Network Security Testing
|
|
- Marion Norman
- 8 years ago
- Views:
Transcription
1 Network Security Testing Are There Really Different Types of Testing? July 28, 2015 Start Time: 9 am US Pacific / 12 noon US Eastern / 5 pm London Time #ISSAWebConf WebCONFERENCES
2 Network Security Testing Are There Really Different Types of Testing? Brought to you by: #ISSAWebConf WebCONFERENCE: Title Network goes Testing Are here There Really Different Types of Testing? 2
3 Network Security Testing Are There Really Different Types of Testing? Welcome Conference Moderator Jorge Orchilles Vice President, South Florida ISSA July 28, 2015 Start Time: 9 am US Pacific 12 noon US Eastern 5 pm London Time #ISSAWebConf WebCONFERENCES
4 Speaker Introduction John Kindervag Vice President & Principal Analyst, Forrrester Research Eric Raisters CISSP, CSSLP Ira Winkler President, Secure Mentem, CISSP Donald Shin Sr. Technical Business Development Manager, IXIA To ask a question: Type in your question in the Chat area of your screen. You may need to click on the double arrows to open this function. #ISSAWebConf WebCONFERENCE: Title Network goes Testing Are here There Really Different Types of Testing? 4
5 Network Security Testing Are There Really Different Types of Testing? +1 Materials omitted due to licensing and reproduction rights. #ISSAWebConf John Kindervag Vice President, Principal Analyst serving Security & Risk Professionals at Forrester Research WebCONFERENCES
6 Network Testing Are There Really Different Types of Testing?
7 Network Security Testing Are There Really Different Types of Testing? #ISSAWebConf Eric Raisters CISSP, CSSLP WebCONFERENCES
8 Pen Test Basics Approach SUT as an attacker Process (from SANS Ethical Hacking) Planning Scoping Reconnaissance Scanning Exploitation Documentation/Reporting Network Testing Are There Really Different Types of Testing? 8
9 Pen Test Purpose Approach SUT as an attacker In-house developed apps/services White-box testing Deployed systems/purchased products Includes virtual servers and cloud deployments Network Testing Are There Really Different Types of Testing? 9
10 Pen Test Types SUT object Network mis-configs, weak settings Web apps/services OWASP Top 10 Mobile apps/services permissions, data leakage Attack methods Known vulnerability scans - automated Exploitation proof - manual Network Testing Are There Really Different Types of Testing? 10
11 Pen Test Toolkits Kali Linux Samurai Web Test Framework Pwnie Express Network Testing Are There Really Different Types of Testing? 11
12 Vulnerability Scan Look for known vulnerabilities Nessus (OpenVAS) Nexpose Core Impact Burp Suite (free and commercial) Zed Attack Proxy (OWASP) Network Testing Are There Really Different Types of Testing? 12
13 Network Exploits Prove a found vulnerability is exploitable Metasploit (freed and commercial) CANVAS Network Testing Are There Really Different Types of Testing? 13
14 Web App Exploits Burp Suite (free and commercial) Zed Attack Proxy (OWASP) Paros proxy w3af Netsparker Network Testing Are There Really Different Types of Testing? 14
15 Android Exploits Pwnie Express zanti Hackcode AndroRAT Network Testing Are There Really Different Types of Testing? 15
16 iphone Exploits Standard Linux pentest tools inalyser Network Testing Are There Really Different Types of Testing? 16
17 Summary Pen testing is important Vulnerability scans are not enough Exploit testing proves that a vulnerability is important enough to fix Consider contracting experts Consider a bug bounty program If you don t do it, the hackers will Network Testing Are There Really Different Types of Testing? 17
18 Resources sectools.org n0where.net/directory OWASP.prg kali.org Eric Raisters Network Testing Are There Really Different Types of Testing? 18
19 Thank you! Network Testing Are There Really Different Types of Testing? 19
20 Question and Answer Eric Raisters CISSP, CSSLP #ISSAWebConf To ask a question: Type in your question in the Chat area of your screen. You may need to click on the double arrows to open this function. WebCONFERENCE: Title Network goes Testing Are here There Really Different Types of Testing? 20
21 Thank You Eric Raisters CISSP, CSSLP #ISSAWebConf WebCONFERENCE: Title Network goes Testing Are here There Really Different Types of Testing? 21
22 Network Security Testing Are There Really Different Types of Testing? #ISSAWebConf Ira Winkler President, Secure Mentem, CISSP WebCONFERENCES
23 Copyright Secure Mentem Network Testing Are There Really Different Types of Testing? 23
24 Network Testing Are There Really Different Types of Testing? 24
25 Network Testing Are There Really Different Types of Testing? 25
26 Copyright Secure Mentem Network Testing Are There Really Different Types of Testing? 26
