From Security Weekly Wiki
Jump to navigationJump to search

Episode Media

Episode 322


Announcements & Shameless Plugs

PaulDotCom Security Weekly - Episode 325 for Thursday March 28th, 2013

  • Register for "Offensive Countermeasures: The Art Of Active Defense": SANSFIRE Washington, DC June 15-16th with John Strand
  • Come to Security BSides Rhode Island One-Day Conference on June 15th tickets are NOW ON SALE at WePay.com. Featured presentations from Josh Wright , Kevin Finisterre, Kati Rodzon and Mike Murray, Bruce Potter, Joe McCray,Ron Gula, Ben Jackson, Dave Maynor and the entire PaulDotCom crew!
  • The Stogie Geeks Show! - Kick some ash with the Stogie Geeks, Thursday nights at 8:30PM EST. Come have a cigar with us!

Guest Technical Segment: Simon Bennetts on OWASP Zed Attack Proxy v 2.0.0

Simon is a Mozilla Security Automation Engineer and ZAP Project Leader. He is also one of the founders of the OWASP Manchester chapter and the OWASP Data Exchange Format project.

From the OWASP site:

The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing. ZAP provides automated scanners as well as a set of tools that allow you to find security vulnerabilities manually.

Simon talks OWASP Zed Attack Proxy v 2.0.0

  1. What is the Zed Attack Proxy (ZAP)?
  2. How is it maintained?
  3. How is it different from other proxies, like Burp?
  4. Where do you see ZAP going in the future?
  5. What are ZAP's strengths and limitations?
  6. Are you working on any other OWASP projects?


  • We are in the process of archiving and cataloging our technical segments, please visit the PaulDotCom Technical Library and we indexed all of the interviews we have conducted. We are also working on updating all of the articles, so check the newsletter or if you want to help in exchange for some free guidance and security training please email me.
  • Larry teaching SANS SEC617 all over and coming to a city near you in 2013. It isn't too Late to sign up for my class in San Diego this May!


Paul's Stories

  1. Ubuntu low-mem install for VMs - Nice tip for running Ubuntu VMs. Having

multiple Ubuntu VMs is handy. I mean backtrack is nice. But sometimes you need to run stuff, like firmware analysis tools, vulnerable web applications , or other such software. This allows you to run different versions of Ubuntu as well.

  1. Passcode lock can be bypassed in iOS 6.1.3 as well - I mean really, come on! They just can't seem to lock this feature down.
  2. Remember Your Helmet - Great article about keeping security simple.
  3. Critical Flaw Threatens Millions of BIND Servers - Exploitation i

s easy, ah the memories of easily exploitable Bind vulnerabilities, TSIG anyone?

  1. Too Scared To Scan - Scan in development, use credential

ed scans, scanning is important, crashes happen.

  1. Oz states count cars using Bluetooth
  2. Network security study reveals 26
  3. Whoops! Tiny Bug In NetBSD 6.0 Code Ruins SSH Crypto Keys

Larry's Stories

Jack's Stories

  1. A Kickstarter for a documentary on Hackers in Uganda, Hackers for Charity. The producer of the hacker documentary "Code2600" has set his sights on documenting Johnny Long's work in Uganda.
  2. Kids these days
  3. A free "intro to computer science" course
  4. Stress
  5. [1]
  6. Forget CyberFUD, here's a DoS to worry about
  7. Another "kids hack their school to changes grades" story
  8. Too scared to scan
  9. The first of a new set of posts about better storytelling in business from Michael Santarcangelo, aka Security Catalyst part two is here

Allison's Stuff