Best Sql Injection Podcasts (2025)

1
Ep. 13 – nOAuth Account Misbinding & Assumed-Breach to Domain Admin (Season Finale) 15:09

Play Pause

9d ago15:09

15:09

One misbound identity. One exposed internal path. Two routes to total compromise. In this season finale of Hacked & Secured: Pentest Exploits & Mitigations, we break down two real-world findings that show how small trust assumptions can unravel entire systems: nOAuth (SSO account misbinding) — Multi-tenant SSO auto-linked accounts by email instead …

1
Fake Extensions to AI Bug Hunters: AppSec News Deep Dive | The AppSec Insiders Podcast Ep.18 18:49

13d ago18:49

18:49

In this episode of The AppSec Insiders Podcast, we dive into two major security stories making headlines: a fake Solidity extension that drained a developer’s crypto wallets, and Google’s AI-powered tool “Big Sleep” uncovering a critical Chrome vulnerability. From malicious packages to AI-driven defenses, we break down what these cases reveal about…

1
Ep. 12 – Timing Attacks & Mobile OAuth Hijack: When Microseconds and Misflows Betray You 14:09

1M ago14:09

14:09

A few microseconds. One silent browser session. That’s all it took for attackers to break into systems without tripping a single alert. In this episode of Hacked & Secured: Pentest Exploits & Mitigations, we explore two subtle but devastating flaws: 🔹 Timing Attacks for Token Leaks – By measuring microsecond delays, attackers were able to recover s…

1
SQL Injection to RCE: Fortinet's Critical Vulnerability Exposed | The AppSec Insiders Podcast Ep. 17 17:31

1M ago17:31

17:31

On this episode of The AppSec Insiders Podcast, we dive into CVE-2025-25257, a Fortinet FortiWeb Fabric Connector SQL injection vulnerability that escalates to RCE. We break down how this exploit works, why it’s so impactful, and what lessons organizations can learn, from proper network segmentation to the importance of SAST in your pipeline. We al…

1
Prompt Injection to RCE: When AI Gets Compromised | The AppSec Insiders Ep.16 18:29

3M ago18:29

18:29

In this episode, we unpack CVE-2025-49596, where prompt injection, CSRF, and localhost access were chained to achieve RCE in the MCP Inspector AI tool. Learn how the exploit worked, what it reveals about LLM security risks, and how to defend against similar threats with sandboxing, access controls, and DevSecOps monitoring.…

1
Ep. 11 – Account Takeover, Token Misuse, and Deserialization RCE: When Trust Goes Wrong 17:15

3M ago17:15

17:15

One flawed password reset. One shared session token. One dangerous object. In Episode 11 of Hacked & Secured: Pentest Exploits & Mitigations, we break down three real-world vulnerabilities where trust between systems and users broke down—with serious consequences. Account Takeover via Forgot Password – A predictable ID and exposed tokens let attack…

1
Ep. 10 – Cookie XSS & Image Upload RCE: One Cookie, One File, Full Control 20:12

3M ago20:12

20:12

One cookie set on a subdomain triggered XSS and stole session tokens. One fake image upload gave the attacker a reverse shell. This episode breaks down two powerful exploits—a cookie-based XSS that bypassed frontend protections, and an RCE through Ghostscript triggered by a disguised PostScript file. Learn how subtle misconfigurations turned everyd…

1
Ep. 9 – Directory Traversal & LFI: From File Leaks to Full Server Crash 25:05

4M ago25:05

25:05

One markdown link copied server files. One poisoned log triggered remote code execution. One LFI crashed the entire server. In this episode, we unpack three real-world exploits—directory traversal and local file inclusion flaws that went far beyond file reads. From silent data leaks to full server compromise, these attacks all started with a single…

1
Ep. 8 – OTP Flaw & Remote Code Execution: When Small Flaws Go Critical 15:45

6M ago15:45

15:45

A broken logout flow let attackers hijack accounts using just a user ID. A self-XSS and an IDOR exposed stored data. And a forgotten internal tool—running outdated software—ended in full Remote Code Execution. This episode is all about how small bugs, missed checks, and overlooked services can lead to serious consequences. Chapters: 00:00 - INTRO 0…

