ANDROID MOBILE SECURITY TESTING

Size: px
Start display at page:

Download "ANDROID MOBILE SECURITY TESTING"

Transcription

1 V N 9-12 SPTMBR 2014 X U T V U T TH NOM SUS, KUL LUMPUR NRO MOBL SURTY TSTNG 9-10 SPT 2014 OS MOBL SURTY TSTNG SPT 2014 d d atten n a w o rn Registe tary plimen m o c is th for FR session Real World Look t The Heartbleed Vulnerability Supporing Partners: Researched & eveloped by: Oicial Media Partner: O N

2 "Loss of revenue and customer trust accounted for the largest losses incurred by firms as a result of their mobility strategies and mobile securities which cost each firm US 500,000 every year" - Symantec, 2013 BNFTS OF TTNNG WHY THS VNT They watch you when you sleep, they know your secret Paypal password when you purchase your favorite Rihanna song, and God forbid; they can even jailbreak easily through mobile encryption to fish for your commercial company projects, confidential money transactions and sensitive customer data. n short, your ndroid or ios device is a lucrative goldmine for undercover black hat hackers. With ndroid ruling Smartphone and tablet markets, your mobile devices provide a unique opportunity and attack vectors to malicious attackers 24/7 to your ndroid, iphone, smart watches and tablet application that is not currently covered by available industry security tools or vendors. NRO MOBL SURTY TSTNG WORKSHOP RMN on the edge of technology of 4G and 3G by detecting potential attack path and hacking yourself before your attackers do HGHLGHT common misconceptions and security issues of the ndroid mobile platform PPLY the on your ndroid mobile device security strategies PRFORM a hands - on penetration test and reverse engineer on ndroid application from a position of potential hacker VLUT the best countermeasure defense against critical vulnerabilities to secure your android application from attackers To be an T security ninja, you want to be a true cyber warrior, not a spectator, You want to assure your system is completely secured and protected from outside invaders and intruders. You also want be in a complete awareness of your surrounding which could pose a threat to your mobile device. MMRS yourself in live demo, simulations and live hacking to enhance your learning experiences OS MOBL SURTY TSTNG WORKSHOP LVRG your security team and penetration testers to identify the Mobile Security and thical Hacking is stripped out, no nonsense platform and no holds barred workshop for you, the vanguards of uber cool tools, to experience the best defense techniques available today while preparing for the breach tomorrow and leveling your ninja defense skills. By end of this course, you are ready to P V into all crucial aspects of practical hacking and become a full fledged cyber warrior with real hands on innovative and groundbreaking mobile security strategies to protect your information in a mobile world. efense, as they say, is the best offense. security postures, undisclosed threats and common vulnerabilities of smart phones in your organization PPLY the on your ios mobile device security strategies SUR your data on transit to ios pps platform with innovative methodologies and live demos used for testing ios pps OPTMS security controls which tailor-made to your business needs in order to reduce revenue risk GT your mobile security smackdown with the latest hands on lab exercises of ios pps penetration testing techniques NVGT your ios ecosystem by modeling attacks and performing penetration testing as well as reverse engineering of an iphone/ ipad application XTN protection opportunities beyond mobile devices, apps, and password WHO SHOUL TTN... These hand on workshops are targeting security personal whose job involves assessing, deploying and securing mobile phones and tablets including the following: hief nformation Security Officers hief Technology Officers Security Systems Managers Security System ngineers Security analyst T Managers and ngineers T nfrastructure Managers T Technical onsultants T-Security Penetration -Testers Network and system administrators Technical uditors pplication evelopers pplication Specialists From the following industries Oil and Gas Petrochemical and hemical Banking and Finance Government gencies and Ministries Law nforcement Military Manufacturing FMG Semiconductor Technology lectronics Telecommunications Power and Utilities Healthcare irlines and irports Media and Broadcasting Logistics Transportation Ports Shipping and Maritime asinos

3 Our Mobile pp Reputation data indicates that there are now one million mobile malwares and high-risk apps - Trend Micro nc 2013 WORKSHOP GN NRO MOBL SURTY TSTNG MOUL 1 MOBL PPLTON UTNG Proliferation of BYO policy pps s ata ustodian xamples Of Vulnerable pps OWSP Top 10 Mobile Risks MOUL 2 NRO V FUNMNTLS ndroid rchitecture Booting Process SK & Tools MOUL 3 ROOTNG NRO V ntroduction To Rooting ndroid Benefits To Rooting ndroid Methods of Obtaining Root MOUL 4 FL & NTWORKNG MONTORNG pp File Monitoring mesg / logcat Network Monitoring Web / Non Web nterception Handling SSL ertificate Pinning MOUL 5 NRO SURTY RHTTUR pplication Fundamentals Security ontrols pplication omponents pplication nternals MOUL 6 NRO PP RUNTM NLYSS & MNPULTON nalyzing nter Process ommunications Load rbitrary ctivity ntent Sniffing & Manipulation ttacking Services Broadcast Receivers ttack ontent Providers ttack ttacking ebuggable pplications MOUL 7 NRO UTNG TOOLS Santoku-Linux ntrospy-ndroid MOUL 8 ONLUNG TH PNTST ealing With Unexpected Results Reporting TH HRTBL BUG Real World Look t The Heartbleed Vulnerability This presentation examines the real-world circumstances surrounding the recent 'Heartbleed' vulnerability and separates the truth and actual impact from the media hype. practical demonstration of an exploitation attempt against the vulnerability and example real-world attack vectors an attacker may attempt against users to take advantage of the vulnerability will also be illustrated during the presentation. OS MOBL SURTY TSTNG MOUL 1 MOBL PPLTON UTNG Proliferation of BYO policy pps s ata ustodian xamples Of Vulnerable pps OWSP Top 10 Mobile Risks MOUL 2 OS V FUNMNTLS ios evice Fundamentals ios evice Boot Process ios evice Upgrade / owngrade bout Plist bout Sqlite MOUL 3 OS V JLBRKNG Jailbreaking ntroduction Types Of Jailbreaks Jailbreaking Tools ustomized Payload Bundles MOUL 4 OS PP FL & NTWORK MONTORNG ios File Monitoring ios Network Monitoring ios Keychain umping MOUL 5 OBJTV NTROUTON Language ntroduction Objective Terminologies Objective nheritance Method nvocation nstance Variables Model View ontroller MOUL 6 OS BNRY RUNTM NLYSS & MNPULTON Runtime nalysis & Manipulation Objc msgsend lass-dump-z ecrypting pps lutch ycript NSLog MOUL 7 OS UTNG TOOLS inalyzer iuditor Snoop t ntrospy-ios MOUL 8 ONLUNG TH PNTST ealing With Unexpected Results Reporting THNL PR-RQUSTS: ll attendees are required to bring their own laptop with the following specifications: Windows XP operating system with SP3 (note: mobile app testing tools have been certified to work with Windows XP only, attendees bringing Vista, Windows 7 or 8 operating systems might not be able to perform the exercises and your mileage may vary.) ttendee laptop must have a ROM in order to run and/or install the tools. ttendee laptop must be able to boot from ROM. ttendee laptop must have at least 2GB of RM onboard and 1 USB port. Understand networking protocols and principles such as TP/P, 802.3, HTTP, etc, and how they work in detail. Understand basic T-security principles and concepts such as, defence-in-depth, etc. ttendees should preferably be in technical and/or practitioner roles/positions/jobs. Note: t is highly recommended that participants meet the above criteria in order to get the most benefit out of the course.

