From Security Weekly Wiki
Jump to navigationJump to search

Paul's Security Weekly - Episode 422 - 6:00PM

Episode Media


Intro, Sponsors & Announcements


[Cut to Paul Live Shot]

This week we interview Ferruh Mavituna, CEO of Netsparker to talk about web application scanning, Apollo joins us in studio to discuss security for startups, and this week's stories include the crowd favorites: Wordpress vulnerabilities and exploiting home routers!

[Cut to Larry Live shot]


Broadcasting live from G Unit Studios in Rhode Island, the show where exploits run wild, packets aren’t the only things getting sniffed, and the cocktails flow steady its Paul’s Security Weekly!

[Cut to sponsor logo]

  • Brought to you by Pwnie Express - Check out the community edition and turn your Nexus 7 into a lean and mean pen testing machine. For all those hard to reach places, there's Pwnie Express, visit them on the web at http://pwnieexpress.com
  • 'And by Netsparker, the developers of the ONLY false positive free web application security scanners, enabling you to automatically identify vulnerabilities and security flaws in all your websites, web applications and web services. Netsparker scanners are available in two editions, Netsparker Desktop and Netsparker Cloud, the enterprise level online scanning service. For more information visit their website on https//www.netsparker.com/securityweekly/

[Cut to security weekly logo]

Now, fire up a packet capture, pour yourself a beer, and give the intern control of your botnet...

[Cut to live shot of Paul]

Larry: Here's your host, a man who changes your paradigm....with glitter....Paul Asadoorian!"

Paul: Hello everyone and welcome to Paul's Security Weekly - Episode 422 for Thursday June 11th, 2015

  • Introduce hosts and guests


[Cut to Announcement graphics]

  • Ready to learn Combat Firmware Analysis? Register for my Blackhat course "Embedded Device Security Assessments", a 2-day hosted class at Blackhat Las Vegas. Registration includes breakfast, lunch, and access to the Blackhat Briefings Business Hall, Sponsor Workshops, Sponsor Sessions, and Arsenal! Visit http://securityweekly.com/iot to register today!

[Cut to shot on Paul]

Guest Interview: Ferruh Mavituna - 6:05PM-6:45PM

EmbedVideo received the bad id "8xXR4-K-PyE"" for the service "youtube".


CEO / Product Architect Ferruh Mavituna has been working in the application security industry for well over a decade and his ambition to ease the process of automatically detecting web application vulnerabilities led him to build Netsparker, and pursued it to the point of commercial reality. Ferruh is also the Netsparker’s Product Architect.


  1. Twitter


Five Questions

  1. Three words to describe yourself.
  2. If you were a serial killer, what would be your weapon of choice?
  3. If you wrote a book about yourself, what would the title be?
  4. In the popular game of ass grabby-grabby, do you prefer to go first or second?
  5. Choose two celebrities to be your parents.


[Cut to Paul]

  1. If you are working in IT and you want to get into security what are some tips you have for folks?
  2. Which certifications carry the most weight in terms of getting a job in security?

Segment: Security For Startups 6:45PM-7:15PM

EmbedVideo received the bad id "fSMktOnvceU"" for the service "youtube".
  • And by Onapsis the leading provider of solutions to protect ERP systems from cyber-attacks. Customers can secure their SAP and Oracle business-critical platforms from espionage, sabotage and financial fraud risks. Visit them on the web at http://www.onapsis.com/


  • What challenges do startups face when it comes to security?

Stories of the Week - 7:15PM-8:00PM

[Play music, Cut to sponsor logo, THEN START RECORDING]

EmbedVideo received the bad id "SrdBp1AeRso"" for the service "youtube".


  • Brought to you by Black Hills Information Security, the leaders in penetration testing and active defense. Email consulting@blackhillsinfosec.com to request a quote today!
  • This segment is sponsored by The SANS institute the most trusted source for computer security training, certification and research. visit www.sans.org to learn more
  • And by Tenable Network Security, creators of Nessus, the world's best vulnerability scanner! Jumpstart your security program today and evaluate SecurityCenter CV, THE continuous monitoring solution. www.tenable.com


[Cut to announcement Graphics] Larry teaching SANS 617 Wireless Ethical Hacking and Defense coming up in Las Vegas, NV, September 14-19, and lots more places so be certain to check the SANS web site for more course offerings!

[End Music]

Paul's Stories

  1. Americans Resigned To Giving Up Their Privacy
  2. Hacker Can Send Fatal Dose To Hospital Drug Pumps
  3. iOS 9 Users To Use 6 Digit Passcodes And 2-Step Auth
  4. Who's behind mysterious flights over US cities? FBI - CSMonitor.com
  5. USA Freedom Act Passes: What We Celebrate
  6. Nmap Development: Sourceforge Hijacks the Nmap Sourceforge Account
  7. Users with weak SSH keys had access to GitHub repositories for popular projects | ITworld
  8. Full Disclosure: More than 60 undisclosed vulnerabilities affect 22 SOHO routers
  9. OpenSesame - hacking garages in seconds
  10. Apple Moving to 2FA
  11. The Promises And Perils Of The Healthcare Internet Of Things
  12. [webapps - WordPress zM Ajax Login & Register Plugin 1.0.9 Local File Inclusion]
  13. [webapps - Wordpress Really Simple Guest Post <= 1.0.6 - File Include]
  14. What's the state of iPhone PIN guessing
  15. [webapps - WordPress Encrypted Contact Form Plugin 1.0.4 - CSRF Vulnerability]