Hi [[ session.user.profile.firstName ]]

Security Congress EMEA 2015: Best Effort Security Testing for Mobile Application

Everybody knows pre-production security testing is crucial, especially for public applications. Pareto principle (that 80 percent of the security risks can be found with 20 percent testing effort) applies for mobile security testing as well. In this session, you will learn:
- Pareto principle for mobile security testing
- Definition of Best Effort Security Testing (BEST)
- Important components and framework approach for BEST
This session was presented at (ISC)² Security Congress EMEA by Murat Lostar, Founder and CEO, Lostar Information Security (Turkey). Murat was was also founding president of the (ISC)² Turkish chapter, ISACA Istanbul chapter, and chapter president for Cloud Security Alliance Turkish chapter.
Recorded Oct 20 2015 27 mins
Your place is confirmed,
we'll send you email reminders
Presented by
Murat Lostar, Founder and CEO, Lostar Information Security
Presentation preview: Security Congress EMEA 2015: Best Effort Security Testing for Mobile Application

Network with like-minded attendees

  • [[ session.user.profile.displayName ]]
    Add a photo
    • [[ session.user.profile.displayName ]]
    • [[ session.user.profile.jobTitle ]]
    • [[ session.user.profile.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(session.user.profile) ]]
  • [[ card.displayName ]]
    • [[ card.displayName ]]
    • [[ card.jobTitle ]]
    • [[ card.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(card) ]]
  • Channel
  • Channel profile
  • UK 2017: Keynote: IoT Legislation IS Coming. Can Manufacturers Get Their Act Tog Recorded: Dec 13 2017 36 mins
    Ken Munro, Partner and Founder, Pen Test Partners LLP
    The IoT has been described as the new Wild West as far as security is concerned, and with good reason. Many devices are brought to market without even the slightest nod to security, or privacy, for their owners. We’ll discuss the flaws in an array of products from We-Vibe, Cloud Pets, Bose, Roomba, and Genesis Toys (the makers of the My Friend Cayla doll). We’ll also show you how we hacked Cayla, and how she become the standard-bearer for a call to legislative change that led to her being banned in Germany. While live hacking demos are fun, the serious implications for IoT manufacturers will also be covered: What are reasonable security expectations? How can they be implemented, and who will actually benefit?

    5 takeaways:
    A clear understanding of the current IoT security landscape
    Insights into the flaws in IoT devices that cause concern
    The reasons for the IoTs shabby security reputation
    How organisations and individuals can protect themselves
    Understanding the drivers for legislative change
  • UK 2017: Security in the Age of Open Source Recorded: Dec 13 2017 19 mins
    Damian Saunders, VP EMEA, Black Duck Software
    The use of open source software is ubiquitous worldwide because of the economic and time-to-market benefits it delivers. Simply put, open source is the way application are developed today.
    Securing and managing the open source in applications is more critical than ever because applications are the #1 attack target and open source often comprises 50% or more of the code in an application.
    Increasingly organizations are recognizing that open source vulnerabilities represent their greatest application security risk and are seeking innovative solutions to reduce that risk profile.
  • UK 2017: (ISC)2 Chapter Update and Developments Recorded: Dec 13 2017 10 mins
    James Packer, President, (ISC)2 London Chapter | Cyber Security and Cloud Specialist, KPMG UK
    London Chapter Updates
  • UK 2017: Cyber Insurance: Quantifying and Transferring Financial Risk Recorded: Dec 13 2017 36 mins
    Joe Hancock, Cyber Security Lead, Mishcon de Reya LLP
    This session will cover:

    •What Cyber Insurance coverage is available, what it includes and some potential pitfalls
    •Quantifying the impacts of a Cyber incident
    •Managing the process of responding with an insurer
  • UK 2017: Panel Discussion: “Today’s Hot Topics and Burning Questions” Recorded: Dec 13 2017 45 mins
    Adrian Davis | Ken Munro | Bruce Hallas | Geordie Stewart
    This panel discussion will focus on those hot topics that the delegates have identified as being of importance to them. Delegates will have had the opportunity to submit their hot topics during registration. A selection of those submitted will be discussed by the panel. In addition delegates will be able to submit questions for the panel to discuss and answer. Questions can be submitted during the registration process, during the morning session of the conference and in real time as part of this session.
  • UK 2017: GDPR: Charting Experience on the March to May 2018 Recorded: Dec 13 2017 117 mins
    Yves Le Roux, (ISC)2 EMEA Advisory Council Co-Chair & Privacy Workgroup Lead |David Higgins, (ISC)2 EMEA Advisory Council GDP
    The GDPR workshop will provide insights from the EAC’s GDPR project, lessons learnt from member experience and take-aways for attendees to use in their organisations. Being held under the Chatham House Rule, it will give an opportunity for members to discuss confidentially their implementation strategies, projects, activities and share tools, techniques and hints and tips from their experience.

    Format:
    Three-hour interactive workshop which will include discussions, the implementation of strategies, projects, activities and share tools, techniques and hints and tips from their experience.

    Take-aways:
    1.Gain insights and learn of the progress from the EAC’s GDPR project
    2.Understand common concerns, consider unforeseen obstacles and the best practices that are emerging for dealing with them.
    3.Receive guidance and access to a repository of materials to assist delegates with GDPR compliance
    4.Forum to share experience in confidence, tools, techniques and hints and tips from lessons learnt to date
  • UK 2017: Practical Cloud Controls Workshop Recorded: Dec 13 2017 68 mins
    Jan Bervar, Lead Security Architect, NIL Ltd
    PURPOSE:

    Provide delegates with practical exposure to public and hybrid SaaS, PaaS, and IaaS cloud security architectures, controls, tools, and processes which delegates can take back to their organisations to assess and manage information security risks in proposed cloud projects.

    FORMAT:

    Three hour highly interactive workshop. This will include paper examples of cloud services which delegates will work through in small teams, presentations and discussion.

    DELEGATES:

    Pre-work: Attendees to submit their background and learning objectives to the presentation team, so that this can be incorporated.

    TAKE-AWAYS:

    - Leading edge cloud control and security workshop by top cloud security trainer
    - Practical methods, tools, techniques and examples of cloud controls
    - Practice with peers in evaluation cloud proposals
    - Slide decks
    - Extensive networking opportunities with your peers; fellow (ISC)² members and prominent figures in Information Security
    - CPE Points
  • UK 2017: Security ABCs: Awareness, Behaviour and Culture Workshop Recorded: Dec 13 2017 79 mins
    Dr. Ciarán Mc Mahon | Bruce Hallas | Dr. Jessica Barker
    Purpose:
    Provide delegates with insights and practical advice, hints and tips they can take back to their organisations to improve their awareness and behaviour change programmes.

    Format:
    Three hour highly interactive workshop. There will be three sessions, each led by a different expert: 1st hour - awareness, 2nd hour - behaviour and 3rd hour - culture. Each session to include presentation, worked examples and discussion. See detailed timetable below.

    Delegates:
    Pre-work: Attendees to submit their challenges regarding employee behaviour in advance of the event so that the presentation team can try to incorporate some into the workshop.


