TestGuild Security Testing Podcast
53 episodes - English - Latest episode: almost 3 years ago - ★★★★★ - 3 ratingsTestGuild Security Podcast is a weekly podcast hosted by Joe Colantonio, which geeks out on all things security and security testing related. TestGuild Security Podcast covers news found in the security testing space, reviews books about software security and speaks with some of the thought leaders in the security field. We’ll aim to interview some of today’s most successful and inspiring software engineers thought leaders.
Homepage Apple Podcasts Google Podcasts Overcast Castro Pocket Casts RSS feed
Episodes
How to achieve the Defense Department’s CMMC compliance with Frank Smith
August 19, 2021 15:29 - 32 minutes - 38.1 MBDid you know that the Department of Defense (DOD) is mandating that suppliers have Cybersecurity Maturity Model Certification (CMMC) to a prescribed level? In this episode, Frank Smith, Manager of Security and Consulting Practice at Ntiva, shares all you need to know about CMMC. Discover what CMMC is, why you should care, the requirements needed for certification, who needs to be certified, and more. Listen up!
Developing a Security Test Methodology with Mike Spanbauer
March 25, 2021 16:00 - 34 minutes - 32.2 MBI today’s episode, I’m going to be sharing a session that Mike Spanbauer, Security Evangelist for Juniper, gave at the last Secure Guild online conference on Developing a Security Test Methodology. Discover the four pieces that make up his approach and some essential tips in implementing your own. Listen up!
Prioritize Your Open Source Findings with James Rabon
March 04, 2021 17:00 - 22 minutes - 20.7 MBDoes your team struggle with prioritizing your security open-source findings? In this episode, James Rabon, Director of Product Management at Micro Focus, will share an approach that can help. Discover how James’ team co-developed “susceptibility analysis,” which allows developers and application security engineers determine whether a publicly-disclosed vulnerability has been invoked in their code. It also reveals whether attacker-controlled input reaches that function. Listen now!
CyberOps with Joe Abraham
February 25, 2021 17:00 - 30 minutes - 35.3 MBCybersecurity concepts are fundamental pieces of knowledge necessary for a career in security testing. In this episode, Joe Abraham, author of numerous Pluralsight courses, will share some insights into many security aspects. Listen in to learn about security onion, threat intelligence, cyber threat hunting tips and more.
TrustedSec Sysmon Community Guide with Carlos Perez
January 28, 2021 20:00 - 29 minutes - 27.5 MBAre you struggling to find information on how to use Sysmon for your security efforts? In this episode, Carlos Perez, a Research Team lead at TrustedSec, shares all about the TrustedSec Sysmon Community Guide. Discover why Carlos created this guide and how it helps empower defenders with the information they need to leverage this great tool. Also, listen in to hear about Carlos’s extensive knowledge gained in working to detect attackers.
Cybersecurity Tools and Frameworks with Aaron Rosenmund
January 21, 2021 17:00 - 31 minutes - 29.3 MBAaron Rosenmund, a cybersecurity researcher at Pluralsight, shares a wealth of knowledge around security testing in this episode. Discover blue team tools to protect, detect, and respond against targeted threat actor techniques in an enterprise environment. Listen in to also learn security frameworks to help you with your threat hunting efforts
Information Gathering in Penetration Testing with Malek Mohammad
January 14, 2021 18:27 - 21 minutes - 20.2 MBHow can you prevent attacks if you don't know your enemy? In this episode, Malek Mohammad, author of the Pluralsight course: Web Application Penetration Testing: Information Gathering, discusses how to know how your enemies target you. Discover fingerprinting web applications, enumerating applications, understanding their entry points, and tooling needed. Listen up!
Happy Security Testing New Year 2021!
December 31, 2020 15:00 - 1 minute - 1.51 MBHappy New Year! We will be away for a few weeks but will be back with more security testing awesomeness in 2021. Also, don't forget to register for AutomationGuild.
AWS Penetration Testing with Jon Helmus
December 18, 2020 03:00 - 28 minutes - 26.8 MBNeed to secure your AWS environments? In this episode, Jonathan Helmus, author of the new book AWS Penetration Testing, will share some tips on AWS penetration testing and security best practices. Discover some of the commonly exploited vulnerabilities in AWS and how to prevent them. Listen in to learn more about cloud penetration testing tips, and tricks. Thanks so much for listening! If you like this episode, please subscribe to "The TestGuild Security" podcast and rate and review wherev...
