http://www.mightyseek.com A podcast about web application security, as well as general web application development issues. The primary focus is on security and tries to explain things so that anyone can understand them since security issues affect everyone across an organization. Hopefully this show will be a resource for everyone involved in a software development project. Tue, 04 Mar 2008 07:04:07 +0000 http://backend.userland.com/rss092 en My 3rd grade sone did this awesome animation using Stickman, so I have to show it off. http://www.mightyseek.com/misc/my-sons-animation My buddy rsnake over at Ha.ckers.org posted a report from Larry Suto about tests he performed on web application scanners and comparing how well they cover a web applications code base. The report is intesting on many fronts, one of which is the fact that the tool I help build at ... http://www.mightyseek.com/web-application-security/coverage-of-web-application-scanners For all the details, check out the changelog but this is one release that cleans up a ton of mess and adds in support for full integration with the Podango API. Theres still a few tiny features I want to add in, but its in good shape, and I need sleep ... http://www.mightyseek.com/podpress/podpress-83-released-with-podango-support As many of you have seen, I have a "Hackme" site setup to go along with my podcast, and specifically for the Hands On Series podcasts. Well the current king of Web App Security blogging has setup a couple hacker challenges on his site. The ones on my site are ... http://www.mightyseek.com/web-application-security/the-hackersorg-hacking-challenges Theres been alot of discussion lately about an issue thats near and dear to my heart. The capabilities and of web application security scanning is something I have been living and breathing for about 5 years with NT OBJECTIves. AT NTO I lead the development and research teams involved in ... http://www.mightyseek.com/web-application-security/evaluating-web-application-security-scanners I had a pretty interesting day yesterday. After being up till close to 2am I woke up at 5:30am, showered and drove to the airport to do my 10am talk at WordCamp 2007. My flight landed at 8:30am and I was picked up by my old buddy Joe Engo. After a couple ... http://www.mightyseek.com/podcasting/wordcamp-experience Thanks to the generous sponsorship of Podango the MightySeek/podPress forums are back online! http://www.mightyseek.com/podcasting/forums-back-online Back in the early 90's, yes back even before most had even heard of the Internet and the geeks spent most of their time on BBS's there were a few online services trying to get going. AOL, Prodigy and CompuServe were fairly well known, but there was one other that ... http://www.mightyseek.com/misc/imagination-lives-again Its crazy... I really just dont get this crazyness over an insanely priced cell phone. Now keep in mind, I live with my video iPod, it goes everwhere with me and most of the TV and movies I see these days are on the thing. I also look forward to ... http://www.mightyseek.com/misc/iphone-i-dont-get-the-hype For those trying to follow the latest news of our web app sec community, someone has finally setup a feed planet called Planet Websecurity that I'm really impressed with. No, at this time MightySeek is not yet part of the RSS mashup, but I do hope to be at some ... http://www.mightyseek.com/web-application-security/planet-websecurity    After my run in with vBulletin I began a search for a secure and stable open sourced forum solution. My first thought was to find out what was running on sla.kers.org so I put in a call to rsnake and was told to keep looking because ... http://www.mightyseek.com/web-application-security/why-is-it-so-hard-to-code-secure-web-apps I had been using vBulletin for a little over a year when I started podPress and wanted a place for users to create a community and to provide support. The forums have been very successful and tend to have on the order of 20-30 postings a day, with many more ... http://www.mightyseek.com/podpress/run-in-with-vbulletin-leasing-software-is-intolerable Every once in awhile I try and find out if anyone is noticing my podcast. Well I stumbled on a mention of the SQL Injection hands on episode on hype-free. http://www.mightyseek.com/web-application-security/sql-injection-mention-on-hype-free Today I had the pleasure of meeting up with a celeb of the web app sec world.... rsnake of the ha.ckers.org website. I hope you enjoy the interview, but I made a huge mistake with the recording. Here I was with my first interview, I hook up my mic and ... http://www.mightyseek.com/web-application-security/mightyseek-interviews-rsnake In this episode is discuss PHP security. Up till this point I have talked about web app sec in general, but I break from this in honor of the Month Of PHP Bugs that is going on through March. PHP has frequently been blamed for security problems in applications written in ... http://www.mightyseek.com/web-application-security/php-security-and-the-month-of-php-bugs Today I was pondering the success of the podPress project since it started which got me to trying to remember how long its been. So a quick look at the change log shows that I released the first version on Feb 2nd of 2006. So, its only a year and one ... http://www.mightyseek.com/podpress/podpress-more-than-one-year-old As a long time podcasting fan and supporter of the community I have been a fan of many shows, and impressed by a bunch of them. Some of my favorites (and I know I'll end up forgetting some) have been Slice of Sci/Fi, Escape Pod, Filmspotting, The Signal, The Bitterest ... http://www.mightyseek.com/podcasting/stranger-things-podcast-wow The folks at the Hardened PHP Project (makers of Suhosin) have started their Month of PHP Bugs initiative. This initiative is an effort to improve the security of PHP by bringing awareness to various security problems in PHP itself. This does not directly impact any PHP applications, but instead ... http://www.mightyseek.com/web-application-security/a-month-of-php-security-bugs I did an interview thats been posted on CrazyEngineers.com. Go check out the interview, along with the forum thread discussion. http://www.mightyseek.com/podpress/dan-kuykendall-on-crazyengineers Cross Site scripting attacks are getting even more dangerous these days, and exploitable in many new creative ways. I will be discussing this issue in my next podcast, till then read up on it here or at ha.ckers.org http://www.mightyseek.com/web-application-security/universal-pdf-xss