BrakeSec Education Podcast
472 episodes - English - Latest episode: about 1 month ago - ★★★★★ - 98 ratingsA podcast about the world of Cybersecurity, Privacy, Compliance, and Regulatory issues that arise in today's workplace. Co-hosts Bryan Brake, Brian Boettcher, and Amanda Berlin teach concepts that aspiring Information Security professionals need to know, or refresh the memories of seasoned veterans.
Homepage Apple Podcasts Google Podcasts Overcast Castro Pocket Casts RSS feed
Episodes
2016-002-Cryptonite- or how to not have your apps turn to crap
January 11, 2016 02:14 - 1 hour - 57.9 MBThis week, we find ourselves understanding the #Cryptonite that can weaken devs and software creators when dealing with #cryptographic #algorithms and #passwords. Lack of proper crypto controls and hardcoded passwords can quickly turn your app into crap. Remember the last time you heard about a hardcoded #SSH private key, or have you been at work when a developer left the #API keys in his #github #repo? We go through some gotchas from the excellent book "24 Deadly Sins of Software Security...
2016-001: Jay Schulmann explains how to use BSIMM in your environment
January 03, 2016 19:35 - 1 hour - 57 MB#Jay #Schulman is a consultant with 15+ years of experience in helping organizations implementing #BSIMM and other compliance frameworks. For our first #podcast of 2016, we invited him on to further discuss and how he has found is the best way to implement it into a company's #security #program. Jay Schulman's #website: https://www.jayschulman.com/ Jay's Podcast "Building a Life and Career in Security" (iTunes): https://itunes.apple.com/us/podcast/building-life-career-in-security/id994...
2015-054: Dave Kennedy
December 27, 2015 23:20 - 51 minutes - 47.5 MBDave Kennedy does a lot for the infosec community. As owner/operator of 2 companies (Binary Defense Systems and Trusted Security), he also is an organizer of #DerbyCon and active contributor to the Social Engineering ToolKit (#SET). You can also find him discussing the latest hacking attempts and breaches on Fox News and other mainstream media outlets. But this time, we interview Dave Kennedy because he has been elected to the ISC2 board. He will be serving a 3 year term with Wim Remes (wh...
2015-053: 2nd annual podcaster party
December 22, 2015 06:51 - 1 hour - 71.1 MBThis week, we went off the tracks a bit with our friends at Defensive Security Podcast, and PVC Security Podcast. We discussed a bit of news, talked about how our podcasts differ from one another, the 'lack of infosec talent', and sat around talking about anything we wanted to. Sit back with some eggnog, and let your ears savor the sounds of the season. Many thanks to Andrew Kalat, Jerry Bell, Edgar Rojas, Paul Jorgensen, and co-host Brian Boettcher for getting together for some good natur...
2015-052: Wim Remes-ISC2 board member
December 17, 2015 04:56 - 46 minutes - 42.9 MBI got a hold of Mr. Wim Remes, because he was elected to the ISC board in November 2015. Recent changes to the CISSP included changing the long-standing 10 domains down to 8 domains, plus a major revamp to all of them. I wanted to know what Mr. Remes' plans were for the coming term, how the board works, and how organizations like ISC2 drive change in the industry. I also asked Wim how he is trying to ensure that CISSP and the other certs are going to remain current and competitive. This i...
2015-051-MITRE's ATT&CK Matrix
December 10, 2015 05:49 - 48 minutes - 44.3 MB#MITRE has a Matrix that classifies the various ways that your network can be compromised. It shows all the post-exploitation categories from 'Persistence' to 'Privilege Escalation'. It's a nice way to organize all the information. This week, Mr. Boettcher and I go over "#Persistence" and "#Command and #Control" sections of the Matrix. Every person who attacks you has a specific method that they use to get and keep access to your systems, it's as unique as a fingerprint. Threat intelligen...
2015-049-Can you achieve Security Through Obscurity?
December 04, 2015 03:53 - 42 minutes - 38.7 MBThat's the question many think is an automatic 'yes'. Whether your Httpd is running on port 82, or maybe your fancy #wordpress #module needs some cover because the code quality is just a little lower than where it should be, and you need to cover up some cruft This week, Mr. Boettcher and I discuss reasons for obscuring for the sake of #security, when it's a good idea, and when you shouldn't #obscure anything (hint: using #ROT-14, for example) #encryption #infosec Show Notes: https://do...
2015-048: The rise of the Shadow... IT!