4 new survey conducted by Trend Micro Malaysia in 2013 shows that only 19 percent of ndroid users in the study have adopted additional mobile security measures, which is worrying due to the openness of the platform TH XPRT PRTL LNTS hristopher Low OSS, OSW, OSWP, OPST, OSP, SSP, SSP, T, S ertified OSS Trainer # ertified OSW Trainer #OW126L111 The co-founder of THNKSUR. hristopher started his career in 1993 with the nfocomm evelopment uthority of Singapore (), a government organization involved in the regulation of telecommunications in Singapore (formerly known as NB). He was also T P to one of the top government officials in Singapore. Prior to setting up Think SUR, hristopher worked at Sensecurity nstitute as a technology director, which allowed him continue his involvement in the areas of security consultancy, security testing and security product deployment for a wide array of private and public sector organizations. His experience covers a wide array of security fields such as biometrics, authentication systems, network- and host-based intrusion systems all the way to SingleSign-On (SSO) solutions. hristopher is an accomplished trainer, having developed the Sensecurity nstitute Security Practitioner course, he continues to teach various high profile security certification programmes such as the Organizational Systems Security nalyst (OSS) and Organizational Systems Web pplication Pentester (OSWP) courses. He infuses his classes with experiences drawn from his real-world consulting experience, knowledge and research. classic example of this is the Probemapper wireless client assessment tool which he released in Jan 2006, and his discovery of the WP-lient-ommunications-umbdown (W) vulnerability in ec 2005 and the itunes Man-n-The-Middle vulnerability in ec hristopher has also conducted T-Security training for various large organizations in Malaysia. He has also been involved with a number of penetration testing projects, one of which involved a large Singapore government statutory board. frequent speaker at various security conferences covering broad ranging topics from web security to open source security, hristopher has also been featured in the press. He was one of the two reators, of the BlackOPS:Hackttack 2004 hallenge, an attack-and-defend hacking competition simulating organizations under threat in the areas of wireless - & wired-connectivity and applications. n ugust 2005, he and ThinkSUR co-founder Julian Ho conceived, planned and implemented RR, sia s First-ver Wireless Hacking Tournament, and in March 2008, they put together RR2, Thailand's first ever public wireless hacking tournament held in Bangkok. n October 2010, he co-designed and organized RR3, sia's largest integrated wireless/wired/application T-security/ hacking tournament. hristopher was subsequently engaged by Singapore's Ministry of Home ffairs to design and execute the Singapore yber onquest: RR(tm)-dition T-security tournament at MH's Govware 2011 T-security conference (http://www.govware.sg/2011/ singaporecyberconquest) and by ST to design and execute their inaugural yber efenders iscovery amp competition in 2012 and the follow-up event in LNT TSTMONLS This is the first time mark 10 out of 10 for a trainer. really enjoyed his training as he is really the brain behind pen test. Where did you find this guy? He is really, really good - nternal Revenue The course provides very current technical-know-how in modern security - MOH Holding Yes, the course was enjoyable and relevant to my work - ST What did enjoy about this course? The technique taught and the deliberation of concept. The very practical aspects of it is the most enjoyable Singapore Prison Services The trainer is insightful and does not hesitate to take any number of questions. Thank you for the invaluable knowledge that could not gained from elsewhere - ST lectronic (nfo-comm System)