Discover Network Vulnerabilities using Infection Monkey with Maril Vernon
December 03, 2020 22:00 - 30 minutes - 28.5 MBAre you using Infection Monkey? In this episode, Pluralsight author and security expert Maril Vernon will share some insights from her Infection Monkey course. Discover uses of Infection Monkey to test for later movement and network segments against known MITRE tactics. Listen up to learn how this amazing tool can identify your company’s vulnerable network paths and how to protect yourself proactively.
OWASP Broken Authentication Breakdown with Prasad Salvi
November 26, 2020 12:32 - 23 minutes - 21.8 MBPrepare to learn all about the OWASP Top 10 Web Application Security Risks—Broken Authentication. This is the second monthly episode in which security expert Prasad Salvi will join us to break down each OWASP risk one by one. Today we’ll discuss the second security risk listed—broken authentication. Discover what a broken authentication risk is, the different ways this attack can occur, and how to prevent it. Listen up, and join us next month as we cover the next security risk, sensitive dat...
API Security Testing In DevOps with Oli Moradov
November 12, 2020 20:51 - 46 minutes - 42.6 MBHow do you integrate API security testing into the development process? In this episode, Oli Moradov, VP of Dev and Strategic Alliances at NeuraLegio, shares ways that you can achieve API security testing automation directly into your DevOps or CI/CD pipelines. Discover how you can test every build without causing development drag. Listen up!
Covid-19 Security and OWASP with Adiran Thirmal
November 05, 2020 19:42 - 34 minutes - 31.6 MBHas COVID-19 impacted your security testing efforts? In this episode, security expert Adhiran Thirmal shares his thoughts on security testing, Covid-19, OWASP, and more. Listen up and find out more about changes to OWASP for 2020 and beyond and how you can help.
SQL Injection OWASP Top 10 with Prasad Salvi
October 29, 2020 18:09Are you familiar with the OWASP Top 10 Web Application Security Risks? This is the first monthly episode where security expert Prasad Salvi joins us to break down each risk one by one. Today we talk all about the first security risk listed -- injection flaws. Discover what an injection flaw is, different ways this attack can occur, and how to prevent it. Listen up and join us next month as we cover the next security risk, broken authentication.
SQL Injection OWASP Top 10 with Prasad Salvi
October 29, 2020 18:09Are you familiar with the OWASP Top 10 Web Application Security Risks? This is the first monthly episode where security expert Prasad Salvi joins us to break down each risk one by one. Today we talk all about the first security risk listed -- injection flaws. Discover what an injection flaw is, different ways this attack can occur, and how to prevent it. Listen up and join us next month as we cover the next security risk, broken authentication.
SQL Injection OWASP Top 10 with Prasad Salvi
October 29, 2020 18:09Are you familiar with the OWASP Top 10 Web Application Security Risks? This is the first monthly episode where security expert Prasad Salvi joins us to break down each risk one by one. Today we talk all about the first security risk listed -- injection flaws. Discover what an injection flaw is, different ways this attack can occur, and how to prevent it. Listen up and join us next month as we cover the next security risk, broken authentication.
P2P Security with Paul Marrapese
October 22, 2020 22:34 - 23 minutes - 22.3 MBPeer-to-peer (P2P) communications technology built into millions of security cameras and other consumer electronics. In this episode, Paul Marrapese, a security researcher, shares his story of how supply chain vulnerabilities in modern IP cameras, baby monitors, and even alarm systems are putting millions at risk for eavesdropping and remote compromise. Listen in to find out ways to avoid these exploits!
Avoid Being Runtime Blind using DeepFactor with Kiran Kamity & Mike Larkin
October 08, 2020 21:00 - 36 minutes - 41.7 MBI believe most teams have a massive gap in their pre-production stage of development. In this episode, Kiran Kamity, Founder and CEO of DeepFactor, and Mike Larkin, Founder and CTO of DeepFactor, will share why Pre-production Observability is critical to ensuring your applications are secure, compliant, and performant. Discover how to inject the visibility you need into your application behavior before it hits production, and go from Runtime Blind to Runtime Ready™. Listen up!
The Power of a Threat Aware Network with Mike Spanbauer
September 24, 2020 14:00 - 31 minutes - 36.6 MBSecurity is a difficult discipline to master. It requires experts to continuously challenge themselves and learn new tools and technologies to protect their organizations. In this episode, Mike Spanbauer, Technology Evangelist at Juniper, will discuss some ways to build a threat-aware network. Discover a new way to think about your approach to security architecture and more. Listen up!
Client Side Penetration Testing with Prasad Salvi
September 17, 2020 16:00 - 27 minutes - 25.9 MBDon’t let hackers execute different client-side attacks on your website. In this episode, Prasad Salvi will cover some of the most important concepts in his Pluralsight Web Application Penetration Testing: Client-side Testing course. Discover how to be proficient in performing client-side attacks like Cross-Site Scripting, HTML Injection, Client-side redirects, and how to fix them. Listen up!
Cyber Security Job Hunting with Owanate Bestman
September 09, 2020 23:42 - 30 minutes - 28.7 MBHow has the Covid-19 pandemic affected the employment prospects of cybersecurity professionals? In this episode, Owanate Bestman, the founder of Bestman Solutions, will share his take on what you need to know to stay employable in troubled times. Discover areas of growth in security, what employers are looking for, and what skills you’ll need in 2020 and beyond. Listen up!
Automated Security Compliance with Eric Martin
September 03, 2020 18:55 - 24 minutes - 23.3 MBDo you have to comply with the complex, time-consuming, and tedious process of preparing for a security audit? In this episode, Eric Martin from Vanta, a cybersecurity startup, will discuss automated security and compliance. Discover why security compliance is essential, and how automation can help you with SOC 2 audits and HIPPA compliance requirements. Listen up!
Securing the Future of RPA with Alan Radford
August 27, 2020 15:08 - 32 minutes - 30.4 MBIdentity needs to be at the core of a security strategy. In this episode, Alan Radford, CTO of One Identity, will share how to achieve security by ensuring the right people get proper access to the right resources at the right time. Discover how using RPA can help with your identity and access management efforts. Listen now!
DevSecOps Blind Spots with Wilson Mar
August 20, 2020 23:10 - 29 minutes - 27.1 MBDiscover how to avoid blind spots in your DevSecOps with Wilson Mar. Wilson is a DevSecOps AI/ML leader, and in this episode, he’ll share his insights on how to improve security in your DevOps efforts. Listen in to find out more about tools, techniques and best practices in security.
Cyber Security Tips and Virus Bombs with Greg Scott
August 13, 2020 16:17 - 29 minutes - 27.4 MBWant to know a fun way to learn cyber-security tips? In this episode, Greg Scott security expert and author of Virus Bomb and Bullseye Breach will share how to pick up security practices by reading novels. Discover how to secure stuff like the bad guys do, and how to avoid security breaches in your applications.
Data Poisoning and Adversarial AI with Dr. Arash Rahnama
August 06, 2020 15:55 - 25 minutes - 24.1 MBAI is everywhere, but have you ever thought about how it can impact security? Or how to test for AI-exposed security risks? In this episode, Dr. Arash Rahnama, head of Applied AI Research at Modzy, will share his views on the need for AI-embedded security and defenses. Discover how to avoid data poisoning, the emerging momentum around adversarial AI, and techniques to defend against it. Listen up!
The Art of Network Penetration Testing with Royce Davis
July 30, 2020 18:55 - 26 minutes - 24.8 MBDiscover how to take over an enterprise network from the inside. In this episode, Royce Davis, author of "The Art of Network Penetration Testing: Taking over any company in the world", explains how a malicious invader can wreak havoc on your network and how to prevent it. Learn some foolproof penetration testing techniques, and the four phases that every security expert should know for planning and preventing attacks. Listen up!
Next Generation DevSecOps with Cindy Blake
July 23, 2020 17:44 - 25 minutes - 36.2 MBSoftware development itself is changing rapidly, and security programs must evolve if they are to be effective in this next generation of software. In this episode, Cindy Blake, a Senior Security Evangelist at GitLab and author of 10 Steps Every CISO Should Take to Secure Next-Gen Software, will share what you need to know in these changing times. Discover fuzzing and the security implications involved in how software is changing; the code itself, the development methodologies, and the infra...
Update: We'll be back soon (Life Happens)
July 09, 2020 15:39 - 1 minute - 1.46 MBHey, it's Joe I just want to let you know that the Testing Security Testing podcast is still around. We're only away for a few weeks. We'll be back shortly. I have a bunch of awesome interviews lined up already. Stay tuned for the Art of Network Penetration Testing the interview I did with Royce Davis and his new book. I'm also doing an interview with Cindy Blake from GitLab on DevSecOps to full maturity and a cool topic and data poisoning the emerging momentum around adversarial AI and the ...
