Tenable Network Security Podcast - Episode 3

Welcome to the Tenable Network Security Podcast - Episode 3

Announcements

• New whitepaper on web application testing is being released next week.
• Correction on The Tenable appliance it does support Security Center, with future support for PVS and LCE Hardware appliance has been announced as well
• As always be sure to check out our blog at http://blog.tenablesecurity.com

Interview: Brian Martin: The Dos and Don'ts of Web Application Testing

• What makes web application testing so challenging?
• What are some common mistakes that people make when trying to test a web application?
• If you are an organization with over 50 different web applications, how should you approach testing for and remediating vulnerabilities?
• Which web application vulnerabilities are the most elusive and why?
• What are some of the real dangers with vulnerabilities like XSS and CSRF and why do you think people don't pay too much attention to them?
• If you are to tackle doing an security assessment on a web application, where is the best place to start and what tools/resources do your recommend?

Stories

• RBS WordPay hacked, full database access
• Microsoft warns of SMB vulnerability in Windows Server 2008 and Vista
• Microsoft Windows SMB2 '_Smb2ValidateProviderCallback()' Vulnerability (uncredentialed check)
• Wordpress Worm Being Used to Profit

Tenable Events

• Ron Gula will be speaking at the Hacker Halted conference in Miami on September 23, 2009
• Paul Asadoorian and others from Tenable Network Security will be attending Cyber Dawn Cyber Exercise on October 3-4, 2009
• Paul Asadoorian will be speaking at the Louisville Infosec conference on web application security on October 7, 2009