Name: Account Takeover in Azure's API Management Developer Portal
Start: 2023-04-06T14:00:00Z
End: 2023-04-06T14:00:33.000Z
Location: BrightTALK
Rating: 4.8

The Outpost24 group is pioneering cyber risk management with continuous vulnerability management, application security testing, threat intelligence and access management – in a single solution. Over 2,500 customers in more than 40 countries trust Outpost24’s unified solution to identify vulnerabilities, monitor external threats and reduce the attack surface with speed and confidence. Delivered through our cloud platform with powerful automation supported by our Cyber security experts, Outpost24 enables organizations to improve business outcomes by focusing on the cyber risk that matters. Visit Outpost24.com for more information.

This virtual workshop will provide crucial insights into the internet-facing assets of businesses that make them vulnerable to  threat actors. Because you can't protect what you're not aware of, we'll guide you through the most common, yet often forgotten high-risk assets in an external attack surface, as indicated by our benchmark findings. Many organizations struggle to track and maintain an up-to-date inventory of all their external assets, making them vulnerable to potential breaches through unknown backdoors. External attack surface management (EASM) is a way to discover and track these unknown assets that may be potential breach-points into your organization's network.  

During this talk, we'll present practical and effective reconnaissance techniques and show you how to proactively and efficiently control your external attack surface. 

Join us on Wednesday, May 16th at 3pm, CEST to:  
– Discover most common and often forgotten high-risk external IT assets  
– Learn about the risks associated with an unmonitored attack surface and our benchmark findings 
– Get better insights of the various methodologies and tools that keep your external attack surface under control 
– Best practice to stay up-to date when securing your external attack surface  

 
Following the  webinar, participants will be offered a customized analysis of their external attack surface, in reference to regional benchmark findings.

Protect Your External Attack Surface: Findings and Best Practice in 2024

Mit einem kurzen Telefonanruf beim Helpdesk können Cyberkriminelle Zugang zum gesamten Firmennetzwerk erlangen. 
Die Abwehr von solchen Social Engineering Angriffen stellt Organisationen aller Größen vor besonderen Herausforderungen, denn technologische Entwicklungen und raffinierte Angriffsmethoden können vorhandene Sicherheitsmechanismen umgehen. Outpost24 Product Specialist Stephan Halbmeier gibt Einblicke in die Vorgehensweisen von Angreifern anhand aktueller Beispiele und zeigt Ihnen, wie Sie Ihre Organisation zukünftig gegen solche Angriffsversuche schützen können.

Erfahren Sie mehr darüber, wie:
- Sich Social Engineering-Angriffe weiterentwickelt haben.
- Einfach es Unternehmen den Angreifern machen.
- Welche Hilfestellungen man Mitarbeitern zur Abwehr solcher Angriffe geben kann.
- Wie Sie Ihren IT-Helpdesk entlasten können.

Wirkungsvoller Schutz des IT-Helpdesk vor modernen Social Engineering Angriffen

Join Thomas Stacey, Application Security Auditor at Outpost24 to discuss web application security and pen testing for agile development teams in 2024. We'll dive into the pros and cons of in-house versus outsourced pen testing, hybrid pen testing as a service, what to look out for in an audit in 2024 including recent findings from Tom's own pen testing, and how to best utilize automation in your org's security posture. 

Tom has some fascinating findings to share including some oldie-but-goodies you shouldn't overlook. 

Plus, we'll take answer your questions live in an "ask the pen tester" format.

Agile Web Application Security in 2024

What the Data from the 3rd Annual Specops Breached Password Report is Telling Us

Join us as Specops Software Sr. Product Manager, Darren James, and Outpost24’s Head of Threat Intelligence Operations, Victor Acin discuss what the data around passwords in the Specops annual 2024 report is telling us. 

In this informal discussion, Darren and Victor will discuss and break down the data in the newly released 3rd Annual 2024 Specops Breached Password Report. 

The report shares the latest research into the trends and patterns of weak and compromised passwords and how they are exploited while exposing the hidden risk of compromised passwords. Darren and Victor delve into the data around keyboard walk patterns, the strength of longer passwords, and baffling stats uncovered by the Threat Intel team for this year’s Specops Breached Password Report.  

Join the discussion to hear the data insights and see how your organization can block compromised passwords, and more.  Grab your copy of the 2024 Specops Breached Password Report here: https://specopssoft.com/our-resources/most-common-passwords

Tech Talk: The State of Password Security in 2024

According to the Verizon Data Breach Investigations Report (DBIR), a staggering 63% of data breaches involve weak, default, or stolen passwords. Don't leave your organization exposed to this risk.

