In the past several years, bug bounty programs have disrupted the pen test norm, and provide organizations with a robust and all-encompassing security assessment solution. Instructure, the company behind Canvas Learning Management System (LMS), made the switch three years ago and have never looked back.
In this webinar, we will explore...
• Why Instructure replaced their last three penetration tests and the results they’ve found
• The three fundamental differences between the penetration testing model and the bug bounty model
• How organizations running bug bounty programs have seen improved results in both volume and quality in vulnerability submissions
Today, it’s hard to find an organization that operates without pen tests. Thanks to heightened awareness among management and growing adoption of compliance standards such as PCI DSS, pen tests are on every CISO’s to-do list.
Multiple varieties of pen tests have emerged and many organizations have a detailed plan to perform these tests every year. Yet, 95% of the organisations were found to be breached with clear evidence of advanced attackers controlling their internal systems. While penetration tests attempt to answer the question, “Can our controls be breached?”, the more critical question is “Am I aware of any existing breach?”
In the new threat landscape, where attackers employed advanced means to bypass controls and got in without being noticed, just how pen tests are standing up to the challenge? How would one determine if these annual penetration tests are really providing value?
Vivek Chudgar takes this on in our live webinar. He will examine the role of pen testings in an organization, and how the new threat landscape has changed the function of these testings. He will also discuss other new approaches to help organizations be assured of their secure status.
Would a hack on one Internet connected thermostat stop a nation? Maybe not, but imagine hundreds of connected devices being meddled with in order to cause havoc?
Join our IOT experts to discuss the real impact of an IOT device hack. Wieland Alge, GM EMEA at Barracuda Networks and Mark Harrison, Consultant at Pen Test Partners, will look into why cyber criminals are interested in hacking IOT devices and the true impact of such an attack to organisations. Join this webinar to learn:
• The true impact of an IOT hack
• Methods used by hackers
• Demos of IOT devices being hacked
• Major challenges in protecting smart cities
• How to mitigate these threats
The reality of external attacks today is simple: Attackers have made it their business to know more about the networking environment you work in every day than you do – and they’ll use that knowledge to systematically gain entrance, and laterally move within your network. At the core of their attacks is Active Directory – the ultimate repository of credentials that, if compromised, gives them the keys to the kingdom.
So how can you leverage the same detail hackers exploit to “pen test” your AD?
View this webinar to learn:
- How and why AD is a primary focus for attacks
- Detailed ways attackers seek access to AD
- What parts of your Windows and AD environment need regular pen testing to ensure you’re secure
- The threat model analysis of AD based on STRIDE
- Security characteristics of the SkySecure appliance that defeat pen testing
The reality of external attacks today is simple - attacker have made it their business to know more about the networking environment you work in every day than you do - and they'll use that knowledge to systematically gain entrance and literally move within your network.
At the core of their attacks is Active Directory - the ultimate repository of credentials that, if compromised, give them the keys to your kingdom.
So how can you leverage the same detail hackers exploit to "pen test" your AD? In this insightful webinar, join industry experts Allen Brokken and Sheridan Murphy as they discuss what you need to know about keeping your AD secure, including:
· How and why AD is a primary focus for attacks
· Detailed ways attackers seek access to AD
· What parts of the Windows and AD environments require regular penetration testing to ensure security
· The threat model analysis of AD based on STRIDE
We caught up with Pen Test Partner's Ken Munro, to get his Top 5 reasons that you should be scared of your customers.Read more >
In addition to becoming a compliance prerequisite, so-called “penetration testing” and “risk and security assessments” also create added opportunities to:
•determine where cybersecurity vulnerabilities lie;
•improve processes; and
•beef-up enterprise security posture.
The emerging penetration testing marketplace, however, is a chaotic morass, with a mishmash of consultant jargon painting varying doomsday scenarios and pitching uniquely branded panaceas.
This webcast walks GCs, CFOs and CCOs through the “pen testing” maze, providing key insights on how to engage the right blend of capable, trustworthy and innovative cybersecurity professionals.
Like everyone else, you know that application penetration tests are a critical part of any reasonable security program. So you setup a bake-off and find a qualified security company to test your applications. Things are going well and you start to see results show up in the reporting portal (or, if it’s still 2005, you get PDF reports).
But identifying vulnerabilities is only half the battle. Once you know where your problems are, what do you do next? Schedule fixes for the next code deployment? Create virtual patches? What about long-term solutions?
Find out what you can expect from an application penetration test, and what to do with the results in this hour-long session led by Trustwave SpiderLabs experts Charles Henderson, Director of Application Security Services, and Ryan Barnett, Lead Security Researcher.
You’ll gain insight into:
•Common and serious vulnerabilities uncovered by testing
•Immediate tactical responses to remediation
•Long-term strategic initiatives to improve application security
You’ll walk away with actionable information on how to take full advantage of an application penetration test to strengthen application security throughout your organization.
Tools and policy frameworks are only as good as the people who implement and support them. Automated mechanisms can only go so far before they rely on human intelligence to drive the appropriate reaction. The controls required by security frameworks and the data they generate, however, are overwhelming, and finding the right security talent can feel impossible.
Organizations often choose to prioritize the implementation of their security program components on the basis of risk. By identifying potential impacts and attack vectors, it’s easier to identify the controls that produce the biggest return on investment. Training your staff to understand what they see when they see it, and how to respond proactively, will help you build a security organization that is resilient in the face of evolving threats and identify any controls gaps you have while you execute your security roadmap.
This webinar will talk about how organizations can evolve beyond the compliance checklist and overwhelming scanner results by employing threat simulations. We will discuss how threat simulations differ from penetration testing, how they can be used to help make your organization stronger, and how they can replace traditional penetration testing as part of a security program.
We will focus on a discussion of attack chains, mapping methodologies to real world threats, and then look at a sample attack to see how a nominally compliant system can still be compromised.