Network Security Testing



Similar documents
Cyber Analysis Tools:

Big Data Trust and Reputation, Privacy Cyber Threat Intelligence

Bust a cap in a web app with OWASP ZAP

Vinny Hoxha Vinny Hoxha 12/08/2009

ASK PC Certified Information Systems Security Expert - CISSE

PREVENTING ZERO-DAY ATTACKS IN MOBILE DEVICES

Vulnerability analysis

June 2014 WMLUG Meeting Kali Linux

Newsletter - September T o o l s W a t c h T e a m NJ OUCHN & MJ SOLER

James Stanger, PhD Senior Director, Products - CompTIA 18 November, 2015

A Network Administrator s Guide to Web App Security

Security-as-a-Service (Sec-aaS) Framework. Service Introduction

Aiming at Higher Network Security Levels Through Extensive PENETRATION TESTING. Anestis Bechtsoudis. abechtsoudis (at) ieee.

Information Security and Privacy. Lynn McNulty, CISSP. Advisory Board November 2008

Penetration Testing. Types Black Box. Methods Automated Manual Hybrid. oless productive, more difficult White Box

Penetration Testing Workshop

COURSE NAME: INFORMATION SECURITY INTERNSHIP PROGRAM

Streamlining Application Vulnerability Management: Communication Between Development and Security Teams

Introduction to Penetration Testing Graham Weston

Maryland State Board of Elections Online Voter Services Vulnerability Assessment and Penetration Testing Report

Digi Device Cloud: Security You Can Trust

Integrating Security into the Application Development Process. Jerod Brennen, CISSP CTO & Principal Security Consultant, Jacadis

Web Maniac Hacking Trust. Aditya K Sood [adi_ks [at] secniche.org] SecNiche Security

CRYPTUS DIPLOMA IN IT SECURITY

Ciklum Solutions Quality Assurance Solutions Unit Security QA Services reference

How To Protect Your Data From Attack

ITEC441- IS Security. Chapter 15 Performing a Penetration Test

Manual Penetration Testing for ContractPal

(WAPT) Web Application Penetration Testing

CYBERTRON NETWORK SOLUTIONS

QualysGuard WAS. Getting Started Guide Version 4.1. April 24, 2015

Armitage. Part 1. Author : r45c4l Mail : infosecpirate@gmail.com.

Best IT Security Tools & Software. rewind< & past database.com

HackMiami Web Application Scanner 2013 PwnOff

Security Assessment of Waratek AppSecurity for Java. Executive Summary

Background. HSBC DOD VA Masters in Computer Science Somerset Recon. Avid CTF Competitor

Penetration Testing. Presented by: Elham Hojati Advisor: Dr. Akbar Namin July 2014

Application Backdoor Assessment. Complete securing of your applications

Rational AppScan & Ounce Products

Keeping your data yours

Securing Your Web Application against security vulnerabilities. Ong Khai Wei, IT Specialist, Development Tools (Rational) IBM Software Group

Web application testing

Adobe ColdFusion. Secure Profile Web Application Penetration Test. July 31, Neohapsis 217 North Jefferson Street, Suite 200 Chicago, IL 60661

The purpose of this report is to educate our prospective clients about capabilities of Hackers Locked.

Top Security Challenges Facing Credit Unions Today. Chris Gates Lares Consulting

Course Title: Course Description: Course Key Objective: Fee & Duration:

OWASP OWASP. The OWASP Foundation Selected vulnerabilities in web management consoles of network devices

Security Testing for Web Applications and Network Resources. (Banking).

Team Members: Jared Romano, Rachael Dinger, Chris Jones, Miles Kelly Supervising Professor: Dr. George Collins Industry Advisor: Dr.

We ve been hacked! We did it! Rick Grandy Lockheed Martin Hanford Site

Big Data: Controlling the Perfect Storm September 24, 2013

Vulnerability Assessment Lab

Penetration Testing - a way for improving our cyber security

Application Security Testing. Erez Metula (CISSP), Founder Application Security Expert

Recon and Mapping Tools and Exploitation Tools in SamuraiWTF Report section Nick Robbins

Ethical Hacking as a Professional Penetration Testing Technique

The Sophisticated Attack Myth: Hiding Unsophisticated Security Programs: The Irari Rules of Classifying Sophisticated Attacks

Pentesting Android Mobile Application

Why do I need a pen test lab? Requirements. Virtual Machine Downloads

PCI DSS Overview and Solutions. Anwar McEntee

How to Avoid an Attack - Security Testing as Part of Your Software Testing Process

Vulnerability Scanning & Management

LEARNING CURRICULUM SECURITY COMPASS TRAINING 2015 Q3. Copyright Security Compass. 1

Demystifying Penetration Testing for the Enterprise. Presented by Pravesh Gaonjur

Security Testing for Developers using OWASP ZAP

Attack and Penetration Testing 101

Web Application Vulnerability Testing with Nessus

Mobile Application Hacking for ios. 3-Day Hands-On Course. Syllabus

Pentesting for fun... and profit! David M. N. Bryan and Rob Havelt

Be Fast, but be Secure a New Approach to Application Security July 23, 2015

Mobile App Testing Process INFLECTICA TECHNOLOGIES (P) LTD

Kerem Kocaer 2010/04/14

The Top Web Application Attacks: Are you vulnerable?

