Hi [[ session.user.profile.firstName ]]

[Cybersecurity] Our Indigenous Apps: Securing Critical Business Data

Despite the rise of the cloud and increased reliance on web applications, native desktop applications are still highly relevant and often the delivery method of choice in enterprise IT. As penetration testers, we still see a number of very poorly architected native applications being used to protect extremely sensitive information.

This webcast will discuss some of the core issues relating to native desktop applications, why they are so frequent, and the severe impact that their insecurity can cause.

In the 2017 threat landscape, we propose that these flaws are not going away, and the industry isn't currently in a position to help developers resolve them effectively.
Recorded Dec 6 2016 29 mins
Your place is confirmed,
we'll send you email reminders
Presented by
Senior Security Consultant, Christopher Cooper
Presentation preview: [Cybersecurity] Our Indigenous Apps: Securing Critical Business Data

Network with like-minded attendees

  • [[ session.user.profile.displayName ]]
    Add a photo
    • [[ session.user.profile.displayName ]]
    • [[ session.user.profile.jobTitle ]]
    • [[ session.user.profile.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(session.user.profile) ]]
  • [[ card.displayName ]]
    • [[ card.displayName ]]
    • [[ card.jobTitle ]]
    • [[ card.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(card) ]]
  • Channel
  • Channel profile
  • PCI 4.0 So What? How to Centre your PCI Programme Around your Business Objective Recorded: Jan 21 2020 53 mins
    Craig Moores, Risk Advisory Practice Director
    SureCloud will explore the challenges that organisations face when achieving and maintaining compliance with PCI DSS, with a particular focus on how organisations can design and deploy a programme that aligns with wider business objectives and embeds compliance activities into business operations.

    With headlines focusing on the evolution of PCI DSS 4.0, our session will target all levels of stakeholder involvement in the management of PCI compliance. Using our experience of delivering compliance applications, as an Approved Scanning Vendor, a penetration testing provider and critically from the experience of our ex-QSAs, we will share some of the shortfall’s that organisations have experienced, particularly focusing on the people, process and technologies critical in protecting an organisations’ payment channels.

    Craig is responsible for SureCloud’s Risk Advisory Practice including engagement scoping, consultancy delivery and client relationships. Craig has experience in leading and delivering complex cyber security solutions aligned to strategic business objectives. Craig has broad cyber security experience including a strong technical, software development and project management background, with particular strengths in the areas of information risk management, PCI DSS, strategic planning and business auditing.


    (The session will be structured around our case study organisation, Bananas to help bring this use case to life.)

    Key session takeaways:
    •Understand some of the business challenges that organisations face when implementing and maintaining a PCI compliance programme.
    •Gain real-world insight into the compliance management shortfalls and lessons learned by other organisations.
    •Reflect on how the next release of the PCI DSS 4.0 provides an opportunity for organisations.
    •Learn how to gain visibility of compliance using metrics and automation.
  • Looking Forward: What to Expect With PCI 4.0 Recorded: Nov 14 2019 44 mins
    Craig Moores, Risk Advisory Practice Director & Ben Dalton, Sr. GRC Technology Consultant
    Compliance professionals around the world are eagerly awaiting more information about PCI’s latest release to the Data Security Standards: PCI DSS 4.0. During this 30-minute webinar, we will review the timeline of the 4.0 release. Discuss findings from the 2019 RFC period draft release, highlight key changes that are coming with the revised framework, and discuss how SureCloud will help clients navigate these changes.

    Key Takeaways:
    •Overall Timeline for 4.0
    •Draft Version & Request for Comment (October - November 2019)
    •Changes to PCIDSS that are coming soon
    •How SureCloud will empower clients to adapt to these changes
    •Reflection on the recently released PCI DSS v4.0 Request for Comment draft

    Craig is responsible for SureCloud’s Risk Advisory Practice including engagement scoping, consultancy delivery and client relationships. Craig has experience in leading and delivering complex cyber security solutions aligned to strategic business objectives. Craig has broad cyber security experience including a strong technical, software development and project management background, with particular strengths in the areas of information risk management, PCI DSS, strategic planning and business auditing.