    Take-aways:
    •Leading Edge Awareness Education conducted by SME’s
    •Access to practical and up-to-date advice on ‘how to’ plus hints & tips to take away from each session
    •Slides/presentation materials
    •Delegate worked examples/notes
    •Extensive networking opportunities with your peers; fellow (ISC)2 members and prominent figures in Information Security
    •CPE points
  • UK 2017: Keynote Address: The White Hat Minefield: Professional Ethics in the Ag Recorded: Dec 12 2017 37 mins
    Geordie Stewart, Information Security Consultant, Risk Intelligence
    As members of a professional body for security professionals, we have committed ourselves to ”the highest ethical standards of behaviour” and to “Protect society…and the infrastructure”. But what does this mean? Is it ethical to disclose a bug to a party other than the affected vendor? Is it ethical to help intelligence agencies bend the law if it’s to help catch terrorists? Is it ever ethical to break a confidentiality agreement? In a sure to be lively session we explore ethical dilemmas facing (ISC)2 members using real life examples to try to reach a consensus on what ethical behaviour looks like in 21st century.
  • UK 2017: Digital Forensics: Past, Present and Future Recorded: Dec 12 2017 38 mins
    Mark Stokes, Head of Digital and Electronics Forensic Services, Metropolitan Police
    We take a look at the past to remind ourselves of the journey digital forensic has taken and the pace of change in less than 30 years. How the MPS is dealing with this unprecedented rate of change and how and what does the future hold for digital forensics.

    Takeaways:

    How will recent developments in computing and cloud effect the way we work?
    How will you ensure your orgnisation meets these challenges in the future?
    Should you invest in R&D, if so what’s the best way to do this and ensure value?
  • UK 2017: The Future Impact of AI in Cybercrime Recorded: Dec 12 2017 22 mins
    Dave Palmer, Director of Technology, Darktrace
    Join Dave Palmer, Director of Technology at Darktrace to learn about the future impact of AI in cybercrime. Dave will cover the upcoming and prominent changes in cybersecurity, and the rise of automation, self-learning machines and improving AI.
    From this session, you will learn:

    •How AI has a profound impact on our future internet, and the potential for it to enable digital criminals
    •The complexity of business and protection, and how current defenders are being outpaced
    •Machine learning and advanced mathematics as tools for handling complexity
    •Real life examples and applications of attacks
    •Inevitable rise of data theft and how best to protect yourself
  • UK 2017: The Scrappy Duel: The CISO and the Board vs. the Cybercriminal Recorded: Dec 12 2017 21 mins
    Ibukun Adebayo, CIO | CISO | COO, RISC Credivel (UK) Ltd
    Abstract & Takeaways:

    •The CISO is a key board advisory and so - if not ‘a permanent seat at the table’ – then ‘an audible voice in the boardroom’ must be heard, loudly and clearly. Tips on how to facilitate this.

    •The Board, CISO and Cybercriminal’s shared focus - Just forget the ‘noise’ about software, tools, infrastructure, CISO qualifications etc. – and focus on the ‘crown jewels’, i.e. the intellectual property that the Cybercriminal is out to steal from your firm. Work your way backwards from your intellectual property, to give yourself half a chance of thwarting the determined cybercriminal!

    •The CISO has essentially become a key corporate reputation ambassador, over the past few years’; with each breach discovered – affecting the company’s brand, both tangibly and intangibly. Will cybercriminals become more emboldened by the GDPR notification requirements; simply to tarnish your firm’s reputation? Reflect on this!

    •The Equifax breach has led to two officers being investigated for Insider Dealing, by the FBI. Was Equifax’s board and CISO aware of the regulatory requirements pertaining to their industry? Might the modern day CISO benefit from an awareness of the regulatory environment within which their firm operates, including beyond Cybersecurity and data protection regulations e.g. the UK Money Laundering Regulations 2017, Terrorist Financing, Insider Dealing regulations etc.?
  • UK 2017: Grass Roots Industrial Control Security Recorded: Dec 12 2017 31 mins
    Cevn Vibert, ICS Industrial Cyber Physical Security Advisor | Expert
    Our modern society is built on automation, control systems and their management. The “Things”, mentioned often in the Internet of Things(IOT) and the Industrial Internet of Things(IIOT), are becoming smarter and more ubiquitous. If you think about all the automation controlled Things that have contributed to your day and try to list them you may be surprised and perhaps a little worried.
    Food, Transport, Clothing, Water, Waste, Pharmaceuticals, Logistics, Medical Devices, Energy, Power, Defence, Hospitals, Cashpoints, Beverage Dispensers are just some of the examples of this melange of Things in our personal lives. Critical National Infrastructures are under immense pressure from Government, Regulators, and themselves to enhance the defences, improve monitoring and to re-work the gargantuan quantities of legacy systems.
    The rise in attacks on these ‘Things’ has started to concern people. National Infrastructures are investing in improvement plans, many markets are ahead of the game but so much more is to be done. Meanwhile the bad guys get better at the attacking.
    This presentation looks at the Growth, Reasons and Impact of these Cyber Threats, the real differences seen in the Industrial Cyber World and our current Capability Divide.
    The presentation reviews many Common Sense Methodologies and strategies to Cyber Security improvements for End-Users, Vendors and Solution providers including a word about some recent Cyber Security Game Experiences for C-Level and all level education.

