Saturday, May 30, 2015

2015-024: Is a good defense the best offense? Interview w/ Mick Douglas!


We had the opportunity to discuss with Mick Douglas the fact that there is a stigma of blue team always being on the losing end of the security. Is it because there are more tools for the pentesters or bad guys, or that it takes a massive IT budget to be secure? We don't believe so... Great insights into how a blue team can protect their network.

Here is a new episode of Brakeing Down Security!

Monday, May 25, 2015

2015-023_Get to know a Security Tool: Security Onion!


Having a more secure network by deploying tools can be no easy task. This week, we show you a tool, Security Onion, that can give you an IDS and log analysis tool in less than 20 minutes.

 http://blog.securityonion.net/p/securityonion.html


Here is a new episode of Brakeing Down Security!

Sunday, May 17, 2015

2015-022: SANS Top 25 Critical Security Controls-#10 and #11


When you're working with network infrastructure, there's a real need for proper configuration management, as well as having a proper baseline to work from.

Mr. Boettcher and I continue through the SANS Top25 Critical Security Controls. #10 and #11 are all dealing with network infrastructure. Proper patches, baselines for being as secure as possible. Since your company's ideal security structure needs to be a 'brick', and not an 'egg'.

 


Here is a new episode of Brakeing Down Security!

Sunday, May 10, 2015

2015-021: 24 Deadly Sins: Command injection


We continue our journey on the 24 Deadly Programming Sins. If you listened to last week's podcast, we introduced the book we were using as a study tool:

http://www.amazon.com/Deadly-Sins-Software-Security-Programming/dp/0071626751

This week is on command injection. We first discussed code injection as part of our OWASP Top 10 for 2013, but you'll be surprised just how easy it is for devs to allow it to happen in compiled code as well.


Here is a new episode of Brakeing Down Security!

Thursday, May 7, 2015

Special Interview with Johnny Long!

At DerbyCon last year, Mr. Boettcher did a microcast with Johnny Long. An inspirational human being who left a life many info professionals dream of, and went to Africa to help disadvantaged people make a better life with access to technology.

Where is the audio you ask? Well, we've posted it on out Patreon so that they can have first dibs on it. We'll post it here this weekend for everyone. 

He is a great individual and we hope you'll enjoy it.


Here is a new episode of Brakeing Down Security!

Saturday, May 2, 2015

2015-020 - Deadly Programming Sins - Buffer Underruns


Code Audits are a necessary evil. Many organizations resort to using automated tools, but tools may not find all issues with code. Sometimes, you need to take a look at the code yourself. Since I'm not well-versed at this, and Mr. Boettcher has a CS degree, we

Mr. Boettcher and I begin going through the book "24 Deadly Sins of Software Security: Programming Flaws and How to Fix Them" What we covered this week is "buffer overruns", we discuss what they are, and how they occur.

Get ready for a crash course in code audits. The book is not required, but it definitely helps when we are discussing concepts.

We also mentioned our new Patreon account, so if you are a listener, and want to support what we do, you can give on a per month schedule. Donations are entirely optional, and if you don't wish to give, that's fine too.

 

24 Deadly Sins on Amazon:

http://www.amazon.com/Deadly-Sins-Software-Security-Programming/dp/0071626751/ref=sr_1_1?ie=UTF8&qid=1430622916&sr=8-1&keywords=24+deadly+sins+of+software+security+programming+flaws+and+how+to+fix+them

 

https://cwe.mitre.org/

 

 


Here is a new episode of Brakeing Down Security!