933
  • Webinar: AppSec in your Clouds - Duration: 59 minutes.

    • 4 days ago
    • 16 views
    Description:As cloud infrastructure and platform (IaaS/PaaS) providers differentiate their offerings, many organizations are adopting a multi-cloud strategy to leverage the best of what each world ...
  • Webinar: 2018 AWS re Invent re Cap - Duration: 58 minutes.

    • 2 months ago
    • 29 views
    In this webinar, nVisium hosted a panel discussion to debrief AWS re:Invent 2018. Panelists from nVisium and Kenna Security discussed the latest AWS security announcements, trends, and AWS securit...
  • Securing Kubernetes Architectures - Duration: 1 hour, 5 minutes.

    • 9 months ago
    • 140 views
    In this webinar, nVisium’s CEO, Jack Mannino, explores the Kubernetes attack surface and presents methods to keep your cloud native systems resilient to attack. He demos the cloud-native attack ser...
  • Getting Started - nVisium Secure Code Courses - Duration: 32 minutes.

    • 1 year ago
    • 366 views
    A tutorial on getting started and using nVisium's On Demand Training Platform
  • nVisium Webinar: Keeping Up (Modern Software Security) - Duration: 1 hour, 2 minutes.

    • 1 year ago
    • 140 views
    CEO and CTO, Jack Mannino and Ken Johnson, discuss modern security challenges and solutions around Microservices, Code as Infrastructure, and Cloud security.
  • nVisium Webinar SAMM v1 5 with Brian Glas - Duration: 33 minutes.

    • 1 year ago
    • 621 views
    Brian Glas, a managing consultant at nVisium, walks us through the OWASP SAMM project and how to build a mature security program at your organization.

    If you are interested in hearing more about n...
  • nVisium On-Demand Training Platform (Application Security) - Duration: 62 seconds.

    • 2 years ago
    • 536 views
    Our on-demand training platform is intended to replace antiquated application security training methods such as generic CBTs (computer-based training), where students watch videos and answer multip...
  • Java - Identify Cross-Site Request Forgery (CSRF) - Duration: 2 minutes, 50 seconds.

    • 2 years ago
    • 1,533 views
    This video is part of a training product developed by nVisium to test students in a real application on competency with secure coding concepts. It originates from our Java course and covers identif...
  • Java - Identify Command Injection - Duration: 3 minutes, 53 seconds.

    • 2 years ago
    • 533 views
    This video is part of a training product developed by nVisium to test students in a real application on competency with secure coding concepts. It originates from our Java course and covers mitigat...
  • Java Identify Using Components with Known Vulnerabilities - Duration: 3 minutes, 23 seconds.

    • 2 years ago
    • 226 views
    This video is part of a larger product developed by nVisium to test students in a real application on competency with secure coding concepts. It originates from our Java course and covers identifyi...
  • Java SQL Injection Mitigation - Duration: 3 minutes, 26 seconds.

    • 2 years ago
    • 743 views
    This video is part of a larger product developed by nVisium to test students in a real application on competency with secure coding concepts. It originates from our Java course and covers mitigatin...
  • Django Broken Authentication - Credential Storage - Duration: 2 minutes, 40 seconds.

    • 2 years ago
    • 258 views
    This video demonstrates upgrading the password hashing used by a Django application. We demonstrate fixing an application that uses a weak hashing algorithm (MD5). This video clip is a small sample...
  • Time Based Username Enumeration - Duration: 14 minutes.

    • 2 years ago
    • 285 views
    This tutorial is focused around demonstrating the enumeration of valid accounts on web sites leveraging time-based comparison code written by the video's author, John Poulin. We briefly describe th...
  • Grails Security Misconfiguration - Duration: 4 minutes, 36 seconds.

    • 2 years ago
    • 48 views
    In this tutorial, we discuss the Security Misconfiguration section of OWASP's Top 10 (A5). We provide tools for monitoring your environment and some basic checks for security misconfiguration in Gr...
  • Grails Insecure Direct Object Reference - Duration: 4 minutes, 50 seconds.

    • 2 years ago
    • 74 views
    This video demonstrates common ways in which Insecure Direct Object Reference (A4/IDOR) manifest within a Grails application. We demonstrate remediating IDOR flaws within Grails. This tutorial is p...
  • Grails XSS - Duration: 5 minutes, 31 seconds.

    • 2 years ago
    • 76 views
    This video demonstrates common ways in which Cross-Site Scripting (A3/XSS) manifest within a Grails application. We demonstrate remediating XSS flaws within Grails. This tutorial is part of the Gra...
  • Grails SQL Injection and Broken Auth/Session Mgmt. - Duration: 9 minutes, 15 seconds.