5 MOBL SURTY & THL HKNG Keeping Your Secrets Safe 9-12 SPTMBR 2014 TH NOM SUS, KUL LUMPUR RGSTRTON FORM ontact Person: exter Mobile: Tel: mail: NVSTMNT F NORML PR WORKSHOP SRS WORKSHOP 1 (W1): 9-10 SPT 2014 US 990 WORKSHOP2 (W2): SPT 2014 US 990 NRO MOBL SURTY TSTNG OS MOBL SURTY TSTNG There are 2 ways to make your payment : i. Telegraphic Transfer Bank : MB Bank Branch : Sri Petaling, Kuala Lumpur Malaysia ccount Name : scentiq Solutions Sdn. Bhd. ccount no : Swift code : BBMYKL ii. Foreign emand raft in US to be drawn in a MLYSN Bank. TH HRTBL BUG *Register for Premium Plus and *ll the staff of yber Security Malaysia will receive 20% discount upon registering for the workshop(s) scentiq Solutions Lot 4.49 Wisma entral, Jalan mpang, mpang 50450, Kuala Lumpur, Malaysia (name in full) 30 to 10 days notice 9 to 3 days notice 2 days or less notice : 50% of the workshop fee : 70% of the workshop fee : 100% of the workshop fee (*Based on working days only) However, a complete set of documentation will be sent to you. Substitutions are welcomed at anytime. ll cancellations of registration must be made in writing. Note: t may be necessary for reasons beyond control, to change the content and timing of the event, speaker(s) or venue, every effort will be made to inform the participants of the change. VNT VNU The Nomad Suasa Kuala Lumpur 222 Jalan mpang Kuala Lumpur Tel : Fax : RTFT elegates who successfully complete this course will receive the scentiq Solutions s certificate endorsed by renowned subject matter expert. VS RQURMNT elegates requiring visas should contact the respective mbassies or High ommissions in their country of residence as soon as possible. Tel: (Please tick ( ) on the applicable box) S - omplimentary Session. M - Member, NM - Non Member Name 1 Name 2 ue to contractual obligations, cancellation charges are as follow : Save US 300 *ll members of the nformation Security Professionals ssociation of Malaysia will receive 20% discount upon registering for the workshop(s) PRTPNT TLS NLLTONS US 1680 only PRMUM PLUS (W1 & W2) ll payments should be made in favour of: Notes : Payment must be made within 7 days upon receipt of the invoice. FR OMPLMNTRY SSSON (S): 12 SPT 2014 Time : Name 3 Name 4 Name 5 NVO SHOUL B RT TO ompany Business ddress Name Job title ept mail Tel No Fax No Name of uthorising Manager Signature Job title ate This Booking s nvalid Without Signature To register, kindly fill-out this Registration Form, and return it to us by Scan and to : WORKSHOP SHUL PYMNT TLS Registration ourse begins Morning Refreshment Luncheon fternoon Refreshment nd of the day mail:

Mobile Application Hacking for Android and iphone. 4-Day Hands-On Course. Syllabus

Mobile Application Hacking for Android and iphone. 4-Day Hands-On Course. Syllabus Mobile Application Hacking for Android and iphone 4-Day Hands-On Course Syllabus Android and iphone Mobile Application Hacking 4-Day Hands-On Course Course description This course will focus on the techniques

More information

Application Security in the Software Development Lifecycle

Application Security in the Software Development Lifecycle Application Security in the Software Development Lifecycle Issues, Challenges and Solutions www.quotium.com 1/15 Table of Contents EXECUTIVE SUMMARY... 3 INTRODUCTION... 4 IMPACT OF SECURITY BREACHES TO

More information

Mobile Application Hacking for ios. 3-Day Hands-On Course. Syllabus

Mobile Application Hacking for ios. 3-Day Hands-On Course. Syllabus Mobile Application Hacking for ios 3-Day Hands-On Course Syllabus Course description ios Mobile Application Hacking 3-Day Hands-On Course This course will focus on the techniques and tools for testing

More information

KEN VAN WYK. Fundamentals of Secure Coding and how to break Software MARCH 19-23, 2007 RESIDENZA DI RIPETTA - VIA DI RIPETTA, 231 ROME (ITALY)

KEN VAN WYK. Fundamentals of Secure Coding and how to break Software MARCH 19-23, 2007 RESIDENZA DI RIPETTA - VIA DI RIPETTA, 231 ROME (ITALY) TECHNOLOGY TRANSFER PRESENTS KEN VAN WYK Fundamentals of Secure Coding and how to break Software MARCH 19-23, 2007 RESIDENZA DI RIPETTA - VIA DI RIPETTA, 231 ROME (ITALY) info@technologytransfer.it www.technologytransfer.it

More information

InfoSec Academy Pen Testing & Hacking Track

InfoSec Academy Pen Testing & Hacking Track Fundamental Courses Foundational Courses InfoSec Academy Specialized Courses Advanced Courses Certification Preparation Courses Certified Information Systems Security Professional (CISSP) Texas Security

More information

SYLLABUS MOBILE APPLICATION SECURITY AND PENETRATION TESTING. MASPT at a glance: v1.0 (28/01/2014) 10 highly practical modules

SYLLABUS MOBILE APPLICATION SECURITY AND PENETRATION TESTING. MASPT at a glance: v1.0 (28/01/2014) 10 highly practical modules Must have skills in any penetration tester's arsenal. MASPT at a glance: 10 highly practical modules 4 hours of video material 1200+ interactive slides 20 Applications to practice with Leads to emapt certification

More information

CAST CENTER FOR ADVANCED SECURITY TRAINING. CAST618 Designing and Implementing Cloud Security CAST

CAST CENTER FOR ADVANCED SECURITY TRAINING. CAST618 Designing and Implementing Cloud Security CAST CENTER FOR ADVANCED SECURITY TRAINING 618 Designing and Implementing Cloud Security About EC-Council Center of Advanced Security Training () The rapidly evolving information security landscape now requires

More information

Threat Intelligence Pty Ltd info@threatintelligence.com 1300 809 437. Specialist Security Training Catalogue

Threat Intelligence Pty Ltd info@threatintelligence.com 1300 809 437. Specialist Security Training Catalogue Threat Intelligence Pty Ltd info@threatintelligence.com 1300 809 437 Specialist Security Training Catalogue Did you know that the faster you detect a security breach, the lesser the impact to the organisation?

More information

Big Data Analytics Using CAATs

Big Data Analytics Using CAATs Big Data Analytics Using CAATs Date: 28 th 29 th January 2015 Time: 9.00am to 5.00pm Venue: Iverson Associates, Center Point Bandar Utama, Kuala Lumpur Big Data Analytics Using CAATs Big Data Analytics

More information

Android Mobile Application Hacking Penetration Testing. 3-Day Hands-On Course. Course Syllabus

Android Mobile Application Hacking Penetration Testing. 3-Day Hands-On Course. Course Syllabus Android Mobile Application Hacking Penetration Testing 3-Day Hands-On Course Course Syllabus Android mobile application hacking 3-day hands on course Course description This course will focus on the techniques

More information

Application Security Testing

Application Security Testing Tstsec - Version: 1 09 July 2016 Application Security Testing Application Security Testing Tstsec - Version: 1 4 days Course Description: We are living in a world of data and communication, in which the

More information

Smartwatch Security Research

Smartwatch Security Research Smartwatch Security Research Overview This report commissioned by Trend Micro in partnership with First Base Technologies reveals the security flaws of six popular smartwatches. The research involved stress

