Podcasts Postings

The Mighty Seek Podcast is all about web application security, as well as general web application development issues. The primary focus is on security and tries to explain things so that anyone can understand them since security issues affect everyone across an organization. Hopefully this show will be a resource for everyone involved in a software development project.

Hands On Series – SQL Injection Part 1

April 28th, 2006

The start of the “Hands on Series”, which means that there are actual
hands on excersises to go along with these shows.

 
icon for podpress  Standard Podcast [58:03m]: Play Now | Play in Popup | Download

 
icon for podpress  Code Monkey - Played during podcast [3:07m]: Play Now | Play in Popup | Download

I feel that its time to go beyond the concepts, the chatter about what bad guys can do,
and actually show you directly. Let you see for yourself the saying goes.

I recommend that you listen to these episodes while viewing the hacking test site and
have the show notes visible and ready to cut and paste from.

Read the rest of this entry »

Privilage Escalation Attacks

April 14th, 2006

In this podcast I discuss a type of attack that allows users to basicly do things they are not supposed to do, without ever having to hack the admin type of accounts. So without having to figure out the admin password it is often possible to do administrative functions by simply attempting them.

The problem is around validation against access controls at every point of execution. Too often the access controls are done to control the navigational structure, meaning that the menus do not have links to the admin functionality, but if you know what the URL is then you can just type it into your browser and get there. Thats bad design in the app, and it is VERY common.

 
icon for podpress  Standard Podcast [20:55m]: Play Now | Play in Popup | Download

Catching up and a preview of future shows

April 13th, 2006

In this edition of the Mighty Seek podcast I give a rundown of podPress and list out some ideas for the future podcasts. The site now has a forum for the podcast and general web application security discussion.

 
icon for podpress  Standard Podcast [39:40m]: Play Now | Play in Popup | Download

Security Engagement Cast Part 2

March 11th, 2006

In part 2 we discuss the planning and deliverables involved when doing a security engagement. Most of the discussion demonstrates the importance of understanding the boundaries, requirements and deliverables from the start.

 
icon for podpress  Standard Podcast [59:26m]: Play Now | Play in Popup | Download

Security Engagement Cast Part 1

March 9th, 2006

The first of two shows featuring my co-workers, Joe and Scott.
This show was recorded in the evening at our hotel room, so the sound quality is less than ideal. We are onsite in Texas doing a security engagement for a client, and get tired and wacky but wanted to share what goes into doing a security audit for a client.

 
icon for podpress  Standard Podcast [51:52m]: Play Now | Play in Popup | Download

What makes application security different than network security

March 3rd, 2006

In this podcast I ramble on about what network security is, and then how web application security is an entirely different kind of beast.

 
icon for podpress  Standard Podcast [41:11m]: Play Now | Play in Popup | Download

Cross Site Scripting… Exposing your users to attack, hijacking and data theft

February 10th, 2006

With Cross Site Scripting (XSS) the focus changes away from server attacks to user attacks facilitated by the server. This podcast covers the issues involved and additional show notes will be coming shortly.

While your waiting, here is a great resource.

http://www.cgisecurity.com/articles/xss-faq.shtml

 
icon for podpress  Standard Podcast [35:26m]: Play Now | Play in Popup | Download

Security during the Software Development Life Cycle

January 10th, 2006

Software Development Life Cycle (SDLC) is a major buzz word in the industry right now, but what many are still ignoring is how well a security design/plan can be integrated. This podcast and slideshow hopes to explain how this gets done.

 
icon for podpress  Standard Podcast [36:31m]: Play Now | Play in Popup | Download
icon for podpress  Ebook: Download

Intro to SQL Injection Attacks

December 9th, 2005

In this podcast we have our first guest lecturer by way of a previously recorded slideshow from Mike Shema. In the presentation he gives an overview of SQL Injection attacks and has a few examples. I think the the content is still valuable even without the slides, but for the full experience of the presentation you may want to see it for youselves.

Free whitepapers and presentations about web application security, by NT OBJECTives.

 
icon for podpress  Standard Podcast [20:26m]: Play Now | Play in Popup | Download

Whats the DBA got ta do with it?

November 14th, 2005

A discussion to show that a database administrator must not shirk his duties over to the web application developer, and the web application developer should not seize full control over the database as is normally the case. Database administrator have a key role to play when developing a secure and robust web application.

 
icon for podpress  Standard Podcast [11:22m]: Play Now | Play in Popup | Download
 
Mighty Seek Podcast, MightySeek Podcast, Mighty Seek Blog, MightySeek Blog, Web application security podcast, Web application security blog, Web application development blog, Web application development podcast