Penetration Testing Scope Factors

1 Scope of Assessment

Access FedVTE online at: fedvte.usalearning.gov

WHITEPAPER. Nessus Exploit Integration

Learning objectives for today s session

Transcription:

Network Security Testing Are There Really Different Types of Testing? July 28, 2015 Start Time: 9 am US Pacific / 12 noon US Eastern / 5 pm London Time #ISSAWebConf WebCONFERENCES

Network Security Testing Are There Really Different Types of Testing? Brought to you by: #ISSAWebConf WebCONFERENCE: Title Network goes Testing Are here There Really Different Types of Testing? 2

Network Security Testing Are There Really Different Types of Testing? Welcome Conference Moderator Jorge Orchilles Vice President, South Florida ISSA July 28, 2015 Start Time: 9 am US Pacific 12 noon US Eastern 5 pm London Time #ISSAWebConf WebCONFERENCES

Speaker Introduction John Kindervag Vice President & Principal Analyst, Forrrester Research Eric Raisters CISSP, CSSLP Ira Winkler President, Secure Mentem, CISSP Donald Shin Sr. Technical Business Development Manager, IXIA To ask a question: Type in your question in the Chat area of your screen. You may need to click on the double arrows to open this function. #ISSAWebConf WebCONFERENCE: Title Network goes Testing Are here There Really Different Types of Testing? 4

Network Security Testing Are There Really Different Types of Testing? +1 469.221.5372 4kindervag@forrester.com @Kindervag Materials omitted due to licensing and reproduction rights. #ISSAWebConf John Kindervag Vice President, Principal Analyst serving Security & Risk Professionals at Forrester Research WebCONFERENCES

Network Testing Are There Really Different Types of Testing?

Network Security Testing Are There Really Different Types of Testing? raisters@comcast.net #ISSAWebConf Eric Raisters CISSP, CSSLP WebCONFERENCES

Pen Test Basics Approach SUT as an attacker Process (from SANS Ethical Hacking) Planning Scoping Reconnaissance Scanning Exploitation Documentation/Reporting Network Testing Are There Really Different Types of Testing? 8

Pen Test Purpose Approach SUT as an attacker In-house developed apps/services White-box testing Deployed systems/purchased products Includes virtual servers and cloud deployments Network Testing Are There Really Different Types of Testing? 9

Pen Test Types SUT object Network mis-configs, weak settings Web apps/services OWASP Top 10 Mobile apps/services permissions, data leakage Attack methods Known vulnerability scans - automated Exploitation proof - manual Network Testing Are There Really Different Types of Testing? 10

Pen Test Toolkits Kali Linux Samurai Web Test Framework Pwnie Express Network Testing Are There Really Different Types of Testing? 11

Vulnerability Scan Look for known vulnerabilities Nessus (OpenVAS) Nexpose Core Impact Burp Suite (free and commercial) Zed Attack Proxy (OWASP) Network Testing Are There Really Different Types of Testing? 12

Network Exploits Prove a found vulnerability is exploitable Metasploit (freed and commercial) CANVAS Network Testing Are There Really Different Types of Testing? 13

Web App Exploits Burp Suite (free and commercial) Zed Attack Proxy (OWASP) Paros proxy w3af Netsparker Network Testing Are There Really Different Types of Testing? 14

Android Exploits Pwnie Express zanti Hackcode AndroRAT Network Testing Are There Really Different Types of Testing? 15

iphone Exploits Standard Linux pentest tools inalyser Network Testing Are There Really Different Types of Testing? 16

Summary Pen testing is important Vulnerability scans are not enough Exploit testing proves that a vulnerability is important enough to fix Consider contracting experts Consider a bug bounty program If you don t do it, the hackers will Network Testing Are There Really Different Types of Testing? 17

Resources sectools.org n0where.net/directory OWASP.prg kali.org Eric Raisters raisters@comcast.net Network Testing Are There Really Different Types of Testing? 18

Thank you! Network Testing Are There Really Different Types of Testing? 19

Question and Answer Eric Raisters CISSP, CSSLP raisters@comcast.net #ISSAWebConf To ask a question: Type in your question in the Chat area of your screen. You may need to click on the double arrows to open this function. WebCONFERENCE: Title Network goes Testing Are here There Really Different Types of Testing? 20

Thank You Eric Raisters CISSP, CSSLP raisters@comcast.net #ISSAWebConf WebCONFERENCE: Title Network goes Testing Are here There Really Different Types of Testing? 21

