The Cyber Threat Perspective

Matt Tesauro, a Distinguished Engineer at NoName Labs and an OWASP Global Board member, dives into the realm of API security and DevSecOps. He discusses the evolution of Defect Dojo, a tool streamlining vulnerability management, and the pressing challenges of API security. The conversation covers the importance of machine learning in monitoring API behavior and the essential role of manual penetration testing in CI/CD pipelines. Tesauro emphasizes community collaboration in enhancing application security practices.

Explore the world of penetration testing certifications and their importance in cybersecurity careers. The hosts discuss how certifications can boost interview chances and professional credibility. They analyze the OSCP's impact and critique its training approach, while also highlighting the rising relevance of the PNPT. The conversation emphasizes the need for practical skills and ongoing learning. Discover how to choose the right certifications tailored to your career goals and the evolving landscape of effective training in the field.

Dive into the thrilling world of web application penetration testing! Discover why proactive assessments are vital to uncover vulnerabilities in applications and APIs before they’re exploited. Learn about the often-overlooked business logic flaws and the critical importance of thorough testing, including manual methods over automated tools. Understand what makes a quality pentest and the essential steps to effectively prepare for one. Each topic is laced with engaging war stories that highlight real-world implications and best practices in cybersecurity.

Jordan Natter, a mobile penetration tester at SecureIT360, shares insights on the complexities of mobile app security. He discusses common vulnerabilities like incorrect permissions that can expose sensitive data. Natter highlights the importance of methodologies such as static and dynamic analysis tailored for mobile apps and their APIs. He emphasizes the collaborative process between testers and developers and the need for clear communication during assessments. Additionally, he guides listeners on how to identify quality mobile penetration testing services.

Coming at you LIVE from LegalSec22 in San Antonio Texas. In this episode Brad and Spencer discuss common security challenges that are unique to law firms and provide insights on ways to begin solving those challenges.Blog: https://offsec.blog/Youtube: https://www.youtube.com/channel/UCCWmudG_CTNAFBaV48vIcfwTwitter: https://twitter.com/cyberthreatpovWork with Us: https://securit360.comBlog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpov Follow Spencer on social ⬇Spencer's Links: https://click.spenceralessi.com/mylinks Work with Us: https://securit360.com

Dive into the world of internal penetration testing, where the focus shifts from traditional methods to real-world attack simulations. Discover how access control misconfigurations can be exploited and the critical importance of user behavior in security assessments. Learn about essential tools like Bloodhound and Pincastle, which help identify vulnerabilities in Active Directory. The conversation also highlights best practices for preparing effective penetration tests, such as thorough vulnerability assessments and robust security measures.

Web application risks are not new, but they are different because how they have fully proliferated all aspects of modern computing. Everything lives on HTTP or HTTPS or some webservice. Tune into this episode to learn about some of the most common risks we see with web applications in the modern landscape.Blog: https://offsec.blog/Youtube: https://www.youtube.com/channel/UCCWmudG_CTNAFBaV48vIcfwTwitter: https://twitter.com/cyberthreatpovWork with Us: https://securit360.comBlog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpov Follow Spencer on social ⬇Spencer's Links: https://click.spenceralessi.com/mylinks Work with Us: https://securit360.com

There's essentially a 0% unemployment rate in cybersecurity. It's a very hot field, great job security, great pay and great mission. But, with that comes a high level of competition for individuals seeking cybersecurity jobs. So on today's episode, Brad and Spencer talk with Misty Stacy, Managing Partner at Trusted Cyber Talent, who is on the forefront of helping cybersecurity professionals find their first or next cybersecurity job.Looking for help getting a job in Cyber? Check out https://testedcybertalent.com or reach out to Misty at https://www.linkedin.com/in/mistystacy Blog: https://offsec.blog/Youtube: https://www.youtube.com/channel/UCCWmudG_CTNAFBaV48vIcfwTwitter: https://twitter.com/cyberthreatpovWork with Us: https://securit360.comBlog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpov Follow Spencer on social ⬇Spencer's Links: https://click.spenceralessi.com/mylinks Work with Us: https://securit360.com

Discover the primary methods hackers use to gain access to organizations through penetration tests. Dive into the world of credential attacks and the vital role of Multi-Factor Authentication. Explore critical web application vulnerabilities like SQL injection and phishing tactics that exploit user behavior. Learn about effective tools and strategies for enhancing security and fortifying defenses against these persistent threats. This insightful discussion blends technical analysis with practical recommendations to safeguard your organization.

In this week's reviewUber was hackedMicrosoft Teams stores auth tokens as cleartext in Windows, Linux, MacsRansomware Developers Turn to Intermittent Encryption to Evade DetectionBlog: https://offsec.blog/Youtube: https://www.youtube.com/channel/UCCWmudG_CTNAFBaV48vIcfwTwitter: https://twitter.com/cyberthreatpovWork with Us: https://securit360.comBlog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpov Follow Spencer on social ⬇Spencer's Links: https://click.spenceralessi.com/mylinks Work with Us: https://securit360.com