SlideShare uma empresa Scribd logo

Penetration testing & Ethical Hacking

S.E. CTS CERT-GOV-MD
S.E. CTS CERT-GOV-MD

Maxim Catanoi| IT Security Consultant

Tecnologia
1 de 23
Baixar para ler offline
Penetration testing & Ethical Hacking Security Week 2013
•Hacked Companies •Penetration Testing •Vulnerability Scanning •Security Services offered by Endava Agenda 2
IN YOUR ZONE Who I am 3 •Catanoi Maxim – Information Security Consultant at Endava •Certifications: • EC-Council, Certified Ethical Hacker • EC-Council, Certified Security Analyst • EC-Council, Licensed Penetration Tester • SANS/GIAC Penetration Tester • PCI-DSS, PCI Professional (Payment Card Industry) •Over 9 years of experience in IT Security
IN YOUR ZONE Hacked companies – 2011-2013 4 • 90% of 600 companies suffered a computer hack in the past 12 months • 77% of companies were actually hacked multiple times • The respondents reported having a very low confidence in their ability to prevent attacks • Many believe they simply aren’t prepared • 53% also believe they will experience an attack in the next 12 months.
IN YOUR ZONE Who Attacked and Where 5 • 27% of respondents were willing to blame 3rd party business partners • 40% could not conclusively determine the source of the attacks
IN YOUR ZONE Increase in Attacks 6 • The last 12 – 18 months has seen an increase in the severity of the attacks • 77% of companies reported that they were now losing more money with every attack • 78% also said that the frequency of attacks was also on the increase • Theft of information and business disruptions were the most serious results of a hack
IN YOUR ZONE Hacked Companies – 2011-2013 7 • Sony and the PlayStation Network • WordPress.com • RSA • Voice of America
IN YOUR ZONE What is a Penetration Testing? •A penetration test is a method of evaluating the security of a computer system or network by simulating an attack from a malicious source 8
IN YOUR ZONE Why Penetration Testing? •Find Holes Now Before Somebody Else Does •To make a point to decision makers about the need for action or resources •Real-world proof of need for action •Report Problems to Management •Evaluate efficiency of security protection •Security Training For Network Staff •Discover Gaps In Compliance •Testing New Technology •Adopt best practice by confirming to legal regulations 9
IN YOUR ZONE Penetration Testing types •Network services test •Client-side security test •Application security test •Passwords attack •Wireless & Remote Access security test •Social engineering test •Physical security test 10
IN YOUR ZONE Penetration Testing area 11 Security policies, procedures, and education Policies, procedures, and awareness Guards, locks, tracking devicesPhysical security Application hardeningApplication OS hardening, authentication, security update management, antivirus updates, auditing Host Network segments, NIDSInternal network Firewalls, boarder routers, VPNs with quarantine procedures Perimeter Strong passwords, ACLs, backup and restore strategy Data
IN YOUR ZONE Penetration Testing profile •Black Box •White Box •Grey Box 12 •External •Internal •Destructive •None-destructive •Announced •Unannounced
IN YOUR ZONE Penetration Testing methodology •Proprietary methodologies: • IBM • ISS • Found Stone • EC-Council LPT •Open source and public methodologies: • OSSTIMM • CISSP • CISA • CHECK • OWASP 13
IN YOUR ZONE Penetration Testing flow •Scope/Goal Definition •Information Gathering •Vulnerability Detection/Scanning •Information Analysis and Planning •Attack& Penetration/Privilege Escalation •Result Analysis & Reporting. •Clean-up 14 REPEAT
IN YOUR ZONE LPT Penetration Testing roadmap 15
IN YOUR ZONE LPT Penetration Testing roadmap (cont) 16
IN YOUR ZONE Who should perform a Penetration Test? • This is a highly manual process • Art of finding an open door • An qualified expert from outside holding recognized certifications like CEH, ECSA, CISSP, CISA, CHECK • Networking – TCP/IP contepts, cabling techniques • Routers, firewalls, IDS • Ethical Hacking techniques – exploits, hacking tools, etc… • Databases – Oracle, MSSQL, mySQL • Operation Systems – Windows, Linux, Mainframe, Mac • Wireless protocols – Wifi, Bluetooth • Web servers, mail servers, access devices • Programming languages • other 17
IN YOUR ZONE What makes a good Penetration Test •Establishing the parameter for penetration test such as objectives and limitation •Hiring skilled and experienced professional to perform the test •Choosing suitable set of tests that balance cost and benefits •Following a methodology with proper planning and documentation •Documenting the result carefully and making it comprehensible for the client •Stating the potential risk and findings clearly in the final report 18
IN YOUR ZONE Vulnerability Scanning – standalone service •An established process for identifying vulnerabilities on internal and external systems •Reduce the likelihood of a vulnerability being exploited and potential compromise of a system component •Internal vulnerability scans should be performed at least quarterly 19
IN YOUR ZONE How often? •On regular basis, at least annually • Internal penetration test • External penetration test •Vulnerability scanning at least quarterly •New network infrastructure or applications are added •Significant upgrades or modifications are applied to infrastructure or applications •New office locations are established •Security patches are applied •End user policies are modified 20
IN YOUR ZONE Security Services Offered by Endava 21 •Regular External and Internal Vulnerability Scans •Regular Penetration Tests •PCI-DSS Assessment •Implementing ISO 27001 and/or ISO 9001 Standards •Security Trainings • Security Consultation • Security Audits • Custom Security Solution • Intrusion Monitoring Solution •24/7 Incident responding team
IN YOUR ZONE Questions 22
IN YOUR ZONE The end 23 Maxim Catanoi| IT Security Consultant maxim.catanoi@endava.com Tel +373 797 02900 |Skype en_mcatanoi thank you

