00:00 - Welcome!
00:06 - Zach H. - Are bug bounty programs effective?
01:09 - John S. - Bug bounty VS full product analysis - use issue tracker for 3rd party code, libraries
02:29 - Zach H. - Bug bounties VS full-time analyst. Community-based.
03:15 - Jordan D. - Always digging through code
03:45 - John S. - Bounty hunters look for more universal generic bugs
04:46 - Chris T. - Agree, example Log4Shell - write an identifier script to save work
05:29 - John S. - Customers need to know enough to ask for what they need
06:51 - Zach H. - How can the community be more helpful?
07:23 - Chris T. - Add security points to non-security-focused discussions
08:52 - Amiran A. - Expand focus to include systemic issues
10:16 - John S. - Legacy code obstacles, moving to a SAAS model
15:10 - Jordan D. - Revenue is priority
16:06 - Chris T. - Difficulties transitioning from flash/legacy code in general
17:56 - John S. - Legacy code in the cloud
19:38 - Jordan D. - Elastic Map Reduce issues
20:32 - John S. - Some languages allow crappy but functional code to look like good code
21:26 - Tim F. - Pressure to code fast - skip over learning process
24:43 - Chris T. - Scrum masters and minimum viable product
26:09 - Zach H. - Is Secure by Design a viable option? No.
26:44 - Jordan D. - Accountability problem
27:16 - Chris T. - Fines are ineffective
28:10 - John S. - CISA pledge and checklist mentality. Infosec is fun!
29:47 - Zach H. - Do you ever see an organization with proper security?
29:54 - John S. - Yes. Honey Badger Award - Our job is to make our job more difficult
31:26 - Chris T. - Organizations recognize quality after getting burned
32:25 - Zach H. - If pentesters don’t find vulns, how do you know it’s a quality test?
32:49 - John S. - Confidence comes with experience
33:19 - Jordan D. - No findings means dig deeper, developing new tools
33:32 - Chris T. - Crowdsource if you get stuck
34:08 - John S. - New class of cards for competitive Backdoors and Breaches is being tested
/// 📄 View our Pay-What-You-Can Courses
www.antisyphontraining.com/pay-what-you-can/
/// 📄 View the Antisyphon Course Catalog
www.antisyphontraining.com/course-catalog/
/// 📄 View Our Live Training Course Calendar
www.antisyphontraining.com/training-calendar/
/// 📄 Antisyphon Training Roadmap
www.antisyphontraining.com/training-roadmap/
///Antisyphon Socials
Twitter: Antisy_Training
Mastodon: infosec.exchange/@Antisy_Training
LinkedIn: www.linkedin.com/company/antisyphon-training
Discord: discord.gg/ffzdt3WUDe
///Antisyphon Training
Pay What You Can: www.antisyphontraining.com/pay-what-you-can/
Live Training: www.antisyphontraining.com/training-calendar/
On Demand Training: www.antisyphontraining.com/on-demand-courses/
///Antisyphon Shirts
spearphish-general-store.myshopify.com/collections/antisyphon-training
///Educational Infosec Content
Black Hills Infosec UA-cam: ua-cam.com/users/blackhillsinformationsecurity
Black Hills Infosec Blogs: www.blackhillsinfosec.com/blog/
Wild West Hackin' Fest UA-cam: ua-cam.com/users/wildwesthackinfest
Active Countermeasures UA-cam: ua-cam.com/users/activecountermeasures
///Backdoors & Breaches - Incident Response Card Game
Backdoors & Breaches: www.backdoorsandbreaches.com/
Play B&B Online: play.backdoorsandbreaches.com
Join us at the annual information security conference in Deadwood, SD (in-person and virtually) - Wild West Hackin' Fest: wildwesthackinfest.com/
#bhis #antisyphon #infosec #CyberSecurity #training