November 27, 2015 00:53 - 43 minutes - 40.2 MBCheryl Biswas gave a great talk last month at Bsides Toronto. I was intrigued by what "Shadow IT" and "Shadow Data" means, as there appears to be some disparity. Why can't you write policy to enforce standards? As easy as it sounds, it's quickly becoming a reason young talented people might skip your company. Who wants to use Blackberries and Gateway laptops, when sexy new MacBook Airs and iPhone 6S exist? This also leads to the issue of business data being put on personal devices, which a...
2015-047-Using BSIMM framework to measure the maturity of your software security lifecycle
November 21, 2015 04:37 - 46 minutes - 42.8 MBBusiness Security in Maturity Model (#BSIMM) is a #framework that is unique in that it gives your company a measuring stick to know how certain industry verticals stack to yours... We didn't want to run through all 4 sections of the BSIMM, so this time, we concentrated on the #software #security standards, the "Deployment" section specifically... BSIMMV6 download (just put junk in the fields, and download ;) ): https://www.bsimm.com/download/ Direct Link: http://traffic.libsyn.com/brak...
2015-046: Getting Security baked in your web app using OWASP ASVS
November 10, 2015 23:05 - 36 minutes - 33.7 MBDuring our last podcast with Bill Sempf (@sempf), we were talking about how to get developers to understand how to turn a vuln into a defect and how to get a dev to understand how vulns affect the overall quality of the product. During our conversation, a term "ASVS" came up. So we did a quick and dirty session with Bill about this. It's a security #requirements #document that ensures that projects that are being scoped out are meeting specific security requirements. This can be a valua...
2015-045: Care and feeding of Devs, podcast edition, with Bill Sempf!
November 04, 2015 18:12 - 46 minutes - 42.5 MBWhen you receive a #pentest or vuln scan report, we think in terms of #SQLi or #XSS. Take that report to your dev, and she/he sees Egyptian hieroglyphics and we wonder why it's so difficult to get devs to understand. It's a language barrier folks. They think terms of defects or how something will affect the customer experience. We think in terms of #vulnerabilities, and what caused the issue. We need to find that common ground, and often, that will mean us heading into unfamiliar territory....
2015-044-A MAD, MAD, MAD, MAD Active Defense World w/ Ben Donnelly!
October 30, 2015 02:34 - 55 minutes - 51.1 MBIt's a madhouse this week! We invited Ben Donnelly (@zaeyx) back to discuss a new software framework he's crafted, called #MAD Active Defense. Ben wants to make Active Defense simple enough for even the busiest blue teamer. The interface takes it design from other well known #software frameworks, namely #Metasploit, #REcon-ng, and even a bit of #SET, he said. We even did a quick demo of MAD, discussed the tenets of #Active #Defense, and talked about a little skunkworks project of Ben's tha...
2015-043: WMI, WBEM, and enterprise asset management
October 22, 2015 04:52 - 44 minutes - 41.1 MBWMI (Windows Management Instrumentation) has been a part of the Windows Operating system since Windows 95. With it, you can make queries about information on hosts, locally and even remotely. Why are we talking about it? It's use in the enterprise and by admins is rarely used, but it's use in moving laterally by bad actors is growing in it's use. It's highly versatile, able to be scripted, and can even be used to cause triggers for when other programs run on a system. Mr. Boettcher and I...
2015-042: Log_MD, more malware archaeology, and sifting through the junk
October 14, 2015 23:58 - 1 hour - 65.9 MBJust before #Derbycon, we invited Michael Gough (@hackerhurricane) to join us on the #podcast. For the last 3-4 months, my co-host Brian and he were engaged in the creation of a software tool that would make #log #analysis of #windows systems quicker, and together they have achieved that with "Log-MD", short for Log Malicious Discovery. For hosts infected with #Malware and #bots, they always leave a fingerprint of what they are doing behind. This software takes your system, configures it ...
Derbycon Audio - post-Derby interviews!
October 10, 2015 07:07 - 1 hour - 58.7 MBIn our last bit of Derbycon audio, I discussed DerbyCon experiences with Mr. Boettcher, Magen Wu (@tottenkoph), Haydn Johnson (@haydnjohnson), and Ganesh Ramakrishnan (@hyperrphysics). We find out what they liked, what they didn't like, and you get a lot of great information about packing for a con, things you can do to improve your convention going experience. Hopefully, you'll hear the amount of fun we had, and find the time to go to a convention. There are literally hundreds, many only ...