Network Security Testing Are There Really Different Types of Testing? ira@securementem.com #ISSAWebConf Ira Winkler President, Secure Mentem, CISSP WebCONFERENCES

Copyright Secure Mentem Network Testing Are There Really Different Types of Testing? 23

Network Testing Are There Really Different Types of Testing? 24

Network Testing Are There Really Different Types of Testing? 25

Copyright Secure Mentem Network Testing Are There Really Different Types of Testing? 26

Copyright Secure Mentem Network Testing Are There Really Different Types of Testing? 27

Copyright Secure Mentem Network Testing Are There Really Different Types of Testing? 28

Network Testing Are There Really Different Types of Testing? 29

Copyright Secure Mentem Network Testing Are There Really Different Types of Testing? 30

Copyright Secure Mentem Network Testing Are There Really Different Types of Testing? 31

Network Testing Are There Really Different Types of Testing? 32

Network Testing Are There Really Different Types of Testing? 33

Network Testing Are There Really Different Types of Testing? 34

Network Testing Are There Really Different Types of Testing? 35

Network Testing Are There Really Different Types of Testing? 36

Network Testing Are There Really Different Types of Testing? 37

Thank You Network Testing Are There Really Different Types of Testing? 38

Question and Answer Ira Winkler President, Secure Mentem, CISSP +1-443-603-0200 ira@securementem.com @irawinkler #ISSAWebConf To ask a question: Type in your question in the Chat area of your screen. You may need to click on the double arrows to open this function. WebCONFERENCE: Title Network goes Testing Are here There Really Different Types of Testing? 39

Thank You Ira Winkler President, Secure Mentem, CISSP +1-443-603-02500 ira@securementem.com @irawinkler #ISSAWebConf WebCONFERENCE: Title Network goes Testing Are here There Really Different Types of Testing? 40

Network Security Testing Are There Really Different Types of Testing? www.ixiacom.com #ISSAWebConf Donald Shin Sr. Technical Business Development Manager, IXIA WebCONFERENCES

Network Testing Are There Really Different Types of Testing? 42

Network Testing Are There Really Different Types of Testing? 43

Network Testing Are There Really Different Types of Testing? 44

Network Testing Are There Really Different Types of Testing? 45

Network Testing Are There Really Different Types of Testing? 46

Network Testing Are There Really Different Types of Testing? 47

Network Testing Are There Really Different Types of Testing? 48

Network Testing Are There Really Different Types of Testing? 49

Network Testing Are There Really Different Types of Testing? 50

Network Testing Are There Really Different Types of Testing? 51

Network Testing Are There Really Different Types of Testing? 52

Network Testing Are There Really Different Types of Testing? 53

Network Testing Are There Really Different Types of Testing? 54

Network Testing Are There Really Different Types of Testing? 55

Network Testing Are There Really Different Types of Testing? 56

Network Testing Are There Really Different Types of Testing? 57

Network Testing Are There Really Different Types of Testing? 58

Network Testing Are There Really Different Types of Testing? 59

Network Testing Are There Really Different Types of Testing? 60

Network Testing Are There Really Different Types of Testing? 61

Network Testing Are There Really Different Types of Testing? 62

Question and Answer Donald Shin Sr. Technical Business Development Manager IXIA www.ixiacom.com #ISSAWebConf To ask a question: Type in your question in the Chat area of your screen. You may need to click on the double arrows to open this function. WebCONFERENCE: Title Network goes Testing Are here There Really Different Types of Testing? 63

Thank You Donald Shin Sr. Technical Business Development Manager IXIA www.ixiacom.com #ISSAWebConf WebCONFERENCE: Title Network goes Testing Are here There Really Different Types of Testing? 64

Open Panel with Audience Q&A John Kindervag Vice President & Principal Analyst, Forrester Research Eric Raisters CISSP, CSSLP Ira Winkler President, Secure Mentem, CISSP Donald Shin Sr. Technical Business Development Manager, IXIA To ask a question: Type in your question in the Chat area of your screen. You may need to click on the double arrows to open this function. #ISSAWebConf WebCONFERENCE: Title Network goes Testing Are here There Really Different Types of Testing? 65

Closing Remarks Thank You Thank you Citrix for donating the Webcast service #ISSAWebConf WebCONFERENCE: Title Network goes Testing Are here There Really Different Types of Testing? 66

CPE Credit Within 24 hours of the conclusion of this webcast, you will receive a link via email to a post Web Conference quiz. After the successful completion of the quiz you will be given an opportunity to PRINT a certificate of attendance to use for the submission of CPE credits. On-Demand Viewers Quiz Link: http://www.surveygizmo.com/s3/2241426/issa-web- Conference-July-28-2015-Network-Security-Testing-Are- There-Really-Different-Types-of-Testing #ISSAWebConf WebCONFERENCE: Title Network goes Testing Are here There Really Different Types of Testing? 67

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information