    TakeAways:
    Awareness of the need for Cyber Security within our industrial landscape.
    Understand the real differences between IT Cyber and OT/ICS/SCADA/IIOT Cyber
    Understand the IT and OT Industry's current capabilities to address the need.
    A Range of common-sense and innovative strategic approaches to cyber improvements.
  • UK 2017: Roundtable: With the Rise of the Politically Motivated or Sanctioned Recorded: Dec 12 2017 54 mins
    Paul Taylor Senior Partner, Risk Consulting, KPMG|Dr. Ciarán Mc Mahon|Cevn Vibert|Mark Stokes|Ibukun Adebayo|Joe Hancock
    In recent times we have seen attacks against victims such as the Ukrainian power grid, which took out the electricity grid for a quarter of a million people, the ransomware attack impacting the NHS system, attributed to actors in North Korea, and that of the Democratic National Committee in the USA, which potentially influenced the outcome of the US presidential elections. Critical infrastructure has become a high-profile target attacked remotely and attributed to state actors, if hackers can gain control over our utilities, critical infrastructure or influence our political systems, what could be the potential outcomes? Is this truly politically motivated or is it just a financial attack masked?

    Takeaways:
    •What difference does this make, if this is a trend that continues what change will you make in your approach to developing your defenses for the future?
    •With this changing attack vector, what staff will you need to secure or grow in the future?
    •How does this change what capabilities you will need?
  • MENA 2017: Keynote: Intersection of Machine Learning | AI, Big Data, Automation Recorded: Nov 22 2017 31 mins
    Saqib Chaudhry, CISO, Cleveland Clinic, Abu Dhabi
    Following the success of the one-day Secure Events and Security Congress in EMEA, (ISC)² is bringing its acclaimed conferences to a new level. 2017 will feature five two-day regional events to serve the entire (ISC)² EMEA professional community and enable delegates to drive the thinking around the issues and concerns professionals are facing today.

    (ISC)² Secure Summits brings multi-subject sessions from hands on practical workshops to keynotes and panel discussions featuring local and international industry experts to maximize the learning experience and CPE opportunity. Our summits offer a wealth of educational value, networking opportunities, and a community forum for likeminded professionals, all of which are FREE to (ISC)² members & (ISC)² Chapter members.
  • MENA 2017: Security Threats and Trends - Middle East Region Recorded: Nov 22 2017 48 mins
    Lorna Trayan, Associate Partner Security, IBM Security Services
    Following the success of the one-day Secure Events and Security Congress in EMEA, (ISC)² is bringing its acclaimed conferences to a new level. 2017 will feature five two-day regional events to serve the entire (ISC)² EMEA professional community and enable delegates to drive the thinking around the issues and concerns professionals are facing today.

