All Episodes
Displaying 81 - 100 of 130 in total
Episode 81: Cryptographic Failures
When encryption fails, the consequences can be catastrophic. In this episode, we explore cryptographic failures—formerly called "Sensitive Data Exposure" in the OWASP ...
Episode 82: Injection Flaws Explained
Injection vulnerabilities have been on the OWASP Top Ten for years—and for good reason. In this episode, we explain how SQL, command-line, and LDAP injection flaws all...
Episode 83: Cross-Site Request Forgery (CSRF)
In this episode, we examine Cross-Site Request Forgery, or CSRF—a vulnerability that tricks authenticated users into executing unwanted actions on a web application. Y...
Episode 84: Directory Traversal Vulnerabilities
When input isn’t properly restricted, users can end up accessing far more than intended. In this episode, we break down directory traversal vulnerabilities—flaws that ...
Episode 85: Insecure Design Patterns
Not all vulnerabilities are bugs—some are architectural. In this episode, we explore the concept of insecure design, a growing concern recognized in recent OWASP ranki...
Episode 86: Security Misconfiguration Issues
Even the strongest tools can be rendered useless by poor configuration. In this episode, we explore how security misconfigurations—ranging from default credentials and...
Episode 87: End-of-Life and Legacy Component Risk
Running outdated software isn't just inconvenient—it’s dangerous. In this episode, we explore the risks posed by end-of-life (EOL) systems and unsupported components, ...
Episode 88: Identification and Authentication Failures
If attackers can bypass your login system, the rest of your defenses may not matter. In this episode, we explore identification and authentication failures such as bro...
Episode 89: Server-Side Request Forgery (SSRF)
Some of the most dangerous requests come from inside the house. In this episode, we unpack Server-Side Request Forgery (SSRF), a vulnerability that allows attackers to...
Episode 90: Remote Code Execution (RCE) Threats
Few vulnerabilities are as critical—or as devastating—as remote code execution. In this episode, we explore how RCE vulnerabilities allow attackers to run arbitrary co...
Episode 91: Privilege Escalation Techniques and Dangers
Attackers often start with limited access—but they rarely stay there. In this episode, we break down privilege escalation vulnerabilities, which allow attackers to mov...
Episode 92: Local/Remote File Inclusion (LFI/RFI)
Sometimes attackers don’t need to upload malicious files—they just need to include them. In this episode, we explore Local File Inclusion (LFI) and Remote File Inclusi...
Episode 93: Compensating Controls in Vulnerability Management
What happens when you can’t fix a vulnerability directly? In this episode, we introduce the concept of compensating controls—alternative safeguards put in place to red...
Episode 94: Control Types and Their Purposes
Not all security controls serve the same function. In this episode, we explain the various types of controls used across cybersecurity programs and why it’s important ...
Episode 95: Patch and Configuration Management Lifecycle
Vulnerabilities don’t just exist—they persist, especially when patch and configuration management processes are weak. In this episode, we walk through the full lifecyc...
Episode 96: Maintenance Windows and Update Timing
Security teams can’t just apply patches whenever they want—especially in enterprise environments where uptime and availability are critical. In this episode, we explor...
Episode 97: Documenting and Handling Exceptions
Sometimes a vulnerability can’t be fixed—at least, not right away. In this episode, we explain how analysts and risk managers document and process exceptions: formal r...
Episode 98: Risk Management Principles for Vulnerability Response
Effective vulnerability management is built on sound risk management principles. In this episode, we explore the four classic risk response strategies—accept, avoid, t...
Episode 99: Policy, Governance, and SLO Integration
Cybersecurity doesn’t happen in a vacuum—it happens under governance. In this episode, we explain how policies, governance structures, and service-level objectives (SL...
Episode 100: Vulnerability Prioritization and Escalation
In a world where thousands of vulnerabilities exist, how do you decide which to address first? In this episode, we break down the art and science of vulnerability prio...