Talisman Security Testing with Harinee Muralinath
June 25, 2020 15:03 - 22 minutes - 21.4 MBDon’t let your companies secrets accidentally get pushed to production and expose your company to security risks. In this episode, Harinee Muralinath, a Capability Lead, India at ThoughtWorks, and core contributor to Talisman, shares how. Talisman is a tool to detect and prevent secrets from getting checked-in in the first place. Discover how you can also scan your commits for potential issues. Listen up!
Switching from QE to Product Security with Dwayne Thomas
June 04, 2020 19:11 - 23 minutes - 22 MBThink of making the switch from your current role to cybersecurity? In this episode, Dwayne Thomas, a Cyber Security Consultant at Mentor$chip shares his journey from QE to Security. Discover how to enter the most in-demand field in the software industry and learn more about bug bounty programs, presenting security topics for Toastmasters, searching job sites, informational interviews, meet-ups, and obtaining a CISSP certificate and more. Listen up!
Cloud Security Myths with Vandana Verma
May 28, 2020 22:17 - 25 minutes - 23.7 MBThere are still lots of misconceptions and myths about Cloud Security. In this episode, Vandana Verma Global Board of Directors at OWASP and InfosecGirls shares her thoughts on cloud security. Discover some myth-busting truths about security and the cloud and how to avoid some common perceptions around cloud security. Listen up!
Ethical Hacking: Understanding Ethical Hacking with Dale Meredith
May 14, 2020 00:07 - 22 minutes - 20.7 MBEver wonder what it takes to become an ethical hacker? In this episode, Dale Meredith author of the Pluralsight course Ethical Hacking: Understanding Ethical Hacking shares some key takes aways from his course. Discover why Ethical Hacking is becoming a popular skill for security, what you need to know how to pass the Certified Ethical Hacker (CEH) certification, and much much more.
Challenges Implementing & Sustaining DevSecOps with Hasan Yasar
May 07, 2020 14:39 - 30 minutes - 28.5 MBHow do you define DevSecOps? Despite what some will lead you to believe, DevOps is not just a set of tools. In this episode Hasan Yasar Technical Director of Continuous Deployment of Capability group in Software Engineering Institute, CMU shares his thought on DevSecOps. Listen in to discover the common misconceptions and roadblocks, and how you can use DevSecOps to help your organization reach new heights of efficiency and productivity without getting frustrated.
Penetration Testing of Identity, Authentication & Authorization with Prasad Salvi
April 30, 2020 23:58 - 21 minutes - 19.7 MBHackers are getting access to your sensitive data by exploiting web application vulnerabilities. Are you ready? In this episode, Prasad Salvi, author of the Pluralsight course Penetration Testing of Identity, Authentication and Authorization Mechanism, shares what you need to gain the ability to perform web application pen-testing. Listen in to discover what is identity management, penetration testing of identity, authentication, and authorization mechanism.
Getting Started with AppSec with Tanya Janca
April 23, 2020 20:43 - 42 minutes - 39.1 MBWant to learn how to get started with Info Security, Application Security, and more? In this episode, Tanya Janca, Founder of SheHacksPurple, will share her thoughts on multiple security topics you need to know about. Discover some tips and resources to help jump-start your AppSec efforts. You’ll also hear about some cool initiatives like WoSec and CyberMentoringMonday. Listen up!
Professional Red Teaming with Joe Vest
April 09, 2020 20:25 - 29 minutes - 27.4 MBCompliance, best practices, and regulation drive security programs. These programs pass audit and compliance checks, have robust patch management, and even conduct vulnerability and penetration testing assessments. How do you know if these programs can protect against real threats? In this episode, Joe Vest co-author of the book Red Team Development and Operations shares his thoughts and real-world guidance. Discover how professional red teaming can bridge the gap between security program d...
Security and Certifications with Nancy Gariché
April 02, 2020 23:13 - 28 minutes - 26.4 MBHow necessary are certifications to your security testing career? In this episode, Nancy Gariché, Co-Founder at Secure That Cert shares her thoughts around certification, DevOps, DevSlop, and more. Discover a learning hack that will help you get a new job or stay up to speed in your current position. Listen up.
Android Application Security Testing with Marko Belzetski
March 26, 2020 22:19 - 26 minutes - 24.5 MBDo you need to make sure your android applications are secure? In this episode, we'll be talking with Marko Belzetski all about Android Application Security Testing. Discover what it means to be a penetration tester of Web and Android applications, the differences between Android and iOS, and why the OWASP ASVS and MASVS are some of the most useful resources for both penetration testers and developers alike.