27 Copyright Secure Mentem Network Testing Are There Really Different Types of Testing? 27
28 Copyright Secure Mentem Network Testing Are There Really Different Types of Testing? 28
29 Network Testing Are There Really Different Types of Testing? 29
30 Copyright Secure Mentem Network Testing Are There Really Different Types of Testing? 30
31 Copyright Secure Mentem Network Testing Are There Really Different Types of Testing? 31
32 Network Testing Are There Really Different Types of Testing? 32
33 Network Testing Are There Really Different Types of Testing? 33
34 Network Testing Are There Really Different Types of Testing? 34
35 Network Testing Are There Really Different Types of Testing? 35
36 Network Testing Are There Really Different Types of Testing? 36
37 Network Testing Are There Really Different Types of Testing? 37
38 Thank You Network Testing Are There Really Different Types of Testing? 38
39 Question and Answer Ira Winkler President, Secure Mentem, CISSP #ISSAWebConf To ask a question: Type in your question in the Chat area of your screen. You may need to click on the double arrows to open this function. WebCONFERENCE: Title Network goes Testing Are here There Really Different Types of Testing? 39
40 Thank You Ira Winkler President, Secure Mentem, CISSP #ISSAWebConf WebCONFERENCE: Title Network goes Testing Are here There Really Different Types of Testing? 40
41 Network Security Testing Are There Really Different Types of Testing? #ISSAWebConf Donald Shin Sr. Technical Business Development Manager, IXIA WebCONFERENCES
42 Network Testing Are There Really Different Types of Testing? 42
43 Network Testing Are There Really Different Types of Testing? 43
44 Network Testing Are There Really Different Types of Testing? 44
45 Network Testing Are There Really Different Types of Testing? 45
46 Network Testing Are There Really Different Types of Testing? 46
47 Network Testing Are There Really Different Types of Testing? 47
48 Network Testing Are There Really Different Types of Testing? 48
49 Network Testing Are There Really Different Types of Testing? 49
50 Network Testing Are There Really Different Types of Testing? 50
51 Network Testing Are There Really Different Types of Testing? 51
52 Network Testing Are There Really Different Types of Testing? 52
53 Network Testing Are There Really Different Types of Testing? 53
54 Network Testing Are There Really Different Types of Testing? 54
55 Network Testing Are There Really Different Types of Testing? 55
56 Network Testing Are There Really Different Types of Testing? 56
57 Network Testing Are There Really Different Types of Testing? 57
58 Network Testing Are There Really Different Types of Testing? 58
59 Network Testing Are There Really Different Types of Testing? 59
60 Network Testing Are There Really Different Types of Testing? 60
61 Network Testing Are There Really Different Types of Testing? 61
62 Network Testing Are There Really Different Types of Testing? 62
63 Question and Answer Donald Shin Sr. Technical Business Development Manager IXIA #ISSAWebConf To ask a question: Type in your question in the Chat area of your screen. You may need to click on the double arrows to open this function. WebCONFERENCE: Title Network goes Testing Are here There Really Different Types of Testing? 63
64 Thank You Donald Shin Sr. Technical Business Development Manager IXIA #ISSAWebConf WebCONFERENCE: Title Network goes Testing Are here There Really Different Types of Testing? 64
65 Open Panel with Audience Q&A John Kindervag Vice President & Principal Analyst, Forrester Research Eric Raisters CISSP, CSSLP Ira Winkler President, Secure Mentem, CISSP Donald Shin Sr. Technical Business Development Manager, IXIA To ask a question: Type in your question in the Chat area of your screen. You may need to click on the double arrows to open this function. #ISSAWebConf WebCONFERENCE: Title Network goes Testing Are here There Really Different Types of Testing? 65
66 Closing Remarks Thank You Thank you Citrix for donating the Webcast service #ISSAWebConf WebCONFERENCE: Title Network goes Testing Are here There Really Different Types of Testing? 66
67 CPE Credit Within 24 hours of the conclusion of this webcast, you will receive a link via to a post Web Conference quiz. After the successful completion of the quiz you will be given an opportunity to PRINT a certificate of attendance to use for the submission of CPE credits. On-Demand Viewers Quiz Link: Conference-July Network-Security-Testing-Are- There-Really-Different-Types-of-Testing #ISSAWebConf WebCONFERENCE: Title Network goes Testing Are here There Really Different Types of Testing? 67
Open Software and Trust Better Than Free? April 28, 2015 Start Time: 9am US Pacific /12 noon US Eastern/ 5pm London Time
