SlideShare uma empresa Scribd logo

Advanced Security Testing in the Age of Cyber War

Transferir como PPTX, PDF
S
Sailaja Tennati

Aswath Mohan & Ankur Chadda discuss why an advanced security testing strategy is an essential component in preparing for the onslaught of cyber-attacks. Learn more about security testing: http://bit.ly/P5cTXz

Tecnologia
1 de 10
Advanced Security Testing In The Age of Cyber War Oct 11, 2012 PROPRIETARY AND CONFIDENTIAL
Cyber Security Market Trends Growth of Targeted Attacks Rise of Social Engineering CaaS – Crime as a Service 2 PROPRIETARY AND CONFIDENTIAL
Rapid Increase In Targeted Attacks  Between 2005 to 2011 the number of targeted attacks rose by a factor of: • 10 • 50 • 500 • 1000  In 2005 the number of targeted attacks detected by Symantec.cloud was 1 per week. In Nov 2011 it was 95 per day 3 PROPRIETARY AND CONFIDENTIAL
Social Engineering Is The Main Attack Vector  Report indicates that a large % of people reused passwords or the passwords were very similar: • 55 % • 75 % • 95 %  University of Cambridge study found that 75% of users shared passwords between two separate accounts 4 PROPRIETARY AND CONFIDENTIAL
The Growth Of The Zero Day Market  The price for one exploit is as high as $250K • iOS • Chrome • Windows • Microsoft Word  A Bangkok based security researcher with a handle called ‘The Grugq’ sold an iOS exploit for $250K. He is on track to make over $1M this year. 5 PROPRIETARY AND CONFIDENTIAL
Requirements for Advanced Security Testing  Accurate • Test with the latest attacks and vulnerabilities • Discover unknown weaknesses in software  Agile • Recreate new apps and attacks immediately • Leverage new threat profiles  Simple • Intuitive workflow for ease-of-use and adoption • Auto-generate test cases using Studio 7 PROPRIETARY AND CONFIDENTIAL
Spirent TestCloud – Apps & Security Test Store  1,000s of ready-to-run tests  Continuous stream of the latest attacks and apps  Multiple end–points (iPhone, PC, Android) & versions (Skype v5.3.0.8) 8 8 PROPRIETARY AND CONFIDENTIAL
DEMO 1 – Let’s Discover A Zero Day in Jabber 10 PROPRIETARY AND CONFIDENTIAL
DEMO 2 – Now Let’s Unleash Attacks At Scale 11 PROPRIETARY AND CONFIDENTIAL
Thank you PROPRIETARY AND CONFIDENTIAL

Recomendados

Turning security into code by Jeff Williams
Turning security into code by Jeff WilliamsTurning security into code by Jeff Williams
Turning security into code by Jeff WilliamsDevSecCon
 
BlackHat Europe 2013 - Practical Attacks against Mobile Device Management (MDM)
BlackHat Europe 2013 - Practical Attacks against Mobile Device Management (MDM)BlackHat Europe 2013 - Practical Attacks against Mobile Device Management (MDM)
BlackHat Europe 2013 - Practical Attacks against Mobile Device Management (MDM)Lacoon Mobile Security
 
Lessons learned from Detroit to Deming by Derek Weeks
Lessons learned from Detroit to Deming by Derek WeeksLessons learned from Detroit to Deming by Derek Weeks
Lessons learned from Detroit to Deming by Derek WeeksDevSecCon
 
CI/CD pipeline security from start to finish with WhiteSource & CircleCI
CI/CD pipeline security from start to finish with WhiteSource & CircleCICI/CD pipeline security from start to finish with WhiteSource & CircleCI
CI/CD pipeline security from start to finish with WhiteSource & CircleCIWhiteSource
 
Man in the Binder
Man in the BinderMan in the Binder
Man in the Bindernitayart
 
From Zero to DevSecOps: How to Implement Security at the Speed of DevOps
From Zero to DevSecOps: How to Implement Security at the Speed of DevOps From Zero to DevSecOps: How to Implement Security at the Speed of DevOps
From Zero to DevSecOps: How to Implement Security at the Speed of DevOps WhiteSource
 
DevSecCon Asia 2017 Ofer Maor: AppSec DevOps automation – real world cases
DevSecCon Asia 2017 Ofer Maor: AppSec DevOps automation – real world casesDevSecCon Asia 2017 Ofer Maor: AppSec DevOps automation – real world cases
DevSecCon Asia 2017 Ofer Maor: AppSec DevOps automation – real world casesDevSecCon
 
The Changing Landscape of Information Security
The Changing Landscape of Information SecurityThe Changing Landscape of Information Security
The Changing Landscape of Information SecurityDevSecOpsSg
 

Recomendados

Turning security into code by Jeff Williams
Turning security into code by Jeff WilliamsTurning security into code by Jeff Williams
Turning security into code by Jeff WilliamsDevSecCon
 
BlackHat Europe 2013 - Practical Attacks against Mobile Device Management (MDM)
BlackHat Europe 2013 - Practical Attacks against Mobile Device Management (MDM)BlackHat Europe 2013 - Practical Attacks against Mobile Device Management (MDM)
BlackHat Europe 2013 - Practical Attacks against Mobile Device Management (MDM)Lacoon Mobile Security
 
Lessons learned from Detroit to Deming by Derek Weeks
Lessons learned from Detroit to Deming by Derek WeeksLessons learned from Detroit to Deming by Derek Weeks
Lessons learned from Detroit to Deming by Derek WeeksDevSecCon
 
CI/CD pipeline security from start to finish with WhiteSource & CircleCI
CI/CD pipeline security from start to finish with WhiteSource & CircleCICI/CD pipeline security from start to finish with WhiteSource & CircleCI
CI/CD pipeline security from start to finish with WhiteSource & CircleCIWhiteSource
 