More information

Security Testing. Vulnerability Assessment vs Penetration Testing. Gabriel Mihai Tanase, Director KPMG Romania. 29 October 2014

Security Testing. Vulnerability Assessment vs Penetration Testing. Gabriel Mihai Tanase, Director KPMG Romania. 29 October 2014 Security Testing Vulnerability Assessment vs Penetration Testing Gabriel Mihai Tanase, Director KPMG Romania 29 October 2014 Agenda What is? Vulnerability Assessment Penetration Testing Acting as Conclusion

More information

ETRAC Presentation ECCN 4E001.c intrusion software technology. Jim O Gorman, President October 15, 2015

ETRAC Presentation ECCN 4E001.c intrusion software technology. Jim O Gorman, President October 15, 2015 ETRAC Presentation ECCN 4E001.c intrusion software technology Jim O Gorman, President October 15, 2015 Offensive Security - Projects Kali Linux (previously BackTrack Linux) Industry Standard Open source

More information

High Speed Internet - User Guide. Welcome to. your world.

High Speed Internet - User Guide. Welcome to. your world. High Speed Internet - User Guide Welcome to your world. 1 Welcome to your world :) Thank you for choosing Cogeco High Speed Internet. Welcome to your new High Speed Internet service. When it comes to a

More information

Auditing & Securing Enterprise Mobility Management

Auditing & Securing Enterprise Mobility Management Auditing & Securing Enterprise Mobility Management Date: 30 th September and 1 st October 2014 Time: 9.00am to 5.00pm Venue: Iverson Associates, Center Point Bandar Utama, Kuala Lumpur Auditing & Securing

More information

Hackers are here. Where are you?

Hackers are here. Where are you? 1 2 What is EC-Council Certified Security Analyst Licensed Penetration Tester Program You are an ethical hacker. Your last name is Pwned. You dream about enumeration and you can scan networks in your sleep.

More information

EC-Council CAST CENTER FOR ADVANCED SECURITY TRAINING. CAST 612 Advanced Mobile Hacking & Forensics. Make The Difference CAST.

EC-Council CAST CENTER FOR ADVANCED SECURITY TRAINING. CAST 612 Advanced Mobile Hacking & Forensics. Make The Difference CAST. CENTER FOR ADVANCED SECURITY TRAINING 612 Advanced Mobile Hacking & Forensics Make The Difference About Center of Advanced Security Training () The rapidly evolving information security landscape now requires

More information

Cyber Security. An Executive Imperative for Business Owners. 77 Westport Plaza, St. Louis, MO 63416 p 314.439.4700 f 314.439.4799

Cyber Security. An Executive Imperative for Business Owners. 77 Westport Plaza, St. Louis, MO 63416 p 314.439.4700 f 314.439.4799 Cyber Security An Executive Imperative for Business Owners SSE Network Services www.ssenetwork.com 77 Westport Plaza, St. Louis, MO 63416 p 314.439.4700 f 314.439.4799 Pretecht SM by SSE predicts and remedies

More information

Metasploit The Elixir of Network Security

Metasploit The Elixir of Network Security Metasploit The Elixir of Network Security Harish Chowdhary Software Quality Engineer, Aricent Technologies Shubham Mittal Penetration Testing Engineer, Iviz Security And Your Situation Would Be Main Goal

More information

Android & ios Application Vulnerability Assessment & Penetration Testing Training. 2-Day hands on workshop on VAPT of Android & ios Applications

Android & ios Application Vulnerability Assessment & Penetration Testing Training. 2-Day hands on workshop on VAPT of Android & ios Applications Android & ios Application Vulnerability Assessment & Penetration Testing Training 2-Day hands on workshop on VAPT of Android & ios Applications Course Title Workshop on VAPT of Android & ios Applications

More information

What is Really Needed to Secure the Internet of Things?

What is Really Needed to Secure the Internet of Things? What is Really Needed to Secure the Internet of Things? By Alan Grau, Icon Labs alan.grau@iconlabs.com The Internet of Things (IoT) has become a ubiquitous term to describe the tens of billions of devices

More information

Division of Information Technology Lehman College CUNY

Division of Information Technology Lehman College CUNY Division of Information Technology Lehman College CUNY Using Lehman s Secure Outgoing (SMTP) Server Updated April 16, 2013 Are you able to receive your Lehman email on your smart phone, laptop or tablet

More information

C L A R I D E N 18 19 June 2014

C L A R I D E N 18 19 June 2014 C L A R I D E N 18 19 June 2014 Knowledge for the world business leaders Shangri-La Hotel Kuala Lumpur, Malaysia Handling Employment Disputes, Termination and Dismissal in Malaysia Faculty Director Trevor

More information

Secure Your Mobile Workplace

Secure Your Mobile Workplace Secure Your Mobile Workplace Sunny Leung Senior System Engineer Symantec 3th Dec, 2013 1 Agenda 1. The Threats 2. The Protection 3. Q&A 2 The Mobile Workplaces The Threats 4 Targeted Attacks up 42% in

More information

Don t Lose the Data: Six Ways You May Be Losing Mobile Data and Don t Even Know It

Don t Lose the Data: Six Ways You May Be Losing Mobile Data and Don t Even Know It WHITE PAPER: DON T LOSE THE DATA: SIX WAYS YOU MAY BE LOSING........ MOBILE....... DATA......................... Don t Lose the Data: Six Ways You May Be Losing Mobile Data and Don t Even Know It Who should

More information

Bellevue University Cybersecurity Programs & Courses

Bellevue University Cybersecurity Programs & Courses Undergraduate Course List Core Courses: CYBR 250 Introduction to Cyber Threats, Technologies and Security CIS 311 Network Security CIS 312 Securing Access Control CIS 411 Assessments and Audits CYBR 320

More information

Security Testing Guidelines for mobile Apps

Security Testing Guidelines for mobile Apps The OWASP Foundation http://www.owasp.org Security Testing Guidelines for mobile Apps Florian Stahl Johannes Ströher AppSec Research EU 2013 Who we are Florian Stahl Johannes Ströher Lead Consultant for

More information

KEVIN CARDWELL. Q/SA (Qualified Security Analyst) Penetration Tester. & Optional Q/PTL (Qualified Penetration Licence) Workshop

KEVIN CARDWELL. Q/SA (Qualified Security Analyst) Penetration Tester. & Optional Q/PTL (Qualified Penetration Licence) Workshop TECHNOLOGY TRANSFER PRESENTS KEVIN CARDWELL Q/SA (Qualified Security Analyst) Penetration Tester & Optional Q/PTL (Qualified Penetration Licence) Workshop MAY 18-22, 2009 VISCONTI PALACE HOTEL - VIA FEDERICO

More information

Seminar on Ethical Hacking and Cyber Crime Get comprehensive Know-how in just one week! Introduced by your trusted security partner.

