Ethical Hacking and Penetration Testing Presented by: Adam Baneth Managing director

Transcription

1 Whiteshield Ethical Hacking and Penetration Testing Presented by: Adam Baneth Managing director

2 Hacking Facts

3 Success Hacking stories Stories IV.

4 Security Illusions If our systems had been hacked we would surely know about it We use no WiFi, thus we ve hedged against being hacked for sure! The applications that we bought were very exensive so they are safe and secure!

5 What is ethical hacking? Type of audit to assess security of a system Provides feedback to the stakeholder what their security posture is like Enumerates weaknesses and gives countermeasures/suggestions to strengthen Simulation of a real hacking attack

6 Why Penetration Testing? Computer related crime is on the rise Find holes now before somebody else does Report problems to management Verify secure configurations Security training for network staff Discover gaps in compliance Testing new technology

7 Common vulnerabilitites Consider the possibility of one or more of the following: a competitor gaining access to the company database protected information becoming publicly available a third party gaining access to corporate an outsider logging in on the company s internal network the company website being re-structured or falsified

8 Accurate Security Testing Methods Every organization uses different types of security testing method to validate the level of security on its network resources. Penetration Testing Ethical Hacking OSSTMM Security Test Vulnerability Scanning Hands-on Audit Thorough

9 Test When is testing necessary Penetration Testing was traditionally done once or twice a year due to high Rollout Test Upgrade cost of service. Automated Penetration Periodic Testing Test Testing software is enabling organizations today to test more often. Quality Assurance Test New Attack

10 How to prevent an attack vulnerability management security awareness log management incident management network forensics

11 Whiteshield at Glance 5 years experience Numerous Ethical Hackers Specialists in almost all IT fields Customers in United Kingdom, Sweden, Hungary, New-Zealand Numerous successful projects, several regular customers First place in the Wargame competition at the largest hacker conference in Central and Eastern Europe

12 A Clear Mission We hack our clients systems the safe way and deliver them a personalized solution We reveal the true nature of the customers' infrastructure from a security perspective We aim to achieve a comprehensive vulnerability assessment through a set of methodological disciplines: o Scoped security assessment o Penetration testing o Social engineering Our expertise lies in delivering professional technical guidance for our clients, preventing sensitive information from being compromised through a possible attack

13 Core Services Web based application analysis Internal vulnerability assessment External vulnerability assessment

14 Types of Penetration Test Penetration Test External Test Internal Test Black Box White Box Gray Box Curious Employee Disgruntled End User Disgruntled Administrator

15 Success stories I. Webstore Hungary One of the largest web-shops in Hungary, selling electronics Hackers could have caused serious damages through modifying the product database (items, prices, etc.) or deface the site Hosting company had vulnerabilities Security holes were found and eliminated Customer contact is available on request Our success story list is very restricted as it contains only such clients, which expressively consented to be indicated as reference.

16 Success stories II. Gas utility company One of the largest gas utility company in Hungary IT system could have been compromised through online meter registration system Website could have been defaced Vulnerabilities found and eliminated Customer contact is available on request Our success story list is very restricted as it contains only such clients, which expressively consented to be indicated as reference.

17 Success stories III. E-learning Company Hungary, Belgium One of the largest e-learning companies offering professional online training on European Union policies and EU Careers Hackers could have compromised the e-learning materials and training database Hosting company had vulnerabilties Vulnerabilities found and eliminated Customer contact is available on request Our success story list is very restricted as it contains only such clients, which expressively consented to be indicated as reference.

18 Success stories IV. Investment company - Netherlands Dutch owned investment company specialized in real estates Whiteshield carried out complex vulnerability assessment on their complex web based applications that store real estates data, customer data, and financial data The applications are used by several sales representatives, and agents worldwide Security holes were found and eliminated Customer contact is available on request Our success story list is very restricted as it contains only such clients, which expressively consented to be indicated as reference.

19 Whiteshield Questions? Adam Baneth