Open Software and Trust Better Than Free? April 28, 2015 Start Time: 9am US Pacific /12 noon US Eastern/ 5pm London Time 1 T Sponsored by: #ISSAWebConf 2 Welcome Conference Moderator Phillip Griffin CISM,
More informationBYOD to the Cloud May 28, 2013
BYOD to the Cloud May 28, 2013 Start Time: 9 AM US Pacific, Noon US Eastern, 5 pm London 1 2 Generously sponsored by: Welcome Conference Moderator Matt Mosley Northern Virginia, USA Chapter ISSA Web Conference
More informationCyber Analysis Tools:
Cyber Analysis Tools: The State of the Union August 26, 2014 Start Time: 9am US Pacific /12 noon US Eastern/ 5pm London Time 1 Generously sponsored by: #ISSAWebConf 2 Welcome Conference Moderator Matt
More informationBig Data Trust and Reputation, Privacy Cyber Threat Intelligence
Big Data Trust and Reputation, Privacy Cyber Threat Intelligence October 27, 2015 Start Time: 9 am US Pacific / 12 noon US Eastern / 5 pm London Time #ISSAWebConf Big Data Trust and Reputation, Privacy
More informationGRC/Cyber Insurance. February 18, 2014. Start Time: 9 AM US Pacific, Noon US Eastern, 5 pm London. Join the conversation: #ISSAWebConf
GRC/Cyber Insurance February 18, 2014 Start Time: 9 AM US Pacific, Noon US Eastern, 5 pm London Join the conversation: 1 Generously sponsored by: 2 Welcome Conference Moderator Allan Wall ISSA Web Conference
More informationMobile App Security: Who Else is on Your Device? August 27, 2013
Mobile App Security: Who Else is on Your Device? August 27, 2013 Start Time: 9 AM US Pacific, Noon US Eastern, 5 pm London 1 2 Generously sponsored by: Welcome Conference Moderator Hari Pendyala ISSA Fellow
More informationBust a cap in a web app with OWASP ZAP
The OWASP Foundation http://www.owasp.org Bust a cap in a web app with OWASP ZAP Adrien de Beaupré GSEC, GCIH, GPEN, GWAPT, GCIA, GXPN ZAP Evangelist Intru-Shun.ca Inc. SANS Instructor, Penetration Tester,
More informationVinny Hoxha Vinny Hoxha 12/08/2009
Ethical Hacking and Penetration Testing Vinny Hoxha Vinny Hoxha 12/08/2009 What is Ethical Hacking? Types of Attacks Testing Approach Vulnerability Assessments vs. Penetration Testing Testing Methodology
More informationASK PC Certified Information Systems Security Expert - CISSE
Course Description As part of our mission to spread the awareness of IT security in the Middle East, we understand that an Arabic course will be valuable for native speakers. This is a comprehensive course
More informationPREVENTING ZERO-DAY ATTACKS IN MOBILE DEVICES
PREVENTING ZERO-DAY ATTACKS IN MOBILE DEVICES Ira Winkler Codenomicon Session ID: MBS-W05 Session Classification: Intermediate Zero Day Attacks Zero day attacks are rising in prominence They tend to be
More informationVulnerability analysis
Vulnerability analysis License This work by Z. Cliffe Schreuders at Leeds Metropolitan University is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License. Contents License Contents
More informationJune 2014 WMLUG Meeting Kali Linux
June 2014 WMLUG Meeting Kali Linux "the quieter you become, the more you are able to hear" Patrick TenHoopen Kali Linux Kali Linux is a free and open source penetration testing Linux distribution designed
More informationNewsletter - September 2014. T o o l s W a t c h T e a m NJ OUCHN & MJ SOLER
Newsletter - September 2014 T o o l s W a t c h T e a m NJ OUCHN & MJ SOLER Tools! Lots of Tools Released! During September 2014, we published 7 Posts with 2 News Tools. Organized by Date OWASP Xenotix
More informationJames Stanger, PhD Senior Director, Products - CompTIA 18 November, 2015
Damien Manuel Chief Information Security Officer (CISO), Blue Coat Systems - ANZ James Stanger, PhD Senior Director, Products - CompTIA 18 November, 2015 A Little Housekeeping Contact information will
More informationA Network Administrator s Guide to Web App Security
A Network Administrator s Guide to Web App Security Speaker: Orion Cassetto, Product Marketing Manager, Incapsula Moderator: Rich Nass, OpenSystems Media Agenda Housekeeping Presentation Questions and
More informationLearning Course Curriculum
Learning Course Curriculum Security Compass Training Learning Curriculum. Copyright 2012. Security Compass. 1 It has long been discussed that identifying and resolving software vulnerabilities at an early
More informationSecurity-as-a-Service (Sec-aaS) Framework. Service Introduction
Security-as-a-Service (Sec-aaS) Framework Service Introduction Need of Information Security Program In current high-tech environment, we are getting more dependent on information systems. This dependency
More informationAiming at Higher Network Security Levels Through Extensive PENETRATION TESTING. Anestis Bechtsoudis. http://bechtsoudis.com abechtsoudis (at) ieee.
Aiming at Higher Network Security Levels Through Extensive PENETRATION TESTING Anestis Bechtsoudis http://bechtsoudis.com abechtsoudis (at) ieee.org Athena Summer School 2011 Course Goals Highlight modern
More informationInformation Security and Privacy. Lynn McNulty, CISSP. Advisory Board November 2008
Information Security and Privacy Lynn McNulty, CISSP Advisory Board November 2008 Global leaders in certifying and educating information security professionals with the CISSP and related concentrations,
More informationPenetration Testing. Types Black Box. Methods Automated Manual Hybrid. oless productive, more difficult White Box
Penetration Testing Penetration Testing Types Black Box oless productive, more difficult White Box oopen, team supported, typically internal osource available Gray Box (Grey Box) omixture of the two Methods
More informationPenetration Testing Workshop
Penetration Testing Workshop Who are we? Carter Poe Nathan Ritchey Mahdi Shapouri Fred Araujo Outline Ethical hacking What is penetration testing? Planning Reconnaissance Footprinting Network Endpoint
More informationDorian Grey & The Net: Social Media Monitoring. November 18, 2014 Start Time: 9am US Pacific /12 noon US Eastern/ 5pm London Time
Dorian Grey & The Net: Social Media Monitoring November 18, 2014 Start Time: 9am US Pacific /12 noon US Eastern/ 5pm London Time 1 T Brought to you by: #ISSAWebConf 2 Welcome Conference Moderator Matthew
More informationCOURSE NAME: INFORMATION SECURITY INTERNSHIP PROGRAM
COURSE NAME: INFORMATION SECURITY INTERNSHIP PROGRAM Course Description This is the Information Security Training program. The Training provides you Penetration Testing in the various field of cyber world.
More informationStreamlining Application Vulnerability Management: Communication Between Development and Security Teams
Streamlining Application Vulnerability Management: Communication Between Development and Security Teams October 13, 2012 OWASP Boston Application Security Conference Agenda Introduction / Background Vulnerabilities
More informationIntroduction to Penetration Testing Graham Weston
Introduction to Penetration Testing Graham Weston March 2014 Agenda Introduction and background Why do penetration testing? Aims and objectives Approaches Types of penetration test What can be penetration
More informationMaryland State Board of Elections Online Voter Services Vulnerability Assessment and Penetration Testing Report
Maryland State Board of Elections Online Voter Services Vulnerability Assessment and Penetration Testing Report December 30, 2013 Charles Iheagwara, Ph.D., Managing Director Unatek, Inc. Table of Contents
More informationDigi Device Cloud: Security You Can Trust
Digi Device Cloud: Security You Can Trust Abstract Historically, security has oftentimes been an afterthought or a bolt-on to any engineering product. In today s markets, however, security is taking a
More informationIntegrating Security into the Application Development Process. Jerod Brennen, CISSP CTO & Principal Security Consultant, Jacadis
Integrating Security into the Application Development Process Jerod Brennen, CISSP CTO & Principal Security Consultant, Jacadis Agenda Seek First to Understand Source Code Security AppSec and SQA Analyzing
More informationThe only False Positive Free. Web Application Security Scanner
The only False Positive Free Web Application Security Scanner State of Security of Web Applications Verizon: 96% of victims subject to PCI DSS have not achieved compliance. 96% of hack attacks were not
More informationWeb Maniac Hacking Trust. Aditya K Sood [adi_ks [at] secniche.org] SecNiche Security
Web Maniac Hacking Trust Aditya K Sood [adi_ks [at] secniche.org] SecNiche Security Disclaimer Web Maniac - Hacking Trust Pentesting web applications in a hacker s way. Attack surface varies from application
More informationCRYPTUS DIPLOMA IN IT SECURITY
CRYPTUS DIPLOMA IN IT SECURITY 6 MONTHS OF TRAINING ON ETHICAL HACKING & INFORMATION SECURITY COURSE NAME: CRYPTUS 6 MONTHS DIPLOMA IN IT SECURITY Course Description This is the Ethical hacking & Information
More informationCiklum Solutions Quality Assurance Solutions Unit Security QA Services reference
Ciklum Solutions Quality Assurance Solutions Unit Security QA Services reference 2002-2015 Ciklum. All rights reserved Kyiv, 2015 Client: Platform: Technology: Tools: DanDomain Delivery: Website: Security
More informationHow To Protect Your Data From Attack
Integrating Vulnerability Scanning into the SDLC Eric Johnson JavaOne Conference 10/26/2015 1 Eric Johnson (@emjohn20) Senior Security Consultant Certified SANS Instructor Certifications CISSP, GWAPT,
More informationAsset Management In A Consumerized World
Asset Management In A Consumerized World Generously sponsored by: August 28, 2012 Start Time: 9 AM US Pacific, Noon US Eastern, 5 pm London Welcome Conference Moderator Allan Wall ISSA Web Conference Committee
More informationKeeping your data yours
CORPORATE BROCHURE Keeping your data yours Outpost24 provides state of the art vulnerability management technology and services that simplify the complex security needs of modern businesses. Since 2001,
More informationITEC441- IS Security. Chapter 15 Performing a Penetration Test
1 ITEC441- IS Security Chapter 15 Performing a Penetration Test The PenTest A penetration test (pentest) simulates methods that intruders use to gain unauthorized access to an organization s network and
More informationManual Penetration Testing for ContractPal
Manual Penetration Testing for ContractPal Customer Background ContractPal, Inc. is a SaaS Business Process Outsourcing (BPO) company that has been offering its services and custom applications to a wide
More information(WAPT) Web Application Penetration Testing
(WAPT) Web Application Penetration Testing Module 0: Introduction 1. Introduction to the course. 2. How to get most out of the course 3. Resources you will need for the course 4. What is WAPT? Module 1:
More informationCYBERTRON NETWORK SOLUTIONS
CYBERTRON NETWORK SOLUTIONS CybertTron Certified Ethical Hacker (CT-CEH) CT-CEH a Certification offered by CyberTron @Copyright 2015 CyberTron Network Solutions All Rights Reserved CyberTron Certified
More informationInformation Security
Information Security Level II Office of the Vice President for Information Technology Mr. Corbett Consolvo, IT Security Analyst Ms. Lori McElroy, IT Security Officer Iffat Jabeen, IT Security GRA Agenda
More informationQualysGuard WAS. Getting Started Guide Version 4.1. April 24, 2015
QualysGuard WAS Getting Started Guide Version 4.1 April 24, 2015 Copyright 2011-2015 by Qualys, Inc. All Rights Reserved. Qualys, the Qualys logo and QualysGuard are registered trademarks of Qualys, Inc.
More informationArmitage. Part 1. Author : r45c4l Mail : infosecpirate@gmail.com. http://twitter.com/#!/r45c4l
Armitage H acking Made Easy Part 1 Author : r45c4l Mail : infosecpirate@gmail.com http://twitter.com/#!/r45c4l Greetz and shouts to the entire ICW team and every Indian hackers Introduction When I started
More informationBest IT Security Tools & Software. rewind< & past 2009. http://www.security- database.com
Best IT Security Tools & Software rewind< & past 2009 Nabil OUCHN CEO & Founder Maximiliano SOLER ToolsWatch Process Leader http://www.security- database.com The year 2009 was very intense of emotions,
More informationHackMiami Web Application Scanner 2013 PwnOff
HackMiami Web Application Scanner 2013 PwnOff An Analysis of Automated Web Application Scanning Suites James Ball, Alexander Heid, Rod Soto http://www.hackmiami.org Overview Web application scanning suites
More informationCRYPTOGEDDON: HEALTH CARE COMPROMISE. Todd Dow, CISA, PMP Founder, cryptogeddon.com @toddhdow, toddhdow@gmail.com
CRYPTOGEDDON: HEALTH CARE COMPROMISE Todd Dow, CISA, PMP Founder, cryptogeddon.com @toddhdow, toddhdow@gmail.com WHAT IS CRYPTOGEDDON? An online scavenger hunt using hacker tools Use infosec tools to solve
More informationSecurity Assessment of Waratek AppSecurity for Java. Executive Summary
Security Assessment of Waratek AppSecurity for Java Executive Summary ExecutiveSummary Security Assessment of Waratek AppSecurity for Java! Introduction! Between September and November 2014 BCC Risk Advisory
More informationBackground. HSBC DOD VA Masters in Computer Science Somerset Recon. Avid CTF Competitor
Penetration Testing Background HSBC DOD VA Masters in Computer Science Somerset Recon Avid CTF Competitor Table Of Contents 0. Information Security Risks 1. Why Pentest 2. Pentest Methodology/Process 3.
More informationPenetration Testing. Presented by: Elham Hojati Advisor: Dr. Akbar Namin July 2014
Penetration Testing Presented by: Elham Hojati Advisor: Dr. Akbar Namin July 2014 Part one: the concept of penetration testing 2 What is a penetration test?(informal) Port scanning Vulnerability Scanning
More informationApplication Backdoor Assessment. Complete securing of your applications
Application Backdoor Assessment Complete securing of your applications Company brief BMS Consulting is established as IT system integrator since 1997 Leading positons in Eastern Europe country Product
More informationRational AppScan & Ounce Products
IBM Software Group Rational AppScan & Ounce Products Presenters Tony Sisson and Frank Sassano 2007 IBM Corporation IBM Software Group The Alarming Truth CheckFree warns 5 million customers after hack http://infosecurity.us/?p=5168
More informationKeeping your data yours
CORPORATE BROCHURE Keeping your data yours Outpost24 provides state of the art vulnerability management technology and services that simplify the complex security needs of modern businesses. Since 2001,
More informationSecuring Your Web Application against security vulnerabilities. Ong Khai Wei, IT Specialist, Development Tools (Rational) IBM Software Group
Securing Your Web Application against security vulnerabilities Ong Khai Wei, IT Specialist, Development Tools (Rational) IBM Software Group Agenda Security Landscape Vulnerability Analysis Automated Vulnerability
More informationIntroduction to Open Source Information Security Tools and Methodologies
Introduction to Open Source Information Security Tools and Methodologies Presentation for Central Pennsylvania Linux Users Group (CPLUG.NET) Tuesday, April 9, 2013 Guest Speaker: Chad D. Seiber, (CISSP)
More informationWeb application testing
CL-WTS Web application testing Classroom 2 days Testing plays a very important role in ensuring security and robustness of web applications. Various approaches from high level auditing through penetration
More informationAdobe ColdFusion. Secure Profile Web Application Penetration Test. July 31, 2014. Neohapsis 217 North Jefferson Street, Suite 200 Chicago, IL 60661
Adobe ColdFusion Secure Profile Web Application Penetration Test July 31, 2014 Neohapsis 217 North Jefferson Street, Suite 200 Chicago, IL 60661 Chicago Dallas This document contains and constitutes the
More informationThe purpose of this report is to educate our prospective clients about capabilities of Hackers Locked.
This sample report is published with prior consent of our client in view of the fact that the current release of this web application is three major releases ahead in its life cycle. Issues pointed out
More informationTop Security Challenges Facing Credit Unions Today. Chris Gates Lares Consulting
Top Security Challenges Facing Credit Unions Today Chris Gates Lares Consulting 24 September 2013 A Little About Me Chris Gates Employment History: Partner, Lares Senior Security Consultant-Rapid7 Network
More informationCourse Title: Course Description: Course Key Objective: Fee & Duration:
Course Title: Course Description: This is the Ethical hacking & Information Security Diploma program. This 6 months Diploma Program provides you Penetration Testing in the various field of cyber world.
More informationAtlSecCon 2012, 01 March 2012. 2012 Intru-Shun.ca Inc.
OSSAMS -Security Testing Automation and Reporting penetration testing efficiently. Adrien de Beaupré Intru-Shun.ca Inc. SANS Internet Storm Center Handler AtlSecCon 2012, 01 March 2012 About me 32+, 22+,
More informationOWASP OWASP. The OWASP Foundation http://www.owasp.org. Selected vulnerabilities in web management consoles of network devices
OWASP Selected vulnerabilities in web management consoles of network devices OWASP 23.11.2011 Michał Sajdak, Securitum Copyright The OWASP Foundation Permission is granted to copy, distribute and/or modify
More informationCloud Computing & Collaboration
Sponsored by Cloud Computing & Collaboration The security implications for this new Web paradigm Please note the audio line will remain silent until 5 minutes before broadcast Sponsored by Event Housekeeping
More informationInfo-Security Conference 2013. Securing Your Applications in the Cloud. 29 May 2013
Info-Security Conference 2013 Securing Your Applications in the Cloud 29 May 2013 Applications in the Cloud Problem: In the cloud, application security is your final line of defence We are still not doing
More informationSecurity Testing for Web Applications and Network Resources. (Banking).
2011 Security Testing for Web Applications and Network Resources (Banking). The Client, a UK based bank offering secure, online payment and banking services to its customers. The client wanted to assess
More informationBest Practices - Remediation of Application Vulnerabilities
DROISYS APPLICATION SECURITY REMEDIATION Best Practices - Remediation of Application Vulnerabilities by Sanjiv Goyal CEO, Droisys February 2012 Proprietary Notice All rights reserved. Copyright 2012 Droisys
More informationTeam Members: Jared Romano, Rachael Dinger, Chris Jones, Miles Kelly Supervising Professor: Dr. George Collins Industry Advisor: Dr.
Cyber Security 2014 Team Members: Jared Romano, Rachael Dinger, Chris Jones, Miles Kelly Supervising Professor: Dr. George Collins Industry Advisor: Dr. Joel Dubow Hacking Incidents Reported to the Cyber
More informationSecurity Training-as-a-Service (STr-aaS) Service Details & Features
Security Training-as-a-Service (STr-aaS) Service Details & Features Importance of Information Security Training There is only one way to keep your product plans safe and that is by having a trained, aware
More informationWe ve been hacked! We did it! Rick Grandy Lockheed Martin Hanford Site
We ve been hacked! We did it! Rick Grandy Lockheed Martin Hanford Site April 18, 2012 Outline Motivation What is Pen Testing? Establishing the Program Our Approach Pen Test Results Conclusion DOE Hanford
More informationBig Data: Controlling the Perfect Storm September 24, 2013
Big Data: Controlling the Perfect Storm September 24, 2013 Start Time: 9 AM US Pacific, Noon US Eastern, 5 pm London 1 2 Generously sponsored by: Welcome Conference Moderator Matt Mosley Northern Virginia,
More informationVulnerability Assessment Lab
Vulnerability Assessment Lab Fully assessing a company's security posture is a critical job to maintain intellectual property integrity, and protect customer information. As a security auditor your job
More informationISSA SOUTH TEXAS CHAPTER NEWSLETTER
Page 1 of 5 ISSA SOUTH TEXAS CHAPTER NEWSLETTER For May 2013 Voted "Outstanding Chapter of 2007" by ISSA International As always, please feel free to contact me with any suggestions or requests to improve
More informationPenetration Testing - a way for improving our cyber security
OWASP EU Tour Bucharest 2013 The OWASP Foundation http://www.owasp.org Penetration Testing - a way for improving our cyber security Adrian Furtunǎ, PhD, OSCP, CEH adif2k8@gmail.com Copyright The OWASP
More informationApplication Security Testing. Erez Metula (CISSP), Founder Application Security Expert ErezMetula@AppSec.co.il
Application Security Testing Erez Metula (CISSP), Founder Application Security Expert ErezMetula@AppSec.co.il Agenda The most common security vulnerabilities you should test for Understanding the problems
More informationRecon and Mapping Tools and Exploitation Tools in SamuraiWTF Report section Nick Robbins
Recon and Mapping Tools and Exploitation Tools in SamuraiWTF Report section Nick Robbins During initial stages of penetration testing it is essential to build a strong information foundation before you
More informationEthical Hacking as a Professional Penetration Testing Technique
Ethical Hacking as a Professional Penetration Testing Technique Rochester ISSA Chapter Rochester OWASP Chapter - Durkee Consulting, Inc. info@rd1.net 2 Background Founder of Durkee Consulting since 1996
More informationThe Sophisticated Attack Myth: Hiding Unsophisticated Security Programs: The Irari Rules of Classifying Sophisticated Attacks
SESSION ID: EXP-F03 The Sophisticated Attack Myth: Hiding Unsophisticated Security Programs: The Irari Rules of Classifying Sophisticated Attacks Ira Winkler, CISSP President Secure Mentem @irawinkler
More informationPentesting Android Mobile Application
Pentesting Android Mobile Application Overview on Mobile applications Connect in Superior Way!! Mobile market is the worldwide rapidly developing segments since many customers are using mobile phones.
More informationWhy do I need a pen test lab? Requirements. Virtual Machine Downloads
Why do I need a pen test lab? Hacking and or scanning machines without consent is against the law in most countries To become an effective penetration tester or ethical hacker you need to practice to enhance
More informationPCI DSS Overview and Solutions. Anwar McEntee Anwar_McEntee@rapid7.com
PCI DSS Overview and Solutions Anwar McEntee Anwar_McEntee@rapid7.com Agenda Threat environment and risk PCI DSS overview Who we are Solutions and where we can help Market presence High Profile Hacks in
More informationHow to Avoid an Attack - Security Testing as Part of Your Software Testing Process
How to Avoid an Attack - Security Testing as Part of Your Software Testing Process Recent events in the field of information security, which have been publicized extensively in the media - such as the
More informationVulnerability Scanning & Management
Vulnerability Scanning & Management (An approach to managing the risk level of a vulnerability) Ziad Khalil 1, Mohamed Elammari 2 1 Higher Academy, 2 Rogue Wave Software Ottawa, Canada Abstract Vulnerability
More informationLEARNING CURRICULUM SECURITY COMPASS TRAINING 2015 Q3. Copyright 2015. Security Compass. 1
LEARNING CURRICULUM SECURITY COMPASS TRAINING 2015 Q3 Copyright 2015. Security Compass. 1 CONTENTS WHY SECURITY COMPASS...3 RECOMMENDED LEARNING PATHs...4 TECHNICAL LEARNING PATHS...4 BUSINESS / SUPPORT
More informationYour Cause. October 05, 2015. Technical Summary. External Vulnerability Assessment. Your Cause External
Your Cause Technical Summary External Vulnerability Assessment Your Cause External October 05, 2015 Robert Gorski Sr. Security Consultant Robert.Gorski@PivotPointSecurity.com Confidential The conclusions
More informationDemystifying Penetration Testing for the Enterprise. Presented by Pravesh Gaonjur
Demystifying Penetration Testing for the Enterprise Presented by Pravesh Gaonjur Pravesh Gaonjur Founder and Executive Director of TYLERS Information Security Consultant Certified Ethical Hacker (CEHv8Beta)
More informationSecurity Testing for Developers using OWASP ZAP
JavaOne San Fransisco 2014 The OWASP Foundation http://www.owasp.org Security Testing for Developers using OWASP ZAP Simon Bennetts OWASP ZAP Project Lead Mozilla Security Team psiinon@gmail.com Copyright
More informationAttack and Penetration Testing 101
Attack and Penetration Testing 101 Presented by Paul Petefish PaulPetefish@Solutionary.com July 15, 2009 Copyright 2000-2009, Solutionary, Inc. All rights reserved. Version 2.2 Agenda Penetration Testing
More informationPart Banker. Part Geek. All Security & Compliance.
Part Banker. Part Geek. All Security & Compliance. Your IT Security Assessment......begins with Vulnerability Scanning to identify and classify security weaknesses in your IT network. We look for weaknesses
More informationMAXIMIZING THE VALUE OF YOUR NETWORK PENETRATION TESTS. Jay Ferron. CEHi, CISSP, CHFIi, C)PTEi, CRISC, CVEi, MCITP, MCSE, MCT, MVP, NSA-IAM
MAXIMIZING THE VALUE OF YOUR NETWORK PENETRATION TESTS Jay Ferron CEHi, CISSP, CHFIi, C)PTEi, CRISC, CVEi, MCITP, MCSE, MCT, MVP, NSA-IAM jferron@interactivesecuritytraining.com blog.mir.net 203-675-8900
More informationWeb Application Vulnerability Testing with Nessus
The OWASP Foundation http://www.owasp.org Web Application Vulnerability Testing with Nessus Rïk A. Jones, CISSP rikjones@computer.org Rïk A. Jones Web developer since 1995 (16+ years) Involved with information
More informationMobile Application Hacking for ios. 3-Day Hands-On Course. Syllabus
Mobile Application Hacking for ios 3-Day Hands-On Course Syllabus Course description ios Mobile Application Hacking 3-Day Hands-On Course This course will focus on the techniques and tools for testing
More informationPentesting for fun... and profit! David M. N. Bryan and Rob Havelt
Pentesting for fun... and profit! David M. N. Bryan and Rob Havelt Agenda Who are David & Rob? Why are we experts? Why do penetration tests? What is a penetration test? What is the goal? Some says it s
More informationBe Fast, but be Secure a New Approach to Application Security July 23, 2015
Be Fast, but be Secure a New Approach to Application Security July 23, 2015 Copyright 2015 Vivit Worldwide Copyright 2015 Vivit Worldwide Brought to you by Copyright 2015 Vivit Worldwide Hosted by Paul
More informationMobile App Testing Process INFLECTICA TECHNOLOGIES (P) LTD
Mobile App Testing Process Mobile Application Testing Strategy EMULATOR QA team can perform most of the testing in a well-equipped test environment using device emulators with various options like ability
More informationKerem Kocaer 2010/04/14
Kerem Kocaer 1 EHLO Kerem is: a graduate from ICSS a security consultant at Bitsec Consulting AB a security enthusiast Kerem works with: administrative security security standards and frameworks, security
More informationThe Top Web Application Attacks: Are you vulnerable?
QM07 The Top Web Application Attacks: Are you vulnerable? John Burroughs, CISSP Sr Security Architect, Watchfire Solutions jburroughs@uk.ibm.com Agenda Current State of Web Application Security Understanding
More informationPenetration Testing Scope Factors
1 NZ PAPER LINUX AND WEB APPLICATION SECURITY Penetration Testing Scope Factors April 20, 2013 Zeeshan Khan NZPAPER.BLOGSPOT.COM 2 Abstract: This paper contains the key points of penetration testing. All
More information1 Scope of Assessment
CIT 380 Project Network Security Assessment Due: April 30, 2014 This project is a security assessment of a small group of systems. In this assessment, students will apply security tools and resources learned
More informationSecurity Information and Event Management
Security Information and Event Management sponsored by: ISSA Web Conference April 26, 2011 Start Time: 9 am US Pacific, Noon US Eastern, 5 pm London Welcome Conference Moderator Phillip H. Griffin ISSA
More informationAccess FedVTE online at: fedvte.usalearning.gov
FALL 2015 Access FedVTE online at: fedvte.usalearning.gov If you need any assistance please contact the FedVTE Help Desk her e or email the Help Desk at support@usalearning.net. To speak with a Help Desk
More informationWHITEPAPER. Nessus Exploit Integration
Nessus Exploit Integration v2 Tenable Network Security has committed to providing context around vulnerabilities, and correlating them to other sources, such as available exploits. We currently pull information
More informationLearning objectives for today s session
Black Box versus White Box: Different App Testing Strategies John B. Dickson, CISSP Learning objectives for today s session Understand what a black box and white box assessment is and how they differ Identify
More information