Seminar on Ethical Hacking and Cyber Crime Get comprehensive Know-how in just one week! Introduced by your trusted security partner. Seminar on Ethical Hacking and Cyber Crime Get comprehensive Know-how in just one week! Introduced by your trusted security partner. Education in information security made in Switzerland. Education Services

More information

Internet threats: steps to security for your small business

Internet threats: steps to security for your small business Internet threats: 7 steps to security for your small business Proactive solutions for small businesses A restaurant offers free WiFi to its patrons. The controller of an accounting firm receives a confidential

More information

Managing your Project using Microsoft Project 2013

Managing your Project using Microsoft Project 2013 Applied Technology Group Sdn Bhd (1012178-W) W-5-3, Subang Square Business Centre, Jalan SS15/4G, 47500 Subang Jaya, Selangor, Malaysia. Tel: (+603) 5634 7905 Fax: (+603) 5637 9945 Email: admin@apptechgroups.net

More information

10 best practice suggestions for common smartphone threats

10 best practice suggestions for common smartphone threats 10 best practice suggestions for common smartphone threats Jeff R Fawcett Dell SecureWorks Security Practice Executive M Brandon Swain Dell SecureWorks Security Practice Executive When using your Bluetooth

More information

Certified Ethical Hacker Exam 312-50 Version Comparison. Version Comparison

Certified Ethical Hacker Exam 312-50 Version Comparison. Version Comparison CEHv8 vs CEHv7 CEHv7 CEHv8 19 Modules 20 Modules 90 Labs 110 Labs 1700 Slides 1770 Slides Updated information as per the latest developments with a proper flow Classroom friendly with diagrammatic representation

More information

S E C U R I T Y A S S E S S M E N T : B o m g a r A p p l i a n c e s

S E C U R I T Y A S S E S S M E N T : B o m g a r A p p l i a n c e s S E C U R I T Y A S S E S S M E N T : B o m g a r A p p l i a n c e s During the period between November 2012 and March 2013, Symantec Consulting Services partnered with Bomgar to assess the security

More information

Mobile Security Checklist. An Easy, Achievable Plan for Security and Compliance

Mobile Security Checklist. An Easy, Achievable Plan for Security and Compliance Mobile Security Checklist An Easy, Achievable Plan for Security and Compliance Introduction Are mobile devices the weak link in your security defenses? Today, organizations are pouring millions of dollars

More information

APPLICATION SECURITY: FROM WEB TO MOBILE. DIFFERENT VECTORS AND NEW ATTACK

APPLICATION SECURITY: FROM WEB TO MOBILE. DIFFERENT VECTORS AND NEW ATTACK APPLICATION SECURITY: FROM WEB TO MOBILE. DIFFERENT VECTORS AND NEW ATTACK John T Lounsbury Vice President Professional Services, Asia Pacific INTEGRALIS Session ID: MBS-W01 Session Classification: Advanced

More information

Securing your Mobile Applications. Karson Chan Security Consultant

Securing your Mobile Applications. Karson Chan Security Consultant Securing your Mobile Applications Karson Chan Security Consultant NTT Com Security Threat can come from anywhere that s why we are everywhere 1,000+ Staff Our knowledge is your security 8,000+ Customers

More information

Agenda. Agenda. Security Testing: The Easiest Part of PCI Certification. Core Security Technologies September 6, 2007

Agenda. Agenda. Security Testing: The Easiest Part of PCI Certification. Core Security Technologies September 6, 2007 Security Testing: The Easiest Part of PCI Certification Core Security Technologies September 6, 2007 Agenda Agenda The PCI Standard: Security Basics and Compliance Challenges Compliance + Validation =

More information

Exactly the Same, but Different

Exactly the Same, but Different Exactly the Same, but Different 1 Shayne Champion, CISSP, CISA, GSEC, ABCP Program Manager GO Cyber Security TVA v1.0 Agenda Define Mobile Device Security o o Similarities Differences Things you Should

More information

EC-Council. Certified Ethical Hacker. Program Brochure

EC-Council. Certified Ethical Hacker. Program Brochure EC-Council C Certified E Ethical Hacker Program Brochure Course Description The (CEH) program is the core of the most desired information security training system any information security professional

More information

WHITE PAPER Security in M2M Communication What is secure enough?

WHITE PAPER Security in M2M Communication What is secure enough? WHITE PAPER Security in M2M Communication What is secure enough? Motivation Wireless Machine-To-Machine (M2M) communication has grown dramatically over the past decade and is still growing rapidly. In

More information

CLASS FINAL REPORT UNIVERSITY OF CENTRAL FLORIDA FRONTIERS IN INFORMATION TECHNOLOGY COP 4910

CLASS FINAL REPORT UNIVERSITY OF CENTRAL FLORIDA FRONTIERS IN INFORMATION TECHNOLOGY COP 4910 UNIVERSITY OF CENTRAL FLORIDA FRONTIERS IN INFORMATION TECHNOLOGY COP 4910 CLASS FINAL REPORT Abstract This report brings together the final papers presented by the students in the Frontiers in Information

More information

Websense Web Security Solutions. Websense Web Security Gateway Websense Web Security Websense Web Filter Websense Express Websense Hosted Web Security

Websense Web Security Solutions. Websense Web Security Gateway Websense Web Security Websense Web Filter Websense Express Websense Hosted Web Security Web Security Gateway Web Security Web Filter Express Hosted Web Security Web Security Solutions The Approach In the past, most Web content was static and predictable. But today s reality is that Web content

More information

Hackers are here. Where are you?

