The Python Podcast.__init__

Infection Monkey Vulnerability Scanner with Daniel Goldberg

Listen Later
Summary

How secure are your servers? The best way to be sure that your systems aren’t being compromised is to do it yourself. In this episode Daniel Goldberg explains how you can use his project Infection Monkey to run a scan of your infrastructure to find and fix the vulnerabilities that can be taken advantage of. He also discusses his reasons for building it in Python, how it compares to other security scanners, and how you can get involved to keep making it better.

Preface
  • Hello and welcome to Podcast.__init__, the podcast about Python and the people who make it great.
  • When you’re ready to launch your next app you’ll need somewhere to deploy it, so check out Linode. With private networking, shared block storage, node balancers, and a 40Gbit network, all controlled by a brand new API you’ve got everything you need to scale up. Go to podcastinit.com/linode to get a $20 credit and launch a new server in under a minute.
  • Visit the site to subscribe to the show, sign up for the newsletter, and read the show notes. And if you have any questions, comments, or suggestions I would love to hear them. You can reach me on Twitter at @Podcast__init__ or email [email protected])
  • To help other people find the show please leave a review on iTunes, or Google Play Music, tell your friends and co-workers, and share it on social media.
  • Join the community in the new Zulip chat workspace at podcastinit.com/chat
  • Your host as usual is Tobias Macey and today I’m interviewing Daniel Goldberg about Infection Monkey, an open source system breach simulation tool for evaluating the security of your network
    • Interview
    • Introductions
    • How did you get introduced to Python?
    • What is infection monkey and what was the reason for building it?
      • What was the reasoning for building it in Python?
      • If you were to start over today what would you do differently?


      • Penetration testing is typically an endeavor that requires a significant amount of knowledge and experience of security practices. What have been some of the most difficult aspects of building an automated vulnerability testing system?

        • How does a deployed instance keep up to date with recent exploits and attack vectors?


        • How does Infection Monkey compare to other tools such as Nessus and Nexpose?

        • What are some examples of the types of vulnerabilities that can be discovered by Infection Monkey?

        • What kinds of information can Infection Monkey discover during a scan?

          • How does that information get reported to the user?
          • How much security experience is necessary to understand and address the findings in a given report generated from a scan?


          • What techniques do you use to ensure that the simulated compromises can be safely reverted?

          • What are some aspects of network security and system vulnerabilities that Infection Monkey is unable to detect and/or analyze?

          • For someone who is interested in using Infection Monkey what are the steps involved in getting it set up?

            • What is the workflow for running a scan?
            • Is Infection Monkey intended to be run continuously, or only with the interaction of an operator?


            • What are your plans for the future of Infection Monkey?

              • Keep In Touch
              • danielguardicore on GitHub
              • Guardicore Blog
                • Picks
                • Tobias
                  • Darkest Hour


                  • Daniel

                    • How Complex Systems Fail


                      • Links
                      • Infection Monkey
                      • Guardicore
                      • Stack Overflow
                      • Metasploit
                      • AsyncIO
                      • React
                      • Nessus
                      • Nexpose
                      • Shellshock
                      • Wannacry
                      • Simian Army
                      • Chaos Engineering
                      • Capuchin Monkey
                      • Google Summer of Code

                        • The intro and outro music is from Requiem for a Fish The Freak Fandango Orchestra / CC BY-SA

                        ...more
                        View all episodesView all episodes
                        Download on the App Store
                        The Python Podcast.__init__By Tobias Macey
                        • 4.4
                        • 4.4
                        • 4.4
                        • 4.4
                        • 4.4

                        4.4

                        100 ratings

                        More shows like The Python Podcast.__init__

                        View all
                        The Changelog: Software Development, Open Source by Changelog Media

                        The Changelog: Software Development, Open Source

                        283 Listeners

                        Data Skeptic by Kyle Polich

                        Data Skeptic

                        481 Listeners

                        Chat With Traders by Tessa Dao

                        Chat With Traders

                        1,979 Listeners

                        Talk Python To Me by Michael Kennedy

                        Talk Python To Me

                        593 Listeners

                        Software Engineering Daily by Software Engineering Daily

                        Software Engineering Daily

                        623 Listeners

                        The TWIML AI Podcast (formerly This Week in Machine Learning & Artificial Intelligence) by Sam Charrington

                        The TWIML AI Podcast (formerly This Week in Machine Learning & Artificial Intelligence)

                        445 Listeners

                        Super Data Science: ML & AI Podcast with Jon Krohn by Jon Krohn

                        Super Data Science: ML & AI Podcast with Jon Krohn

                        297 Listeners

                        Python Bytes by Michael Kennedy and Brian Okken

                        Python Bytes

                        215 Listeners

                        Data Engineering Podcast by Tobias Macey

                        Data Engineering Podcast

                        142 Listeners

                        Machine Learning Guide by OCDevel

                        Machine Learning Guide

                        764 Listeners

                        Syntax - Tasty Web Development Treats by Wes Bos & Scott Tolinski - Full Stack JavaScript Web Developers

                        Syntax - Tasty Web Development Treats

                        981 Listeners

                        DataFramed by DataCamp

                        DataFramed

                        267 Listeners

                        Practical AI by Practical AI LLC

                        Practical AI

                        190 Listeners

                        The Real Python Podcast by Real Python

                        The Real Python Podcast

                        140 Listeners

                        Hard Fork by The New York Times

                        Hard Fork

                        5,426 Listeners