Website Security Webcasts and Tutorials

Live Hacking REST – Find SQL Injection You’re Missing

Dan Kuykendall, Co-CEO & CTO, of NT OBJECTives demonstrates how to hack RESTful interfaces using the new vulnerable test app, Hackazon. Dan explains why you’re probably missing SQL Injection in these RESTful interfaces like JSON, XML and AMF, and show how you can begin to discover them.

Chasing the Expanding Attack Surface of Mobile & Web Apps

Security teams are struggling to maintain the effectiveness of their security testing programs in the face of these application changes. New applications have reduced trusted security tools to half measures where they once yielded more coverage and power. It’s critical that enterprises rapidly adopt detection and protection processes and technologies in order to keep with this expanding attack surface.

The 7 Deadly Sins of Mobile Application Development

Dan Kuykendall, Co-CEO & CTO, of NT OBJECTives unveils what he calls The Seven Deadly Sins of Mobile Application Development (such as trusting the client and improper use of NONCE) and what developers can do to sin no more!

SQL Injection Vulns Hidden in New Places

Do you know where your SQLi vulns are? You probably don’t know all of them, especially in mobile apps, web services and RIA’s which are typically developed in new technologies like REST, JSON and AJAX. While security teams are often effective at testing for vulnerabilities in classic HTML applications over GET and POST, most testing methodologies do not handle these new formats. As a result, web applications using these new formats are often littered with SQL Injection and other security vulnerabilities.

Dan Hacks Fantasy Football

While conducting vulnerability testing, NT OBJECTives discovered that the Yahoo! Fantasy Football mobile app was vulnerable to session hijacking, the process of authenticating the user and ensuring an attacker isn’t impersonating a user or eavesdropping on the service.

Here is demonstration of how the mobile hack works can be found in a whiteboard-style video featuring NT OBJECTives’ Kuykendall.

Integrate Security into Your Development Environment

As organizations expand security testing into earlier stages of the SDLC, developers need testing solutions that reduce the time they waste with false positives, and enable them to more easily collaborate with security professionals.

Join James Croall, Senior Product Manager, of Coverity and Dan Kuykendall, Co-CEO & CTO, of NT OBJECTives and learn how you easily and seamlessly integrate security testing into your development environment.

Mobile Application Security: What You Need To Know

NT OBJECTives’ Dan Kukendall and guest speaker, Chenxi Wang, Ph.D., Vice President and Principal Analyst at Forrester Research reveal why and how vulnerabilities in mobile applications, especially custom applications using new rich programming formats, are a serious emerging and overlooked threat.

Massive Scale Rapid Application Security Scanning

You’re suddenly under attack, or it’s happening to someone you know. You’re finally building your application security testing program. Will your boss demand application scan reports from all of your applications?

Wendy Nather, Enterprise Security-Research Director, of 451 Research and Dan Kuykendall, Co-CEO & CTO, of NT OBJECTives discuss how to scale your application security program to address hundreds or thousands of applications and how to avoid the common technology and process pitfalls.

Not Your Granddad’s Web App

The next generation of applications have started to rule the web, and they look very different from their ancestors. In the “good ol’ days”, web apps had their problems, but it was easier to understand and great resources (tools/practices/trainings) were quickly made available to help.

Dan Kuykendall, Co-CEO & CTO of NT OBJECTives, discusses emerging application security threats in the latest technologies.