Hackers are here. Where are you? 1 2 What is EC-Council Certified Security Analyst Licensed Penetration Tester Program You are an ethical hacker. Your last name is Pwned. You dream about enumeration and you can scan networks in your sleep.

More information

EC-Council CAST CENTER FOR ADVANCED SECURITY TRAINING. CAST 619 Advanced SQLi Attacks and Countermeasures. Make The Difference CAST.

EC-Council CAST CENTER FOR ADVANCED SECURITY TRAINING. CAST 619 Advanced SQLi Attacks and Countermeasures. Make The Difference CAST. CENTER FOR ADVANCED SECURITY TRAINING 619 Advanced SQLi Attacks and Countermeasures Make The Difference About Center of Advanced Security Training () The rapidly evolving information security landscape

More information

Learning Course Curriculum

Learning Course Curriculum Learning Course Curriculum Security Compass Training Learning Curriculum. Copyright 2012. Security Compass. 1 It has long been discussed that identifying and resolving software vulnerabilities at an early

More information

Pentesting iphone Applications. Satishb3 http://www.securitylearn.net

Pentesting iphone Applications. Satishb3 http://www.securitylearn.net Pentesting iphone Applications Satishb3 http://www.securitylearn.net Agenda iphone App Basics App development App distribution Pentesting iphone Apps Methodology Areas of focus Major Mobile Threats Who

More information

Securely Yours LLC IT Hot Topics. Sajay Rai, CPA, CISSP, CISM sajayrai@securelyyoursllc.com

Securely Yours LLC IT Hot Topics. Sajay Rai, CPA, CISSP, CISM sajayrai@securelyyoursllc.com Securely Yours LLC IT Hot Topics Sajay Rai, CPA, CISSP, CISM sajayrai@securelyyoursllc.com Contents Background Top Security Topics What auditors must know? What auditors must do? Next Steps [Image Info]

More information

EC-Council C E. Hacking Technology. v8 Certified Ethical Hacker

EC-Council C E. Hacking Technology. v8 Certified Ethical Hacker EC-Council Hacking Technology C Certified E Ethical Hacker Certified Ethical Hacker v8 Certified Ethical Hacker Course Description CEHv8 is a comprehensive Ethical Hacking and Information Systems Security

More information

Mobile Application Security Sharing Session May 2013

Mobile Application Security Sharing Session May 2013 Mobile Application Security Sharing Session Agenda Introduction of speakers Mobile Application Security Trends and Challenges 5 Key Focus Areas for an mobile application assessment 2 Introduction of speakers

More information

overview Enterprise Security Solutions

overview Enterprise Security Solutions Enterprise Security Solutions overview For more than 25 years, Trend Micro has innovated constantly to keep our customers ahead of an ever-evolving IT threat landscape. It s how we got to be the world

More information

Hosts HARDENING WINDOWS NETWORKS TRAINING

Hosts HARDENING WINDOWS NETWORKS TRAINING BROADVIEW NETWORKS Hosts HARDENING WINDOWS NETWORKS TRAINING COURSE OVERVIEW A hands-on security course that teaches students how to harden, monitor and protect Microsoft Windows based networks. A hardening

More information

April 17, 2012 2012 CDW

April 17, 2012 2012 CDW April 17, 2012 2012 CDW INTRODUCTION AND METHODOLOGY One in four organizations has experienced a data loss in the last two years. Many report breaches jeopardizing their email, network or other sensitive

More information

Hard vs. Soft Tokens Making the Right Choice for Security

Hard vs. Soft Tokens Making the Right Choice for Security Hard vs. Soft Tokens Making the Right Choice for Security HSTE-NB0012-RV 1.0 Hypersecu Information Systems, Inc. #200-6191 Westminster Hwy Richmond BC V7C 4V4 Canada 1 (855) 497-3700 www.hypersecu.com

More information

TECHNOLOGY TRANSFER PRESENTS KEN VAN WYK JUNE 8-9, 2015 JUNE 10-11, 2015 VISCONTI PALACE HOTEL - VIA FEDERICO CESI, 37 ROME (ITALY)

TECHNOLOGY TRANSFER PRESENTS KEN VAN WYK JUNE 8-9, 2015 JUNE 10-11, 2015 VISCONTI PALACE HOTEL - VIA FEDERICO CESI, 37 ROME (ITALY) TECHNOLOGY TRANSFER PRESENTS KEN VAN WYK BREAKING AND FIXING WEB APPLICATIONS SECURITY PENETRATION TESTING IOS APPS JUNE 8-9, 2015 JUNE 10-11, 2015 VISCONTI PALACE HOTEL - VIA FEDERICO CESI, 37 ROME (ITALY)

More information

Appalachian Regional Commission Evaluation Report. Table of Contents. Results of Evaluation... 1. Areas for Improvement... 2

Appalachian Regional Commission Evaluation Report. Table of Contents. Results of Evaluation... 1. Areas for Improvement... 2 Report No. 13-35 September 27, 2013 Appalachian Regional Commission Table of Contents Results of Evaluation... 1 Areas for Improvement... 2 Area for Improvement 1: The agency should implement ongoing scanning

More information

Ethical Hacking & Cyber Security Workshop

Ethical Hacking & Cyber Security Workshop Ethical Hacking & Cyber Security Workshop i3indya Technologies (A unit of ithree Infotech Pvt. Ltd.) Delhi Office: 37, First Floor, Defence Enclave, Preet Vihar, New Delhi-110092 Contact us: Email: info@i3indya.com

More information

Healthcare Buyers Guide: Mobile Device Management

Healthcare Buyers Guide: Mobile Device Management Healthcare Buyers Guide: Mobile Device Management Physicians and other healthcare providers see value in using mobile devices on the job. BYOD is a great opportunity to provide better and more efficient

More information

Analyze. Secure. Defend. Do you hold ECSA credential?