    Ben has spent the majority of his career in the IT security & GRC industry—both on the product side as well as a practitioner. At the Walt Disney company, Ben implemented processes and technology to help streamline and automate the PCI compliance program at Disney Parks & Resorts.
  • DEF CON 27: How to Take Over Internal IPs, Externally Recorded: Oct 30 2019 44 mins
    Elliott Thompson, Principal Cybersecurity Consultant
    As seen at DEF CON 2019, SureCloud's Principal Cyber Consultant continues his DEF CON presentation "[ MI CASA-SU CASA ] My 192.168.1.1 is Your 192.168.1.1".

    Your browser thinks our 192.168.1.1 is the same as your 192.168.1.1. Using a novel combination of redirects, Karma, JavaScript and caching, Elliott demonstrates that it’s viable to attack internal management interfaces without ever connecting to your network. Using the MICASA-SUCASA tool, it’s possible to automate the exploitation of hundreds of interfaces at once.

    This presentation will introduce the attack vector and demonstration of the MICASA-SUCASA tool. Elliott will also discuss his experience at DEF CON 2019 and the feedback regarding his tool post-release.

    - Covering old ground is sometimes valuable
    - Combining vulnerabilities can have a greater impact than the sum of their parts
    - Some router manufacturers make truly bizarre decisions

    DEF CON Presentation being continued: [ MI CASA-SU CASA ] My 192.168.1.1 is Your 192.168.1.1
  • Ethically Hacking into Children's IoT Devices Recorded: Jun 25 2019 46 mins
    Senior Security Consultant, Elliott Thompson
    Join Elliott Thompson, SureCloud's Senior Security Consultant as he discusses a critical disclosure discovered on the children's VTech Storio Max tablet, which allowed attackers full access to the device including the webcam, speakers and microphone.

    This interactive session will cover the following:

    •How to approach unusual devices from a methodology standpoint
    •Identifying how manufacturers can break a secure base (Android phone with Vtech software)
    •Triaging of the custom parts of devices
    •How accessible ARM assembly can be

    The disclosure was reported to VTech, and a patch fixing the vulnerability was released within 30 days. The vulnerability was granted a CVE, and the story was featured on the BBC and at InfoSec’s Geek Street.
  • Hacking Humans: Exploring Social Engineering as an Attacker and a Defender Recorded: Apr 30 2019 64 mins
    Luke Potter, Operations Director (Cybersecurity), SureCloud
    Currently, 75% of cyber-attacks start with social engineering. It is this part of penetration testing that centers around manipulation and deception, rather than trying to outsmart a machine. It is just as crucial to improve an organization’s security posture as it is to probe a network for vulnerabilities. But what does it look like in practice?

    Join SureCloud’s Operations Director (Cybersecurity), Luke Potter, as he discusses his research into social-engineering techniques.

    This session will cover:
    • Defining social engineering
    • Best lines of defense against a human pentest attack
    • The psychology behind influence and persuasion
  • Everything You Need To Know About OWASP SAMM 2.0 Recorded: Feb 28 2019 25 mins
    Cybersecurity Practice Manager, Chris Cooper
    The Open Web Application Security Project (OWASP) is developing version 2.0 of their Software Assurance Maturity Model (aka SAMM), and Chris Cooper, SureCloud’s Cybersecurity Practice Manager is part of the team currently working on the core model, with a focus around the new ‘Implementation’ business practice. In this webinar, Chris will be discussing the history of SAMM, evaluating the version 2.0 core model from a technical perspective, and the process that the SAMM team are undertaking.

    The session will cover:
    •Why SAMM 2.0 is being introduced
    •The innovative ways in which SAMM 2.0 is being created
    •How SAMM is modernizing its recommendations on how organizations build and deploy software
    •How to harness SAMM to conduct penetration testing in a more mature way
    •Some of the feedback that OWASP SAMM team has received from the version 2.0 beta

    Chris Cooper is a Tigerscheme Senior Security Tester (Web Apps) and a CHECK Team Leader.
  • Cybersecurity Attacks that will Actually Lead to a Compromise Recorded: Jan 15 2019 67 mins
    Luke Potter, Cybersecurity Practice Director, SureCloud
    Vulnerabilities exist in every system, and for some, the impact of an attack could be catastrophic, even business-ending. Often, these incidents are the result of a vulnerability that could be identified in a penetration test.