Derbycon - A podcast with Podcasters! *explicit*
September 30, 2015 19:54 - 27.5 MBMr. Boettcher and I attended Derbycon, and while he was out attending talks, I got invited to do a podcast with some of the other podcasts who were there. Special thanks to Edgar Rojas, Amanda Berlin, Jerry Bell, Andrew Kalat, Paul Coggin, Tim DeBlock, and everyone else at our recording. We have a bit more audio that we will post this month, including a discussion of a tool Mr. Boettcher and Michael Gough collaborated on to make windows malware analysis easier to do.
2015-040; Defending against HTML 5 vulnerabilities
September 21, 2015 05:05 - 14.2 MBLast week, we discussed with Shreeraj Shah about HTML5, how it came into being and the fact that instead of solving OWASP issues, it introduces new and wonderful vulnerabilities, like exploiting locally stored web site info using XSS techniques, and doing SQLI on the new browser WebSQL. So this week, it's all about defensive techniques that you can use to educate your developers against making mistakes that could get your company's web application on the front page of the news paper.
2015-039: Hazards of HTML5
September 14, 2015 03:32 - 33 minutes - 30.6 MBShreeraj Shah (@shreeraj on Twitter) came on this week to give us a run-down of some of the issues with HTML5? How can a new standard actually be worse than something like Flash? And why would a standard not address existing OWASP issues, and even create new issues, like the ability of a browser to have a database inside of it managing everything? This week we discuss HTML5 history, some of the pitfalls, and discuss some of the new technologies found in HTML5 that will create more headaches...
2015-038-Influence Vs. Mandate and Guardrails vs. Speedbumps
September 07, 2015 02:41 - 53 minutes - 49.1 MBWhen we wanted to have Martin Fisher on, it was to discuss 'Security Mandate vs. Security Influence'. We wanted to discuss why companies treat compliance as more important, and if it's only because business requires it to be done. And if infosec is a red headed stepchild because they often don't have the guidance of a compliance framework. But it ended up going in another direction, with Martin discussing infosec leadership, and how we as agents of infosec should be 'guardrails' instead ...
2015-037-making patch management work
August 31, 2015 03:19 - 45 minutes - 41.8 MBOnce you find a vulnerability, how do you handle patching it? Especially when devs have their own work to do, there are only so many man hours in a sprint or development cycle, and the patching process could take up a good majority of that if the vuln is particularly nasty. One method is to triage your patches, and we discuss that this week with Mr. Boettcher. We also talk about how our respective company's handle patching of systems. We also discuss what happens when compensating controls...
2015-036: Checkbox security, or how to make companies go beyond compliance
August 24, 2015 04:23 - 53 minutes - 48.7 MBCheckbox Security... checklists required to follow by compliance people and many security people have to fall in line, because they often have no choice. But what if there was a way to use compliance requirements to get beyond the baseline of PCI/SOCII/HIPAA, and get to be more secure? Megan Wu (@tottenkoph), Mr. Boettcher, and I spent a bit of time discussing just that. We discuss basic issues with compliance frameworks, how to get management to buy-in to more security, and even how you c...
2015-035: Cybrary.it training discussion and Bsides Austin Panel
August 16, 2015 04:35 - 40 minutes - 37.5 MBAfter last week's discussion of end-user training in the SANS top 20 security controls, we realized that it would be great to discuss how a company involved in training does proper training. So we hit up our sponsor at Cybrary.it to discuss their end-user security training track and how companies can use it to help their employees to be more secure in their workplace. We end the podcast with a bit of audio from the Bsides Austin blue/red panel Mr. Boettcher moderated. He asked them a...
Flashback: 2014-001_Kicking some Hash
August 15, 2015 16:25 - 39 minutes - 36.5 MBFor long time listeners of the podcast, back when Brian and I wanted to do the podcast, we were working at the same company, and the first podcast we did was on hashes. Bob story: Bob was getting tired of explaining what MD5, SHA1, SHA2 were to developers, so as we were developing our idea for the podcast, this was the first episode we had. Mr. Boettcher had several ideas for podcasts prior to. I was actually gonna go it alone, but wanted him to join me. Thankfully, he broached the ide...
2015-034: SANS Top20 Security Controls #9 - CTFs - Derbycon dicsussion
August 10, 2015 04:00 - 54 minutes - 49.8 MBEnd User training. Lots of companies have need of regular security training. Many treat it as a checkbox for compliance requirements, once a year. With the way training is carried out in many organizations, is it any wonder why phishing emails still get clicked, passwords still get compromised, and sensitive information is still leaked. We discuss methods to make training more effective, and how to make people want to do training. Finally, we dicsuss Capture-The-Flag competitions, and wh...