Recomendados

WTF is Penetration Testing v.2
WTF is Penetration Testing v.2WTF is Penetration Testing v.2
WTF is Penetration Testing v.2Scott Sutherland
 
What is Penetration Testing?
What is Penetration Testing?What is Penetration Testing?
What is Penetration Testing?btpsec
 
VAPT - Vulnerability Assessment & Penetration Testing
VAPT - Vulnerability Assessment & Penetration Testing VAPT - Vulnerability Assessment & Penetration Testing
VAPT - Vulnerability Assessment & Penetration Testing Netpluz Asia Pte Ltd
 
Penetration Testing
Penetration Testing Penetration Testing
Penetration Testing RomSoft SRL
 
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...Edureka!
 
Web Application Penetration Testing
Web Application Penetration Testing Web Application Penetration Testing
Web Application Penetration Testing Priyanka Aash
 
Penetration testing reporting and methodology
Penetration testing reporting and methodologyPenetration testing reporting and methodology
Penetration testing reporting and methodologyRashad Aliyev
 
Ethical Hacking n VAPT presentation by Suvrat jain
Ethical Hacking n VAPT presentation by Suvrat jainEthical Hacking n VAPT presentation by Suvrat jain
Ethical Hacking n VAPT presentation by Suvrat jainSuvrat Jain
 

Recomendados

WTF is Penetration Testing v.2
WTF is Penetration Testing v.2WTF is Penetration Testing v.2
WTF is Penetration Testing v.2Scott Sutherland
 
What is Penetration Testing?
What is Penetration Testing?What is Penetration Testing?
What is Penetration Testing?btpsec
 
VAPT - Vulnerability Assessment & Penetration Testing
VAPT - Vulnerability Assessment & Penetration Testing VAPT - Vulnerability Assessment & Penetration Testing
VAPT - Vulnerability Assessment & Penetration Testing Netpluz Asia Pte Ltd
 
Penetration Testing
Penetration Testing Penetration Testing
Penetration Testing RomSoft SRL
 
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...Edureka!
 
Web Application Penetration Testing
Web Application Penetration Testing Web Application Penetration Testing
Web Application Penetration Testing Priyanka Aash
 
Penetration testing reporting and methodology
Penetration testing reporting and methodologyPenetration testing reporting and methodology
Penetration testing reporting and methodologyRashad Aliyev
 
Ethical Hacking n VAPT presentation by Suvrat jain
Ethical Hacking n VAPT presentation by Suvrat jainEthical Hacking n VAPT presentation by Suvrat jain
Ethical Hacking n VAPT presentation by Suvrat jainSuvrat Jain
 
Understanding Penetration Testing & its Benefits for Organization
Understanding Penetration Testing & its Benefits for OrganizationUnderstanding Penetration Testing & its Benefits for Organization
Understanding Penetration Testing & its Benefits for OrganizationPECB
 
Vulnerability and Assessment Penetration Testing
Vulnerability and Assessment Penetration TestingVulnerability and Assessment Penetration Testing
Vulnerability and Assessment Penetration TestingYvonne Marambanyika
 
Introduction To Vulnerability Assessment & Penetration Testing
Introduction To Vulnerability Assessment & Penetration TestingIntroduction To Vulnerability Assessment & Penetration Testing
Introduction To Vulnerability Assessment & Penetration TestingRaghav Bisht
 
Introduction to Web Application Penetration Testing
Introduction to Web Application Penetration TestingIntroduction to Web Application Penetration Testing
Introduction to Web Application Penetration TestingNetsparker
 
Vulnerability Assessment and Penetration Testing Report
Vulnerability Assessment and Penetration Testing Report Vulnerability Assessment and Penetration Testing Report
Vulnerability Assessment and Penetration Testing Report Rishabh Upadhyay
 
Vulnerability assessment & Penetration testing Basics
Vulnerability assessment & Penetration testing Basics Vulnerability assessment & Penetration testing Basics
Vulnerability assessment & Penetration testing Basics Mohammed Adam
 
Introduction to MITRE ATT&CK
Introduction to MITRE ATT&CKIntroduction to MITRE ATT&CK
Introduction to MITRE ATT&CKArpan Raval
 
Vulnerability assessment and penetration testing
Vulnerability assessment and penetration testingVulnerability assessment and penetration testing
Vulnerability assessment and penetration testingAbu Sadat Mohammed Yasin
 
Penetration Testing Execution Phases
Penetration Testing Execution Phases Penetration Testing Execution Phases
Penetration Testing Execution Phases Nasir Bhutta
 
Introduction to Web Application Penetration Testing
Introduction to Web Application Penetration TestingIntroduction to Web Application Penetration Testing
Introduction to Web Application Penetration TestingAnurag Srivastava
 
Cyber Threat Hunting Workshop
Cyber Threat Hunting WorkshopCyber Threat Hunting Workshop
Cyber Threat Hunting WorkshopDigit Oktavianto
 
Pen Testing Explained
Pen Testing ExplainedPen Testing Explained
Pen Testing ExplainedRand W. Hirt
 
