Sunday, January 19, 2014

#13: Vulnerability Scanners -- Episode 2

Episode 2 podcast

It's an odd thing editing audio. Some people make it look so easy. It helps having only two people on the podcast. This is not my first podcast to be on. My other podcast "Major Technicality", I am merely a contributor. And Jared, our producer, and co-host, spends several hours making everything sound just so.

Anyway, the audio will sound better on this one. Mic levels were dialed in, audio was normalized, and the crackling in the Intro is gone.

I really had a good time talking about vulnerability scanners. It's hard to believe that they've been around for over 20 years, and yet they haven't changed all that much. They still use concepts like banner grabbing, port scanning/knocking, and best guesses to scan a system for vulnerabilities. They should never be used as an end all be all, and truly on taken with a grain of salt.

Question all findings, trust nothing...

Next Friday, we'll be flush from our monthly ISSA meeting, which Michael Gough, from MI2 Security, will be discussing malware infection, and we are hoping to be able to get a few minutes with him. We'll have the interview spliced into the podcast, and we'll be able to continue our discussion about malware. Our first Interview! SQUEEEE!

I would have loved to speak about the other web application security scanners, but I really have only used Burp Suite. Brian and I will be attending SEC542 at the SANS convention 3-8 February in Austin, and we will definitely have one or more podcasts about web application pentesting and security assessment of websites.

Here are the show notes for this week:

Episode 2 show notes

No comments: