Podcast: Play in new window | Download
Subscribe: iTunes | Android | RSS
Justin and Jason talk with application security expert, Matt Konda, about how to harden web applications against common attacks, tools that can help locate vulnerabilities and his new security startup, Jemurai.
Interesting podcast.
Pretty scary that your server is constantly under attack. Any vulnerabilities and you could lose data and revenue.
Can’t remember if you spoke about it, but would like to know more about smartphone and tablet vulnerabilities. This feels like a massive gap and opportunity for hackers.
I’m confused that on the topic of SSH there was no mention of disallowing password authentication. This is generally considered to be the number one hardening practice for SSH. Instead of using a hard password on your users on the server, use it on your SSH key. This completely disables the risk of practical bruteforce attacks.
On the subject of captcha’s someone may find this article I wrote a while ago about them http://www.wausita.com/captcha/ its just a simple guide to breaking them.
For SSH, I always disable root login. I also recommend using a non-standard port – this alleviates almost all automated script attacks. If you’re really concerned about securing SSH consider port knocking: http://en.wikipedia.org/wiki/Port_knocking
Here’s a recorded stream of the Builders Vs Breakers talk Matt did at Chicago BSides:
http://www.ustream.tv/recorded/22195794
Great show! For easy reference:
– OWASP
– OWASP Top 10
Note: OWASP has a couple screencast-tutorials too.
Hey guys,
I came across this “planimal” at the museum of natural history in New York. Thought Jason would get a kick out of it:
http://esploded.s3.amazonaws.com/anon_data/2012/ygA1-photo.JPG
the people are getting restless if you don’t publish a new show soon you might have mutiny on your hands