Analyze. Secure. Defend. Do you hold ECSA credential? 1 Analyze. Secure. Defend. Do you hold ECSA credential? TM E C S A EC-Council Certified Security Analyst 1 EC-Council Cyber Security Professional Path Threat Agent Application of Methodology So You Can

More information

IT and Cyber Security Training Courses

IT and Cyber Security Training Courses AN FORAS RIARACHÁIN INSTITUTE OF PUBLIC ADMINISTRATION IT and Cyber Security Training s Spring 2016 Protection Through Knowledge, Skills, Practice Institute of Public Administration / 01 240 3600 IT Security

More information

Oil & Gas Cybersecurity

Oil & Gas Cybersecurity COurse Oil & Gas Cybersecurity Best Practices & Future Trends Sheraton Pentagon City Hotel Supporting Organization is authorized by IACET to offer 0.6 CEUs for the course. 1 Overview The energy industry

More information

E-Guide. Sponsored By:

E-Guide. Sponsored By: E-Guide Signature vs. anomaly-based behavior analysis News of successful network attacks has become so commonplace that they are almost no longer news. Hackers have broken into commercial sites to steal

More information

Table of Contents. Page 2/13

Table of Contents. Page 2/13 Page 1/13 Table of Contents Introduction...3 Top Reasons Firewalls Are Not Enough...3 Extreme Vulnerabilities...3 TD Ameritrade Security Breach...3 OWASP s Top 10 Web Application Security Vulnerabilities

More information

Newsletter - September 2014. T o o l s W a t c h T e a m NJ OUCHN & MJ SOLER

Newsletter - September 2014. T o o l s W a t c h T e a m NJ OUCHN & MJ SOLER Newsletter - September 2014 T o o l s W a t c h T e a m NJ OUCHN & MJ SOLER Tools! Lots of Tools Released! During September 2014, we published 7 Posts with 2 News Tools. Organized by Date OWASP Xenotix

More information

Bootstrapping Secure Channels of Communication Over Public Networks

Bootstrapping Secure Channels of Communication Over Public Networks Bootstrapping Secure Channels of Communication Over Public Networks Human Interaction Security Protocols (HISPs) offer an entirely new way of authenticating teams to create robust security where none exists.

More information

Career Pathways Maps

Career Pathways Maps areer Pathways Maps Law, Public Safety, orrections, and Security 2012 2013 nstitute for the Study of dult Literacy, Penn State, 2013 he development of this resource was supported in part by the.s. epartment

More information

2 DAYS PROFESSIONAL FUTURES TRADING COURSE WITH LIVE TRADING SESSION:

2 DAYS PROFESSIONAL FUTURES TRADING COURSE WITH LIVE TRADING SESSION: 2 DAYS PROFESSIONAL FUTURES TRADING COURSE WITH LIVE TRADING SESSION How I Came Back From Near Bankruptcy (Twice) and Became the Top Trader in Singapore - Critical lessons on trading successfully & avoiding

More information

Professional Services Overview

Professional Services Overview Professional Services Overview INFORMATION SECURITY ASSESSMENT AND ADVISORY NETWORK APPLICATION MOBILE CLOUD IOT Praetorian Company Overview HISTORY Founded in 2010 Headquartered in Austin, TX Self-funded

More information

INDUSTRY OVERVIEW: HEALTHCARE

INDUSTRY OVERVIEW: HEALTHCARE ii IBM MSS INDUSTRY OVERVIEW: HEALTHCARE RESEARCH AND INTELLIGENCE REPORT RELEASE DATE: OCTOBER 7, 2014 BY: JOHN KUHN, SENIOR THREAT RESEARCHER iii TABLE OF CONTENTS EXECUTIVE OVERVIEW/KEY FINDINGS...

More information

Penetration Testing in Romania

Penetration Testing in Romania Penetration Testing in Romania Adrian Furtunǎ, Ph.D. 11 October 2011 Romanian IT&C Security Forum Agenda About penetration testing Examples Q & A 2 What is penetration testing? Method for evaluating the

More information

Opportunities in Risk Assurance Services (RAS)

Opportunities in Risk Assurance Services (RAS) www.pwc.com/my Opportunities in Risk Assurance Services (RAS) RAS Information Sheet An experience that stays with you At PwC, we focus on three things: advisory, assurance and tax services. But we don

More information

Mobility, Security Concerns, and Avoidance

Mobility, Security Concerns, and Avoidance By Jorge García, Technology Evaluation Centers Technology Evaluation Centers Mobile Challenges: An Overview Data drives business today, as IT managers and security executives face enormous pressure to

More information

Protecting against cyber threats and security breaches

Protecting against cyber threats and security breaches Protecting against cyber threats and security breaches IBM APT Survival Kit Alberto Benavente Martínez abenaventem@es.ibm.com IBM Security Services Jun 11, 2015 (Madrid, Spain) 12015 IBM Corporation So

More information

Websense Web Security Solutions. Websense Web Security Gateway Websense Web Security Websense Web Filter Websense Hosted Web Security

Websense Web Security Solutions. Websense Web Security Gateway Websense Web Security Websense Web Filter Websense Hosted Web Security Web Security Gateway Web Security Web Filter Hosted Web Security Web Security Solutions The Approach In the past, most Web content was static and predictable. But today s reality is that Web content even

More information

Information Security Services

Information Security Services Information Security Services Information Security In 2013, Symantec reported a 62% increase in data breaches over 2012. These data breaches had tremendous impacts on many companies, resulting in intellectual

More information

Corbin Del Carlo Director, National Leader PCI Services. October 5, 2015

Corbin Del Carlo Director, National Leader PCI Services. October 5, 2015 PCI compliance: v3.1 Key Considerations Corbin Del Carlo Director, National Leader PCI Services October 5, 2015 Today s Presenter Corbin Del Carlo QSA, PA QSA Director, National Leader PCI Services Practice

More information

Compliance Guide ISO 27002. Compliance Guide. September 2015. Contents. Introduction 1. Detailed Controls Mapping 2.