2015-033: Data anonymization and Valuation, Privacy, and Ethical medical research
August 03, 2015 03:58 - 54 minutes - 49.8 MBKatherine Carpenter is a privacy consultant who has worked all over the world helping to develop guidelines for ethical medical research, sharing of anonymized data, and helping companies understand privacy issues association with storing and sharing of medical data. This week, we discuss how companies should assign value to their data, the difficulties of doing research with anonymized data, and the ramifications of research organizations that share data irresponsibly. email contact...
2015-032: Incident response, effective communication, and DerbyCon Contest
July 26, 2015 03:59 - 59 minutes - 54.2 MBIn an incident response, the need for clear communication is key to effective management of an incident. This week, we had Mick Douglas, DFIR instructor at SANS, and Jarrod Frates, who is a pentester at InGuardians, and has great experience handling incidents. Find out some roles in an incident response (the Shadow, the event coordinator, the lead tech), and how companies should have an IR plan that handles various 'incident severities'. Jarrod updates us on "TheLab.ms" and how you might l...
2015-031: Fab and Megan-High_Math-Psychology_and Scarves
July 18, 2015 02:54 - 52 minutes - 48.4 MBStrap yourselves in ladies and Gentlemen. With Mr. Boettcher gone on "vacation" this week, I needed some help with the podcast, and boy did we pick a doozy. If you're a fan of Turing Complete algorithms, frankly, who isn't ;) , we had Ms. Fabienne Serrière (@fbz) and Ms. Magen Wu (@tottenkoph) who discuss higher order math and psychology on our podcast this week. We also discuss a little project management and even talk about why proper survey sizes and getting a good cross-section is imp...
2015-030: Bsides Austin panel Discussion (Red Team vs. Blue Team)
July 13, 2015 04:02 - 38 minutes - 35.5 MBMy podcast co-host Brian Boettcher, along with Kate Brew, an Austin, TX based security blogger, headed up this panel called "Red Team Vs. Blue Team". The idea was to ask people from various sides of the aisles (attackers and defenders) pressing questions about how the industry operates. Infosec heavyweights like Kevin Johnson (@secureideas), Mano Paul (@manopaul), Josh Sokol (@joshSokol), made this a very excellent podcast... We hope you enjoy!
2015-029: Big Brown cloud honeyblog with @theroxyd
July 06, 2015 06:26 - 49 minutes - 44.8 MBRoxy, who we interviewed a few months ago on our podcast about hackerspaces, is back with us this week to discuss a project she is working on, called 'Big Brown Cloud'. If you've ever wanted to setup your own fake blog and send people to it to gain information on possible attacks, you've come to the right place. We also get an update on the hackerspace that Jarrod, Sean, and Roxy were getting setup a few months ago. They've come a long way, and they are about to move into their new fac...
2015-028: using log analytics to discover Windows malware artifacts
June 29, 2015 06:20 - 44 minutes - 41 MBIn this podcast, you'll learn about: Log analytics software that can be used to parse system logs for naaty malware Detecting Malware artifacts learn about windows directory locations looking for indicators like packing, changed hashes, etc Tips for capturing malware using tools like RoboCopy Learn about what code caves are and how malware hides inside them (http://www.codeproject.com/Articles/20240/The-Beginners-Guide-to-Codecaves) SANS DFIR poster - https://www.sans.org/security-...
2015-027- detecting malware in Windows Systems with Michael Gough
June 22, 2015 06:22 - 50 minutes - 46.3 MBMichael Gough joined us again to discuss malware detection techniques on Windows systems. We talk about how you can modify Powershell's defaults to allow for better logging potential. Also, we find out some hidden gems that pretty much guarantee to let you know that you've been infiltrated. Stay for the powershell security education, and you also learn some new terminology, like "Malware Archaeology", Malwarians, and 'Log-aholic', to name a few...
2015-026- Cloud Security discussion with FireHost
June 14, 2015 23:50 - 54 minutes - 49.5 MBThis week, we discuss various methods of enabling companies to move applications to cloud based platforms. We discuss containers, like Docker, and how various hosting services handle converting businesses from a traditional data centers to a secure. cloud based entity. We even discuss securing the data in the cloud, preventing bad guys from accessing it, as well as the cloud provider themselves, who can be served with a subpeona to hand over data. Brakeing Down Security would like to tha...