Application Security - Your Success Depends on it
Application Security - Your Success Depends on itApplication Security - Your Success Depends on it
Application Security - Your Success Depends on itWSO2
 
Network security - Defense in Depth
Network security - Defense in DepthNetwork security - Defense in Depth
Network security - Defense in DepthDilum Bandara
 
What is Penetration & Penetration test ?
What is Penetration & Penetration test ?What is Penetration & Penetration test ?
What is Penetration & Penetration test ?Bhavin Shah
 
Vulnerability Assessment Report
Vulnerability Assessment ReportVulnerability Assessment Report
Vulnerability Assessment ReportHarshit Singh Bhatia
 
Security testing
Security testingSecurity testing
Security testingRihab Chebbah
 
Threat Hunting
Threat HuntingThreat Hunting
Threat HuntingSplunk
 
OWASP Top 10 2021 What's New
OWASP Top 10 2021 What's NewOWASP Top 10 2021 What's New
OWASP Top 10 2021 What's NewMichael Furman
 
Supply chain-attack
Supply chain-attackSupply chain-attack
Supply chain-attackvikram vashisth
 
Networking and penetration testing
Networking and penetration testingNetworking and penetration testing
Networking and penetration testingMohit Belwal
 
What is pentest
What is pentestWhat is pentest
What is pentestitissolutions
 

Mais conteúdo relacionado

Mais procurados

Understanding Penetration Testing & its Benefits for Organization
Understanding Penetration Testing & its Benefits for OrganizationUnderstanding Penetration Testing & its Benefits for Organization
Understanding Penetration Testing & its Benefits for OrganizationPECB
 
Vulnerability and Assessment Penetration Testing
Vulnerability and Assessment Penetration TestingVulnerability and Assessment Penetration Testing
Vulnerability and Assessment Penetration TestingYvonne Marambanyika
 
Introduction To Vulnerability Assessment & Penetration Testing
Introduction To Vulnerability Assessment & Penetration TestingIntroduction To Vulnerability Assessment & Penetration Testing
Introduction To Vulnerability Assessment & Penetration TestingRaghav Bisht
 
Introduction to Web Application Penetration Testing
Introduction to Web Application Penetration TestingIntroduction to Web Application Penetration Testing
Introduction to Web Application Penetration TestingNetsparker
 
Vulnerability Assessment and Penetration Testing Report
Vulnerability Assessment and Penetration Testing Report Vulnerability Assessment and Penetration Testing Report
Vulnerability Assessment and Penetration Testing Report Rishabh Upadhyay
 
Vulnerability assessment & Penetration testing Basics
Vulnerability assessment & Penetration testing Basics Vulnerability assessment & Penetration testing Basics
Vulnerability assessment & Penetration testing Basics Mohammed Adam
 
Introduction to MITRE ATT&CK
Introduction to MITRE ATT&CKIntroduction to MITRE ATT&CK
Introduction to MITRE ATT&CKArpan Raval
 
Vulnerability assessment and penetration testing
Vulnerability assessment and penetration testingVulnerability assessment and penetration testing
Vulnerability assessment and penetration testingAbu Sadat Mohammed Yasin
 
Penetration Testing Execution Phases
Penetration Testing Execution Phases Penetration Testing Execution Phases
Penetration Testing Execution Phases Nasir Bhutta
 
Introduction to Web Application Penetration Testing
Introduction to Web Application Penetration TestingIntroduction to Web Application Penetration Testing
Introduction to Web Application Penetration TestingAnurag Srivastava
 
Cyber Threat Hunting Workshop
Cyber Threat Hunting WorkshopCyber Threat Hunting Workshop
Cyber Threat Hunting WorkshopDigit Oktavianto
 
Pen Testing Explained
Pen Testing ExplainedPen Testing Explained
Pen Testing ExplainedRand W. Hirt
 
Application Security - Your Success Depends on it
Application Security - Your Success Depends on itApplication Security - Your Success Depends on it
Application Security - Your Success Depends on itWSO2
 
Network security - Defense in Depth
Network security - Defense in DepthNetwork security - Defense in Depth
Network security - Defense in DepthDilum Bandara
 
What is Penetration & Penetration test ?
What is Penetration & Penetration test ?What is Penetration & Penetration test ?
What is Penetration & Penetration test ?Bhavin Shah
 
Threat Hunting
Threat HuntingThreat Hunting
Threat HuntingSplunk
 
OWASP Top 10 2021 What's New
OWASP Top 10 2021 What's NewOWASP Top 10 2021 What's New
OWASP Top 10 2021 What's NewMichael Furman
 

Mais procurados (20)

Understanding Penetration Testing & its Benefits for Organization
Understanding Penetration Testing & its Benefits for OrganizationUnderstanding Penetration Testing & its Benefits for Organization
Understanding Penetration Testing & its Benefits for Organization
 
Vulnerability and Assessment Penetration Testing
Vulnerability and Assessment Penetration TestingVulnerability and Assessment Penetration Testing
Vulnerability and Assessment Penetration Testing
 
Introduction To Vulnerability Assessment & Penetration Testing
Introduction To Vulnerability Assessment & Penetration TestingIntroduction To Vulnerability Assessment & Penetration Testing
Introduction To Vulnerability Assessment & Penetration Testing
 
Introduction to Web Application Penetration Testing
Introduction to Web Application Penetration TestingIntroduction to Web Application Penetration Testing
Introduction to Web Application Penetration Testing
 
