55 - Charlie Belmer & NoSQL Injection

This week Jeff Foley hangs all to talk about asset discovery using amass, recon methodologies,  hashcat style brute forcing vs. wordlists, extending functionality via the embedded Lua engine and more. My 3 main takeaways were 1) how to find assets that don’t share a domain name using JARM 2) how they made scanning faster by essentially lowering the DNS brute forcing query rate and 3) what the future has in store for the project For more information, including the show notes check out https://breachsense.io/podcast            This week Jim Manico joins the show to talk about Cross Site Scripting, CSPs, strict dynamic, trusted types, SameSite cookies,  NIST SP 800-63, password shucking and more. My 3 main takeaways were 1) how to do input validation correctly 2) why using nonces in your CSP is safer than creating an allowed list policy and 3) the right way to handle passwords For more information, including the show notes check out https://breachsense.io/podcast This week Jim Manico joins the show to talk about Cross Site Scripting, CSPs, strict dynamic, trusted types, SameSite cookies,  NIST SP 800-63, password shucking and more. My 3 main takeaways were 1) how to do input validation correctly 2) why using nonces in your CSP is safer than creating an allowed list policy and 3) the right way to handle passwords For more information, including the show notes check out https://breachsense.io/podcast This week Jim Manico joins the show to talk about Cross Site Scripting, CSPs, strict dynamic, trusted types, SameSite cookies,  NIST SP 800-63, password shucking and more. My 3 main takeaways were 1) how to do input validation correctly 2) why using nonces in your CSP is safer than creating an allowed list policy and 3) the right way to handle passwords For more information, including the show notes check out https://breachsense.io/podcast This week Jim Manico joins the show to talk about Cross Site Scripting, CSPs, strict dynamic, trusted types, SameSite cookies,  NIST SP 800-63, password shucking and more. My 3 main takeaways were 1) how to do input validation correctly 2) why using nonces in your CSP is safer than creating an allowed list policy and 3) the right way to handle passwords This week Charlie Belmer joins the show to chat about NoSQLi, web proxies, cloud security, tips to get started in InfoSec and more. My 3 main takeaways were 1) how SQLi differs from NoSQLi 2) why privacy still matters and 3) How cookieless tracking works and some of the frightening techniques used For more information, including the show notes check out https://breachsense.io/podcast 

Om Podcasten

The goal of the podcast is to share practical tips of what works and what doesn't in information security. Essentially we turn our guests' wisdom into practical tips you can use to improve your own skills.