Comments on: 182: TZ Interview – Matt Konda / Application Security https://techzinglive.com/page/1039/182-tz-interview-matt-konda-application-security If you're a hacker, you'll probably like our show ;) Thu, 10 May 2012 15:33:35 +0000 hourly 1 https://wordpress.org/?v=6.4.4 By: isoftwaremaker https://techzinglive.com/page/1039/182-tz-interview-matt-konda-application-security/comment-page-1#comment-8618 Thu, 10 May 2012 15:33:35 +0000 http://techzinglive.com/?p=1039#comment-8618 the people are getting restless if you don’t publish a new show soon you might have mutiny on your hands

]]> By: James Robert https://techzinglive.com/page/1039/182-tz-interview-matt-konda-application-security/comment-page-1#comment-8617 Wed, 09 May 2012 19:55:34 +0000 http://techzinglive.com/?p=1039#comment-8617 Hey guys,

I came across this “planimal” at the museum of natural history in New York. Thought Jason would get a kick out of it:

http://esploded.s3.amazonaws.com/anon_data/2012/ygA1-photo.JPG

]]> By: Philippe Monnet https://techzinglive.com/page/1039/182-tz-interview-matt-konda-application-security/comment-page-1#comment-8577 Wed, 02 May 2012 01:58:20 +0000 http://techzinglive.com/?p=1039#comment-8577 Great show! For easy reference:
OWASP
OWASP Top 10
Note: OWASP has a couple screencast-tutorials too.

]]> By: Jason https://techzinglive.com/page/1039/182-tz-interview-matt-konda-application-security/comment-page-1#comment-8576 Tue, 01 May 2012 21:01:00 +0000 http://techzinglive.com/?p=1039#comment-8576 Here’s a recorded stream of the Builders Vs Breakers talk Matt did at Chicago BSides:

http://www.ustream.tv/recorded/22195794

]]> By: Tom Eastmond https://techzinglive.com/page/1039/182-tz-interview-matt-konda-application-security/comment-page-1#comment-8572 Mon, 30 Apr 2012 22:49:14 +0000 http://techzinglive.com/?p=1039#comment-8572 For SSH, I always disable root login. I also recommend using a non-standard port – this alleviates almost all automated script attacks. If you’re really concerned about securing SSH consider port knocking: http://en.wikipedia.org/wiki/Port_knocking

]]> By: Ben Boyter https://techzinglive.com/page/1039/182-tz-interview-matt-konda-application-security/comment-page-1#comment-8569 Mon, 30 Apr 2012 07:23:44 +0000 http://techzinglive.com/?p=1039#comment-8569 On the subject of captcha’s someone may find this article I wrote a while ago about them http://www.wausita.com/captcha/ its just a simple guide to breaking them.

]]> By: passy https://techzinglive.com/page/1039/182-tz-interview-matt-konda-application-security/comment-page-1#comment-8567 Sun, 29 Apr 2012 21:41:02 +0000 http://techzinglive.com/?p=1039#comment-8567 I’m confused that on the topic of SSH there was no mention of disallowing password authentication. This is generally considered to be the number one hardening practice for SSH. Instead of using a hard password on your users on the server, use it on your SSH key. This completely disables the risk of practical bruteforce attacks.

]]> By: Spark n Launch https://techzinglive.com/page/1039/182-tz-interview-matt-konda-application-security/comment-page-1#comment-8558 Sat, 28 Apr 2012 08:11:22 +0000 http://techzinglive.com/?p=1039#comment-8558 Interesting podcast.

Pretty scary that your server is constantly under attack. Any vulnerabilities and you could lose data and revenue.

Can’t remember if you spoke about it, but would like to know more about smartphone and tablet vulnerabilities. This feels like a massive gap and opportunity for hackers.

]]>