Compliance Guide ISO 27002. Compliance Guide. September 2015. Contents. Introduction 1. Detailed Controls Mapping 2. ISO 27002 Compliance Guide September 2015 Contents Compliance Guide 01 02 03 Introduction 1 Detailed Controls Mapping 2 About Rapid7 7 01 INTRODUCTION If you re looking for a comprehensive, global framework

More information

Five keys to a more secure data environment

Five keys to a more secure data environment Five keys to a more secure data environment A holistic approach to data infrastructure security Compliance professionals know better than anyone how compromised data can lead to financial and reputational

More information

FERPA: Data & Transport Security Best Practices

FERPA: Data & Transport Security Best Practices FERPA: Data & Transport Security Best Practices April 2013 Mike Tassey Privacy Technical Assistance Center FERPA and Data Security Unlike HIPAA and other similar federal regulations, FERPA does not require

More information

Building the Next Generation of Computer Security Professionals. Chris Simpson

Building the Next Generation of Computer Security Professionals. Chris Simpson Building the Next Generation of Computer Security Professionals Chris Simpson Overview Why teach computer security to high school students Deciding what to teach What I taught Community Support Lessons

More information

Five steps to improve your network s health

Five steps to improve your network s health Five steps to improve your network s health On April 7, 2014, just when some people were beginning to feel more confident that their approach to network security was resulting in strong protection, an

More information

INTRUSION DETECTION SYSTEM (IDS) D souza Adam Jerry Joseph 0925910 I MCA

INTRUSION DETECTION SYSTEM (IDS) D souza Adam Jerry Joseph 0925910 I MCA INTRUSION DETECTION SYSTEM (IDS) D souza Adam Jerry Joseph 0925910 I MCA OVERVIEW Introduction Overview The IDS Puzzle Current State of IDS Threats I have a good firewall, why do I need an IDS? Expectations

More information

EC Council Certified Ethical Hacker V8

EC Council Certified Ethical Hacker V8 Course Code: ECCEH8 Vendor: Cyber Course Overview Duration: 5 RRP: 2,445 EC Council Certified Ethical Hacker V8 Overview This class will immerse the delegates into an interactive environment where they

More information

Mobile Security Attacks

Mobile Security Attacks AppSec IL 2014 Mobile Security Attacks A Glimpse From the Trenches Yair Amit CTO & Co-Founder Skycure @YairAmit Adi Sharabani CEO & Co-Founder Skycure @AdiSharabani About the Presenters Adi Sharabani Yair

More information

Information Technology Security Review April 16, 2012

Information Technology Security Review April 16, 2012 Information Technology Security Review April 16, 2012 The Office of the City Auditor conducted this project in accordance with the International Standards for the Professional Practice of Internal Auditing

More information

Cyber Security: Software Security and Hard Drive Encryption

Cyber Security: Software Security and Hard Drive Encryption Links in this document have been set for a desktop computer with the resolution set to 1920 x 1080 pixels. Cyber Security: Software Security and Hard Drive Encryption 301-1497, Rev A September 2012 Copyright

More information

Answers to these questions will determine which mobile device types and operating systems can be allowed to access enterprise data.

Answers to these questions will determine which mobile device types and operating systems can be allowed to access enterprise data. Mobility options and landscapes are evolving quickly for the corporate enterprise. Mobile platform providers such as Apple, Google and Microsoft, and leading device hardware vendors are constantly updating

More information

Deep Security Vulnerability Protection Summary

Deep Security Vulnerability Protection Summary Deep Security Vulnerability Protection Summary Trend Micro, Incorporated This documents outlines the process behind rules creation and answers common questions about vulnerability coverage for Deep Security

More information

Career Paths in Information Security v6.0

Career Paths in Information Security v6.0 Career Paths in Information Security v6.0 Have you ever considered a career in computer security but didn t know how to get started? The Information Security industry is an exciting and diverse place to

More information

11th AMC Conference on Securely Connecting Communities for Improved Health

11th AMC Conference on Securely Connecting Communities for Improved Health 11th AMC Conference on Securely Connecting Communities for Improved Health Information Security Testing How Do AMCs Ensure Your Networks are Secure June 22, 2015 Ray Hillen, Dennis Schmidt, Adam Bennett

More information

Presented by Evan Sylvester, CISSP

Presented by Evan Sylvester, CISSP Presented by Evan Sylvester, CISSP Who Am I? Evan Sylvester FAST Information Security Officer MBA, Texas State University BBA in Management Information Systems at the University of Texas Certified Information

More information

The Truth About Enterprise Mobile Security Products

The Truth About Enterprise Mobile Security Products The Truth About Enterprise Mobile Security Products Presented by Jack Madden at TechTarget Information Security Decisions 2013 Welcome to my enterprise mobile security product session! Instead of printing

More information

Penetration Testing Services. Demonstrate Real-World Risk

Penetration Testing Services. Demonstrate Real-World Risk Penetration Testing Services Demonstrate Real-World Risk Penetration Testing Services The best way to know how intruders will actually approach your network is to simulate a real-world attack under controlled

More information

How-To Guide: Cyber Security. Content Provided by

How-To Guide: Cyber Security. Content Provided by How-To Guide: Cyber Security Content Provided by Who needs cyber security? Businesses that have, use, or support computers, smartphones, email, websites, social media, or cloudbased services. Businesses

More information

12 Security Camera System Best Practices - Cyber Safe

12 Security Camera System Best Practices - Cyber Safe 12 Security Camera System Best Practices - Cyber Safe Dean Drako, President and CEO, Eagle Eye Networks Website version of white paper Dean Drako video introduction for cyber security white paper Introduction

More information

An Overview and Competitive Analysis of the One-Time Password (OTP) Market

An Overview and Competitive Analysis of the One-Time Password (OTP) Market An Overview and Competitive Analysis of the One-Time Password (OTP) Market A White Paper Prepared by Martha Vazquez, Research Analyst TABLE OF CONTENTS Introduction... 3 Brief Overview of the OTP Market...

More information

IT Security Testing Services

IT Security Testing Services Context Information Security T +44 (0)207 537 7515 W www.contextis.com E gcloud@contextis.co.uk IT Security Testing Services Context Information Security Contents 1 Introduction to Context Information

More information