Vulnerability Assessment and Penetration Testing Report
Vulnerability Assessment and Penetration Testing Report Vulnerability Assessment and Penetration Testing Report
Vulnerability Assessment and Penetration Testing Report
 
Vulnerability assessment & Penetration testing Basics
Vulnerability assessment & Penetration testing Basics Vulnerability assessment & Penetration testing Basics
Vulnerability assessment & Penetration testing Basics
 
Introduction to MITRE ATT&CK
Introduction to MITRE ATT&CKIntroduction to MITRE ATT&CK
Introduction to MITRE ATT&CK
 
Vulnerability assessment and penetration testing
Vulnerability assessment and penetration testingVulnerability assessment and penetration testing
Vulnerability assessment and penetration testing
 
Penetration Testing Execution Phases
Penetration Testing Execution Phases Penetration Testing Execution Phases
Penetration Testing Execution Phases
 
Introduction to Web Application Penetration Testing
Introduction to Web Application Penetration TestingIntroduction to Web Application Penetration Testing
Introduction to Web Application Penetration Testing
 
Cyber Threat Hunting Workshop
Cyber Threat Hunting WorkshopCyber Threat Hunting Workshop
Cyber Threat Hunting Workshop
 
Pen Testing Explained
Pen Testing ExplainedPen Testing Explained
Pen Testing Explained
 
Application Security - Your Success Depends on it
Application Security - Your Success Depends on itApplication Security - Your Success Depends on it
Application Security - Your Success Depends on it
 
Network security - Defense in Depth
Network security - Defense in DepthNetwork security - Defense in Depth
Network security - Defense in Depth
 
What is Penetration & Penetration test ?
What is Penetration & Penetration test ?What is Penetration & Penetration test ?
What is Penetration & Penetration test ?
 
Vulnerability Assessment Report
Vulnerability Assessment ReportVulnerability Assessment Report
Vulnerability Assessment Report
 
Security testing
Security testingSecurity testing
Security testing
 
Threat Hunting
Threat HuntingThreat Hunting
Threat Hunting
 
OWASP Top 10 2021 What's New
OWASP Top 10 2021 What's NewOWASP Top 10 2021 What's New
OWASP Top 10 2021 What's New
 
Supply chain-attack
Supply chain-attackSupply chain-attack
Supply chain-attack
 

Destaque

Networking and penetration testing
Networking and penetration testingNetworking and penetration testing
Networking and penetration testingMohit Belwal
 
NETWORK PENETRATION TESTING
NETWORK PENETRATION TESTINGNETWORK PENETRATION TESTING
NETWORK PENETRATION TESTINGEr Vivek Rana
 
Ethical Hacking A high-level information security study on protecting a comp...
Ethical Hacking A high-level information security study on protecting a comp...Ethical Hacking A high-level information security study on protecting a comp...
Ethical Hacking A high-level information security study on protecting a comp...Quinnipiac University
 
Finding the back door to people’s hearts
Finding the back door to people’s heartsFinding the back door to people’s hearts
Finding the back door to people’s heartsThird Column Ministries
 
Penetración con una Backdoor
Penetración con una BackdoorPenetración con una Backdoor
Penetración con una BackdoorNEGOCIOS PROPIOS
 
How to Backdoor Diffie-Hellman
How to Backdoor Diffie-HellmanHow to Backdoor Diffie-Hellman
How to Backdoor Diffie-HellmanDavid Wong
 
18646089 tipos-y-clases-de-auditorias-informaticas
18646089 tipos-y-clases-de-auditorias-informaticas18646089 tipos-y-clases-de-auditorias-informaticas
18646089 tipos-y-clases-de-auditorias-informaticasyomito_2
 
Importancia de la Auditoria en Seguridad Informática
Importancia de la Auditoria en Seguridad InformáticaImportancia de la Auditoria en Seguridad Informática
Importancia de la Auditoria en Seguridad InformáticaMeztli Valeriano Orozco
 
Pruebas de penetración
Pruebas de penetraciónPruebas de penetración
Pruebas de penetraciónDavid Thomas
 
Ethical Hacking and Penetration Testing
Ethical Hacking and Penetration Testing Ethical Hacking and Penetration Testing
Ethical Hacking and Penetration Testing Rishabh Upadhyay
 
Desmitificando el pentest share
Desmitificando el pentest shareDesmitificando el pentest share
Desmitificando el pentest shareny4nyi
 
Introduction to trojans and backdoors
Introduction to trojans and backdoorsIntroduction to trojans and backdoors
Introduction to trojans and backdoorsjibinmanjooran
 
Java Database Connectivity
Java Database ConnectivityJava Database Connectivity
Java Database Connectivitybackdoor
 

Destaque (20)

Networking and penetration testing
Networking and penetration testingNetworking and penetration testing
Networking and penetration testing
 
What is pentest
What is pentestWhat is pentest
What is pentest
 
NETWORK PENETRATION TESTING
NETWORK PENETRATION TESTINGNETWORK PENETRATION TESTING
NETWORK PENETRATION TESTING
 
Ethical Hacking & Penetration Testing
Ethical Hacking & Penetration TestingEthical Hacking & Penetration Testing
Ethical Hacking & Penetration Testing
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
 
Ethical Hacking A high-level information security study on protecting a comp...
Ethical Hacking A high-level information security study on protecting a comp...Ethical Hacking A high-level information security study on protecting a comp...
Ethical Hacking A high-level information security study on protecting a comp...
 