1
Ep. 7 – IDOR & SSTI: From File Theft to Server-Side Secrets 19:35

6M ago19:35

19:35

A predictable ID exposed private documents. A crafted name leaked backend files. In this episode, we break down two high-impact flaws—an IDOR that let attackers clone confidential attachments, and an SSTI hidden in an email template that revealed server-side files. Simple inputs, big consequences. Learn how they worked, why they were missed, and ho…

1
Ep. 6 – 403 Bypass & Request Smuggling: Tiny Tricks, Total Takeover 17:14

7M ago17:14

17:14

A single uppercase letter unlocked an admin panel. One malformed request hijacked user sessions. In this episode, we break down two real-world exploits—a 403 bypass and a request smuggling attack—that turned small oversights into full system compromise. Learn how they worked, why they were missed, and what should have been done differently. Chapter…

1
Ep. 5 – Stored XSS & SQL Injection: Small Flaws, Big Breaches 16:08

7M ago16:08

16:08

A simple filename triggered stored XSS, hijacking accounts and stealing API keys. A SQL injection bypassed a web firewall, dumping an entire database in one request. Both attacks exploited basic security flaws—flaws that should have been caught. Learn how these exploits worked, why they were missed, and what should have been done differently. Chapt…

1
Ep. 4 – Exposed Secrets & Silent Takeovers: How Misconfigurations Open the Door to Attackers 21:15

7M ago21:15

21:15

Exposed secrets, overlooked permissions, and credentials hiding in plain sight—each one leading to a critical breach. In this episode, we break down three real-world pentest findings where a forgotten file, a misconfigured setting, and a leaked credential gave attackers full control. How did they happen? How can you find similar issues? And what ca…

1
Ep. 3 – One Request, One URL, One Bluetooth Hack: Three Takeovers That Shouldn’t Have Happened 21:30

8M ago21:30

21:30

How can attackers take over accounts, networks, and devices—without credentials? In this episode, we break down three real-world security flaws that prove authentication alone isn’t enough: Account Takeover – A single request bypassed email verification, locking out store owners. Internal Network Compromise – A hidden admin URL and hardcoded access…

1
Ep. 2 – Chaining IDORs, CSRF Account Takeovers & Token Manipulation for Privilege Escalation 19:16

8M ago19:16

19:16

What if you could take over an account—not by cracking a password, but by chaining two overlooked vulnerabilities? What if a single CSRF exploit let attackers reset security questions and hijack accounts? And what if manipulating an authorization token could escalate privileges? In this episode of Hacked & Secured: Pentest Exploits & Mitigations, w…

1
Ep. 1 – Breaking OTP Security, Exploiting Static Domains & Privilege Escalation via Role Misconfigurations 19:12

8M ago19:12

19:12

What if your OTP security wasn’t secure at all? What if a static domain—something most people ignore—could lead to full account takeover? And what if flawed role management allowed admins to escalate privileges? In this episode of Hacked & Secured: Pentest Exploits & Mitigations, we break down three real-world security failures that turned minor ov…

1
Intro to Hacked & Secured: Pentest Exploits & Mitigations – What to Expect! 2:28

8M ago2:28

2:28

If you know how attacks work, you’ll know exactly where to look—whether you’re breaking in as an ethical hacker or defending as a blue teamer. Welcome to Hacked & Secured: Pentest Exploits & Mitigations—the podcast that breaks down real-world pentest findings and exposes critical security flaws before attackers do. Red team tactics – How vulnerabil…

1
What Existing AWS Services are Important to AppSec? (Part 1 of 2) | The AppSec Insiders Ep.14 26:00

11M ago26:00

26:00

Welcome to The AppSec Insiders Podcast. This is a show where we discuss the hottest topics and latest trends in application and cloud security, and tell you what you need to know For those who don’t know who we are, we are all software developers, white-hat hackers, and code security experts. When we’re not recording the podcast, we help organizati…

1
What Existing AWS Services are Important to AppSec? (Part 2 of 2) | The AppSec Insiders Ep.15 33:28

11M ago33:28

33:28

Welcome to The AppSec Insiders Podcast. This is a show where we discuss the hottest topics and latest trends in application and cloud security, and tell you what you need to know For those who don’t know who we are, we are all software developers, white-hat hackers, and code security experts. When we’re not recording the podcast, we help organizati…

