All Episodes

June 3, 2020 28 mins

Have you ever wondered how hackers find vulnerabilities and how companies can find and fix their own? You will find out today! On average 30,000 new websites are hacked every day.

Our guest for this episode is James Kettle. James is the Director of Research at PortSwigger Web Security where he explores new ways to attack websites and designs and refines vulnerability detection techniques for the Burp Suites scanner. 

James shares his hacking experience and hard work helping companies keep their websites secure from all the crazy stuff going on out there.  On today’s episode, James shares his expertise to help you be more aware of possible red flags and prevention measures to take to protect yourself and your website.

Show Notes:

  • [00:40] - When James was at university he saw that Google said they would pay anybody that could hack their website. He thought that sounded like fun and spent a huge amount of time doing that. 
  • [01:02] - Now James works at PortSwigger and researches new techniques to hack websites. 
  • [01:11] - Bounty programs are where a company wants to make sure their product or website doesn’t get hacked by malicious people so they go out and publicly say that anyone is welcome to try and hack their website. If you are successful and you don’t do any damage, but you tell them how you did it they will pay you for it and then fix it. 
  • [03:45] - Pen testing is the classic approach to securing your website where you pay a consultant to spend one or two weeks trying to hack your website. 
  • [05:14] - It is totally worth it to get that third party view. Developers often can’t find problems with their own products. 
  • [06:13] - If you want to find a vulnerability on a website you need to use an attack technique.  
  • [07:15] - These days they see a lot of cross-site scripting vulnerabilities and it’s the most common one they see. 
  • [07:37] - One of the most common causes of high impact breaches is access control issues.  
  • [08:45] - James shares the biggest data breach they were able to do during their testing. 
  • [10:31] - Try to use a framework whenever possible, because it makes things like sequel injection less likely to happen.  
  • [11:01] - The standard approach after you make the website is to try to get someone else to look at it. 
  • [11:27] - With Wordpress, it is very important to keep it up to date, install as few plug-ins as possible, and choose a good password. 
  • [14:08] - Use as few browser extensions as possible to avoid possible malware issues. 
  • [15:25] - Most people are not being personally targeted by hackers so the threats that most people need to watch out for are things that can be automated. 
  • [16:10] - If you are using the same password o
Mark as Played

Advertise With Us

Popular Podcasts

Stuff You Should Know
24/7 News: The Latest

24/7 News: The Latest

The latest news in 4 minutes updated every hour, every day.

Crime Junkie

Crime Junkie

Does hearing about a true crime case always leave you scouring the internet for the truth behind the story? Dive into your next mystery with Crime Junkie. Every Monday, join your host Ashley Flowers as she unravels all the details of infamous and underreported true crime cases with her best friend Brit Prawat. From cold cases to missing persons and heroes in our community who seek justice, Crime Junkie is your destination for theories and stories you won’t hear anywhere else. Whether you're a seasoned true crime enthusiast or new to the genre, you'll find yourself on the edge of your seat awaiting a new episode every Monday. If you can never get enough true crime... Congratulations, you’ve found your people. Follow to join a community of Crime Junkies! Crime Junkie is presented by audiochuck Media Company.

Music, radio and podcasts, all free. Listen online or download the iHeart App.

Connect

© 2025 iHeartMedia, Inc.