Conceptual view
Conceptual viewConceptual view
Conceptual view
 
Finding the back door to people’s hearts
Finding the back door to people’s heartsFinding the back door to people’s hearts
Finding the back door to people’s hearts
 
Penetración con una Backdoor
Penetración con una BackdoorPenetración con una Backdoor
Penetración con una Backdoor
 
Backdoor
BackdoorBackdoor
Backdoor
 
How to Backdoor Diffie-Hellman
How to Backdoor Diffie-HellmanHow to Backdoor Diffie-Hellman
How to Backdoor Diffie-Hellman
 
18646089 tipos-y-clases-de-auditorias-informaticas
18646089 tipos-y-clases-de-auditorias-informaticas18646089 tipos-y-clases-de-auditorias-informaticas
18646089 tipos-y-clases-de-auditorias-informaticas
 
Importancia de la Auditoria en Seguridad Informática
Importancia de la Auditoria en Seguridad InformáticaImportancia de la Auditoria en Seguridad Informática
Importancia de la Auditoria en Seguridad Informática
 
Pruebas de penetración
Pruebas de penetraciónPruebas de penetración
Pruebas de penetración
 
Ethical Hacking and Penetration Testing
Ethical Hacking and Penetration Testing Ethical Hacking and Penetration Testing
Ethical Hacking and Penetration Testing
 
Desmitificando el pentest share
Desmitificando el pentest shareDesmitificando el pentest share
Desmitificando el pentest share
 
BackDoors Seminar
BackDoors SeminarBackDoors Seminar
BackDoors Seminar
 
Introduction to trojans and backdoors
Introduction to trojans and backdoorsIntroduction to trojans and backdoors
Introduction to trojans and backdoors
 
ODell - Resume
ODell - ResumeODell - Resume
ODell - Resume
 
Java Database Connectivity
Java Database ConnectivityJava Database Connectivity
Java Database Connectivity
 

Semelhante a Penetration testing & Ethical Hacking

Today's Cyber Challenges: Methodology to Secure Your Business
Today's Cyber Challenges: Methodology to Secure Your BusinessToday's Cyber Challenges: Methodology to Secure Your Business
Today's Cyber Challenges: Methodology to Secure Your BusinessJoAnna Cheshire
 
Top Security Challenges Facing Credit Unions Today
Top Security Challenges Facing Credit Unions TodayTop Security Challenges Facing Credit Unions Today
Top Security Challenges Facing Credit Unions TodayChris Gates
 
Cyber security series vulnerability assessments
Cyber security series vulnerability assessmentsCyber security series vulnerability assessments
Cyber security series vulnerability assessmentsJim Kaplan CIA CFE
 
Scalar Security Roadshow April 2015
Scalar Security Roadshow April 2015Scalar Security Roadshow April 2015
Scalar Security Roadshow April 2015Scalar Decisions
 
Digital Product Security
Digital Product SecurityDigital Product Security
Digital Product SecuritySoftServe
 
Colorado-Society-of-CPAs-Cybersecurity-Presentation-v3_Feb8.pptx
Colorado-Society-of-CPAs-Cybersecurity-Presentation-v3_Feb8.pptxColorado-Society-of-CPAs-Cybersecurity-Presentation-v3_Feb8.pptx
Colorado-Society-of-CPAs-Cybersecurity-Presentation-v3_Feb8.pptxAkramAlqadasi1
 
Definitive Security Testing Checklist Shielding Your Applications against Cyb...
Definitive Security Testing Checklist Shielding Your Applications against Cyb...Definitive Security Testing Checklist Shielding Your Applications against Cyb...
Definitive Security Testing Checklist Shielding Your Applications against Cyb...Knoldus Inc.
 
Info Security - Vulnerability Assessment
Info Security - Vulnerability AssessmentInfo Security - Vulnerability Assessment
Info Security - Vulnerability AssessmentMarcelo Silva
 
PCI and Vulnerability Assessments - What’s Missing
PCI and Vulnerability Assessments - What’s MissingPCI and Vulnerability Assessments - What’s Missing
PCI and Vulnerability Assessments - What’s MissingBlack Duck by Synopsys
 
IT Network Security & Penetration Testing In Houston, Dallas, Austin, San Ant...
IT Network Security & Penetration Testing In Houston, Dallas, Austin, San Ant...IT Network Security & Penetration Testing In Houston, Dallas, Austin, San Ant...
IT Network Security & Penetration Testing In Houston, Dallas, Austin, San Ant...McCann Investigations
 
Assessing a pen tester: Making the right choice when choosing a third party P...
Assessing a pen tester: Making the right choice when choosing a third party P...Assessing a pen tester: Making the right choice when choosing a third party P...
Assessing a pen tester: Making the right choice when choosing a third party P...Jason Broz, CIPP/US
 
Cybersecurity Frameworks and You: The Perfect Match
Cybersecurity Frameworks and You: The Perfect MatchCybersecurity Frameworks and You: The Perfect Match
Cybersecurity Frameworks and You: The Perfect MatchMcKonly & Asbury, LLP
 
Defcon 22-tim-mcguffin-one-man-shop
Defcon 22-tim-mcguffin-one-man-shopDefcon 22-tim-mcguffin-one-man-shop
Defcon 22-tim-mcguffin-one-man-shopPriyanka Aash
 