How to Win over that Elusive Developer with Adhiran Thirmal
March 19, 2020 21:04 - 32 minutes - 29.9 MBAre you struggling to get your developers on board with your security testing efforts? In this episode, we talk with Adhiran Thirmal all about how to win over that elusive developer. Discover the key to implementing a successful application security testing program to buy-in from your developers, DevOps, and architects.
Do Your Pipelines Remember with James Rabon
March 12, 2020 23:54 - 19 minutes - 18.2 MBIn this episode we'll be talking with James Rabon, a Senior Product Manager at Micro Focus, all about tips to incorporate static analysis tools in your CI/CD pipelines. Discover best practices for successful SAST integration and about how machine learning can help us predict the future based on our past.
Browser Exploitation Framework (BeEF) with Gavin Johnson-Lynn
March 05, 2020 14:49 - 28 minutes - 26.7 MBIs your website vulnerable to cross-site scripting vulnerabilities? In this episode, Gavin Johnson-Lynn talks all about his new Pluralsight course on getting started with BeEF. BeEF is a tool that allows cross-site scripting vulnerabilities to be investigated and exploited with minimal technical understanding. Discover how to use BeEF to exploit XSS and highlight just how critical this vulnerability can be to a website. Listen up
Securing DevOps: Security in the Cloud with Julien Vehent
February 28, 2020 21:02 - 30 minutes - 28.1 MBAre you looking for an approach to continuous security? In this episode, we’ll talk with Julien Vehent about his book Securing DevOps: Security in the cloud. Discover why security is an integral component of your product development efforts, and how to use some best practices to help your teams implement security in your SDLC. Listen up!
HackEdu: Hands-On Security Training with Arthur Hicken & Jared Ablon
February 20, 2020 16:07 - 30 minutes - 28.4 MBI recently wrote a blog post on the 9 Top Automation Testing Trends for 2020. One quickly-growing trend I listed was security. Since then, I’ve been frequently asked for some useful resources to help folks get started learning about security. That’s why I was excited to learn about HackEdu, an online training platform designed to help software developers to develop code more securely. Unlike other training you may have taken, HackEdu has a unique, hands-on training approach that will keep yo...
Hacker Tools and Skills For Security Testers with Jahmel Harris
February 13, 2020 21:38 - 31 minutes - 29 MBThere are so many awesome tools for hackers out there. They work great if you're a pentester, but trying to use these tools in a way that makes sense for development and testing teams can be challenging. In this episode, Jahmel Harris, co-founder of Digital Interruption, shares his favorite security testing tools and the skills needed for developers and testers.
Metasploit Pen Testing with Keith Watson
February 06, 2020 17:00 - 31 minutes - 29.2 MBIn this episode, Keith Watson, author of the Introduction to Penetration Testing Using Metasploit Pluralsight course will give us a high-level overview of how to get started with Metasploit, as well as some best practices for penetration testing.
Security in DevOps Like a Boss with Tanya Janca
January 30, 2020 13:04 - 35 minutes - 33 MBWant to discover how to get security more integrated into your DevOps pipelines? In this episode, Tanya Janca, an Application Security and Cloud Security Consultant, shares her thought around security testing and how to shift your efforts left like a boss.
Understanding the Most Common Secure Coding Standards with Arthur Hicken
January 23, 2020 18:27 - 25 minutes - 23.7 MBNot sure what security standards are out there or which ones you need to follow? In this episode, Arthur Hicken Chief Evangelist at Parasoft shares some of the most common standards in use today. Listen up and discover what standards you need to know for your security testing efforts and how to get started.
Test Your WAF and Make it Your Friend with Franziska Buehler
January 09, 2020 13:00 - 22 minutes - 20.8 MBVery often, people are afraid of web application firewalls (WAF) because they can potentially block an application's legitimate traffic. No worries! In this episode, Franziska Buehler will share how you can avoid this problem and more. Discover how WAFs are a useful, additional layer of defense when it comes to fending off attacks such as those described by the "OWASP Top Ten." Don’t miss it!
How to Security Test Your APIs with Troy Hunt
January 02, 2020 13:00 - 29 minutes - 27.4 MBHappy New Year! In this episode we’ll be going back in time to one of my most popular automation podcast episodes: How to Security Test Your APIs with Troy Hunt. Discover what you need to know about the basics of API security testing, including the tools and techniques you’ll need to get started quickly in 2020.