This was a wacky episode and I only was able to turn up toward the end due to some scheduling conflicts, but I think it turned out pretty good in the end.

 

 Standard Podcast: Play Now | Play in Popup | Download

I returned as a guest host… looks like I may become a regular part of the cast. I promise I wont keep cross posting these forever, but doing it again since we talked about a blog post I had written yesterday.

Full show notes can be found at The Information Security Place site

 

 Standard Podcast [67:21m]: Play Now | Play in Popup | Download

The MightySeek Podcast is returning.

I am starting an effort to have a show posted every 2 weeks, with hopes for a Hands On Series every 2 months.

I will also be joining the An Information Security Place podcast as well. They do a podcast about general information security and I will be the resident webappsec expert to comment on those topics. This post is going to link to that episode 22 of the An Information Security Place podcast. I will not be normally doing this, but am doing it this week to get things rolling.

 

 Standard Podcast: Play Now | Play in Popup | Download

Every once in awhile I try and find out if anyone is noticing my podcast. Well I stumbled on a mention of the SQL Injection hands on episode on hype-free.

Today I had the pleasure of meeting up with a celeb of the web app sec world…. rsnake of the ha.ckers.org website. I hope you enjoy the interview, but I made a huge mistake with the recording. Here I was with my first interview, I hook up my mic and load up the recording software and then completely forget to switch to the mic input to my good mic, and end up doing the recording on the lame mic thats built into my laptop.

In any case, here ya go.

 

 Standard Podcast [41:57m]: Play Now | Play in Popup | Download

In this episode is discuss PHP security. Up till this point I have talked about web app sec in general, but I break from this in honor of the Month Of PHP Bugs that is going on through March.

PHP has frequently been blamed for security problems in applications written in PHP which really is no fault of the language and engine itself. It would be like everyone blaming C and C++ as being insecure, and the cause of tons of security problems. Most of the time the problem is the developers who use the languages, not the languages themselves. However, there are security problems in the PHP codebase which need to be fixed and is what is being highlighted by the Month Of PHP Bugs.

So in this episode I discuss these issues, some of my past projects and some various other issues in PHP… Its so good to be back at the mic, even tho I am still recovering from the flu and had my voice start failing me at the end.
Enjoy!

 

 Standard Podcast [65:34m]: Play Now | Play in Popup | Download

The “Hands on Series” continues!

 

 Standard Podcast [38:10m]: Play Now | Play in Popup | Download

CSS = Cascading Style Sheets
XSS = Cross Site Scripting

Cross Site Scripting is a technique used to add script to a trusted site that will be executed on other users browsers.
A key element to XSS is that one user can submit data to a website that will later be displayed for other users.
It is nessesary that the bad guy NOT mess up the HTML structure, otherwise the result will be web defacement rather then attacking other users.

The hackme site has been updated and improved (more about that in a moment)

and now includes a section for XSS which we will be using in this episode.

Read the rest of this entry »

A quick in between to the Hands On Series, I chat about some news and issues of the day.

Turkish Hacker defaces 38,000 websites hosted on GoDaddy

Flawed USC admissions site allowed access to applicant data

Breach case could curtail Web flaw finders

Man charged with accessing USC student data

Tsunami appeal site ‘hacker’ found guilty

 

 Standard Podcast [33:50m]: Play Now | Play in Popup | Download

The Security Roundtable » Blog Archive » SRT in the iTunes Music Store

The podcasting group Im a part of now has its own Artist Group in iTunes and is featured on the podcasting home page. Im pretty excited about this and look forward to any new listeners that join in due to the exposure.

James Woodcock will be interviewing me in the coming days, and so posted this on the forums.

Click here to get to the forum topic

Dan (Mighty Seek) developer of the PodPress plugin for Wordpress, will be interviewed in one of my future blogcasts on my website.

If you have any questions you would like him to answer about either his PodPress plugin or security, please ring my automated (non-premium) voicemail on UK: 0207 193 3092 or Worldwide: +44 207 193 3092 or for free on skype id: glidem

The best questions will be included in the show…..
__________________
>> Hear more about PodPress, in my audio interview with Dan Kuykendall <<

http://www.jameswoodcock.co.uk – My personal online diary covering the internet that I find of interest including audio interviews, music, gaming, technology, gadgets, websites, free downloads and general articles.