Information Disclosure Vulnerabilities – Ryan Kelso – ASW #78
September 30, 2019
Ryan Kelso is the Application Security Engineer at 10-Sec, Inc. Former developer turned application security engineer with a passion for giving back to the security community that has helped me out tremendously with getting into this field. Information disclosures traditionally aren't seen as high priority fixes, but can be pretty important in an exploitation chain. The more information provided to an attacker, the better equipped that attacker is.
Full Show Notes: https://wiki.securityweekly.com/ASW_Episode78
Visit https://www.securityweekly.com/asw for all the latest episodes!
We have exciting news about the Security Weekly webcast program: We are now partnered with (ISC)2 as an official CPE provider! If you attend any of our webcasts, you will be receiving 1 CPE credit per webcast! Register for one of our upcoming webcast with Zane Lackey of Signal Sciences, Ian McShane from Endgame, or Stephen Smith and Jeff Braucher of LogRhythm (or all 3!) by going to securityweekly.com/webcasts If you have missed any of our previously recorded webcasts, you can find our on-demand library at securityweekly.com/ondemand
Security Weekly will be at Hacker Halted in Atlanta, GA this October 10th-11th! EC-Council is offering our listeners a $100 discount to attend the two day conference. Use discount code HH19SW when you register or go to securityweekly.com/hackerhalted and register there! Make sure you checkout the keynote (Paul Asadoorian) and Mr. Jeff Man's talk as well!
Apple continues to stay in the limelight with news around zero-day exploits; unknown researcher alleges Apple failed to patch bugs he found and did not give him credit, then claims to have released exploit code.
Vulnerability scanners aren't quite as essential and central as they once were, but they're still necessary. This round of reviews will focus entirely on commercial and open-source network vulnerability scanners.
This review group will cover commercial and open-source network vulnerability scanners. In a few months, we’ll revisit vulnerability management to cover products that focus on analysis and remediation of vulnerability scanning results .