In part 2 we discuss the planning and deliverables involved when doing a security engagement. Most of the discussion demonstrates the importance of understanding the boundaries, requirements and deliverables from the start.

 

 Standard Podcast [59:26m]: Play Now | Play in Popup | Download (3598)

The first of two shows featuring my co-workers, Joe and Scott.
This show was recorded in the evening at our hotel room, so the sound quality is less than ideal. We are onsite in Texas doing a security engagement for a client, and get tired and wacky but wanted to share what goes into doing a security audit for a client.

 

 Standard Podcast [51:52m]: Play Now | Play in Popup | Download (3705)

In this podcast I ramble on about what network security is, and then how web application security is an entirely different kind of beast.

 

 Standard Podcast [41:11m]: Play Now | Play in Popup | Download (2761)

With Cross Site Scripting (XSS) the focus changes away from server attacks to user attacks facilitated by the server. This podcast covers the issues involved and additional show notes will be coming shortly.

While your waiting, here is a great resource.

http://www.cgisecurity.com/articles/xss-faq.shtml

 

 Standard Podcast [35:26m]: Play Now | Play in Popup | Download (2597)

Software Development Life Cycle (SDLC) is a major buzz word in the industry right now, but what many are still ignoring is how well a security design/plan can be integrated. This podcast and slideshow hopes to explain how this gets done.

 

 Standard Podcast [36:31m]: Play Now | Play in Popup | Download (2409)
 Ebook: Download (1502)

In this podcast we have our first guest lecturer by way of a previously recorded slideshow from Mike Shema. In the presentation he gives an overview of SQL Injection attacks and has a few examples. I think the the content is still valuable even without the slides, but for the full experience of the presentation you may want to see it for youselves.

Free whitepapers and presentations about web application security, by NT OBJECTives.

 

 Standard Podcast [20:26m]: Play Now | Play in Popup | Download (2363)

A discussion to show that a database administrator must not shirk his duties over to the web application developer, and the web application developer should not seize full control over the database as is normally the case. Database administrator have a key role to play when developing a secure and robust web application.

 

 Standard Podcast [11:22m]: Play Now | Play in Popup | Download (2273)

What is Web Application Security?

In this I attempt to give a very basic explaination of what web app sec is about and why its new and less familiair.

 

 Standard Podcast [20:10m]: Play Now | Play in Popup | Download (2659)

Discussion about my involvement with podcastalley.com, using castblaster and my excitement with podcasting. Then I kick off a Web App Security 101

 

 Standard Podcast [31:49m]: Play Now | Play in Popup | Download (2350)