In this webinar, we will discuss the world of password security and equip you with essential knowledge to safeguard your workforce. You'll gain insights into preventing weak and compromised passwords and proactive strategies for defending against ransomware, phishing and social engineering.

During this webinar, we'll cover the following:
- An overview of attacks targeting your employees, including brute-force attacks, social engineering, ransomware, and phishing
- The significant dangers of weak passwords and their implications for your organization's security
- Strategies for identifying and blocking weak passwords right at the point of creation
- Best practices for proactively preventing weak passwords

Register now and stay one step ahead of cyber criminals.

Combatting cyber-attacks targeting your employees with password security

Crafting a Cyber Essentials Compliant Password Policy: Everything You Need to Know

Cyber Essentials the UK government-backed scheme launched in 2014, has been helping organisations of all sizes guard against the most common cyberattacks faced in the current landscape.

Within the certification, there are various password-based authentication requirements that need to be evaluated and put in place for compliance. With over 63% of data breaches involving the use of weak, default, or stolen passwords (Verizon DBIR) mastering the password problem needs to be the foundation of any organisation's cyber defence.

We’ve put together this interactive deep-dive into how this problem can be tackled with the Cyber Essentials requirements in mind. 

During the talk, we’ll cover:
• An overview of the password-based authentication requirements for Cyber Essentials certification and NCSC recommendations
• How you can easily check existing password policy compliance against Cyber Essentials / NCSC standards
• Free tools to easily identify pre-existing password security vulnerabilities in your organisation 
• How 3rd party password policy tools can easily meet requirements and empower users with dynamic feedback, passphrase creation and compromised password alerts
• Any questions asked in an interactive Q&A session

If you want peace of mind that the password problem is covered in your organization, join us for everything you need to know about crafting the perfect Cyber Essentials-compliant password policy.

Register for the live-stream now or be alerted when its available on-demand.

Crafting a Cyber Essentials Compliant Password Policy

In our rapidly evolving digital era, cybersecurity is in a constant state of flux. In this webinar our threat intelligence experts will highlight the latest threat actor trends, vulnerabilities and campaigns threatening organizations today. We will provide valuable insights into the cybercrime landscape and how to protect your organization and safeguard your assets against opportunistic adversaries. 

This highly informative webinar will cover the following topics, followed by a Q&A session: 

- Latest trends in threat actors, vulnerabilities, and campaigns 
- Anticipating shifts in the threat landscape and alert-based scoring
- Recommendations and best practice

Cybercrime trends: Uncovering the latest strategies of threat actors

After attending this webinar, you’ll know:
- The numbers behind why organizations of all sizes consider removing expiry
- The things you need in place before even considering removing expiry
- Whether or not removing expiry is right for your AD environment

Is this talk right for you? 
- This discussion will focus on whether or not to remove expiry for Active Directory passwords. This discussion will be the best fit you are using Active Directory in an on-prem or hybrid environment. If you are only using Azure Active Directory (or a non-Microsoft environment), this discussion will be less applicable for you.

- Whether you’ve already rolled out a “never expire” project in your organization, are considering one, or want to validate it’s not the right fit for you – this webinar will help you consider how best to implement (or not) and help you consider what you may have overlooked.

Can't make it live? Register anyway to get the recording.

What Most Orgs Get Wrong About "Never Expire"

Please join cybersecurity expert, Darren Siegel along with Nathan Johnson as they share how you can get the most out of your Specops Password Auditor reports. They will discuss the password vulnerabilities uncovered in your results, what you should be doing about them and how often you should scan your Active Directory.  

Specops Password Auditor is a free read only tool that scans your AD for over 950 million unique compromised passwords and other password vulnerabilities that could be lurking in your AD!

If you haven’t scanned your Active Directory yet you can download Specops Password Auditor here: https://specopssoft.com/product/specops-password-auditor/

Don’t let go of the security-related weaknesses related to password settings that are detected. Understand what the collected information is telling you in the display of multiple interactive reports containing user and password policy information. With multiple reports that include, a summary of accounts using compromised passwords, identical passwords, and many more you will be able to see a comparisons of your organization's password settings with industry standards and best practices according to multiple official standards.

Getting the Most Out of Your Specops Password Auditor Report

You can't stop the expansion of your external attack surface, but you can identify unknown assets and their vulnerabilities to mitigate the security risk. External attack surfaces expand due to modern software development practices, mergers and acquisitions, the adoption of multi-cloud strategies and much more. 
  
