Risky Business #124 -- Blogger brazenly pwns Web apps, publishes results

Is grey the new white this season?
22 Sep 2009 » Risky Business

On this week's show we'll be taking a look at the disclosure of security vulnerabilities in Web applications.

An interesting blog has recently popped up here. If you visit (at your own risk), what you'll see there is basically nothing but screen caps of owned Web applications. They're big targets, too.

We're talking about Facebook, RBS WorldPay, that sort of thing. Browsing through that blog is a very diverting 20 minutes.

Is owning sites and posting the results like this unethical? We thought we'd ask our guest Adam Pointon. He's a CSO for a financial services company that operates a very complicated web application for tens of thousands of users.

We'll also be chatting with our sponsor guest Paul Asadoorian this week. Paul is the co-host of the PaulDotCom Security Weekly podcast. When he's not in front of a microphone, Paul's out there being Tenable Network Security's evangelist. This week we're chatting with him about some interesting research the SANS Institute has released which revealed which weaknesses in corporate security are actually doing the most damage.

This week's special news guest is Munir Kotadia.

Risky.Biz has been asked to help a well respected security company find a new penetration tester in Melbourne. E-mail jobs at risky dot biz for more information. Details are in the show... if you're not interested, put someone forward for a $1,000 finder's fee.

You can find Risky Business on Twitter here.

Sign up to our weekly newsletter here.