The Cyber Threat Perspective

SecurIT360
undefined
Nov 16, 2022 • 34min

Episode 16: OWASP API Hacking and DevSec with Matt Tesauro

Matt Tesauro, a Distinguished Engineer at NoName Labs and an OWASP Global Board member, dives into the realm of API security and DevSecOps. He discusses the evolution of Defect Dojo, a tool streamlining vulnerability management, and the pressing challenges of API security. The conversation covers the importance of machine learning in monitoring API behavior and the essential role of manual penetration testing in CI/CD pipelines. Tesauro emphasizes community collaboration in enhancing application security practices.
undefined
Nov 9, 2022 • 38min

Episode 15: Pentesting Certifications - which to get and why

Explore the world of penetration testing certifications and their importance in cybersecurity careers. The hosts discuss how certifications can boost interview chances and professional credibility. They analyze the OSCP's impact and critique its training approach, while also highlighting the rising relevance of the PNPT. The conversation emphasizes the need for practical skills and ongoing learning. Discover how to choose the right certifications tailored to your career goals and the evolving landscape of effective training in the field.
undefined
Nov 2, 2022 • 31min

Episode 14: Offensive Security Testing Part 3 - Web App Pentesting

Dive into the thrilling world of web application penetration testing! Discover why proactive assessments are vital to uncover vulnerabilities in applications and APIs before they’re exploited. Learn about the often-overlooked business logic flaws and the critical importance of thorough testing, including manual methods over automated tools. Understand what makes a quality pentest and the essential steps to effectively prepare for one. Each topic is laced with engaging war stories that highlight real-world implications and best practices in cybersecurity.
undefined
Oct 26, 2022 • 17min

Episode 13: Offensive Security Testing Part 2 - Mobile Pentesting

Jordan Natter, a mobile penetration tester at SecureIT360, shares insights on the complexities of mobile app security. He discusses common vulnerabilities like incorrect permissions that can expose sensitive data. Natter highlights the importance of methodologies such as static and dynamic analysis tailored for mobile apps and their APIs. He emphasizes the collaborative process between testers and developers and the need for clear communication during assessments. Additionally, he guides listeners on how to identify quality mobile penetration testing services.
undefined
Oct 19, 2022 • 16min

Episode 12: Law Firm Security Challenges Live at LegalSec22

Coming at you LIVE from LegalSec22 in San Antonio Texas. In this episode Brad and Spencer discuss common security challenges that are unique to law firms and provide insights on ways to begin solving those challenges.Blog: https://offsec.blog/Youtube: https://www.youtube.com/channel/UCCWmudG_CTNAFBaV48vIcfwTwitter: https://twitter.com/cyberthreatpovWork with Us: https://securit360.comBlog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpov Follow Spencer on social ⬇Spencer's Links: https://click.spenceralessi.com/mylinks Work with Us: https://securit360.com
undefined
Oct 12, 2022 • 26min

Episode 11: Offensive Security Testing Part 1 - Internal Pentesting

Dive into the world of internal penetration testing, where the focus shifts from traditional methods to real-world attack simulations. Discover how access control misconfigurations can be exploited and the critical importance of user behavior in security assessments. Learn about essential tools like Bloodhound and Pincastle, which help identify vulnerabilities in Active Directory. The conversation also highlights best practices for preparing effective penetration tests, such as thorough vulnerability assessments and robust security measures.
undefined
Oct 5, 2022 • 22min

Episode 10: Web Application Threats in the Modern Landscape

Web application risks are not new, but they are different because how they have fully proliferated all aspects of modern computing. Everything lives on HTTP or HTTPS or some webservice. Tune into this episode to learn about some of the most common risks we see with web applications in the modern landscape.Blog: https://offsec.blog/Youtube: https://www.youtube.com/channel/UCCWmudG_CTNAFBaV48vIcfwTwitter: https://twitter.com/cyberthreatpovWork with Us: https://securit360.comBlog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpov Follow Spencer on social ⬇Spencer's Links: https://click.spenceralessi.com/mylinks Work with Us: https://securit360.com
undefined
Sep 28, 2022 • 40min

Episode 9: Breaking In Or Branching Out: How To Get A Job In Cybersecurity

There's essentially a 0% unemployment rate in cybersecurity. It's a very hot field, great job security, great pay and great mission. But, with that comes a high level of competition for individuals seeking cybersecurity jobs. So on today's episode, Brad and Spencer talk with Misty Stacy, Managing Partner at Trusted Cyber Talent, who is on the forefront of helping cybersecurity professionals find their first or next cybersecurity job.Looking for help getting a job in Cyber? Check out https://testedcybertalent.com or reach out to Misty at https://www.linkedin.com/in/mistystacy Blog: https://offsec.blog/Youtube: https://www.youtube.com/channel/UCCWmudG_CTNAFBaV48vIcfwTwitter: https://twitter.com/cyberthreatpovWork with Us: https://securit360.comBlog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpov Follow Spencer on social ⬇Spencer's Links: https://click.spenceralessi.com/mylinks Work with Us: https://securit360.com
undefined
Sep 21, 2022 • 34min

Episode 8: Hackers: How we get in and how to stop us

Discover the primary methods hackers use to gain access to organizations through penetration tests. Dive into the world of credential attacks and the vital role of Multi-Factor Authentication. Explore critical web application vulnerabilities like SQL injection and phishing tactics that exploit user behavior. Learn about effective tools and strategies for enhancing security and fortifying defenses against these persistent threats. This insightful discussion blends technical analysis with practical recommendations to safeguard your organization.
undefined
Sep 16, 2022 • 16min

9-16-22 Week in Review: Uber Hacked, Teams Cleartext Tokens, Intermittent Ransomware Encryption

In this week's reviewUber was hackedMicrosoft Teams stores auth tokens as cleartext in Windows, Linux, MacsRansomware Developers Turn to Intermittent Encryption to Evade DetectionBlog: https://offsec.blog/Youtube: https://www.youtube.com/channel/UCCWmudG_CTNAFBaV48vIcfwTwitter: https://twitter.com/cyberthreatpovWork with Us: https://securit360.comBlog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpov Follow Spencer on social ⬇Spencer's Links: https://click.spenceralessi.com/mylinks Work with Us: https://securit360.com

The AI-powered Podcast Player

Save insights by tapping your headphones, chat with episodes, discover the best highlights - and more!
App store bannerPlay store banner
Get the app