James Kettle of PortSwigger on Advancing Web-Attack Research

Update: 2022-10-12

Description

Interview Links

Prior Security Nation episode in which loads of PortSwigger references were dropped:
- https://www.rapid7.com/blog/post/2021/08/18/security-nation-daniel-crowley/
New research from James about browser-powered desync attacks:
- https://portswigger.net/research/browser-powered-desync-attacks

Rapid Rundown Links

Semi-secret Fortinet advisory:
- https://twitter.com/Gi7w0rm/status/1578398457227878407
CVE Details as they come:
- https://www.rapid7.com/blog/post/2022/10/07/cve-2022-40684-remote-authentication-bypass-vulnerability-in-fortinet-firewalls-web-proxies/
Existence of Fortinet CVE-2022-40684 PoC posted, but not the PoC itself:
- https://twitter.com/Horizon3Attack/status/1579285863108087810
The Hidden Harms of Silent Patches:
- https://www.rapid7.com/blog/post/2022/06/06/the-hidden-harm-of-silent-patches/

Like the show? Want to keep Jen and Tod in the podcasting business? Feel free to rate and review with your favorite podcast purveyor, like Apple Podcasts.

Comments

In Channel

Tod and Jen and Jennifer on Season 5 of Security Nation

2022-12-2125:00

Jeremi Gosney on the Psychology of Password Hygiene

2022-10-2648:37

James Kettle of PortSwigger on Advancing Web-Attack Research

2022-10-1236:00

Taki Uchiyama of Panasonic on Product Security and Incident Response

2022-09-2830:05

Chris Levendis and Lisa Olson on Cloud CVEs

2022-09-1436:20

Gordon “Fyodor” Lyon on Nmap, the Open-Source Security Scanner

2022-08-3137:00

Jen and Tod on Hacker Summer Camp 2022

2022-08-1833:56

Curt Barnard on Defaultinator (Black Hat Arsenal Preview)

2022-08-0332:24

Jacques Chester of Shopify Talks CVSS Scores

2022-07-2039:36

Pete Cooper and Irene Pontisso on the Results of the UK Government’s Security Culture Challenge

2022-07-0636:02

Steve Micallef of SpiderFoot on Open-Source Intelligence

2022-06-2230:02

Phillip Maddux on HoneyDB, the Open-Source Honeypot Data Project

2022-06-0820:48

Omer Akgul and Richard Roberts on YouTube VPN Ads

2022-05-2538:46

Jim O’Gorman and g0tmi1k on Kali Linux

2022-05-1133:15

Whitney Merrill on the Crypto & Privacy Village (and the Latest in Data Privacy)

2022-04-2738:50

Kate Stewart on Open-Source Projects at the Linux Foundation

2022-04-1338:29

David Rogers on IoT Security Legislation

2022-03-3032:40

Bob Lord on Securing the DNC

2022-03-1636:42

Matthew Kienow on Open-Source Security and the Recog Framework

2022-03-0329:51

Amit Serper on Finding Leaks in Autodiscover

2022-02-1637:08

00:00

James Kettle of PortSwigger on Advancing Web-Attack Research

nowthisispodcasting@rapid7.com (James Kettle, Tod Beardsley, Jen Ellis, Jennifer Carson)

#box-pro-ellipsis-176692867300113{-webkit-line-clamp:2;}James Kettle of PortSwigger on Advancing Web-Attack Research

James Kettle of PortSwigger on Advancing Web-Attack Research

nowthisispodcasting@rapid7.com (James Kettle, Tod Beardsley, Jen Ellis, Jennifer Carson)

James Kettle of PortSwigger on Advancing Web-Attack Research