Cyber_Security_CyberPact.pdf
Cyber_Security_CyberPact.pdfCyber_Security_CyberPact.pdf
Cyber_Security_CyberPact.pdfNaveenKumar470500
 
Protecting Your IP with Perforce Helix and Interset
Protecting Your IP with Perforce Helix and IntersetProtecting Your IP with Perforce Helix and Interset
Protecting Your IP with Perforce Helix and IntersetPerforce
 

Semelhante a Penetration testing & Ethical Hacking (20)

It security cognic_systems
It security cognic_systemsIt security cognic_systems
It security cognic_systems
 
Today's Cyber Challenges: Methodology to Secure Your Business
Today's Cyber Challenges: Methodology to Secure Your BusinessToday's Cyber Challenges: Methodology to Secure Your Business
Today's Cyber Challenges: Methodology to Secure Your Business
 
Vapt life cycle
Vapt life cycleVapt life cycle
Vapt life cycle
 
Top Security Challenges Facing Credit Unions Today
Top Security Challenges Facing Credit Unions TodayTop Security Challenges Facing Credit Unions Today
Top Security Challenges Facing Credit Unions Today
 
Cyber security series vulnerability assessments
Cyber security series vulnerability assessmentsCyber security series vulnerability assessments
Cyber security series vulnerability assessments
 
Scalar Security Roadshow April 2015
Scalar Security Roadshow April 2015Scalar Security Roadshow April 2015
Scalar Security Roadshow April 2015
 
Digital Product Security
Digital Product SecurityDigital Product Security
Digital Product Security
 
Colorado-Society-of-CPAs-Cybersecurity-Presentation-v3_Feb8.pptx
Colorado-Society-of-CPAs-Cybersecurity-Presentation-v3_Feb8.pptxColorado-Society-of-CPAs-Cybersecurity-Presentation-v3_Feb8.pptx
Colorado-Society-of-CPAs-Cybersecurity-Presentation-v3_Feb8.pptx
 
Definitive Security Testing Checklist Shielding Your Applications against Cyb...
Definitive Security Testing Checklist Shielding Your Applications against Cyb...Definitive Security Testing Checklist Shielding Your Applications against Cyb...
Definitive Security Testing Checklist Shielding Your Applications against Cyb...
 
Info Security - Vulnerability Assessment
Info Security - Vulnerability AssessmentInfo Security - Vulnerability Assessment
Info Security - Vulnerability Assessment
 
Module 6.pptx
Module 6.pptxModule 6.pptx
Module 6.pptx
 
PCI and Vulnerability Assessments - What’s Missing
PCI and Vulnerability Assessments - What’s MissingPCI and Vulnerability Assessments - What’s Missing
PCI and Vulnerability Assessments - What’s Missing
 
IT Network Security & Penetration Testing In Houston, Dallas, Austin, San Ant...
IT Network Security & Penetration Testing In Houston, Dallas, Austin, San Ant...IT Network Security & Penetration Testing In Houston, Dallas, Austin, San Ant...
IT Network Security & Penetration Testing In Houston, Dallas, Austin, San Ant...
 
Assessing a pen tester: Making the right choice when choosing a third party P...
Assessing a pen tester: Making the right choice when choosing a third party P...Assessing a pen tester: Making the right choice when choosing a third party P...
Assessing a pen tester: Making the right choice when choosing a third party P...
 
Cybersecurity Frameworks and You: The Perfect Match
Cybersecurity Frameworks and You: The Perfect MatchCybersecurity Frameworks and You: The Perfect Match
Cybersecurity Frameworks and You: The Perfect Match
 
Defcon 22-tim-mcguffin-one-man-shop
Defcon 22-tim-mcguffin-one-man-shopDefcon 22-tim-mcguffin-one-man-shop
Defcon 22-tim-mcguffin-one-man-shop
 
Cyber_Security_CyberPact.pdf
Cyber_Security_CyberPact.pdfCyber_Security_CyberPact.pdf
Cyber_Security_CyberPact.pdf
 
Cyber_Security_CyberPact.pdf
Cyber_Security_CyberPact.pdfCyber_Security_CyberPact.pdf
Cyber_Security_CyberPact.pdf
 
Btpro-Penetration Testing Service
Btpro-Penetration Testing ServiceBtpro-Penetration Testing Service
Btpro-Penetration Testing Service
 
Protecting Your IP with Perforce Helix and Interset
Protecting Your IP with Perforce Helix and IntersetProtecting Your IP with Perforce Helix and Interset
Protecting Your IP with Perforce Helix and Interset
 

Mais de S.E. CTS CERT-GOV-MD

Solvit identity is the new perimeter
Solvit identity is the new perimeterSolvit identity is the new perimeter
Solvit identity is the new perimeterS.E. CTS CERT-GOV-MD
 
Criminalitatea cibernetică – provocare pentru aplicarea legii
Criminalitatea cibernetică – provocare pentru aplicarea legiiCriminalitatea cibernetică – provocare pentru aplicarea legii
Criminalitatea cibernetică – provocare pentru aplicarea legiiS.E. CTS CERT-GOV-MD
 
Cyber security from military point of view
Cyber security from military point of viewCyber security from military point of view
Cyber security from military point of viewS.E. CTS CERT-GOV-MD
 
Prezentare compartiment securitatea (2)
Prezentare compartiment securitatea (2)Prezentare compartiment securitatea (2)
Prezentare compartiment securitatea (2)S.E. CTS CERT-GOV-MD
 