2015-025: Blue Team Army, Powershell, and the need for Blue team education
June 08, 2015 04:21 - 34 minutes - 31.5 MBWith last week's revelation from Microsoft that they will support SSH, understanding powershell has become more important than ever as a tool to be used by blue teamers, both for adminstration, and to understand how bad guys will use it for nefarious deeds on your network. Part 2 of our interview with Mick Douglas discusses a bit more about the DEV522 class that he teaches for SANS, and why it seems that blue team (defenders) are not getting the training they should. By being deficient ...
2015-024: Is a good defense the best offense? Interview w/ Mick Douglas!
May 31, 2015 04:35 - 49 minutes - 45.2 MBWe had the opportunity to discuss with Mick Douglas the fact that there is a stigma of blue team always being on the losing end of the security. Is it because there are more tools for the pentesters or bad guys, or that it takes a massive IT budget to be secure? We don't believe so... Great insights into how a blue team can protect their network.
2015-023_Get to know a Security Tool: Security Onion!
May 26, 2015 00:46 - 37 minutes - 34 MBHaving a more secure network by deploying tools can be no easy task. This week, we show you a tool, Security Onion, that can give you an IDS and log analysis tool in less than 20 minutes. http://blog.securityonion.net/p/securityonion.html
2015-022: SANS Top 25 Critical Security Controls-#10 and #11
May 17, 2015 21:50 - 56 minutes - 51.3 MBWhen you're working with network infrastructure, there's a real need for proper configuration management, as well as having a proper baseline to work from. Mr. Boettcher and I continue through the SANS Top25 Critical Security Controls. #10 and #11 are all dealing with network infrastructure. Proper patches, baselines for being as secure as possible. Since your company's ideal security structure needs to be a 'brick', and not an 'egg'.
2015-021: 24 Deadly Sins: Command injection
May 10, 2015 22:20 - 40 minutes - 36.8 MBWe continue our journey on the 24 Deadly Programming Sins. If you listened to last week's podcast, we introduced the book we were using as a study tool: http://www.amazon.com/Deadly-Sins-Software-Security-Programming/dp/0071626751 This week is on command injection. We first discussed command injection as part of our OWASP Top 10 for 2013, but you'll be surprised just how easy devs compile conditions that allow for command injection into their code as well.
Special Interview with Johnny Long!
May 08, 2015 04:10At DerbyCon last year, Mr. Boettcher did a microcast with Johnny Long. An inspirational human being who left a life many info professionals dream of, and went to Africa to help disadvantaged people make a better life with access to technology. Where is the audio you ask? Well, we've posted it on out Patreon so that they can have first dibs on it. We'll post it here this weekend for everyone. He is a great individual and we hope you'll enjoy it.
2015-020 - Deadly Programming Sins - Buffer Underruns
May 03, 2015 03:05 - 38 minutes - 34.9 MBCode Audits are a necessary evil. Many organizations resort to using automated tools, but tools may not find all issues with code. Sometimes, you need to take a look at the code yourself. Mr. Boettcher and I begin going through the book "24 Deadly Sins of Software Security: Programming Flaws and How to Fix Them" What we covered this week is "buffer overruns", we discuss what they are, and how they occur. Get ready for a crash course in code audits. The book is not required, but it definit...
2015-018- How can ITIL help you flesh out your infosec program?
April 26, 2015 04:29 - 58 minutes - 53.3 MBWhen you're faced with major projects, or working to understand why your IDS fails every day at the same time, there must be a way to work that out. Or when you must do the yearly business continuity failover, you need a process oriented framework to track and ensure changes are committed in a sane, orderly manner. ITIL is a completely versatile, flexible framework that scales with your organization. You can also use it with your software development lifecycle. You can use it to enhance maj...
2015-017: History of ITIL, and integrating Security
April 18, 2015 03:55 - 55 minutes - 51.2 MBMuch of InfoSec and Compliance is all about processes, procedures, controls, audits, and the proper management of all of these. To do so, you need a proper framework to make these as seamless as possible. ITIL is one of these types of frameworks. We introduce Mr. Tim Wood on the podcast, who has over 20 years of ITIL experience and began ITIL implementations in banks and Healthcare systems in the United Kingdom. He currently works with different industries to change culture and make an ITI...