Many organizations find it difficult to monitor these changes and end up leaving themselves vulnerable to the 'unknown unknowns' - potential backdoors that can lead to a breach. 
  
External attack surface management (EASM) is a way to discover and track external-facing assets that may be potential breach-points into your organization’s network. EASM helps organizations create an accurate inventory of their internet-facing assets and vulnerabilities before it can be exploited - the first step in effectively defending against attacks. From there, security teams can continually monitor their external attack surface and prioritize their remediation efforts.
  
Join our webinar - Keeping Your External Attack Surface Under Control - on Thursday 21st September at 3pm CEST to learn how modern organizations use EASM to: 

• Discover shadow IT and unknown, external assets connected to your organization 
• Identify common misconfigurations and vulnerabilities in exposed assets 
• Score your vulnerability exposure and prioritize what needs to be fixed first 
• Continuously monitor the attack surface for new vulnerabilities introduced by exposed assets or configuration changes 
• Compliment vulnerability assessment and threat intelligence tools in a broader threat exposure management program 

At the end of this webinar, attendees receive an invitation to a personalized evaluation of their external attack surface

Keeping your External Attack Surface Under Control

En este webinar exploraremos en las últimas tendencias del campo de la cyberinteligencia de Amenazas.
Hablaremos de diferentes casos de uso, sus aplicaciones y de como estos estan cambiando la forma de proteger a los usuarios, las empresas y sus datos.
Tambien vemos como la cyberinteligencia de amenazas puede ser utilizada para mejorar ciertos procesos de toma de decisiones que son escenciales en un SOC moderno.

La Nueva Revolución del Threat Intelligence

Securing Your Active Directory: How to Find and Block Weak Passwords

Active Directory is the backbone of most enterprise networks and securing it is critical to protecting sensitive information. One of the weakest links in Active Directory security is weak passwords. In this webinar, we will explore how to find and block weak passwords in Active Directory to enhance your organization's security posture.

During this webinar, we will cover:

• An overview of Active Directory and why securing it is crucial.
• The dangers of weak passwords and the risks they pose to your organization's security.
• How to identify weak passwords in Active Directory 
• Best practices for blocking weak passwords in Active Directory

By the end of this webinar, attendees will have a solid understanding of how to identify and block weak passwords in Active Directory, reducing the risk of security breaches and protecting sensitive information. Join us and learn how to secure your Active Directory!

Securing Your Active Directory: How to Find and Block Weak Passwords

In recent years, the theft of credentials has evolved into a highly professionalized cybercriminal activity. The number of Initial Access Brokers (IABs) skyrocketed, ransomware groups multiplied, malware prices increased, and Traffers have emerged.

In this webinar, Outpost24’s Victor Acin - KrakenLabs Manager provides a deep dive into the credential theft ecosystem and Traffers, providing best practice and encouraging organizations to evaluate their security measures against these evolving threats.

This highly informative webinar will cover the following topics, followed by a Q&A session:

•  Introduction to credential theft
•  Traffers ecosystem
•  Conclusions
•  Recommendations and best practice

This webinar is ideal for security professionals, and anyone interested in learning more about how to protect their organisation from similar threats.

Dark Web Trends: Credential Theft and the Traffers Ecosystem

Depuis plus de 20 ans, la pratique de gestion des vulnérabilités (Vulnerability Management) s’est répandue dans la plupart des organisations souhaitant prendre en compte le risque cyber et protéger leurs actifs des attaques. 
Toutefois, en raison de l'augmentation du nombre de cyberattaques, les entreprises repensent la manière dont elles abordent la gestion des vulnérabilités. Les RSSI ne veulent plus de scores de risques génériques. Ils veulent connaître précisément les vulnérabilités les plus critiques pour leur organisation, afin de pouvoir les corriger en priorité et le plus rapidement possible.

C'est là que la gestion des vulnérabilités basée sur les risques entre en jeu. Couplés à la Threat Intelligence (renseignements sur les menaces), de nouveaux types de solutions de gestion des vulnérabilités offrent une hiérarchisation des vulnérabilités sur-mesure pour répondre à ces besoins. 

Participez à notre webinaire et découvrez : 
- Comment le paysage de la gestion des vulnérabilités a changé au cours des 5 dernières années ;
- Quels sont les avantages d'une gestion des vulnérabilités intelligente et basée sur les risques ;
- Comment vous pouvez rendre vos organisations plus efficaces et efficientes dans la remédiation des risques qui les menacent.