Today I got an email from the Daddo of the http://driftkikker.com/ website and he sent over a new Powered By logo to replace the lame one I threw together some time back. My best effort          ... http://www.mightyseek.com/podpress/podpress-new-powered-by-logo I know its been fairly quiet from me. No new versions of podPress and no new podcasts. The absense has been due to an extremely busy schedule, and a slight bit of lazyness on my part. Ive been doing TONS of reseach, and not had the energy to push out ... http://www.mightyseek.com/misc/still-alive-and-kicking While at the PPME I met up with the legendary Evo Terra and got to sit in on a recording of the great Slice of SciFi podcast, which was quite alot of fun. It was recorded in Evo's hotel room with a bunch of us hanging out in there. Amoung ... http://www.mightyseek.com/podcasting/dan-on-slice-of-scifi I sat in with the LA Podcasters gang at the PPME and was in on a recording of Friends of the Fringe, which was pretty fun. Im the guy on the right with the green shirt and this hat http://www.mightyseek.com/podcasting/dan-with-friends-of-the-fringe We had a total system failure, and of course I didnt have a backup worth using to get things back online. I am working to get the site fully back up and will be doing so as quickly as possible, Mighty Seek http://www.mightyseek.com/misc/hello-world If you didnt get to BlackHat this year, then you may have heard about the really cool presentation about Cross Site Scripting. He uses XSS to hack intranets by writing a port scanner in javascript. If your into web app sec, you need to see this. It also really puts ... http://www.mightyseek.com/web-application-security/jeremiah-grossmans-xss-blackhat-presentation I had the great pleasure of being interviewed about podPress by the one and only Michael Geoghegan. I got in a small plug for my podcast as well, so Im pretty happy. The Podcast Academy: Dan Kuykendall http://www.mightyseek.com/podcasting/behind-the-mic-interviews-dan-kuykendall The “Hands on Series” continues! In this episode we start dealing with Cross Site Scripting (XSS) attacks. CSS = Cascading Style Sheets XSS = Cross Site Scripting Cross Site Scripting is a technique used to add script to a trusted site that will be executed on other users browsers. A key element to XSS ... http://www.mightyseek.com/web-application-security/hands-on-series-cross-site-scripting-xss-part-1 In the latest episode of Upon Further Review the podPress plugin (and me) was reviewed. Im happy to say we got a 4.5 out of 5 rating and in general alot of glowing praise. The podcast itself is very well done for an episode #3, and theres lots of other good ... http://www.mightyseek.com/podcasting/podpress-reviewed-on-upon-further-review-%c2%bb-episode-3 The MightySeek podcast got a cool mention in the lastest issue of (IN)SECURE Magazine. http://www.mightyseek.com/web-application-security/mightyseek-on-insecure-magazine A quick in between to the Hands On Series, I chat about some news and issues of the day. Turkish Hacker defaces 38,000 websites hosted on GoDaddy Flawed USC admissions site allowed access to applicant data Breach case could curtail Web flaw finders Man charged with accessing USC student data Tsunami appeal site ‘hacker’ found ... http://www.mightyseek.com/web-application-security/mighty-seek-podcast-15-news-and-misc-topics The Security Roundtable » Blog Archive » SRT in the iTunes Music Store The podcasting group Im a part of now has its own Artist Group in iTunes and is featured on the podcasting home page. Im pretty excited about this and look forward to any new listeners that join in ... http://www.mightyseek.com/podcasting/the-security-roundtable-%c2%bb-featured-in-the-itunes-music-store Network Security Blog: Network Security Podcast, Episode 28 Tonight I appear as co-host/guest of the Network Security Podcast with Martin McKeay. This podcast is a fellow Security Round Table podcast, and I had alot of fun being able to discuss more general security issues. http://www.mightyseek.com/podcasts/network-security-blog-network-security-podcast-episode-28 James Woodcock will be interviewing me in the coming days, and so posted this on the forums. Click here to get to the forum topic Dan (Mighty Seek) developer of the PodPress plugin for Wordpress, will be interviewed in one of my future blogcasts on my website. If you have any questions you ... http://www.mightyseek.com/podcasts/questions-for-podcast-with-dan-podpress-developer The start of the “Hands on Series”, which means that there are actual hands on excersises to go along with these shows. I feel that its time to go beyond the concepts, the chatter about what bad guys can do, and actually show you directly. Let you see for yourself the saying goes. I ... http://www.mightyseek.com/web-application-security/hands-on-series-sql-injection InformationWeek | Web Application Security | Web App Hack Incidents Are Up As Businesses Take Cover | April 12, 2006 First a bug ‘duh!” And then I get to move into the “finally someones talking about this in the mainstream press”. Not that Information Week is read by grandma or the average joe ... http://www.mightyseek.com/web-application-security/informationweek-web-app-hack-incidents-are-up In this podcast I discuss a type of attack that allows users to basicly do things they are not supposed to do, without ever having to hack the admin type of accounts. So without having to figure out the admin password it is often possible to do administrative functions by ... http://www.mightyseek.com/web-application-security/privilage-escalation-attacks In this edition of the Mighty Seek podcast I give a rundown of podPress and list out some ideas for the future podcasts. The site now has a forum for the podcast and general web application security discussion. http://www.mightyseek.com/web-application-security/catching-up-and-a-preview-of-future-shows Today I learned about iTunes support for password protected podcasts, and am thinking about the security issues, planning out how I can support this in PodPress as well as what this means for podcasting in general. Overall I think this is very cool for podcasting, because it can open the ... http://www.mightyseek.com/podcasting/for-pay-only-podcasting-password-protected In part 2 we discuss the planning and deliverables involved when doing a security engagement. Most of the discussion demonstrates the importance of understanding the boundaries, requirements and deliverables from the start. http://www.mightyseek.com/web-application-security/security-engagement-cast-part-2