CLOUD COMPUTING Security Risks or Opportunities
CLOUD COMPUTING Security Risks or OpportunitiesCLOUD COMPUTING Security Risks or Opportunities
CLOUD COMPUTING Security Risks or OpportunitiesS.E. CTS CERT-GOV-MD
 
Operarea md cert în reţea naţională de
Operarea md cert în reţea naţională deOperarea md cert în reţea naţională de
Operarea md cert în reţea naţională deS.E. CTS CERT-GOV-MD
 
Moldova cyber security 02.10.2013 rr
Moldova cyber security 02.10.2013 rrMoldova cyber security 02.10.2013 rr
Moldova cyber security 02.10.2013 rrS.E. CTS CERT-GOV-MD
 
GESTIONAREA RISCURILOR DE SECURITATE A INFORMAȚIEI
GESTIONAREA RISCURILOR DE SECURITATE A INFORMAȚIEIGESTIONAREA RISCURILOR DE SECURITATE A INFORMAȚIEI
GESTIONAREA RISCURILOR DE SECURITATE A INFORMAȚIEIS.E. CTS CERT-GOV-MD
 
Киберпреступность отступает?
Киберпреступность отступает?Киберпреступность отступает?
Киберпреступность отступает?S.E. CTS CERT-GOV-MD
 
CERT-GOV-MD: Cyber Security in Moldova: Challenges and Responses
CERT-GOV-MD: Cyber Security in Moldova: Challenges and ResponsesCERT-GOV-MD: Cyber Security in Moldova: Challenges and Responses
CERT-GOV-MD: Cyber Security in Moldova: Challenges and ResponsesS.E. CTS CERT-GOV-MD
 
Building Security Operation Center
Building Security Operation CenterBuilding Security Operation Center
Building Security Operation CenterS.E. CTS CERT-GOV-MD
 
Aare reintam estonia_ciip_activites
Aare reintam estonia_ciip_activitesAare reintam estonia_ciip_activites
Aare reintam estonia_ciip_activitesS.E. CTS CERT-GOV-MD
 

Mais de S.E. CTS CERT-GOV-MD (18)

System of security controls
System of security controlsSystem of security controls
System of security controls
 
Symantec (2)
Symantec (2)Symantec (2)
Symantec (2)
 
Symantec (3)
Symantec (3)Symantec (3)
Symantec (3)
 
Solvit identity is the new perimeter
Solvit identity is the new perimeterSolvit identity is the new perimeter
Solvit identity is the new perimeter
 
Criminalitatea cibernetică – provocare pentru aplicarea legii
Criminalitatea cibernetică – provocare pentru aplicarea legiiCriminalitatea cibernetică – provocare pentru aplicarea legii
Criminalitatea cibernetică – provocare pentru aplicarea legii
 
SIS PREZENTARE CTS
SIS PREZENTARE CTSSIS PREZENTARE CTS
SIS PREZENTARE CTS
 
Cyber security from military point of view
Cyber security from military point of viewCyber security from military point of view
Cyber security from military point of view
 
Prezentare compartiment securitatea (2)
Prezentare compartiment securitatea (2)Prezentare compartiment securitatea (2)
Prezentare compartiment securitatea (2)
 
CLOUD COMPUTING Security Risks or Opportunities
CLOUD COMPUTING Security Risks or OpportunitiesCLOUD COMPUTING Security Risks or Opportunities
CLOUD COMPUTING Security Risks or Opportunities
 
Operarea md cert în reţea naţională de
Operarea md cert în reţea naţională deOperarea md cert în reţea naţională de
Operarea md cert în reţea naţională de
 
Moldova cyber security 02.10.2013 rr
Moldova cyber security 02.10.2013 rrMoldova cyber security 02.10.2013 rr
Moldova cyber security 02.10.2013 rr
 
GESTIONAREA RISCURILOR DE SECURITATE A INFORMAȚIEI
GESTIONAREA RISCURILOR DE SECURITATE A INFORMAȚIEIGESTIONAREA RISCURILOR DE SECURITATE A INFORMAȚIEI
GESTIONAREA RISCURILOR DE SECURITATE A INFORMAȚIEI
 
Киберпреступность отступает?
Киберпреступность отступает?Киберпреступность отступает?
Киберпреступность отступает?
 
Cisco Secure X
Cisco Secure XCisco Secure X
Cisco Secure X
 
CERT-GOV-MD: Cyber Security in Moldova: Challenges and Responses
CERT-GOV-MD: Cyber Security in Moldova: Challenges and ResponsesCERT-GOV-MD: Cyber Security in Moldova: Challenges and Responses
CERT-GOV-MD: Cyber Security in Moldova: Challenges and Responses
 
Building Security Operation Center
Building Security Operation CenterBuilding Security Operation Center
Building Security Operation Center
 
Aare reintam estonia_ciip_activites
Aare reintam estonia_ciip_activitesAare reintam estonia_ciip_activites
Aare reintam estonia_ciip_activites
 
Symantec
SymantecSymantec
Symantec
 

Último

Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...gurkirankumar98700
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 

Último (20)

Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 

Penetration testing & Ethical Hacking

  • 1. Penetration testing & Ethical Hacking Security Week 2013
  • 2. •Hacked Companies •Penetration Testing •Vulnerability Scanning •Security Services offered by Endava Agenda 2
  • 3. IN YOUR ZONE Who I am 3 •Catanoi Maxim – Information Security Consultant at Endava •Certifications: • EC-Council, Certified Ethical Hacker • EC-Council, Certified Security Analyst • EC-Council, Licensed Penetration Tester • SANS/GIAC Penetration Tester • PCI-DSS, PCI Professional (Payment Card Industry) •Over 9 years of experience in IT Security
  • 4. IN YOUR ZONE Hacked companies – 2011-2013 4 • 90% of 600 companies suffered a computer hack in the past 12 months • 77% of companies were actually hacked multiple times • The respondents reported having a very low confidence in their ability to prevent attacks • Many believe they simply aren’t prepared • 53% also believe they will experience an attack in the next 12 months.
  • 5. IN YOUR ZONE Who Attacked and Where 5 • 27% of respondents were willing to blame 3rd party business partners • 40% could not conclusively determine the source of the attacks
  • 6. IN YOUR ZONE Increase in Attacks 6 • The last 12 – 18 months has seen an increase in the severity of the attacks • 77% of companies reported that they were now losing more money with every attack • 78% also said that the frequency of attacks was also on the increase • Theft of information and business disruptions were the most serious results of a hack
  • 7. IN YOUR ZONE Hacked Companies – 2011-2013 7 • Sony and the PlayStation Network • WordPress.com • RSA • Voice of America
  • 8. IN YOUR ZONE What is a Penetration Testing? •A penetration test is a method of evaluating the security of a computer system or network by simulating an attack from a malicious source 8
  • 9. IN YOUR ZONE Why Penetration Testing? •Find Holes Now Before Somebody Else Does •To make a point to decision makers about the need for action or resources •Real-world proof of need for action •Report Problems to Management •Evaluate efficiency of security protection •Security Training For Network Staff •Discover Gaps In Compliance •Testing New Technology •Adopt best practice by confirming to legal regulations 9
  • 10. IN YOUR ZONE Penetration Testing types •Network services test •Client-side security test •Application security test •Passwords attack •Wireless & Remote Access security test •Social engineering test •Physical security test 10
  • 11. IN YOUR ZONE Penetration Testing area 11 Security policies, procedures, and education Policies, procedures, and awareness Guards, locks, tracking devicesPhysical security Application hardeningApplication OS hardening, authentication, security update management, antivirus updates, auditing Host Network segments, NIDSInternal network Firewalls, boarder routers, VPNs with quarantine procedures Perimeter Strong passwords, ACLs, backup and restore strategy Data
  • 12. IN YOUR ZONE Penetration Testing profile •Black Box •White Box •Grey Box 12 •External •Internal •Destructive •None-destructive •Announced •Unannounced
  • 13. IN YOUR ZONE Penetration Testing methodology •Proprietary methodologies: • IBM • ISS • Found Stone • EC-Council LPT •Open source and public methodologies: • OSSTIMM • CISSP • CISA • CHECK • OWASP 13
  • 14. IN YOUR ZONE Penetration Testing flow •Scope/Goal Definition •Information Gathering •Vulnerability Detection/Scanning •Information Analysis and Planning •Attack& Penetration/Privilege Escalation •Result Analysis & Reporting. •Clean-up 14 REPEAT
  • 15. IN YOUR ZONE LPT Penetration Testing roadmap 15
  • 16. IN YOUR ZONE LPT Penetration Testing roadmap (cont) 16
  • 17. IN YOUR ZONE Who should perform a Penetration Test? • This is a highly manual process • Art of finding an open door • An qualified expert from outside holding recognized certifications like CEH, ECSA, CISSP, CISA, CHECK • Networking – TCP/IP contepts, cabling techniques • Routers, firewalls, IDS • Ethical Hacking techniques – exploits, hacking tools, etc… • Databases – Oracle, MSSQL, mySQL • Operation Systems – Windows, Linux, Mainframe, Mac • Wireless protocols – Wifi, Bluetooth • Web servers, mail servers, access devices • Programming languages • other 17
  • 18. IN YOUR ZONE What makes a good Penetration Test •Establishing the parameter for penetration test such as objectives and limitation •Hiring skilled and experienced professional to perform the test •Choosing suitable set of tests that balance cost and benefits •Following a methodology with proper planning and documentation •Documenting the result carefully and making it comprehensible for the client •Stating the potential risk and findings clearly in the final report 18
  • 19. IN YOUR ZONE Vulnerability Scanning – standalone service •An established process for identifying vulnerabilities on internal and external systems •Reduce the likelihood of a vulnerability being exploited and potential compromise of a system component •Internal vulnerability scans should be performed at least quarterly 19
  • 20. IN YOUR ZONE How often? •On regular basis, at least annually • Internal penetration test • External penetration test •Vulnerability scanning at least quarterly •New network infrastructure or applications are added •Significant upgrades or modifications are applied to infrastructure or applications •New office locations are established •Security patches are applied •End user policies are modified 20
  • 21. IN YOUR ZONE Security Services Offered by Endava 21 •Regular External and Internal Vulnerability Scans •Regular Penetration Tests •PCI-DSS Assessment •Implementing ISO 27001 and/or ISO 9001 Standards •Security Trainings • Security Consultation • Security Audits • Custom Security Solution • Intrusion Monitoring Solution •24/7 Incident responding team
  • 23. IN YOUR ZONE The end 23 Maxim Catanoi| IT Security Consultant maxim.catanoi@endava.com Tel +373 797 02900 |Skype en_mcatanoi thank you