2015-007-SANS_Top20_14and15--Proving_Grounds_Microcast with Megan Wu!
02/10/15 • 53 min
Extra special treat this week! We do a continuation of our review of the Top 20 Security Controls, in which we do #14 and #15, which all of you will find very interesting.
But the real reason we are posting this today is the Call for Papers and Call for Mentors for the Bsides Las Vegas Proving Grounds! We invited Magen Wu (@tottenkoph) on to discuss. If you've ever asked yourself "I'd like to give a talk, but they'd never put me on" NOW IS YOUR CHANCE! :)
This is a great opportunity if you're a veteran speaker, or just want to give back to the community at large... You can mentor a n00b to help them create a topic, help them hone their paper, and be with them when they give the talk at Bsides Las Vegas in July.
Many thanks to @tottenkoph and @securitymoey. They need your help, both as a mentor and a mentee. This is also an excellent networking opportunity. You get 1-on-1 access to an often influential mentor, someone in the infosec community, and your talk will be seen by several hundred people. hmmm.... maybe I should put one in :D
-----
SANS #14-10:
Ensure that the log collection system does not lose events during peak activity, and that the system detects and alerts if event loss occurs (such as when volume exceeds the capacity of a log collection system). This includes ensuring that the log collection system can accommodate intermittent or restricted-bandwidth connectivity through the use of handshaking / flow control.
------
"Dirty Rhodes" created by Kevin MacLeod (incompetech.com) Licensed under Creative Commons: By Attribution 3.0http://creativecommons.org/licenses/by/3.0/
Extra special treat this week! We do a continuation of our review of the Top 20 Security Controls, in which we do #14 and #15, which all of you will find very interesting.
But the real reason we are posting this today is the Call for Papers and Call for Mentors for the Bsides Las Vegas Proving Grounds! We invited Magen Wu (@tottenkoph) on to discuss. If you've ever asked yourself "I'd like to give a talk, but they'd never put me on" NOW IS YOUR CHANCE! :)
This is a great opportunity if you're a veteran speaker, or just want to give back to the community at large... You can mentor a n00b to help them create a topic, help them hone their paper, and be with them when they give the talk at Bsides Las Vegas in July.
Many thanks to @tottenkoph and @securitymoey. They need your help, both as a mentor and a mentee. This is also an excellent networking opportunity. You get 1-on-1 access to an often influential mentor, someone in the infosec community, and your talk will be seen by several hundred people. hmmm.... maybe I should put one in :D
-----
SANS #14-10:
Ensure that the log collection system does not lose events during peak activity, and that the system detects and alerts if event loss occurs (such as when volume exceeds the capacity of a log collection system). This includes ensuring that the log collection system can accommodate intermittent or restricted-bandwidth connectivity through the use of handshaking / flow control.
------
"Dirty Rhodes" created by Kevin MacLeod (incompetech.com) Licensed under Creative Commons: By Attribution 3.0http://creativecommons.org/licenses/by/3.0/
Previous Episode
2015-006- Is your ISP doing a 'man-in-the-middle' on you?
During our research with Lee Brotherston, who we had on last week for our podcast on threat modeling, we got to listen to one of his talks about how his ISP in Canada was actively doing a Man-in-Middle injection of a banner into sites that he visited.
We were intrigued, and also gobsmacked (I can say that, right?) about the brashness of an ISP not apparently understanding the security implications of this, so we had him back on totalk about the finer points of his research. The bad news? Other ISPs, including American ISPs are using this technology.
This is one of those podcasts that you need to tell your friends about, cause it's truly surprising the lengths ISPs go to injecting content into your pages.
We also have a short message about the Bsides Las Vegas Proving Grounds this year... If you've wanted to present a paper at a conference, and have a mentor guide you through the process, hit them up on the Proving Grounds page at http://www.bsideslv.com
Show notes (lots of info): https://docs.google.com/document/d/1YLkiRE1SVIyWquWc-iQrESWlT10rSJmW1VcrOX3kQZ0/edit?usp=sharing
"Dirty Rhodes" created by Kevin MacLeod (incompetech.com) Licensed under Creative Commons: By Attribution 3.0http://creativecommons.org/licenses/by/3.0/
Next Episode
2015-008- Make your web Apps more secure with Content Security Policy (part 1)
Pawel Krawczyk did an interview with us about Content Security Policy. Learn about what it is, and whether or not the latest browsers can support it.
We also talk about how you can get around it, if there are ways to avoid it if you are a bad guy, and how you can get the most out of it.
If you're a web developer, and want to reduce your site's chances of allowing XSS, you'll want to take a listen to this.
https://w3c.github.io/webappsec/specs/content-security-policy/#changes-from-level-1
https://w3c.github.io/webappsec/specs/content-security-policy/#directive-sandbox
If you like this episode you’ll love
Episode Comments
Generate a badge
Get a badge for your website that links back to this episode
<a href="https://goodpods.com/podcasts/brakesec-education-podcast-15362/2015-007-sans-top20-14and15-proving-grounds-microcast-with-megan-wu-7883843"> <img src="https://storage.googleapis.com/goodpods-images-bucket/badges/generic-badge-1.svg" alt="listen to 2015-007-sans_top20_14and15--proving_grounds_microcast with megan wu! on goodpods" style="width: 225px" /> </a>
Copy