    • 2 years ago
    • 220 views
    This video demonstrates common Injection (A1) and Broken Authentication & Session Management (A2) flaws within a Grails application and shows remediating or mitigating these flaws. This tutorial is...
  • nVisium Webinar - AWS Security - Duration: 51 minutes.

    • 2 years ago
    • 255 views
    nVisium CTO, Ken Johnson, discusses his lessons learned and approach for hardening, monitoring, and disaster recovery as it applies to AWS Security.

    Slides available here: https://nvisium.com/docu...
  • Intro to Web Hacking 10 of 10 - Duration: 14 minutes.

    • 2 years ago
    • 359 views
    In this tutorial we cover Cross-Site Scripting (XSS) from manual and automated detection to exploitation and preventative measures.
  • Intro to Web Hacking 9 of 10 - Duration: 8 minutes, 45 seconds.

    • 2 years ago
    • 252 views
    In this tutorial we demonstrate and discuss business and functional logic flaws. We discuss how to identify functionality that might be vulnerable as well as how to exploit it.
  • Intro to Web Hacking 8 of 10 - Duration: 17 minutes.

    • 2 years ago
    • 298 views
    In this tutorial we demonstrate and discuss detection, exploitation, and prevention of SQL Injection. We show exactly what a SQL query looks like, how it works, how the vulnerable code is written, ...
  • Intro to Web Hacking 7 of 10 - Duration: 12 minutes.

    • 2 years ago
    • 363 views
    This video covers common access control weaknesses and how to asses these security controls as well as exploit them.

    We explain and demonstrate:

    Forceful Browsing
    Parameter Based Controls
    Non-UI ...
  • Intro to Web Hacking 6 of 10 - Duration: 16 minutes.

    • 2 years ago
    • 422 views
    This video covers common session management weaknesses and how to asses these security controls as well as exploiting them. We explain and demonstrate:

    Session Fixation
    Cookie Flags
    Session Termin...
  • Intro to Web Hacking 5 of 10 - Duration: 14 minutes.

    • 2 years ago
    • 507 views
    This video discusses common authentication weaknesses and how to asses these security controls as well as exploiting them. We explain and demonstrate:

    Username Enumeration
    Insecure Account Lockout...
  • Intro to Web Hacking 4 of 10 - Duration: 10 minutes.

    • 2 years ago
    • 667 views
    This video discusses Client-Side controls and how the play a part in vulnerability discovery and exploitation. We explain and demonstrate:

    Hidden Form Fields
    .NET ViewState
    JavaScript Controls
    Bur...
  • Intro to Web Hacking 3 of 10 - Duration: 9 minutes, 34 seconds.

    • 2 years ago
    • 698 views
    This is the third episode in our Intro to Web Hacking series. This tutorial covers basic techniques for mapping an application's attack surface. We discuss the purpose of performing mapping & enume...
  • Intro to Web Hacking 2 of 10 - Duration: 14 minutes.

    • 2 years ago
    • 782 views
    This is the second video in our "Intro to Web Hacking" series. We cover fundamental aspects of the web that a viewer will need in order to be proficient at web hacking.

    In this video we explain an...
  • Intro to Web Hacking 1 of 10 - Duration: 10 minutes.

    • 2 years ago
    • 2,840 views
    This tutorial is Part 1 of our "Introduction to Web Hacking" series and is intended for absolute beginners. In this tutorial, we discuss the basics of HTTP Requests & Responses, explain the Documen...
  • Swift Security - Duration: 9 minutes, 20 seconds.

    • 2 years ago
    • 458 views
    In this tutorial, we demonstrate two of the OWASP Mobile Top 10 categories. Insecure Data Storage and Unintended Data Leakage. We show how these flaws manifest in a Swift application. Seth Law, the...
  • intro to burp extender jython - Duration: 13 minutes.

    • 2 years ago
    • 2,339 views
    In this episode, we show building two Burp extensions in Python. One plugin is a simple "hello world" style plugin with explanations. The second plugin creates an additional tab at the HTTP message...
  • Django SQL Injection - Duration: 8 minutes, 56 seconds.

    • 2 years ago
    • 3,895 views
    This video demonstrates common ways in which Injection issues manifest within a Django application. We demonstrate remediating Injection flaws within Django. This video clip is a small sample deriv...
  • Django Cross-Site Scripting (XSS) - Duration: 5 minutes, 54 seconds.

    • 2 years ago
    • 1,747 views
    This video demonstrates common ways in which Cross-Site Scripting (OWASP A3/XSS) manifest within a Django application. We demonstrate remediating XSS flaws within Django. This video clip is a small...
  • Node.js + Passport.js + Sequelize.js - Duration: 12 minutes.

