Saturday, May 30, 2015
We had the opportunity to discuss with Mick Douglas the fact that there is a stigma of blue team always being on the losing end of the security. Is it because there are more tools for the pentesters or bad guys, or that it takes a massive IT budget to be secure? We don't believe so... Great insights into how a blue team can protect their network.
Here is a new episode of Brakeing Down Security!
Monday, May 25, 2015
Having a more secure network by deploying tools can be no easy task. This week, we show you a tool, Security Onion, that can give you an IDS and log analysis tool in less than 20 minutes.
Sunday, May 17, 2015
When you're working with network infrastructure, there's a real need for proper configuration management, as well as having a proper baseline to work from.
Mr. Boettcher and I continue through the SANS Top25 Critical Security Controls. #10 and #11 are all dealing with network infrastructure. Proper patches, baselines for being as secure as possible. Since your company's ideal security structure needs to be a 'brick', and not an 'egg'.
Sunday, May 10, 2015
We continue our journey on the 24 Deadly Programming Sins. If you listened to last week's podcast, we introduced the book we were using as a study tool:
This week is on command injection. We first discussed code injection as part of our OWASP Top 10 for 2013, but you'll be surprised just how easy it is for devs to allow it to happen in compiled code as well.
Thursday, May 7, 2015
At DerbyCon last year, Mr. Boettcher did a microcast with Johnny Long. An inspirational human being who left a life many info professionals dream of, and went to Africa to help disadvantaged people make a better life with access to technology.
Where is the audio you ask? Well, we've posted it on out Patreon so that they can have first dibs on it. We'll post it here this weekend for everyone.
He is a great individual and we hope you'll enjoy it.
Saturday, May 2, 2015
Code Audits are a necessary evil. Many organizations resort to using automated tools, but tools may not find all issues with code. Sometimes, you need to take a look at the code yourself. Since I'm not well-versed at this, and Mr. Boettcher has a CS degree, we
Mr. Boettcher and I begin going through the book "24 Deadly Sins of Software Security: Programming Flaws and How to Fix Them" What we covered this week is "buffer overruns", we discuss what they are, and how they occur.
Get ready for a crash course in code audits. The book is not required, but it definitely helps when we are discussing concepts.
We also mentioned our new Patreon account, so if you are a listener, and want to support what we do, you can give on a per month schedule. Donations are entirely optional, and if you don't wish to give, that's fine too.
24 Deadly Sins on Amazon: