Network Security Testing
Size: px
Start display at page:

Download "Network Security Testing"

Transcription

1 Network Security Testing Are There Really Different Types of Testing? July 28, 2015 Start Time: 9 am US Pacific / 12 noon US Eastern / 5 pm London Time #ISSAWebConf WebCONFERENCES

2 Network Security Testing Are There Really Different Types of Testing? Brought to you by: #ISSAWebConf WebCONFERENCE: Title Network goes Testing Are here There Really Different Types of Testing? 2

3 Network Security Testing Are There Really Different Types of Testing? Welcome Conference Moderator Jorge Orchilles Vice President, South Florida ISSA July 28, 2015 Start Time: 9 am US Pacific 12 noon US Eastern 5 pm London Time #ISSAWebConf WebCONFERENCES

4 Speaker Introduction John Kindervag Vice President & Principal Analyst, Forrrester Research Eric Raisters CISSP, CSSLP Ira Winkler President, Secure Mentem, CISSP Donald Shin Sr. Technical Business Development Manager, IXIA To ask a question: Type in your question in the Chat area of your screen. You may need to click on the double arrows to open this function. #ISSAWebConf WebCONFERENCE: Title Network goes Testing Are here There Really Different Types of Testing? 4

5 Network Security Testing Are There Really Different Types of Testing? +1 Materials omitted due to licensing and reproduction rights. #ISSAWebConf John Kindervag Vice President, Principal Analyst serving Security & Risk Professionals at Forrester Research WebCONFERENCES

6 Network Testing Are There Really Different Types of Testing?

7 Network Security Testing Are There Really Different Types of Testing? #ISSAWebConf Eric Raisters CISSP, CSSLP WebCONFERENCES

8 Pen Test Basics Approach SUT as an attacker Process (from SANS Ethical Hacking) Planning Scoping Reconnaissance Scanning Exploitation Documentation/Reporting Network Testing Are There Really Different Types of Testing? 8

9 Pen Test Purpose Approach SUT as an attacker In-house developed apps/services White-box testing Deployed systems/purchased products Includes virtual servers and cloud deployments Network Testing Are There Really Different Types of Testing? 9

10 Pen Test Types SUT object Network mis-configs, weak settings Web apps/services OWASP Top 10 Mobile apps/services permissions, data leakage Attack methods Known vulnerability scans - automated Exploitation proof - manual Network Testing Are There Really Different Types of Testing? 10

11 Pen Test Toolkits Kali Linux Samurai Web Test Framework Pwnie Express Network Testing Are There Really Different Types of Testing? 11

12 Vulnerability Scan Look for known vulnerabilities Nessus (OpenVAS) Nexpose Core Impact Burp Suite (free and commercial) Zed Attack Proxy (OWASP) Network Testing Are There Really Different Types of Testing? 12

13 Network Exploits Prove a found vulnerability is exploitable Metasploit (freed and commercial) CANVAS Network Testing Are There Really Different Types of Testing? 13

14 Web App Exploits Burp Suite (free and commercial) Zed Attack Proxy (OWASP) Paros proxy w3af Netsparker Network Testing Are There Really Different Types of Testing? 14

15 Android Exploits Pwnie Express zanti Hackcode AndroRAT Network Testing Are There Really Different Types of Testing? 15

16 iphone Exploits Standard Linux pentest tools inalyser Network Testing Are There Really Different Types of Testing? 16

17 Summary Pen testing is important Vulnerability scans are not enough Exploit testing proves that a vulnerability is important enough to fix Consider contracting experts Consider a bug bounty program If you don t do it, the hackers will Network Testing Are There Really Different Types of Testing? 17

18 Resources sectools.org n0where.net/directory OWASP.prg kali.org Eric Raisters Network Testing Are There Really Different Types of Testing? 18

19 Thank you! Network Testing Are There Really Different Types of Testing? 19

20 Question and Answer Eric Raisters CISSP, CSSLP #ISSAWebConf To ask a question: Type in your question in the Chat area of your screen. You may need to click on the double arrows to open this function. WebCONFERENCE: Title Network goes Testing Are here There Really Different Types of Testing? 20

21 Thank You Eric Raisters CISSP, CSSLP #ISSAWebConf WebCONFERENCE: Title Network goes Testing Are here There Really Different Types of Testing? 21

22 Network Security Testing Are There Really Different Types of Testing? #ISSAWebConf Ira Winkler President, Secure Mentem, CISSP WebCONFERENCES

23 Copyright Secure Mentem Network Testing Are There Really Different Types of Testing? 23

24 Network Testing Are There Really Different Types of Testing? 24

25 Network Testing Are There Really Different Types of Testing? 25

26 Copyright Secure Mentem Network Testing Are There Really Different Types of Testing? 26

27 Copyright Secure Mentem Network Testing Are There Really Different Types of Testing? 27

28 Copyright Secure Mentem Network Testing Are There Really Different Types of Testing? 28

29 Network Testing Are There Really Different Types of Testing? 29

30 Copyright Secure Mentem Network Testing Are There Really Different Types of Testing? 30

31 Copyright Secure Mentem Network Testing Are There Really Different Types of Testing? 31

32 Network Testing Are There Really Different Types of Testing? 32

33 Network Testing Are There Really Different Types of Testing? 33

34 Network Testing Are There Really Different Types of Testing? 34

35 Network Testing Are There Really Different Types of Testing? 35

36 Network Testing Are There Really Different Types of Testing? 36

37 Network Testing Are There Really Different Types of Testing? 37

38 Thank You Network Testing Are There Really Different Types of Testing? 38

39 Question and Answer Ira Winkler President, Secure Mentem, CISSP #ISSAWebConf To ask a question: Type in your question in the Chat area of your screen. You may need to click on the double arrows to open this function. WebCONFERENCE: Title Network goes Testing Are here There Really Different Types of Testing? 39

40 Thank You Ira Winkler President, Secure Mentem, CISSP #ISSAWebConf WebCONFERENCE: Title Network goes Testing Are here There Really Different Types of Testing? 40

41 Network Security Testing Are There Really Different Types of Testing? #ISSAWebConf Donald Shin Sr. Technical Business Development Manager, IXIA WebCONFERENCES

42 Network Testing Are There Really Different Types of Testing? 42

43 Network Testing Are There Really Different Types of Testing? 43

44 Network Testing Are There Really Different Types of Testing? 44

45 Network Testing Are There Really Different Types of Testing? 45

46 Network Testing Are There Really Different Types of Testing? 46

47 Network Testing Are There Really Different Types of Testing? 47

48 Network Testing Are There Really Different Types of Testing? 48

49 Network Testing Are There Really Different Types of Testing? 49

50 Network Testing Are There Really Different Types of Testing? 50

51 Network Testing Are There Really Different Types of Testing? 51

52 Network Testing Are There Really Different Types of Testing? 52

53 Network Testing Are There Really Different Types of Testing? 53

54 Network Testing Are There Really Different Types of Testing? 54

55 Network Testing Are There Really Different Types of Testing? 55

56 Network Testing Are There Really Different Types of Testing? 56

57 Network Testing Are There Really Different Types of Testing? 57

58 Network Testing Are There Really Different Types of Testing? 58

59 Network Testing Are There Really Different Types of Testing? 59

60 Network Testing Are There Really Different Types of Testing? 60

61 Network Testing Are There Really Different Types of Testing? 61

62 Network Testing Are There Really Different Types of Testing? 62

63 Question and Answer Donald Shin Sr. Technical Business Development Manager IXIA #ISSAWebConf To ask a question: Type in your question in the Chat area of your screen. You may need to click on the double arrows to open this function. WebCONFERENCE: Title Network goes Testing Are here There Really Different Types of Testing? 63

64 Thank You Donald Shin Sr. Technical Business Development Manager IXIA #ISSAWebConf WebCONFERENCE: Title Network goes Testing Are here There Really Different Types of Testing? 64

65 Open Panel with Audience Q&A John Kindervag Vice President & Principal Analyst, Forrester Research Eric Raisters CISSP, CSSLP Ira Winkler President, Secure Mentem, CISSP Donald Shin Sr. Technical Business Development Manager, IXIA To ask a question: Type in your question in the Chat area of your screen. You may need to click on the double arrows to open this function. #ISSAWebConf WebCONFERENCE: Title Network goes Testing Are here There Really Different Types of Testing? 65

66 Closing Remarks Thank You Thank you Citrix for donating the Webcast service #ISSAWebConf WebCONFERENCE: Title Network goes Testing Are here There Really Different Types of Testing? 66

67 CPE Credit Within 24 hours of the conclusion of this webcast, you will receive a link via to a post Web Conference quiz. After the successful completion of the quiz you will be given an opportunity to PRINT a certificate of attendance to use for the submission of CPE credits. On-Demand Viewers Quiz Link: Conference-July Network-Security-Testing-Are- There-Really-Different-Types-of-Testing #ISSAWebConf WebCONFERENCE: Title Network goes Testing Are here There Really Different Types of Testing? 67

Similar documents

Open Software and Trust Better Than Free? April 28, 2015 Start Time: 9am US Pacific /12 noon US Eastern/ 5pm London Time

Open Software and Trust Better Than Free? April 28, 2015 Start Time: 9am US Pacific /12 noon US Eastern/ 5pm London Time Open Software and Trust Better Than Free? April 28, 2015 Start Time: 9am US Pacific /12 noon US Eastern/ 5pm London Time 1 T Sponsored by: #ISSAWebConf 2 Welcome Conference Moderator Phillip Griffin CISM,

More information

BYOD to the Cloud May 28, 2013

BYOD to the Cloud May 28, 2013 BYOD to the Cloud May 28, 2013 Start Time: 9 AM US Pacific, Noon US Eastern, 5 pm London 1 2 Generously sponsored by: Welcome Conference Moderator Matt Mosley Northern Virginia, USA Chapter ISSA Web Conference

More information

Cyber Analysis Tools:

Cyber Analysis Tools: Cyber Analysis Tools: The State of the Union August 26, 2014 Start Time: 9am US Pacific /12 noon US Eastern/ 5pm London Time 1 Generously sponsored by: #ISSAWebConf 2 Welcome Conference Moderator Matt

More information

Big Data Trust and Reputation, Privacy Cyber Threat Intelligence

Big Data Trust and Reputation, Privacy Cyber Threat Intelligence Big Data Trust and Reputation, Privacy Cyber Threat Intelligence October 27, 2015 Start Time: 9 am US Pacific / 12 noon US Eastern / 5 pm London Time #ISSAWebConf Big Data Trust and Reputation, Privacy

More information

GRC/Cyber Insurance. February 18, 2014. Start Time: 9 AM US Pacific, Noon US Eastern, 5 pm London. Join the conversation: #ISSAWebConf

GRC/Cyber Insurance. February 18, 2014. Start Time: 9 AM US Pacific, Noon US Eastern, 5 pm London. Join the conversation: #ISSAWebConf GRC/Cyber Insurance February 18, 2014 Start Time: 9 AM US Pacific, Noon US Eastern, 5 pm London Join the conversation: 1 Generously sponsored by: 2 Welcome Conference Moderator Allan Wall ISSA Web Conference

More information

Mobile App Security: Who Else is on Your Device? August 27, 2013

Mobile App Security: Who Else is on Your Device? August 27, 2013 Mobile App Security: Who Else is on Your Device? August 27, 2013 Start Time: 9 AM US Pacific, Noon US Eastern, 5 pm London 1 2 Generously sponsored by: Welcome Conference Moderator Hari Pendyala ISSA Fellow

More information

Bust a cap in a web app with OWASP ZAP

Bust a cap in a web app with OWASP ZAP The OWASP Foundation http://www.owasp.org Bust a cap in a web app with OWASP ZAP Adrien de Beaupré GSEC, GCIH, GPEN, GWAPT, GCIA, GXPN ZAP Evangelist Intru-Shun.ca Inc. SANS Instructor, Penetration Tester,

More information

Vinny Hoxha Vinny Hoxha 12/08/2009

Vinny Hoxha Vinny Hoxha 12/08/2009 Ethical Hacking and Penetration Testing Vinny Hoxha Vinny Hoxha 12/08/2009 What is Ethical Hacking? Types of Attacks Testing Approach Vulnerability Assessments vs. Penetration Testing Testing Methodology

More information

ASK PC Certified Information Systems Security Expert - CISSE

ASK PC Certified Information Systems Security Expert - CISSE Course Description As part of our mission to spread the awareness of IT security in the Middle East, we understand that an Arabic course will be valuable for native speakers. This is a comprehensive course

More information

PREVENTING ZERO-DAY ATTACKS IN MOBILE DEVICES

PREVENTING ZERO-DAY ATTACKS IN MOBILE DEVICES PREVENTING ZERO-DAY ATTACKS IN MOBILE DEVICES Ira Winkler Codenomicon Session ID: MBS-W05 Session Classification: Intermediate Zero Day Attacks Zero day attacks are rising in prominence They tend to be

More information

Vulnerability analysis

Vulnerability analysis Vulnerability analysis License This work by Z. Cliffe Schreuders at Leeds Metropolitan University is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License. Contents License Contents

More information

June 2014 WMLUG Meeting Kali Linux

June 2014 WMLUG Meeting Kali Linux June 2014 WMLUG Meeting Kali Linux "the quieter you become, the more you are able to hear" Patrick TenHoopen Kali Linux Kali Linux is a free and open source penetration testing Linux distribution designed

More information

Newsletter - September 2014. T o o l s W a t c h T e a m NJ OUCHN & MJ SOLER

Newsletter - September 2014. T o o l s W a t c h T e a m NJ OUCHN & MJ SOLER Newsletter - September 2014 T o o l s W a t c h T e a m NJ OUCHN & MJ SOLER Tools! Lots of Tools Released! During September 2014, we published 7 Posts with 2 News Tools. Organized by Date OWASP Xenotix

More information

James Stanger, PhD Senior Director, Products - CompTIA 18 November, 2015

James Stanger, PhD Senior Director, Products - CompTIA 18 November, 2015 Damien Manuel Chief Information Security Officer (CISO), Blue Coat Systems - ANZ James Stanger, PhD Senior Director, Products - CompTIA 18 November, 2015 A Little Housekeeping Contact information will

More information

A Network Administrator s Guide to Web App Security

A Network Administrator s Guide to Web App Security A Network Administrator s Guide to Web App Security Speaker: Orion Cassetto, Product Marketing Manager, Incapsula Moderator: Rich Nass, OpenSystems Media Agenda Housekeeping Presentation Questions and

More information

Learning Course Curriculum

Learning Course Curriculum Learning Course Curriculum Security Compass Training Learning Curriculum. Copyright 2012. Security Compass. 1 It has long been discussed that identifying and resolving software vulnerabilities at an early

More information

Security-as-a-Service (Sec-aaS) Framework. Service Introduction

Security-as-a-Service (Sec-aaS) Framework. Service Introduction Security-as-a-Service (Sec-aaS) Framework Service Introduction Need of Information Security Program In current high-tech environment, we are getting more dependent on information systems. This dependency

More information

Aiming at Higher Network Security Levels Through Extensive PENETRATION TESTING. Anestis Bechtsoudis. http://bechtsoudis.com abechtsoudis (at) ieee.

Aiming at Higher Network Security Levels Through Extensive PENETRATION TESTING. Anestis Bechtsoudis. http://bechtsoudis.com abechtsoudis (at) ieee. Aiming at Higher Network Security Levels Through Extensive PENETRATION TESTING Anestis Bechtsoudis http://bechtsoudis.com abechtsoudis (at) ieee.org Athena Summer School 2011 Course Goals Highlight modern

More information

Information Security and Privacy. Lynn McNulty, CISSP. Advisory Board November 2008

Information Security and Privacy. Lynn McNulty, CISSP. Advisory Board November 2008 Information Security and Privacy Lynn McNulty, CISSP Advisory Board November 2008 Global leaders in certifying and educating information security professionals with the CISSP and related concentrations,

More information

Penetration Testing. Types Black Box. Methods Automated Manual Hybrid. oless productive, more difficult White Box

Penetration Testing. Types Black Box. Methods Automated Manual Hybrid. oless productive, more difficult White Box Penetration Testing Penetration Testing Types Black Box oless productive, more difficult White Box oopen, team supported, typically internal osource available Gray Box (Grey Box) omixture of the two Methods

More information

Penetration Testing Workshop

Penetration Testing Workshop Penetration Testing Workshop Who are we? Carter Poe Nathan Ritchey Mahdi Shapouri Fred Araujo Outline Ethical hacking What is penetration testing? Planning Reconnaissance Footprinting Network Endpoint

More information

Dorian Grey & The Net: Social Media Monitoring. November 18, 2014 Start Time: 9am US Pacific /12 noon US Eastern/ 5pm London Time

Dorian Grey & The Net: Social Media Monitoring. November 18, 2014 Start Time: 9am US Pacific /12 noon US Eastern/ 5pm London Time Dorian Grey & The Net: Social Media Monitoring November 18, 2014 Start Time: 9am US Pacific /12 noon US Eastern/ 5pm London Time 1 T Brought to you by: #ISSAWebConf 2 Welcome Conference Moderator Matthew

More information

COURSE NAME: INFORMATION SECURITY INTERNSHIP PROGRAM

COURSE NAME: INFORMATION SECURITY INTERNSHIP PROGRAM COURSE NAME: INFORMATION SECURITY INTERNSHIP PROGRAM Course Description This is the Information Security Training program. The Training provides you Penetration Testing in the various field of cyber world.

More information

Streamlining Application Vulnerability Management: Communication Between Development and Security Teams

Streamlining Application Vulnerability Management: Communication Between Development and Security Teams Streamlining Application Vulnerability Management: Communication Between Development and Security Teams October 13, 2012 OWASP Boston Application Security Conference Agenda Introduction / Background Vulnerabilities

More information

Introduction to Penetration Testing Graham Weston

Introduction to Penetration Testing Graham Weston Introduction to Penetration Testing Graham Weston March 2014 Agenda Introduction and background Why do penetration testing? Aims and objectives Approaches Types of penetration test What can be penetration

More information

Maryland State Board of Elections Online Voter Services Vulnerability Assessment and Penetration Testing Report

Maryland State Board of Elections Online Voter Services Vulnerability Assessment and Penetration Testing Report Maryland State Board of Elections Online Voter Services Vulnerability Assessment and Penetration Testing Report December 30, 2013 Charles Iheagwara, Ph.D., Managing Director Unatek, Inc. Table of Contents

More information

Digi Device Cloud: Security You Can Trust

Digi Device Cloud: Security You Can Trust Digi Device Cloud: Security You Can Trust Abstract Historically, security has oftentimes been an afterthought or a bolt-on to any engineering product. In today s markets, however, security is taking a

More information

Integrating Security into the Application Development Process. Jerod Brennen, CISSP CTO & Principal Security Consultant, Jacadis

Integrating Security into the Application Development Process. Jerod Brennen, CISSP CTO & Principal Security Consultant, Jacadis Integrating Security into the Application Development Process Jerod Brennen, CISSP CTO & Principal Security Consultant, Jacadis Agenda Seek First to Understand Source Code Security AppSec and SQA Analyzing

More information

The only False Positive Free. Web Application Security Scanner

The only False Positive Free. Web Application Security Scanner The only False Positive Free Web Application Security Scanner State of Security of Web Applications Verizon: 96% of victims subject to PCI DSS have not achieved compliance. 96% of hack attacks were not

More information

Web Maniac Hacking Trust. Aditya K Sood [adi_ks [at] secniche.org] SecNiche Security

Web Maniac Hacking Trust. Aditya K Sood [adi_ks [at] secniche.org] SecNiche Security Web Maniac Hacking Trust Aditya K Sood [adi_ks [at] secniche.org] SecNiche Security Disclaimer Web Maniac - Hacking Trust Pentesting web applications in a hacker s way. Attack surface varies from application

More information

CRYPTUS DIPLOMA IN IT SECURITY

CRYPTUS DIPLOMA IN IT SECURITY CRYPTUS DIPLOMA IN IT SECURITY 6 MONTHS OF TRAINING ON ETHICAL HACKING & INFORMATION SECURITY COURSE NAME: CRYPTUS 6 MONTHS DIPLOMA IN IT SECURITY Course Description This is the Ethical hacking & Information

More information

Ciklum Solutions Quality Assurance Solutions Unit Security QA Services reference

Ciklum Solutions Quality Assurance Solutions Unit Security QA Services reference Ciklum Solutions Quality Assurance Solutions Unit Security QA Services reference 2002-2015 Ciklum. All rights reserved Kyiv, 2015 Client: Platform: Technology: Tools: DanDomain Delivery: Website: Security

More information

How To Protect Your Data From Attack

How To Protect Your Data From Attack Integrating Vulnerability Scanning into the SDLC Eric Johnson JavaOne Conference 10/26/2015 1 Eric Johnson (@emjohn20) Senior Security Consultant Certified SANS Instructor Certifications CISSP, GWAPT,

More information

Asset Management In A Consumerized World

Asset Management In A Consumerized World Asset Management In A Consumerized World Generously sponsored by: August 28, 2012 Start Time: 9 AM US Pacific, Noon US Eastern, 5 pm London Welcome Conference Moderator Allan Wall ISSA Web Conference Committee

More information

Keeping your data yours

Keeping your data yours CORPORATE BROCHURE Keeping your data yours Outpost24 provides state of the art vulnerability management technology and services that simplify the complex security needs of modern businesses. Since 2001,

More information

ITEC441- IS Security. Chapter 15 Performing a Penetration Test

ITEC441- IS Security. Chapter 15 Performing a Penetration Test 1 ITEC441- IS Security Chapter 15 Performing a Penetration Test The PenTest A penetration test (pentest) simulates methods that intruders use to gain unauthorized access to an organization s network and

More information

Manual Penetration Testing for ContractPal

Manual Penetration Testing for ContractPal Manual Penetration Testing for ContractPal Customer Background ContractPal, Inc. is a SaaS Business Process Outsourcing (BPO) company that has been offering its services and custom applications to a wide

More information

(WAPT) Web Application Penetration Testing

(WAPT) Web Application Penetration Testing (WAPT) Web Application Penetration Testing Module 0: Introduction 1. Introduction to the course. 2. How to get most out of the course 3. Resources you will need for the course 4. What is WAPT? Module 1:

More information

CYBERTRON NETWORK SOLUTIONS

CYBERTRON NETWORK SOLUTIONS CYBERTRON NETWORK SOLUTIONS CybertTron Certified Ethical Hacker (CT-CEH) CT-CEH a Certification offered by CyberTron @Copyright 2015 CyberTron Network Solutions All Rights Reserved CyberTron Certified

More information

Information Security

Information Security Information Security Level II Office of the Vice President for Information Technology Mr. Corbett Consolvo, IT Security Analyst Ms. Lori McElroy, IT Security Officer Iffat Jabeen, IT Security GRA Agenda

More information

QualysGuard WAS. Getting Started Guide Version 4.1. April 24, 2015

QualysGuard WAS. Getting Started Guide Version 4.1. April 24, 2015 QualysGuard WAS Getting Started Guide Version 4.1 April 24, 2015 Copyright 2011-2015 by Qualys, Inc. All Rights Reserved. Qualys, the Qualys logo and QualysGuard are registered trademarks of Qualys, Inc.

More information

Armitage. Part 1. Author : r45c4l Mail : infosecpirate@gmail.com. http://twitter.com/#!/r45c4l

Armitage. Part 1. Author : r45c4l Mail : infosecpirate@gmail.com. http://twitter.com/#!/r45c4l Armitage H acking Made Easy Part 1 Author : r45c4l Mail : infosecpirate@gmail.com http://twitter.com/#!/r45c4l Greetz and shouts to the entire ICW team and every Indian hackers Introduction When I started

More information

Best IT Security Tools & Software. rewind< & past 2009. http://www.security- database.com

Best IT Security Tools & Software. rewind< & past 2009. http://www.security- database.com Best IT Security Tools & Software rewind< & past 2009 Nabil OUCHN CEO & Founder Maximiliano SOLER ToolsWatch Process Leader http://www.security- database.com The year 2009 was very intense of emotions,

More information

HackMiami Web Application Scanner 2013 PwnOff

HackMiami Web Application Scanner 2013 PwnOff HackMiami Web Application Scanner 2013 PwnOff An Analysis of Automated Web Application Scanning Suites James Ball, Alexander Heid, Rod Soto http://www.hackmiami.org Overview Web application scanning suites

More information

CRYPTOGEDDON: HEALTH CARE COMPROMISE. Todd Dow, CISA, PMP Founder, cryptogeddon.com @toddhdow, toddhdow@gmail.com

CRYPTOGEDDON: HEALTH CARE COMPROMISE. Todd Dow, CISA, PMP Founder, cryptogeddon.com @toddhdow, toddhdow@gmail.com CRYPTOGEDDON: HEALTH CARE COMPROMISE Todd Dow, CISA, PMP Founder, cryptogeddon.com @toddhdow, toddhdow@gmail.com WHAT IS CRYPTOGEDDON? An online scavenger hunt using hacker tools Use infosec tools to solve

More information

Security Assessment of Waratek AppSecurity for Java. Executive Summary

Security Assessment of Waratek AppSecurity for Java. Executive Summary Security Assessment of Waratek AppSecurity for Java Executive Summary ExecutiveSummary Security Assessment of Waratek AppSecurity for Java! Introduction! Between September and November 2014 BCC Risk Advisory

More information

Background. HSBC DOD VA Masters in Computer Science Somerset Recon. Avid CTF Competitor

Background. HSBC DOD VA Masters in Computer Science Somerset Recon. Avid CTF Competitor Penetration Testing Background HSBC DOD VA Masters in Computer Science Somerset Recon Avid CTF Competitor Table Of Contents 0. Information Security Risks 1. Why Pentest 2. Pentest Methodology/Process 3.

More information

Penetration Testing. Presented by: Elham Hojati Advisor: Dr. Akbar Namin July 2014

Penetration Testing. Presented by: Elham Hojati Advisor: Dr. Akbar Namin July 2014 Penetration Testing Presented by: Elham Hojati Advisor: Dr. Akbar Namin July 2014 Part one: the concept of penetration testing 2 What is a penetration test?(informal) Port scanning Vulnerability Scanning

More information

Application Backdoor Assessment. Complete securing of your applications

Application Backdoor Assessment. Complete securing of your applications Application Backdoor Assessment Complete securing of your applications Company brief BMS Consulting is established as IT system integrator since 1997 Leading positons in Eastern Europe country Product

More information

Rational AppScan & Ounce Products

Rational AppScan & Ounce Products IBM Software Group Rational AppScan & Ounce Products Presenters Tony Sisson and Frank Sassano 2007 IBM Corporation IBM Software Group The Alarming Truth CheckFree warns 5 million customers after hack http://infosecurity.us/?p=5168

More information

Keeping your data yours

Keeping your data yours CORPORATE BROCHURE Keeping your data yours Outpost24 provides state of the art vulnerability management technology and services that simplify the complex security needs of modern businesses. Since 2001,

More information

Securing Your Web Application against security vulnerabilities. Ong Khai Wei, IT Specialist, Development Tools (Rational) IBM Software Group

Securing Your Web Application against security vulnerabilities. Ong Khai Wei, IT Specialist, Development Tools (Rational) IBM Software Group Securing Your Web Application against security vulnerabilities Ong Khai Wei, IT Specialist, Development Tools (Rational) IBM Software Group Agenda Security Landscape Vulnerability Analysis Automated Vulnerability

More information

Introduction to Open Source Information Security Tools and Methodologies

Introduction to Open Source Information Security Tools and Methodologies Introduction to Open Source Information Security Tools and Methodologies Presentation for Central Pennsylvania Linux Users Group (CPLUG.NET) Tuesday, April 9, 2013 Guest Speaker: Chad D. Seiber, (CISSP)

More information

Web application testing

Web application testing CL-WTS Web application testing Classroom 2 days Testing plays a very important role in ensuring security and robustness of web applications. Various approaches from high level auditing through penetration

More information

Adobe ColdFusion. Secure Profile Web Application Penetration Test. July 31, 2014. Neohapsis 217 North Jefferson Street, Suite 200 Chicago, IL 60661

Adobe ColdFusion. Secure Profile Web Application Penetration Test. July 31, 2014. Neohapsis 217 North Jefferson Street, Suite 200 Chicago, IL 60661 Adobe ColdFusion Secure Profile Web Application Penetration Test July 31, 2014 Neohapsis 217 North Jefferson Street, Suite 200 Chicago, IL 60661 Chicago Dallas This document contains and constitutes the

More information

The purpose of this report is to educate our prospective clients about capabilities of Hackers Locked.

The purpose of this report is to educate our prospective clients about capabilities of Hackers Locked. This sample report is published with prior consent of our client in view of the fact that the current release of this web application is three major releases ahead in its life cycle. Issues pointed out

More information

Top Security Challenges Facing Credit Unions Today. Chris Gates Lares Consulting

Top Security Challenges Facing Credit Unions Today. Chris Gates Lares Consulting Top Security Challenges Facing Credit Unions Today Chris Gates Lares Consulting 24 September 2013 A Little About Me Chris Gates Employment History: Partner, Lares Senior Security Consultant-Rapid7 Network

More information

Course Title: Course Description: Course Key Objective: Fee & Duration:

Course Title: Course Description: Course Key Objective: Fee & Duration: Course Title: Course Description: This is the Ethical hacking & Information Security Diploma program. This 6 months Diploma Program provides you Penetration Testing in the various field of cyber world.

More information

AtlSecCon 2012, 01 March 2012. 2012 Intru-Shun.ca Inc.

AtlSecCon 2012, 01 March 2012. 2012 Intru-Shun.ca Inc. OSSAMS -Security Testing Automation and Reporting penetration testing efficiently. Adrien de Beaupré Intru-Shun.ca Inc. SANS Internet Storm Center Handler AtlSecCon 2012, 01 March 2012 About me 32+, 22+,

More information

OWASP OWASP. The OWASP Foundation http://www.owasp.org. Selected vulnerabilities in web management consoles of network devices

OWASP OWASP. The OWASP Foundation http://www.owasp.org. Selected vulnerabilities in web management consoles of network devices OWASP Selected vulnerabilities in web management consoles of network devices OWASP 23.11.2011 Michał Sajdak, Securitum Copyright The OWASP Foundation Permission is granted to copy, distribute and/or modify

More information

Cloud Computing & Collaboration

Cloud Computing & Collaboration Sponsored by Cloud Computing & Collaboration The security implications for this new Web paradigm Please note the audio line will remain silent until 5 minutes before broadcast Sponsored by Event Housekeeping

More information

Info-Security Conference 2013. Securing Your Applications in the Cloud. 29 May 2013

Info-Security Conference 2013. Securing Your Applications in the Cloud. 29 May 2013 Info-Security Conference 2013 Securing Your Applications in the Cloud 29 May 2013 Applications in the Cloud Problem: In the cloud, application security is your final line of defence We are still not doing

More information

Security Testing for Web Applications and Network Resources. (Banking).

Security Testing for Web Applications and Network Resources. (Banking). 2011 Security Testing for Web Applications and Network Resources (Banking). The Client, a UK based bank offering secure, online payment and banking services to its customers. The client wanted to assess

More information

Best Practices - Remediation of Application Vulnerabilities

Best Practices - Remediation of Application Vulnerabilities DROISYS APPLICATION SECURITY REMEDIATION Best Practices - Remediation of Application Vulnerabilities by Sanjiv Goyal CEO, Droisys February 2012 Proprietary Notice All rights reserved. Copyright 2012 Droisys

More information

Team Members: Jared Romano, Rachael Dinger, Chris Jones, Miles Kelly Supervising Professor: Dr. George Collins Industry Advisor: Dr.

Team Members: Jared Romano, Rachael Dinger, Chris Jones, Miles Kelly Supervising Professor: Dr. George Collins Industry Advisor: Dr. Cyber Security 2014 Team Members: Jared Romano, Rachael Dinger, Chris Jones, Miles Kelly Supervising Professor: Dr. George Collins Industry Advisor: Dr. Joel Dubow Hacking Incidents Reported to the Cyber

More information

Security Training-as-a-Service (STr-aaS) Service Details & Features

Security Training-as-a-Service (STr-aaS) Service Details & Features Security Training-as-a-Service (STr-aaS) Service Details & Features Importance of Information Security Training There is only one way to keep your product plans safe and that is by having a trained, aware

More information

We ve been hacked! We did it! Rick Grandy Lockheed Martin Hanford Site

We ve been hacked! We did it! Rick Grandy Lockheed Martin Hanford Site We ve been hacked! We did it! Rick Grandy Lockheed Martin Hanford Site April 18, 2012 Outline Motivation What is Pen Testing? Establishing the Program Our Approach Pen Test Results Conclusion DOE Hanford

More information

Big Data: Controlling the Perfect Storm September 24, 2013

Big Data: Controlling the Perfect Storm September 24, 2013 Big Data: Controlling the Perfect Storm September 24, 2013 Start Time: 9 AM US Pacific, Noon US Eastern, 5 pm London 1 2 Generously sponsored by: Welcome Conference Moderator Matt Mosley Northern Virginia,

More information

Vulnerability Assessment Lab

Vulnerability Assessment Lab Vulnerability Assessment Lab Fully assessing a company's security posture is a critical job to maintain intellectual property integrity, and protect customer information. As a security auditor your job

More information

ISSA SOUTH TEXAS CHAPTER NEWSLETTER

ISSA SOUTH TEXAS CHAPTER NEWSLETTER Page 1 of 5 ISSA SOUTH TEXAS CHAPTER NEWSLETTER For May 2013 Voted "Outstanding Chapter of 2007" by ISSA International As always, please feel free to contact me with any suggestions or requests to improve

More information

Penetration Testing - a way for improving our cyber security

Penetration Testing - a way for improving our cyber security OWASP EU Tour Bucharest 2013 The OWASP Foundation http://www.owasp.org Penetration Testing - a way for improving our cyber security Adrian Furtunǎ, PhD, OSCP, CEH adif2k8@gmail.com Copyright The OWASP

More information

Application Security Testing. Erez Metula (CISSP), Founder Application Security Expert ErezMetula@AppSec.co.il

Application Security Testing. Erez Metula (CISSP), Founder Application Security Expert ErezMetula@AppSec.co.il Application Security Testing Erez Metula (CISSP), Founder Application Security Expert ErezMetula@AppSec.co.il Agenda The most common security vulnerabilities you should test for Understanding the problems

More information

Recon and Mapping Tools and Exploitation Tools in SamuraiWTF Report section Nick Robbins

Recon and Mapping Tools and Exploitation Tools in SamuraiWTF Report section Nick Robbins Recon and Mapping Tools and Exploitation Tools in SamuraiWTF Report section Nick Robbins During initial stages of penetration testing it is essential to build a strong information foundation before you

More information

Ethical Hacking as a Professional Penetration Testing Technique

Ethical Hacking as a Professional Penetration Testing Technique Ethical Hacking as a Professional Penetration Testing Technique Rochester ISSA Chapter Rochester OWASP Chapter - Durkee Consulting, Inc. info@rd1.net 2 Background Founder of Durkee Consulting since 1996

More information

The Sophisticated Attack Myth: Hiding Unsophisticated Security Programs: The Irari Rules of Classifying Sophisticated Attacks

The Sophisticated Attack Myth: Hiding Unsophisticated Security Programs: The Irari Rules of Classifying Sophisticated Attacks SESSION ID: EXP-F03 The Sophisticated Attack Myth: Hiding Unsophisticated Security Programs: The Irari Rules of Classifying Sophisticated Attacks Ira Winkler, CISSP President Secure Mentem @irawinkler

More information

Pentesting Android Mobile Application

Pentesting Android Mobile Application Pentesting Android Mobile Application Overview on Mobile applications Connect in Superior Way!! Mobile market is the worldwide rapidly developing segments since many customers are using mobile phones.

More information

Why do I need a pen test lab? Requirements. Virtual Machine Downloads

Why do I need a pen test lab? Requirements. Virtual Machine Downloads Why do I need a pen test lab? Hacking and or scanning machines without consent is against the law in most countries To become an effective penetration tester or ethical hacker you need to practice to enhance

More information

PCI DSS Overview and Solutions. Anwar McEntee Anwar_McEntee@rapid7.com

PCI DSS Overview and Solutions. Anwar McEntee Anwar_McEntee@rapid7.com PCI DSS Overview and Solutions Anwar McEntee Anwar_McEntee@rapid7.com Agenda Threat environment and risk PCI DSS overview Who we are Solutions and where we can help Market presence High Profile Hacks in

More information

How to Avoid an Attack - Security Testing as Part of Your Software Testing Process

How to Avoid an Attack - Security Testing as Part of Your Software Testing Process How to Avoid an Attack - Security Testing as Part of Your Software Testing Process Recent events in the field of information security, which have been publicized extensively in the media - such as the

More information

Vulnerability Scanning & Management

Vulnerability Scanning & Management Vulnerability Scanning & Management (An approach to managing the risk level of a vulnerability) Ziad Khalil 1, Mohamed Elammari 2 1 Higher Academy, 2 Rogue Wave Software Ottawa, Canada Abstract Vulnerability

More information

LEARNING CURRICULUM SECURITY COMPASS TRAINING 2015 Q3. Copyright 2015. Security Compass. 1

LEARNING CURRICULUM SECURITY COMPASS TRAINING 2015 Q3. Copyright 2015. Security Compass. 1 LEARNING CURRICULUM SECURITY COMPASS TRAINING 2015 Q3 Copyright 2015. Security Compass. 1 CONTENTS WHY SECURITY COMPASS...3 RECOMMENDED LEARNING PATHs...4 TECHNICAL LEARNING PATHS...4 BUSINESS / SUPPORT

More information

Your Cause. October 05, 2015. Technical Summary. External Vulnerability Assessment. Your Cause External

Your Cause. October 05, 2015. Technical Summary. External Vulnerability Assessment. Your Cause External Your Cause Technical Summary External Vulnerability Assessment Your Cause External October 05, 2015 Robert Gorski Sr. Security Consultant Robert.Gorski@PivotPointSecurity.com Confidential The conclusions

More information

Demystifying Penetration Testing for the Enterprise. Presented by Pravesh Gaonjur

Demystifying Penetration Testing for the Enterprise. Presented by Pravesh Gaonjur Demystifying Penetration Testing for the Enterprise Presented by Pravesh Gaonjur Pravesh Gaonjur Founder and Executive Director of TYLERS Information Security Consultant Certified Ethical Hacker (CEHv8Beta)

More information

Security Testing for Developers using OWASP ZAP

Security Testing for Developers using OWASP ZAP JavaOne San Fransisco 2014 The OWASP Foundation http://www.owasp.org Security Testing for Developers using OWASP ZAP Simon Bennetts OWASP ZAP Project Lead Mozilla Security Team psiinon@gmail.com Copyright

More information

Attack and Penetration Testing 101

Attack and Penetration Testing 101 Attack and Penetration Testing 101 Presented by Paul Petefish PaulPetefish@Solutionary.com July 15, 2009 Copyright 2000-2009, Solutionary, Inc. All rights reserved. Version 2.2 Agenda Penetration Testing

More information

Part Banker. Part Geek. All Security & Compliance.

Part Banker. Part Geek. All Security & Compliance. Part Banker. Part Geek. All Security & Compliance. Your IT Security Assessment......begins with Vulnerability Scanning to identify and classify security weaknesses in your IT network. We look for weaknesses

More information

MAXIMIZING THE VALUE OF YOUR NETWORK PENETRATION TESTS. Jay Ferron. CEHi, CISSP, CHFIi, C)PTEi, CRISC, CVEi, MCITP, MCSE, MCT, MVP, NSA-IAM

MAXIMIZING THE VALUE OF YOUR NETWORK PENETRATION TESTS. Jay Ferron. CEHi, CISSP, CHFIi, C)PTEi, CRISC, CVEi, MCITP, MCSE, MCT, MVP, NSA-IAM MAXIMIZING THE VALUE OF YOUR NETWORK PENETRATION TESTS Jay Ferron CEHi, CISSP, CHFIi, C)PTEi, CRISC, CVEi, MCITP, MCSE, MCT, MVP, NSA-IAM jferron@interactivesecuritytraining.com blog.mir.net 203-675-8900

More information

Web Application Vulnerability Testing with Nessus

Web Application Vulnerability Testing with Nessus The OWASP Foundation http://www.owasp.org Web Application Vulnerability Testing with Nessus Rïk A. Jones, CISSP rikjones@computer.org Rïk A. Jones Web developer since 1995 (16+ years) Involved with information

More information

Mobile Application Hacking for ios. 3-Day Hands-On Course. Syllabus

Mobile Application Hacking for ios. 3-Day Hands-On Course. Syllabus Mobile Application Hacking for ios 3-Day Hands-On Course Syllabus Course description ios Mobile Application Hacking 3-Day Hands-On Course This course will focus on the techniques and tools for testing

More information

Pentesting for fun... and profit! David M. N. Bryan and Rob Havelt

Pentesting for fun... and profit! David M. N. Bryan and Rob Havelt Pentesting for fun... and profit! David M. N. Bryan and Rob Havelt Agenda Who are David & Rob? Why are we experts? Why do penetration tests? What is a penetration test? What is the goal? Some says it s

More information

Be Fast, but be Secure a New Approach to Application Security July 23, 2015

Be Fast, but be Secure a New Approach to Application Security July 23, 2015 Be Fast, but be Secure a New Approach to Application Security July 23, 2015 Copyright 2015 Vivit Worldwide Copyright 2015 Vivit Worldwide Brought to you by Copyright 2015 Vivit Worldwide Hosted by Paul

More information

Mobile App Testing Process INFLECTICA TECHNOLOGIES (P) LTD

Mobile App Testing Process INFLECTICA TECHNOLOGIES (P) LTD Mobile App Testing Process Mobile Application Testing Strategy EMULATOR QA team can perform most of the testing in a well-equipped test environment using device emulators with various options like ability

More information

Kerem Kocaer 2010/04/14

Kerem Kocaer 2010/04/14 Kerem Kocaer 1 EHLO Kerem is: a graduate from ICSS a security consultant at Bitsec Consulting AB a security enthusiast Kerem works with: administrative security security standards and frameworks, security

More information

The Top Web Application Attacks: Are you vulnerable?

The Top Web Application Attacks: Are you vulnerable? QM07 The Top Web Application Attacks: Are you vulnerable? John Burroughs, CISSP Sr Security Architect, Watchfire Solutions jburroughs@uk.ibm.com Agenda Current State of Web Application Security Understanding

More information

Penetration Testing Scope Factors

Penetration Testing Scope Factors 1 NZ PAPER LINUX AND WEB APPLICATION SECURITY Penetration Testing Scope Factors April 20, 2013 Zeeshan Khan NZPAPER.BLOGSPOT.COM 2 Abstract: This paper contains the key points of penetration testing. All

More information

1 Scope of Assessment

1 Scope of Assessment CIT 380 Project Network Security Assessment Due: April 30, 2014 This project is a security assessment of a small group of systems. In this assessment, students will apply security tools and resources learned

More information

Security Information and Event Management

Security Information and Event Management Security Information and Event Management sponsored by: ISSA Web Conference April 26, 2011 Start Time: 9 am US Pacific, Noon US Eastern, 5 pm London Welcome Conference Moderator Phillip H. Griffin ISSA

More information

Access FedVTE online at: fedvte.usalearning.gov

Access FedVTE online at: fedvte.usalearning.gov FALL 2015 Access FedVTE online at: fedvte.usalearning.gov If you need any assistance please contact the FedVTE Help Desk her e or email the Help Desk at support@usalearning.net. To speak with a Help Desk

More information

WHITEPAPER. Nessus Exploit Integration

WHITEPAPER. Nessus Exploit Integration Nessus Exploit Integration v2 Tenable Network Security has committed to providing context around vulnerabilities, and correlating them to other sources, such as available exploits. We currently pull information

More information

Learning objectives for today s session

Learning objectives for today s session Black Box versus White Box: Different App Testing Strategies John B. Dickson, CISSP Learning objectives for today s session Understand what a black box and white box assessment is and how they differ Identify

More information
2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback | Do Not Sell My Personal Information