À la fin de ce webinaire, nous vous proposerons également une courte démonstration de la manière dont Outpost24 aide les entreprises à améliorer leur gestion des vulnérabilités grâce à ses solutions.

La gestion des vulnérabilités, plus intelligente que jamais avec Threat Intel

2022 a été une année mouvementée en termes de cyberattaques en France. Alors que nous attendons toujours les chiffres officiels, nous avons tous constaté que l'intensité et la fréquence des cyberattaques sont en augmentation. De nombreuses entreprises prennent des mesures supplémentaires pour améliorer leur cyberdéfense. Et, si en tant que responsable informatique, votre résolution pour la nouvelle année incluait le renforcement de la politique de mot de passe AD ?

Pourquoi ? Parce que la politique de mot de passe est essentielle pour améliorer votre cybersécurité : 80 % des fuites de données résultent de mots de passe compromis. Les mots de passe sont le maillon faible de la sécurité informatique et ne peuvent être négligés. Ainsi, dans le cadre de vos bonnes résolutions pour 2023, vous pourriez envisager de renforcer la sécurité de vos mots de passe.

Si vous vous demandez comment vous pouvez relever ce défi, rejoignez notre webinaire. Noe Mantel, Spécialiste produit, et Julien Berteraut, Regional manager, chez Specops Software France, vous guideront et vous indiqueront ce à quoi il faut être vigilant lorsque vous mettez à jour votre politique de mots de passe AD cette année :
- Les types de cyberattaques liées aux mots de passe que les responsables informatiques doivent connaître ;
- Les mots-clés pour la sécurité des mots de passe en 2023 : entropie, phrases de passe, fin (ou non) de l'expiration du mot de passe ;
- L'avis de Specops : aller au-delà des mots de passe longs – les meilleures pratiques de renforcement de la politique de mot de passe.

La sécurité des mots de passe en 2023

Cyber attacks are expected to increase in 2023. Even if you think you're on top of your game in cyber security the only constant is that the threat landscape will continue to evolve and your need to remain vigilant.

Specops Software’s cyber security expert Darren James will be covering key areas to focus your cyber security efforts in 2023 and hopefully add a few more items to your checklist for next year.

In this webinar attendees will learn:

• What to expect in 2023’s threat landscape
• How to reduce the risk of evolving phishing and ransomware attacks
• Cyber security quick wins for your business
• Q&A with Darren James – Head of IT for Specops Software

Cyber security predictions and quick wins in 2023

Bien qu'il y ait actuellement de nombreuses discussions sur l'authentification sans mot de passe, le chemin à parcourir est encore long avant d’y arriver. C'est pourquoi il est essentiel que l'approche de votre organisation concernant la sécurité des mots de passe en 2023 soit suffisante pour vous protéger contre les menaces que nous observons aujourd'hui. Ce webinaire vous donnera toutes les clés pour avancer dans la bonne direction.
Dans ce webinaire, nous allons aborder les points suivants :
• Comment trouver facilement les vulnérabilités des mots de passe dans votre organisation ?
• Quels sont les types d'attaques de mot de passe en cours de nos jours ?
• Quelles sont les bonnes pratiques en matière de sécurité des mots de passe en 2023 ?
• Comment s'assurer que des mots de passe faibles et compromis ne permettent pas la compromission et le vol de données au sein de votre organisation ?

Guide sur la sécurité des mots de passe : à quoi s'attendre en 2023

API Management is a critical component of modern application development. As organizations increasingly rely on APIs to exchange data between systems, they must also consider the potential security risks that come with API usage.

In this 30 minute webinar, Outpost24’s Thomas Stacey will walk you through a vulnerability he recently discovered in Azure's API Management Developer Portal that can be exploited to perform an account takeover attack. Thomas will be exploring the various steps involved in identifying the vulnerability, disclosure and eventual release of the fix.

The following topics will be covered, followed by a Q&A session:

• Overview of Azure's APIM Service
• Identifying the vulnerability in Azure's API Management Developer Portal
• The Road to a Bug Bounty
• Conclusion and Application Security Best practice

This webinar is ideal for developers, security professionals, and anyone interested in learning more about vulnerability discovery and understanding why manual testing is essential for application security.

Account Takeover in Azure's API Management Developer Portal

Application Security

Vulnerability Scanning

API Management

Application Management

Vulnerabilities

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

IT Security

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

Account Takeover in Azure's API Management Developer Portal

Presented by

About this talk

More from this channel