2015-016: Special Interview: Cybrary.it
April 07, 2015 02:38 - 33 minutes - 31 MBSpecial interview this week! On the heels of their uber successful KickStarter campaign, we brought co-founder Ryan and one of the technical editors Anthony in to discuss what Cybrary is. We also discuss ways you can leverage it in your own business to get quality security awareness training, as well as train up your employees on infosec topics that can benefit your company and employees. You can find out more at http://www.cybrary.it
2015-015: 2015 Verizon PCI report
April 04, 2015 05:20 - 43 minutes - 39.6 MBIt's that time of year again... when all the reports come out that shows how various industries did over the last year. Brakeing Down Security went over the results of the Verizon PCI report. Did companies do worse this year, or could they have actually improved? Listen to our analysis, and what companies can do to learn from this, and how you can use this report to help get a leg up when your QSA comes calling. http://www.verizonenterprise.com/pcireport/2015/ Pay IRS using "Snap...
2015-014-SANS Top 20 Controls - #12 and #13
March 28, 2015 03:13 - 57 minutes - 52.7 MBWe continue our trek down the list of SANS Top 20 Critical Security Controls this week with #12 and #13 - Boundry Defense, and Controlled use of Administrative Privileges. Learn what you can do to shore up your network defenses, and how to handle admin privileges... When to give that kind of access, and how to make privileged access as secure as possible while still allowing administrators to do their work. https://www.sans.org/media/critical-security-controls/CSC-5.pdf http:/...
2015-013-Hackerspaces and their sense of community
March 21, 2015 03:55 - 49 minutes - 45.6 MBWe invited the organizers of the "TheLab.ms", a Dallas, Texas based hacker/makerspace on the podcast to talk about why they wanted to start a makerspace, the costs and plans to setup a hacker space, and some of the things you can do with a makerspace. We also understand the sense of community and the learning environment gained from these places. If you are looking to start a 'space in your area, or looking to understand why they are needed in a community, you'll want to listen to Roxy, Se...
2015-012-Fill In podcast with Jarrod and Lee!
March 15, 2015 04:16 - 1 hour - 94.8 MBMr. Boettcher went on vacation and was volunteering for Austin Bsides this week, and I needed to do a podcast, so I enlisted the aid of Lee Brotherston and Jarrod Frates discuss some important topics. We discuss the seemingly short talent pool for IT/IS positions. We talk about the ROWHAMMER vulnerability and how it may affect your organization. Additionally, we talk about how the NTP protocol is being maintained by one person and what can be done to help with that, as it is a critical pie...
2015-011- Why does BeEF and metadata tracking keep I2P developers up at night?
March 07, 2015 06:20 - 45 minutes - 31.4 MBIn our continuing discussion with Jeff and "Str4d", we got right to the heart of the matter: Privacy and anonymity. If you're trying to remain anonymous, what steps do the devs of I2P use to keep themselves as anonymous as possible. We also touch on what the "Browser Exploitation Framework", and why it scares the heck out of Jeff. Finally, I ask them if there is any real 'good' sites on I2P, because of how the media seems to latch on to any story where we hear the bad things of any ...
2015-010 - How can you use I2P to increase your security and anonymity?
February 28, 2015 16:46 - 57 minutes - 39.2 MBMr. Boettcher got a hold of the developers and maintainers of the anonymizing network "I2P". We talked with "str4d" and "Jeff" this week. In Part 1 of the interview, we discuss the technical aspects of I2P, how it functions, how 'Garlic routing' works, and how the flood Fill servers allow for I2P to function effectively. In the final segment, we discuss form factors, specifically if I2P is available for embedded systems like Raspberry Pi. If you find Tor not to your liking, give I2P a try...
2015-009-Part 2 with Pawel Krawczyk
February 21, 2015 22:50 - 35 minutes - 24.4 MBThe second part of our interview with Pawel discussed Content management systems, and how you can integrate CSP in Drupal, Django, and the like. Content managers, you'll want to listen to this, especially about how CSP can help you secure the content on your systems, as well as protect customers from web based attacks using the sandboxing functions of CSP Pawel's Blog = ipsec.pl Pawel's CSP builder app = cspbuilder.info Quick Guide to CSP: http://content-security-policy.com/
2015-008- Make your web Apps more secure with Content Security Policy (part 1)
February 16, 2015 22:16 - 29 minutes - 20.3 MBPawel Krawczyk did an interview with us about Content Security Policy. Learn about what it is, and whether or not the latest browsers can support it. We also talk about how you can get around it, if there are ways to avoid it if you are a bad guy, and how you can get the most out of it. If you're a web developer, and want to reduce your site's chances of allowing XSS, you'll want to take a listen to this. https://w3c.github.io/webappsec/specs/content-security-policy/#changes-from-le...