James Kettle of PortSwigger on Advancing Web-Attack Research

Interview LinksPrior Security Nation episode in which loads of PortSwigger references were dropped:https://www.rapid7.com/blog/post/2021/08/18/security-nation-daniel-crowley/New research from James about browser-powered desync attacks:https://portswigger.net/research/browser-powered-desync-attacksRapid Rundown LinksSemi-secret Fortinet advisory: https://twitter.com/Gi7w0rm/status/1578398457227878407CVE Details as they come: https://www.rapid7.com/blog/post/2022/10/07/cve-2022-40684-remote-authentication-bypass-vulnerability-in-fortinet-firewalls-web-proxies/Existence of Fortinet CVE-2022-40684 PoC posted, but not the PoC itself:https://twitter.com/Horizon3Attack/status/1579285863108087810The Hidden Harms of Silent Patches: https://www.rapid7.com/blog/post/2022/06/06/the-hidden-harm-of-silent-patches/Like the show? Want to keep Jen and Tod in the podcasting business? Feel free to rate and review with your favorite podcast purveyor, like Apple Podcasts.

Om Podcasten

Security Nation is a podcast dedicated to celebrating the champions in the cybersecurity community who are advancing security in their own ways. We also cover the latest developments in infosec that you should know about.