Today, it’s hard to find an organization that operates without pen tests. Thanks to heightened awareness among management and growing adoption of compliance standards such as PCI DSS, pen tests are on every CISO’s to-do list.
Multiple varieties of pen tests have emerged and many organizations have a detailed plan to perform these tests every year. Yet, 95% of the organisations were found to be breached with clear evidence of advanced attackers controlling their internal systems. While penetration tests attempt to answer the question, “Can our controls be breached?”, the more critical question is “Am I aware of any existing breach?”
In the new threat landscape, where attackers employed advanced means to bypass controls and got in without being noticed, just how pen tests are standing up to the challenge? How would one determine if these annual penetration tests are really providing value?
Vivek Chudgar takes this on in our live webinar. He will examine the role of pen testings in an organization, and how the new threat landscape has changed the function of these testings. He will also discuss other new approaches to help organizations be assured of their secure status.
We caught up with Pen Test Partner's Ken Munro, to get his Top 5 reasons that you should be scared of your customers.Read more >
In addition to becoming a compliance prerequisite, so-called “penetration testing” and “risk and security assessments” also create added opportunities to:
•determine where cybersecurity vulnerabilities lie;
•improve processes; and
•beef-up enterprise security posture.
The emerging penetration testing marketplace, however, is a chaotic morass, with a mishmash of consultant jargon painting varying doomsday scenarios and pitching uniquely branded panaceas.
This webcast walks GCs, CFOs and CCOs through the “pen testing” maze, providing key insights on how to engage the right blend of capable, trustworthy and innovative cybersecurity professionals.
Like everyone else, you know that application penetration tests are a critical part of any reasonable security program. So you setup a bake-off and find a qualified security company to test your applications. Things are going well and you start to see results show up in the reporting portal (or, if it’s still 2005, you get PDF reports).
But identifying vulnerabilities is only half the battle. Once you know where your problems are, what do you do next? Schedule fixes for the next code deployment? Create virtual patches? What about long-term solutions?
Find out what you can expect from an application penetration test, and what to do with the results in this hour-long session led by Trustwave SpiderLabs experts Charles Henderson, Director of Application Security Services, and Ryan Barnett, Lead Security Researcher.
You’ll gain insight into:
•Common and serious vulnerabilities uncovered by testing
•Immediate tactical responses to remediation
•Long-term strategic initiatives to improve application security
You’ll walk away with actionable information on how to take full advantage of an application penetration test to strengthen application security throughout your organization.
Tools and policy frameworks are only as good as the people who implement and support them. Automated mechanisms can only go so far before they rely on human intelligence to drive the appropriate reaction. The controls required by security frameworks and the data they generate, however, are overwhelming, and finding the right security talent can feel impossible.
Organizations often choose to prioritize the implementation of their security program components on the basis of risk. By identifying potential impacts and attack vectors, it’s easier to identify the controls that produce the biggest return on investment. Training your staff to understand what they see when they see it, and how to respond proactively, will help you build a security organization that is resilient in the face of evolving threats and identify any controls gaps you have while you execute your security roadmap.
This webinar will talk about how organizations can evolve beyond the compliance checklist and overwhelming scanner results by employing threat simulations. We will discuss how threat simulations differ from penetration testing, how they can be used to help make your organization stronger, and how they can replace traditional penetration testing as part of a security program.
We will focus on a discussion of attack chains, mapping methodologies to real world threats, and then look at a sample attack to see how a nominally compliant system can still be compromised.
Peter Wood has analysed the results of all the network penetration tests conducted by the First Base team over the past year. This annual review covers clients in a variety of sectors including banking, insurance and retail. This presentation identifies the most common vulnerabilities, how they can be exploited and the consequences for each business.
Learn in detail how criminals can take advantage of these weaknesses and how you can secure your networks using straightforward techniques.
HTTP is being used to transport new request formats such as those from mobile apps, REST, JSON, AMF and GWTk, but few security teams have updated their testing procedures. All of these new formats are potential new playgrounds for attackers and pen testers. You just need to know how to play. In this talk, Dan Kuykendall will demonstrate the process of breaking down these new formats and where to attack them on various vulnerable applications. Most of the attacks are the familiar classics like SQL and Command injection applied in modern applications. Attendees will learn to leverage their existing pen testing skills and techniques and apply them to these new formats.Read more >
True Stories of Real Pen Tests - Featuring demos of complex hacks and how business systems can be used against an organization.
Earth vs. the Giant Spider: Amazingly True Stories of Real Pen-Tests brings the audience the most massive collection of weird, downright freaky, and altogether unlikely hacks ever seen in the wild. Through stories and demonstrations, we will take the audience into a bizarre world where odd business logic flaws get you almost free food (including home shipping), sourcing traffic from port 0 allows ownership of the finances a nation, and security systems are used to hack organizations.
This talk will focus on:
•Complex hacks found in real environments
•Showing effective attacks not found with automated methods
•Types of victim organizations and data accessed
By the end of this presentation we hope to have the audience thinking differently about systems and applications that organizations use every day, and how they may be used against them.
Designed to work with the devices you already own and light up the features of new devices, Windows 10 opens up new ways to create, learn, collaborate, and visualize.
Windows 10 works great on your existing devices, so you don’t have to wait for a hardware refresh. It’s easier to upgrade existing devices with in-place upgrades, instead of time intensive wipe-and-reload deployments. And with Windows 10, the user interface optimizes itself to whatever device you’re using so you’ll always get an optimized experience.
Windows 10 also ushers in a new era of devices from Microsoft. With Windows 10, you can experience the latest in innovative devices, such as pen functionality, Surface Hub and the amazing HoloLens. Devices with pen input let you take notes, mark documents, and sketch ideas naturally.
Surface Hub and HoloLens will revolutionize how we communicate and collaborate at work. Whether your company runs on desktops, tablets, or a combination of these, the easy 2-in-1 experience with Windows 10 is seamless experience across devices.
In this webcast, viewers will learn:
•How Windows 10 works great on your existing devices while showcasing the best of hardware innovation
•Why the Surface family of devices (Surface 3, Surface Pro 4 and Surface Book) is ideal for businesses
•Additional resources for Surface and other Windows 10 Devices