Water

This is bS!

Next search will be "how to not get my door break in by the nsa swat team . Lol

Great content 😊

Was this work ever open sourced...and if so where? Thanks!

The beauty is he started from history and explained how these things evolved. thanks for posting.

"how to hack an api in 15 minutes" *the video is 47 minutes* hmmmmm

Promo_SM 💋

Very Impressive presentation. Best of Luck guys!

Good talk

Very informative...

Interesting talk, enjoyed the attack vectors from a mobile perspective

Way to go Vis 👏🏼👏🏼👌🏽

Great job Andy!

Nice talk

Probably my favorite talk from the con. Jim is just too passionate, which talkers would understand this is how you have to give a presentation! Down like 6 cups of coffee before!!!

Very interesting points on GPT and how attackers will create the third party lib do what it thought it should and then insert malware! Great TAlk!

Great panel, wish there were more freeform talks at LASCON

I really enjoyed this talk! Metrics are Key and we need to start talking how AppSec is not a cost center but a way to increase revenue

Great Talk!

Audio got worse when they changed his mic!

Great Talk!

get new app then diff with old

Excelent explanaition about DevSecOps!!

I would argue on the agents part , "agents do not utilise much server resources." Also they would not impact opeations at all. The vulnerability management idustry again keeps on improvising day by day. One such agent based scanning is provided by Qualys, while they also deal with suite of quality security by products, vulnerability management detection and response has been their key specialization.

Love it. Leaders inspire. Inspire someone! Taking notes is an underrated skill. Our memories are fallible. We all need to embrace it.

Did you have tool's

Super helpful framework. Thank you!

Great presentation.Been wondering if there is a video guide/tutorial on the end to end installation of packet fence. The existing documentation is high level and may not be good for the newbies

wtf

Good presentation, thanks for job

What do you guys think about the qualys cloud scanners

A well-rounded presentation about a sound approach. Thanks Josh! For me, accountability is the key to making this work - specifically, the 'risk owners' (or 'information asset owners' or whatever you call them) need to accept personal accountabilty for the risk treatment decisions and actions arising. Costly but necessary controls need to be funded, so ownership needs to be high enough up the hierarchy to secure the resources and priorise the work appropriately, relative to everything else going on. Linking risk level to management level is a neat way of putting it and hints at the idea of aggregating or rolling-up risk, with lower levels handling the individual risks while management oversees and manages the lot (e.g. all the information risks relating to the HR system in aggregate rightly belong to the HR Director, whereas HR, risk, security, IT and other people may be handling the component risks).

I think you should be arrested for this🤣🤣

p͓̽r͓̽o͓̽m͓̽o͓̽s͓̽m͓̽ ✅

great video

Definitely worth the watch!

Very good presentation. Thank you.

Really cool!

This is awesome, I am a vuln analyst and they are spot on

I handled quite some vulnerability and scanner products from different vendors. The "Risk Score Systems" of all the products, I have seen, are basically a joke. When I see 5 digits risk numbers from a system that does not know what the system is used for and especially what data is on it and to what it is connected I see "Snake Oil" and "Fairy Dust". People doing this software have never got in touch with risk management, risk management methodes & metrics and risk management processes. So basically, those risk scores are not "a better guess" than the CVSS-Score. But it is a point of sale, If I tell my management with the help product I could reduce "risk" (what ever the vendor is considering as risk) by a 5 digit number I might get a bonus for my "great" work. It is simply trading with fear and uncertainties of unaware people - I do not support this. Further more those tool simply cannot do what an attacker would do, chaining in attack trees, they can only understand standalone vulnerabilities but not the interplay between multiple chained attacked vulnerabilities. For this you need a complex model called risk & threat or MFEA... in a digital model based form... that allows you to perform quick simulations by adding or removing factors. As long as this "scanner" do not understand you IT-mized process and it´s components ignore the ratings.

Thank you for pointing this. I'm so sick of death of things becoming becoming worthless and obsolete because of this certificate error nonsense

I watched, then sent this to my daughter, who will be getting into this career. Excellent presentation.

❤🌹 God bless you 🙏🙏. Do not waste your time > P r o m o S M !

You're a candle in the darkness, want to be youtube friends?

useful content. thanks man

Best ever talk on gpg IMO

I really wished he had compared the flows.

@17:30 cameraman - and instead of zooming in on the slides - and decides - enough of slides - zooms in on the presenter duhhhhh sad