1
2023 Year-End Review 39:08

2y ago39:08

39:08

In this episode, we discuss 2023 Security Threats & Newcomers RecapBy Farshad Abasi

1
The AppSec Insiders Ep. 11 - Flipper Zero and IoT Security 30:59

2y ago30:59

30:59

In this episode, we discuss the Flipper Zero and IoT Security.By Farshad Abasi

1
Exploring the Challenges of Testing Against the ASVS Standard - Part 4 31:20

2y ago31:20

31:20

In this episode, we return to the topic from the previous episodes and continue explore the challenges of testing against the ASVS standard.By Farshad Abasi

1
Exploring the Challenges of Testing Against the ASVS Standard - Part 3 33:53

2y ago33:53

33:53

In this episode, we explore the challenges of testing against the ASVS standard - Part 3By Farshad Abasi

1
Exploring the Challenges of Testing Against the ASVS Standard - Part 2 32:35

2y ago32:35

32:35

In this episode, we continue to explore the challenges of testing against the ASVS standard.By Farshad Abasi

1
Software Composition Analysis (SCA) & Supply Chain Security feat. Oscar van der Meer from MergeBase 40:45

2y ago40:45

40:45

In this episode, we sit down with Oscar van der Meer, Founder and CEO of MergeBase to discuss Software Composition Analysis (SCA) and why it is important for supply chain security.By Farshad Abasi

1
Azure Security: Raising Alarms and Reducing the Blast Radius 33:21

2+ y ago33:21

33:21

In this episode we explore Azure Security: Raising Alarms and Reducing the Blast Radius.By Farshad Abasi

1
AWS SRA (Secure Reference Architecture) 27:23

2+ y ago27:23

27:23

In this episode we explore AWS SRA (Secure Reference Architecture).By Farshad Abasi

1
Exploring the Challenges of Testing Against the ASVS Standard 38:07

2+ y ago38:07

38:07

In this episode, we explore the challenges of testing against the ASVS standard.By Farshad Abasi

1
ChatGPT and the Future of Application Security 19:36

2+ y ago19:36

19:36

In this episode, we dive deep into the world of ChatGPT and AI technology. What does this mean for application security?By Farshad Abasi

1
Attacks on the CI/CD Pipeline (Part 1) 40:51

2+ y ago40:51

40:51

In this episode, we explore OWASP Top 10 and the potential attacks on the CI/CD (part 1).By Farshad Abasi

1
Attacks on the CI/CD Pipeline (Part 2) 35:17

2+ y ago35:17

35:17

In this episode, we continue our discussion about OWASP Top 10 and attacks on the CI/CD pipeline.By Farshad Abasi

1
Security related M.SC. Assignments at DACS

14y ago

—

In this short video we provide some examples of possible security related assignments and projects at the DACS group. The lecture concludes with information regarding the exam.By Aiko Pras

1
Defense techniques

14y ago

—

This lecture discusses two main techniques to protect your network: Intrusion Detection Systems (IDS) and Firewalls. The IDS part discusses host-based versus network-based ID systems, passive versus reactive systems, as well as the main operation of an IDS (data capturing, signature versus anomaly-based operation). The firewall part compares differ…

1
Web security

14y ago

—

This guest lecture is provided by Frank van Vliet, from the companyBy Aiko Pras

1
Transport layer security protocols / AAA protocols

14y ago

—

In the first part of this lecture we discuss the operation of the SSL/TLS protocol, which is used for secure web browsing (HTTPs), as well as the SSH protocol, which is used, amongst others, for remote login. In the second part of this lecture the concept of AAA (Authentication, Authorization and Access Control) is introduced, followed by a discuss…

1
Network layer security protocols

14y ago

—

In this lecture we will discuss the IPSec protocol. We start with comparing IPSec usage to that of other secure protocols, such as SSH and TLS. An overview of the various IPSec standards is given, followed by a discussion of the two modes in which IPSec can operate: transport mode and tunnel mode. We than provide some details regarding the two vari…