    • 2 years ago
    • 26,707 views
    In this tutorial we show implementing Sequelize with Passport.js in a Node.js/Express.js application. The purpose of this tutorial is to show the basics of hashing a user's password, Sequelize vali...
  • Rails Security Misconfiguration - Duration: 7 minutes, 17 seconds.

    • 2 years ago
    • 193 views
    This tutorial covers common security misconfigurations in Ruby on Rails applications as well as prevention and is listed as OWASP's A5 category. We demonstrate the use of tools to detect outdated s...
  • Rails Injection - Duration: 13 minutes.

    • 2 years ago
    • 422 views
    This tutorial explains common ways in which SQL Injection and Command Injection (A1) manifest within a Ruby on Rails application. We demonstrate both impact and remediation and provide helpful reso...
  • Rails Session Management - Duration: 16 minutes.

    • 2 years ago
    • 2,784 views
    This tutorial covers session related weaknesses and is part 1 of a 2 part tutorial on OWASP's A2 category. We demonstrate session fixation weaknesses and provide the resolution, thoroughly explain ...
  • Rails Broken Authentication - Duration: 16 minutes.

    • 2 years ago
    • 153 views
    This tutorial covers authentication weaknesses and is part 2 of a 2 part tutorial on OWASP's A2 category. We discuss and demonstrate password complexity weaknesses, username enumeration, brute-forc...
  • Rails Cross-Site Scripting (XSS) - Duration: 12 minutes.

    • 2 years ago
    • 479 views
    This video demonstrates common ways in which Cross-Site Scripting (A3/XSS) manifest within a Ruby on Rails application. We demonstrate remediating XSS flaws within Ruby on Rails. This tutorial is p...
  • Rails Insecure Direct Object Reference - Duration: 8 minutes, 16 seconds.

    • 2 years ago
    • 188 views
    In this tutorial, we cover Insecure Direct Object Reference (IDOR) weaknesses and how they manifest in Ruby on Rails. We show preventive measures that can be taken and demonstrate how the attack oc...
  • Rails Sensitive Data Exposure - Duration: 13 minutes.

    • 2 years ago
    • 297 views
    This tutorial discusses Sensitive Data Exposure in Ruby on Rails applications as well as prevention and is listed as OWASP's A6 category. We demonstrate implementing encryption, hashing passwords u...
  • Rails Missing Function Level Access Control - Duration: 9 minutes, 3 seconds.

    • 2 years ago
    • 177 views
    This tutorial discusses Missing Function Level Access Control and how it occurs in Rails applications. This category of weakness is listed as OWASP's A7 category. We demonstrate weaknesses in acces...
  • Rails Cross-Site Request Forgery (CSRF) - Duration: 12 minutes.

    • 2 years ago
    • 755 views
    This tutorial discusses Cross-Site Request Forgery (CSRF), Rails anti-CSRF mechanisms, commons mistakes in Rails applications, as well as a demonstration of the attack.
  • Rails Using Known Vulnerable Components - Duration: 4 minutes, 4 seconds.

    • 2 years ago
    • 71 views
    In this tutorial we discuss how the A9 category effects Rails applications and show tools to prevent these problems in your application.
  • Rails Unvalidated Redirects and Forwards - Duration: 5 minutes, 41 seconds.

    • 2 years ago
    • 137 views
    In this video we discuss OWASP'S A10 category, Unvalidated Redirects and Forwards. We provide a description of the issue, demonstrate the attack, and provide several solutions.
  • Security in Agile/DevOps Environments - Duration: 53 minutes.

    • 2 years ago
    • 51 views
    James Wickett, Matt Tesauro, Jimmy Mesta, and Justin Collins discuss building security into modern development environments.
  • IoT & Wearables Security - Duration: 58 minutes.

    • 2 years ago
    • 43 views
    nVisium's VP of Solutions, David Lindner, discusses security issues around wearable technology.
  • Beyond the Pentest: Evolving Security Landscape - Duration: 49 minutes.

    • 2 years ago
    • 71 views
    Q&A with security industry experts Rob Fuller, Chris Gates, Robin Wood, and Seth Law. In this episode our special guests answer questions from our audience members about such things as public inter...
  • Top 3 Rails Security Issues - Duration: 40 minutes.

    • 2 years ago
    • 109 views
    nVisium's CTO, Ken Johnson, discusses nVisium's Top 3 Ruby on Rails application security issues.
  • Exploring Obscure Web App Vulnerabilities - Duration: 1 hour, 30 minutes.

    • 2 years ago
    • 151 views
    nVisium's Managing Consultant, Tim Tomes, discusses obscure web application vulnerabilities.
  • Android Lollipop Security - Duration: 25 minutes.

    • 2 years ago
    • 39 views
    nVisium's CEO, Jack Mannino discusses Android's Lollipop security.
to add this to Watch Later

Add to

Loading playlists...