From Security Weekly Wiki
Jump to navigationJump to search

Paul's Security Weekly - Episode 483

Recorded: September 29, 2016

Episode Audio

[] Coming Soon


  • Visit http://securityweekly.com/hotseat for the latest edition happening on Sept 13th 2PM EST, register today! We wile sit down with Yolonda Smith, Director of Product Management with Pwnie Express. We will dig into the shift in the number, types, and ownership of devices showing up on enterprise networks, and how you can protect your company from new threats from these devices. We will also get into some cool tech for monitoring and securing your enterprise from wireless, bluetooth, cellular and even good old wired device threats.
  • Make sure you visit http://securityweekly.com/subscribe and subscribe to our new shows including Enterprise Security Weekly and Startup Security Weekly. You can also subscribe to all shows individually, as well as a main feed which contains this show, Hack Naked TV and Enterprise Security Weekly.

Interview: - Ferruh Mavituna, Netsparker 6:00-7:00PM


Hacking web apps since 2003, web app sec expert, CEO of Netsparker - http://netsparker.com

Founder of Netsparker Ltd, Product Manager of Netsparker, Web Application Security Scanner. Developed the first and only false-positive free web application security scanner with state of the art accurate vulnerability detection and exploitation features, today used by thousands companies around the world. Changed the automated web application security space.

Frequent speaker at several conferences about Web Application Security, released several research papers and tools.

Coming from a developer background (C++, ASP, ASP.NET and PHP), working in the web application security area since 2002.

Deep understanding of web application security in both sides, attacking and defending. Between 2002-2006 worked for Turkish Army and Police as well as several big clients as freelance contractor, in Turkey, USA, Canada and UK.

I mostly focus in these technical areas: Web Application Security Research, Automated Vulnerability Detection & Exploitation.

Listener Feedback: - 7:00PM-7:30PM

"In addition to your wonderful podcast, I also listen to ISMG. Ran into this pile of bullshit this morning and I was hoping you guys would respond.

http://www.bankinfosecurity.com/interviews/interview-john-dickson-i-3333 at the core of the issue Dickson covers here, I think, is the issue of "old vs new" and "shadow IT". He says some of the right things, in a rather daunting way, almost sky-larkings -- then goes down-hill fast when "dynamic languages" are brought up. Different from my view, and I think also yours, is the need to work together, rather than work _with_ shadow IT.

maybe I'm wrong. can you comment?"

Hey guys (Ian Smith),

I am a systems administrator, and in my off time, the co-founder and CTO of an incredibly small web services company. I have a degree in Linux/database administration and am pursuing a few others.

My question is how to pursue a career in information security without much but a drive to learn more about the field. I went to defcon this year, submitted a paper to O'Reiley's security conference in New York about starting security programs in SMBs on the cheap, and plan to develop more presentations about what I know and what I can give back to the community. I know that your general advice on the subject is to obtain certifications and spin up labs, but the certification route is pretty unobtainable at this point because of the costs associated.

Any advice would be greatly appreciated. Thank you for your time.

Security News - 7:30PM-8:30PM

Paul's Stories

Larry's Stories

Jeff's Stories

Michael's (Santa) Stories

Carlos's Stories

Jack's Stories

  1. This week Jack goes barking mad about "Active Defense", "Hacking Back", and Related Stupidity.
  2. You will be stunned to learn this, but people were wrong on the Internet. All of that "Microsoft won't let Lenovo let customers install Linux on their computers" noise last week? Not so much, blame Intel, not Microsoft. Don't worry we still get to blame MS for all kinds of other things.
  3. The Harvard Business Review says good security can be good for marketing
  4. A think tank write a scare piece on cyberterrorism in space and it gets more traction than your company's crappy password policies.
  5. Can armies of interns close the cybersecurity skills gap?
  6. A Commodore 64 is still up and running- and running a business-critial app for an auto repair shop
  7. Local Police Department hit by ransomware- and it's no big deal because they had good backups. Imagine that, preparedness.
  8. UK’s Top Police Warn That Modding Games May Turn Kids into Hackers and the dimwits mean it in a bad way.