From Paul's Security Weekly
Recorded May 20, 2019 at G-Unit Studios in Rhode Island!
- Register for our upcoming webcasts with ISC2 by going to securityweekly.com/webcasts . If you have missed any of our previously recorded webcasts, you can find our on-demand library at securityweekly.com/ondemand. Also, you can now submit your suggestions for guests in our recently released guest suggestion form! Go to securityweekly.com/guests and enter your suggestions!
- Security Weekly is returning to Vegas this August for BlackHat and DefCon! If you would like to request a briefing or sponsor an interview on-site at BlackHat, please go to securityweekly.com/booking and submit your request!
- Some of you told us that you are overwhelmed by the amount of content we distribute! To help you get selected topics you're interested in, join our new listener interest list! Sign up for a list and select your interests by visiting: securityweekly.com/subscribe and clicking the button to join the list! You can also now submit your suggestions for guests in our recently released guest suggestion form! Go to securityweekly.com/guests and enter your suggestions!
- Security Weekly will be at Hacker Halted in Atlanta, GA this October 10th-11th! EC-Council is offering our listeners a 15% discount to sit for any of their Bootcamp Courses or Workshops! Visit Securityweekly.com/hackerhalted to register now!
Interview: Ferruh Mavituna, Netsparker
- How do you discover all of the applications that you have, and more importantly what do you do once you've found them?
- From a discovery and scanning perspective, how do you handle in-house written applications vs. ones that you acquire?
- Prioritization, getting everything in one place, discovering what you have. It's quite common practice companies only focus on top 20% of critical apps and kind of ignore the rest.
- How much more to discover and how to automate after discovery?
- https://hbr.org/tip/2019/05/dont-let-your-expertise-narrow-your-perspective (adapted from)