Difference between revisions of "Episode168"

From Security Weekly Wiki
Jump to navigationJump to search
Line 25: Line 25:
 
Ryan on [http://twitter.com/ethicalhack3r  twitter]
 
Ryan on [http://twitter.com/ethicalhack3r  twitter]
  
Ryan is a full(!) time student at Northumbria University's School of Computing, Engineering and Information Sciences doing a BSc (hons) in Ethical Hacking for Computer Security.
+
Ryan is a full(!) time student at Northumbria University's School of Computing (UK), Engineering and Information Sciences doing a BSc (hons) in Ethical Hacking for Computer Security.
  
 +
Damn Vulnerable Web App (DVWA) is a PHP/MySQL web application that is damn vulnerable. Its main goals are to be light weight, easy to use and full of vulnerabilities to exploit. It is used to learn or teach the art of web application security.
  
Damn Vulnerable Web App (DVWA) is a PHP/MySQL web application that is damn vulnerable. Its main goals are to be light weight, easy to use and full of vulnerabilities to exploit. It is used to learn or teach the art of web application security.
+
Questions for Ryan:
 +
 
 +
#How did you get your start in information security?
 +
#What made you develop DWVA?
 +
#Who do you follow on Twitter?
 +
#
  
 
= Tech Segment:  =
 
= Tech Segment:  =

Revision as of 18:53, 17 September 2009


Sponsors

  • Tenable Network Security - This episode sponsored by Tenable network security. Tenable is a developer of enterprise vulnerability, compliance and log management software, but most notably the creators of Nessus, the worlds best vulnerability scanner. Tenable Security Center software extends the power of Nessus through reporting, remediation workflow, IDS event correlation and much more. Tenable also offers a Nessus Professional Feed to detect vulnerabilities in your network today! Tenable – Unified Security Monitoring!
  • Core Security - This episode is also sponsored by Core Security Technologies, helping you penetrate your network. Now version 10.0 with WiFi-fu good to go! Rock out with your 'sploit out! Listen to this podcast and qualify to receive a 10% discount on Core Impact, the worlds best penetration testing tool.
  • Trustwave Spiderlabs - Trustwave's SpiderLabs - providing advanced information security services to planet Earth. Visit them online at trustwave.com/spiderlabs!

Shameless Plugs & General Announcements

PaulDotCom Security Weekly - Episode 168 - For Thursday September 17th, 2009

  • We're looking for two^h^h^h one interns^h - local to the Rhode Island area, listen to the podcast, into linux, able to lift 30 lbs, and if possible, willing to perform post-production work on the podcast. If that description sounds like you, please send us a note via psw [at] pauldotcom [dot com]
  • The Louisville Metro InfoSec Conference in lucky Louisville offers John Strand as Keynote and serves PaulDotCom Asadoorian as Breakout Speaker. If that were not enough, they will also have a Capture The Flag event and Irongeek! All the above for the very low price of $99 on October 8th.
  • Community SANS: Sec 542 Web Application Penetration Testing - SANS is pleased to announce Community SANS Providence, running January 11 - 16. Larry will teach Security 542: Web Application Penetration Testing and Ethical Hacking. The course will be hosted by Brown University. Also coming up, 617 on Calgary sometime in March!
  • Rochester Security Summit - Larry and Ed Skoudis to give Keynotes. What can get better than that? October 28 - 29 in Rochester NY!

Interview: Ryan Dewhurst is damn proud of how vulnerable his web apps are)

Ryan's website: www.ethicalhack3r.co.uk

Ryan's tools

Ryan on twitter

Ryan is a full(!) time student at Northumbria University's School of Computing (UK), Engineering and Information Sciences doing a BSc (hons) in Ethical Hacking for Computer Security.

Damn Vulnerable Web App (DVWA) is a PHP/MySQL web application that is damn vulnerable. Its main goals are to be light weight, easy to use and full of vulnerabilities to exploit. It is used to learn or teach the art of web application security.

Questions for Ryan:

  1. How did you get your start in information security?
  2. What made you develop DWVA?
  3. Who do you follow on Twitter?

Tech Segment:

Stories For Discussion

  1. Chat-in-the-middle - [Larry] - Wow, don't believe anything you read, and half of what you see. Now, Phishers are spawning up those nice web chat assistance windows to help you give them the keys to your account. Nice.
  2. Do not go to this site - [Larry] - I'm really glad these guys are putting this project together, as there aren;t a lot of good resources on teaching/learning social engineering. So far the info and resources are great, and will evolve in time. I wonder if they have plans to include defensive measures….
  3. Got Bots? - [Larry] - The IETF has released a document entitled "Recommendations for the Remediation of Bots in ISP Networks". Talks about what to do, and how to notify customers and manage. One might even adopt this for internal practices as well….
  4. For the love of all that is holy! - [Larry] - OK, who spent the time finding XSS at this site? I mean, sometimes security is a dirty job, but for fun?
  5. So, are we going to take this SCADA Stuff seriously? - [Larry] - Ok, so China is speculating that taking out a smaller power operation can have larger effects. Sounds like a parallel to attacking computer systems, and not just the power grid.
  6. Albert Gonzalez pleads guilty to New England attacks - [MikeP.] - 130 Million credit cards later, the Feds allegedly have their man.

Other Stories Of Interest