In the past several years, bug bounty programs have disrupted the pen test norm, and provide organizations with a robust and all-encompassing security assessment solution. Instructure, the company behind Canvas Learning Management System (LMS), made the switch three years ago and have never looked back.
In this webinar, we will explore...
• Why Instructure replaced their last three penetration tests and the results they’ve found
• The three fundamental differences between the penetration testing model and the bug bounty model
• How organizations running bug bounty programs have seen improved results in both volume and quality in vulnerability submissions
Today, it’s hard to find an organization that operates without pen tests. Thanks to heightened awareness among management and growing adoption of compliance standards such as PCI DSS, pen tests are on every CISO’s to-do list.
Multiple varieties of pen tests have emerged and many organizations have a detailed plan to perform these tests every year. Yet, 95% of the organisations were found to be breached with clear evidence of advanced attackers controlling their internal systems. While penetration tests attempt to answer the question, “Can our controls be breached?”, the more critical question is “Am I aware of any existing breach?”
In the new threat landscape, where attackers employed advanced means to bypass controls and got in without being noticed, just how pen tests are standing up to the challenge? How would one determine if these annual penetration tests are really providing value?
Vivek Chudgar takes this on in our live webinar. He will examine the role of pen testings in an organization, and how the new threat landscape has changed the function of these testings. He will also discuss other new approaches to help organizations be assured of their secure status.
While autonomous driverless cars are still a work-in-progress connected cars and the IoT are becoming the norm. Whether that relates to communications infrastructure, on-board services for vehicle management, or mobile device connectivity, more and more new cars come equipped as standard with some sort of "connected" element. Typically the cost of new technology is in the buying price, but with modern cars it could be insurance hikes, loss of privacy, or even loss of life.
Ken Munro, Partner and Security Consultant and Pen Test Partners, breaks down the key technologies and examines the security implications for drivers, insurers and manufactures alike.
Viewers will learn about:
- The attack surface that a connected car presents
- What those attacks look like
- The implications for everyday drivers
- What manufacturers need to be doing
We caught up with Pen Test Partner's Ken Munro, to get his Top 5 reasons that you should be scared of your customers.Read more >
In addition to becoming a compliance prerequisite, so-called “penetration testing” and “risk and security assessments” also create added opportunities to:
•determine where cybersecurity vulnerabilities lie;
•improve processes; and
•beef-up enterprise security posture.
The emerging penetration testing marketplace, however, is a chaotic morass, with a mishmash of consultant jargon painting varying doomsday scenarios and pitching uniquely branded panaceas.
This webcast walks GCs, CFOs and CCOs through the “pen testing” maze, providing key insights on how to engage the right blend of capable, trustworthy and innovative cybersecurity professionals.
Like everyone else, you know that application penetration tests are a critical part of any reasonable security program. So you setup a bake-off and find a qualified security company to test your applications. Things are going well and you start to see results show up in the reporting portal (or, if it’s still 2005, you get PDF reports).
But identifying vulnerabilities is only half the battle. Once you know where your problems are, what do you do next? Schedule fixes for the next code deployment? Create virtual patches? What about long-term solutions?
Find out what you can expect from an application penetration test, and what to do with the results in this hour-long session led by Trustwave SpiderLabs experts Charles Henderson, Director of Application Security Services, and Ryan Barnett, Lead Security Researcher.
You’ll gain insight into:
•Common and serious vulnerabilities uncovered by testing
•Immediate tactical responses to remediation
•Long-term strategic initiatives to improve application security
You’ll walk away with actionable information on how to take full advantage of an application penetration test to strengthen application security throughout your organization.
Tools and policy frameworks are only as good as the people who implement and support them. Automated mechanisms can only go so far before they rely on human intelligence to drive the appropriate reaction. The controls required by security frameworks and the data they generate, however, are overwhelming, and finding the right security talent can feel impossible.
Organizations often choose to prioritize the implementation of their security program components on the basis of risk. By identifying potential impacts and attack vectors, it’s easier to identify the controls that produce the biggest return on investment. Training your staff to understand what they see when they see it, and how to respond proactively, will help you build a security organization that is resilient in the face of evolving threats and identify any controls gaps you have while you execute your security roadmap.
This webinar will talk about how organizations can evolve beyond the compliance checklist and overwhelming scanner results by employing threat simulations. We will discuss how threat simulations differ from penetration testing, how they can be used to help make your organization stronger, and how they can replace traditional penetration testing as part of a security program.
We will focus on a discussion of attack chains, mapping methodologies to real world threats, and then look at a sample attack to see how a nominally compliant system can still be compromised.
CNS Group interviews Dr. Sandra Bell, Head of Resilience Consulting, Sungard Availability Services on the integration of CNS Group into the organisation and how CNS's services benefit Sungard AS and it's employees.Read more >
Peter Wood has analysed the results of all the network penetration tests conducted by the First Base team over the past year. This annual review covers clients in a variety of sectors including banking, insurance and retail. This presentation identifies the most common vulnerabilities, how they can be exploited and the consequences for each business.
Learn in detail how criminals can take advantage of these weaknesses and how you can secure your networks using straightforward techniques.