From Paul's Security Weekly
Recorded November 27, 2019 at G-Unit Studios in Rhode Island!
- Join us at InfoSecWorld 2020 - March 30 - April 1, 2020 at the Disney Contemporary Resort! Security Weekly listeners save 15% off the InfoSec World Main Conference or World Pass! Visit securityweekly.com/ISW2020 and click the register button to register with our discount code!
- Attend RSA Conference 2020, February 24-28 and join thousands of security professionals, forward-thinking innovators and solution providers for five days of actionable learning, inspiring conversation and breakthrough ideas. Register before January 24 and save $900 on a Full Conference Pass. Save an extra $150 by going to securityweekly.com/rsac2020 and use our code to register!
- Our next webcast is February 13th with Sri Sundaralingam, Vice President, Product and Solutions Marketing at ExtraHop where we will discuss Cloud Native Network Detection and Response! Register for our upcoming webcasts by visiting securityweekly.com, selecting the webcast drop down from the top menu bar and clicking registration.
- Palo Alto Networks Announces Intent to Acquire Aporeto
- Cloudflare Open-Sources Network Vulnerability Scanner
- cPacket Networks to Offer Cloud Visibility Service with Google Cloud
- Secured Network Startup Perimeter 81 Raises $10 Million
- Qualys Brings its Market Leading Vulnerability Management Solution to the Next Level
- Attack Simulation Firm Cymulate Raises $15 Million
- Detectify Raises $23.7 Million in Series B Funding Round
Interview: Ken Belva, OpCode41
ITsecurity.com recognized him as one of the top information security influencers in 2007. In 2009, he was published in the Information Security Management Handbook, Sixth Edition, edited by Hal Tipton and Micki Krause. He also co-authored one of the central chapters in Enterprise Information Security and Privacy, edited by Warren Axelrod, Jennifer L. Bayuk and Daniel Schutzer. In 2006 he co-authored a paper entitled “Creating Business Through Virtual Trust: How to Gain and Sustain a Competitive Advantage Using Information Security” with Sam Dekay of The Bank of New York.
Mr. Belva also has a number of technical accomplishments. At the OWASP AppSec2013 conference BugCrowd validated three of the 0-day vulnerabilities he found in Yahoo, Yandex and Angelist within the first two days of BugBash2013. He has since been credited with finding a number of other vulnerabilities on websites such as Netflix, OKCupid, joomla, Honeywell and Verifone. He has also found vulnerabilities in Microsoft and IBM software. His work on Universal Plug and Play vulnerabilities was cited at two major security conferences, Defcon and CanSecWest. Mr. Belva has conducted blackbox testing through whitebox code reviews. He received a US Patent in 2016 for his ground-breaking cross-site scripting detection and automated exploit techniques. He is the Publisher and Editor-in-Chief of bloginfosec.com as well as an NYC OWASP Chapter Leader. In addition, he is an independent penetration tester, security researcher and owner of OpCode 41 Security, Inc., a cyber security software company focusing on developing IoT security solutions and other security technology.
Why is scanning for default credentials missing from the rest of the scanning vendors?
IoT Crusher: Testing for Default & Weak Credentials
The problem of default and weak credentials. Why they're still low hanging fruit after all these years. And new solutions to detecting default and weak credentials on the network.
Interview: Brendan O'Connor, Root Insurance