    In this webinar SureCloud’s Cybersecurity Practice Director, expert Penetration Tester, Luke Potter will discuss some of the real-life cyber-attacks his team has conducted including the work they have done with the BBC, Daily Mail, and Which? Magazine.

    The session will cover:
    •Targeted Phishing attacks
    •IoT and ‘Smart’ devices
    •Physical attacks including Social Engineering
    •Use of OSINT Techniques to Compromise Organisations
    •Password Analysis

    Luke Potter is a CHECK team leader, Tiger Scheme senior security tester, ISO 27001 lead auditor and Microsoft Certified enterprise administrator.
  • Ask the Expert: Penetration Testing Recorded: Jun 7 2018 11 mins
    Luke Potter, Cybersecurity Practice Director
    SureCloud's Cybersecurity Practise Director talks avoiding the pain of managing penetration test outputs in static PDF documents. Effective management of penetration test remediation activities. Demonstration of improvement and benefit following penetration test delivery. Why a better approach is needed to penetration test, specifically running it ‘as a service’ based engagement. Tracking, trending and analyzing data between multiple testing projects.
  • What is Ransomware and why it's time to simulate an attack? Recorded: Jan 31 2017 35 mins
    Luke Potter (Security Practice Director) & Elliott Thompson (Security Consultant)
    Learn how to detect, prevent and mitigate ransomware attacks. Our experts will cover: the current mitigation strategies, how they are bypassed and why, how attackers perform directly targeted attacks and why it's time for organisations to simulate their own attacks.
  • [Cybersecurity] Our Indigenous Apps: Securing Critical Business Data Recorded: Dec 6 2016 29 mins
    Senior Security Consultant, Christopher Cooper
    Despite the rise of the cloud and increased reliance on web applications, native desktop applications are still highly relevant and often the delivery method of choice in enterprise IT. As penetration testers, we still see a number of very poorly architected native applications being used to protect extremely sensitive information.

    This webcast will discuss some of the core issues relating to native desktop applications, why they are so frequent, and the severe impact that their insecurity can cause.

    In the 2017 threat landscape, we propose that these flaws are not going away, and the industry isn't currently in a position to help developers resolve them effectively.
  • The Evolution of the Penetration Test Recorded: Apr 12 2016 23 mins
    Toby Scott-Jackson, Principle Security Consultant, SureCloud and Chris Cooper, Senior Security Consultant, SureCloud
    The confluence of sophisticated cyber criminals, white hats and technological change means organisations are increasingly exposed to weaknesses and vulnerabilities in their networks, devices and applications.

    With a combination of expert security commentary and vulnerability trends, SureCloud will reveal the sophisticated nature of the latest attacks and what the future may hold. We will focus on modern exploits that go beyond the typical network and web application attack vectors.

    SureCloud will describe how organisations need to change their attitudes to security testing, considering the frequency and scope of assessments, and act on results in a timelier manner.
Cybersecurity Channel: Penetration Testing & Ethical Hacking
SureCloud also offers a wide range of Cybersecurity testing and assurance services, where we stay with you throughout the entire test life-cycle from scoping through to vulnerability discovery and remediation. Certified by the National Cyber Security Centre (NCSC) & CREST and delivered using the innovative Pentest-as-a-Service (underpinned by a highly configurable technology platform), SureCloud acts as an extension of your in-house security team and ensures you have everything you need to improve your risk posture.

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: [Cybersecurity] Our Indigenous Apps: Securing Critical Business Data
  • Live at: Dec 6 2016 1:00 pm
  • Presented by: Senior Security Consultant, Christopher Cooper
  • From:
Your email has been sent.
or close