got Any?

    iOS apps are vulnerable to static analysis and attack through binary code patching. Incorporating jailbreak and debugger detection algorithms can be rendered useless with a quick binary patch. Once patched the app can be further exploited, its app data stolen, and even cloned.

    Provided By SecurityTube.net

  • Podcasts // May 2015

    Hacking the Oracle Application Framework: A Case Study in Deep-Dive Pen Testing

    The Oracle Application Framework (OAF) is the base of dozens of Oracle's web-based business applications (the e-business suite) and is used by many other organizations to develop their own in-house applications. Last year, the speaker published a major vulnerability (CVE-2013-xxxx) in the framework that allowed inspect inspection of run-time data.

    Provided By SecurityTube.net

  • Podcasts // May 2015

    Headless Browser Hide and Seek

    Headless browsers have quietly become indispensable tools for security teams, researchers, and attackers focusing on web applications. Tools like PhantomJS enable anyone to interact with highly dynamic websites to find vulnerabilities, performance bottlenecks, and even automate attacks. This webcast will dive into the offensive use of these tools, and how...

    Provided By SecurityTube.net

  • Podcasts // May 2015

    Warning Ahead: Security Storms are Brewing in Your JavaScript

    JavaScript controls the peoples' lives - they use it to zoom in and out of a map, to automatically schedule doctor appointments and to play online games. But have they ever properly considered the security state of this scripting language? Before dismissing the (in) security posture of JavaScript on the...

    Provided By SecurityTube.net

  • Podcasts // May 2015

    Ten Secrets to Secure Mobile Applications

    Many high profile mobile apps have been in the news for failures to use encryption, bad web service design, and privacy violations against users. Join them to get a grasp on how to threat model mobile applications and what the top vulnerabilities and solutions are for them.

    Provided By SecurityTube.net

  • Podcasts // May 2015

    Threat Modeling Made Interactive!

    Threat modeling is an important part of any secure development process. By identifying potential threats early in the development, the user can build effective mitigations into their system, rather than relying on costly patches and bug fixes. Existing techniques for modeling threats involve a whiteboard or some form of diagramming,...

    Provided By SecurityTube.net

  • Podcasts // May 2015

    Stop Chasing Vulnerabilities - Introducing Continuous Application Security

    For too long, application security has been \"Experts-only\" and practiced one-app-at-a-time. But modern software development, both technology and process, is mostly incompatible with this old approach and legacy appsec tools. Software development has been transformed by practices like continuous integration and continuous integration, and the time has come to bring...

    Provided By SecurityTube.net

  • Podcasts // May 2015

    Mobile Security Attacks: A Glimpse From the Trenches

    Hackers today apply covert and persistent techniques to attack mobile devices. In this podcast, the speaker will explain about the latest threats on mobile devices from the team who uncovered iOS malicious profiles and HTTP request hijacking. The speaker will describe and demonstrate emerging mobile security threats: from physical, through...

    Provided By SecurityTube.net

  • Podcasts // May 2015

    Reversing Engineering a Web Application - For Fun, Behavior and WAF Detection

    Screening HTTP traffic can be something really tricky and attacks to applications are becoming increasingly complex day-by-day. By analyzing thousands upon thousands of infections, the speaker noticed that regular blacklisting is increasingly failing and started research on a new approach to mitigate the problem. Initially reverse engineering the most popular...

    Provided By SecurityTube.net

  • Podcasts // May 2015

    Catch Me If You Can: Building a Web Malware Analyzer Using Machine Learning

    With close to 10,000 new, legitimate websites being added to the Google malware blacklist every day, it's clear that infecting websites to spread malware has become the go-to choice for malicious hackers. In this podcast, the speaker will focus on how the problem is evolving, how websites are getting infected...

    Provided By SecurityTube.net

  • Podcasts // May 2015

    From the Ground Up

    In this podcast, the speaker will explain about the continuation of that proof and is aimed at developers to help them detect security vulnerabilities using live source-sink analysis. It is dependent on the code coverage and not aimed to be used in a production environment.

    Provided By SecurityTube.net

  • Podcasts // May 2015

    The DevOps of Everything

    Although the movement started out as a problem statement to solve developer and operations collaboration, it quickly moved into other disciplines such as security, networking and storage. In this podcast, the speaker will take a look at the DevOps affect on things like converged infrastructure, software defined networking, software defined...

    Provided By SecurityTube.net

  • Podcasts // May 2015

    Where the Security Rubber Meets the DevOps Road

    DevOps is a natural evolution of agile, lean, continuous integration and other patterns common amongst high performers and continuous process improvement. As someone who has helped dozens of organizations get started with DevOps patterns and tool chains, in this podcast, the speaker will explain where people get started - and...

    Provided By SecurityTube.net

  • Podcasts // May 2015

    Autoscaling Web Application Security in the Cloud

    Securing web applications has placed extreme demands on security professionals - in addition to understanding attack patterns and defense tactics, effectively protecting web apps requires some level of programming and database management expertise. With broad adoption of public clouds, this bar is rising once again. Today's cloud enabled applications scale-up...

    Provided By SecurityTube.net

  • Podcasts // May 2015

    Cloud Security at Scale and What It Means for Your Application

    Cloud computing is all the rage, but few organizations have really thought about what security means for their applications and networks in cloud-centric deployments. Netflix is amongst the largest users of public cloud resources and consumes roughly 1/3 of all the US's downstream broadband at peak. In this podcast, the...

    Provided By SecurityTube.net