    (ISC)² Secure Summits brings multi-subject sessions from hands on practical workshops to keynotes and panel discussions featuring local and international industry experts to maximize the learning experience and CPE opportunity. Our summits offer a wealth of educational value, networking opportunities, and a community forum for likeminded professionals, all of which are FREE to (ISC)² members & (ISC)² Chapter members.
  • MENA 2017: Beyond the Hype: GISWS Results Recorded: Nov 22 2017 26 mins
    Adrian Davis, Managing Director, (ISC)2 EMEA
    Following the success of the one-day Secure Events and Security Congress in EMEA, (ISC)² is bringing its acclaimed conferences to a new level. 2017 will feature five two-day regional events to serve the entire (ISC)² EMEA professional community and enable delegates to drive the thinking around the issues and concerns professionals are facing today.

    (ISC)² Secure Summits brings multi-subject sessions from hands on practical workshops to keynotes and panel discussions featuring local and international industry experts to maximize the learning experience and CPE opportunity. Our summits offer a wealth of educational value, networking opportunities, and a community forum for likeminded professionals, all of which are FREE to (ISC)² members & (ISC)² Chapter members.
  • MENA 2017: ISO27001 Between the Reality and the Myth Recorded: Nov 22 2017 39 mins
    Tony Chebli, Senior Manager | Information Security Department/Risk Management Division, Credit Libanais S.A.L
    Following the success of the one-day Secure Events and Security Congress in EMEA, (ISC)² is bringing its acclaimed conferences to a new level. 2017 will feature five two-day regional events to serve the entire (ISC)² EMEA professional community and enable delegates to drive the thinking around the issues and concerns professionals are facing today.

    (ISC)² Secure Summits brings multi-subject sessions from hands on practical workshops to keynotes and panel discussions featuring local and international industry experts to maximize the learning experience and CPE opportunity. Our summits offer a wealth of educational value, networking opportunities, and a community forum for likeminded professionals, all of which are FREE to (ISC)² members & (ISC)² Chapter members.
  • MENA 2017: Roundtable Discussion: With the Rise of the Politically Motivated or Recorded: Nov 22 2017 51 mins
    Moderator: Tamer Gamali, President, (ISC)2 Kuwait Chapter | Member, (ISC)² EMEA Advisory Council
    Following the success of the one-day Secure Events and Security Congress in EMEA, (ISC)² is bringing its acclaimed conferences to a new level. 2017 will feature five two-day regional events to serve the entire (ISC)² EMEA professional community and enable delegates to drive the thinking around the issues and concerns professionals are facing today.

    (ISC)² Secure Summits brings multi-subject sessions from hands on practical workshops to keynotes and panel discussions featuring local and international industry experts to maximize the learning experience and CPE opportunity. Our summits offer a wealth of educational value, networking opportunities, and a community forum for likeminded professionals, all of which are FREE to (ISC)² members & (ISC)² Chapter members.
  • MENA 2017: Part 1: Practical Cloud Controls Workshop Recorded: Nov 21 2017 58 mins
    Peter van Eijk, Authorized Instructor, (ISC)2
    Following the success of the one-day Secure Events and Security Congress in EMEA, (ISC)² is bringing its acclaimed conferences to a new level. 2017 will feature five two-day regional events to serve the entire (ISC)² EMEA professional community and enable delegates to drive the thinking around the issues and concerns professionals are facing today.

    (ISC)² Secure Summits brings multi-subject sessions from hands on practical workshops to keynotes and panel discussions featuring local and international industry experts to maximize the learning experience and CPE opportunity. Our summits offer a wealth of educational value, networking opportunities, and a community forum for likeminded professionals, all of which are FREE to (ISC)² members & (ISC)² Chapter members.
(ISC)² EMEA Event Recordings
A mix of multi-subject sessions from (ISC)² EMEA congresses and Secure Summits. The recordings include deep dive workshops offering tools & techniques transferable to the workplace, thought leadership keynotes and panel discussions featuring local and international experts enabling viewers to maximize their learning experience. Join us and earn your CPEs for free!

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: Security Congress EMEA 2015: Best Effort Security Testing for Mobile Application
  • Live at: Oct 20 2015 8:45 am
  • Presented by: Murat Lostar, Founder and CEO, Lostar Information Security
  • From:
Your email has been sent.
or close