Man in the Binder
Man in the BinderMan in the Binder
Man in the Bindernitayart
 
From Zero to DevSecOps: How to Implement Security at the Speed of DevOps
From Zero to DevSecOps: How to Implement Security at the Speed of DevOps From Zero to DevSecOps: How to Implement Security at the Speed of DevOps
From Zero to DevSecOps: How to Implement Security at the Speed of DevOps WhiteSource
 
DevSecCon Asia 2017 Ofer Maor: AppSec DevOps automation – real world cases
DevSecCon Asia 2017 Ofer Maor: AppSec DevOps automation – real world casesDevSecCon Asia 2017 Ofer Maor: AppSec DevOps automation – real world cases
DevSecCon Asia 2017 Ofer Maor: AppSec DevOps automation – real world casesDevSecCon
 
The Changing Landscape of Information Security
The Changing Landscape of Information SecurityThe Changing Landscape of Information Security
The Changing Landscape of Information SecurityDevSecOpsSg
 
From Zero To Hero: Continuous Container Security in 4 Simple Steps- A WhiteSo...
From Zero To Hero: Continuous Container Security in 4 Simple Steps- A WhiteSo...From Zero To Hero: Continuous Container Security in 4 Simple Steps- A WhiteSo...
From Zero To Hero: Continuous Container Security in 4 Simple Steps- A WhiteSo...WhiteSource
 
Securing a great Developer Experience - v1.3
Securing a great Developer Experience - v1.3Securing a great Developer Experience - v1.3
Securing a great Developer Experience - v1.3Stefan Streichsbier
 
iOS Threats - Malicious Configuration Profiles, Threat, Detection & Mitigation
iOS Threats - Malicious Configuration Profiles, Threat, Detection & MitigationiOS Threats - Malicious Configuration Profiles, Threat, Detection & Mitigation
iOS Threats - Malicious Configuration Profiles, Threat, Detection & MitigationLacoon Mobile Security
 
Cyber security and its defence (updated)
Cyber security and its defence (updated)Cyber security and its defence (updated)
Cyber security and its defence (updated)Parshu Ram
 
5 Things Every CISO Needs To Know About Open Source Security - A WhiteSource ...
5 Things Every CISO Needs To Know About Open Source Security - A WhiteSource ...5 Things Every CISO Needs To Know About Open Source Security - A WhiteSource ...
5 Things Every CISO Needs To Know About Open Source Security - A WhiteSource ...WhiteSource
 
The road goes ever on and on by Ciaran Conliffe
The road goes ever on and on by Ciaran ConliffeThe road goes ever on and on by Ciaran Conliffe
The road goes ever on and on by Ciaran ConliffeDevSecCon
 
The path of secure software by Katy Anton
The path of secure software by Katy AntonThe path of secure software by Katy Anton
The path of secure software by Katy AntonDevSecCon
 
Web security
Web security Web security
Web security Kaushal Bhavsar
 
Securing the container DevOps pipeline by William Henry
Securing the container DevOps pipeline by William HenrySecuring the container DevOps pipeline by William Henry
Securing the container DevOps pipeline by William HenryDevSecCon
 
Chapter 1, Transformasi antivirus
Chapter 1, Transformasi antivirusChapter 1, Transformasi antivirus
Chapter 1, Transformasi antivirusAdi Saputra
 
Threat Modeling Everything
Threat Modeling EverythingThreat Modeling Everything
Threat Modeling EverythingAnne Oikarinen
 
Time based security for cloud computing
Time based security for cloud computingTime based security for cloud computing
Time based security for cloud computingJorge Sebastiao
 
What endpoint protection solutions are available on the market today?
What endpoint protection solutions are available on the market today?What endpoint protection solutions are available on the market today?
What endpoint protection solutions are available on the market today?David Strom
 
DevSecCon Asia 2017 Shannon Lietz: Security is Shifting Left
DevSecCon Asia 2017 Shannon Lietz: Security is Shifting LeftDevSecCon Asia 2017 Shannon Lietz: Security is Shifting Left
DevSecCon Asia 2017 Shannon Lietz: Security is Shifting LeftDevSecCon
 
2019 DerbyCon - Ryan Elkins - Scientific Computing for Information Security
2019 DerbyCon - Ryan Elkins - Scientific Computing for Information Security2019 DerbyCon - Ryan Elkins - Scientific Computing for Information Security
2019 DerbyCon - Ryan Elkins - Scientific Computing for Information SecurityRyan Elkins
 
Soha Systems DevOps Summit New York June 2015
Soha Systems DevOps Summit New York June 2015Soha Systems DevOps Summit New York June 2015
Soha Systems DevOps Summit New York June 2015Robert Berlin
 
The Security Pro's Guide to DevSecOps: How to Get Developers To Write Secure ...
The Security Pro's Guide to DevSecOps: How to Get Developers To Write Secure ...The Security Pro's Guide to DevSecOps: How to Get Developers To Write Secure ...
The Security Pro's Guide to DevSecOps: How to Get Developers To Write Secure ...Franklin Mosley
 
Threat Modeling In 2021
Threat Modeling In 2021Threat Modeling In 2021
Threat Modeling In 2021Adam Shostack
 
Summers@Mizzou 2017 Hacker Tracker Talk
Summers@Mizzou 2017 Hacker Tracker TalkSummers@Mizzou 2017 Hacker Tracker Talk
Summers@Mizzou 2017 Hacker Tracker TalkPrasad Calyam
 
DevOps and the Future of Information Security
DevOps and the Future of Information SecurityDevOps and the Future of Information Security
DevOps and the Future of Information SecurityDarin Morris
 
Journey to the Cloud: Securing Your AWS Applications - April 2015
Journey to the Cloud: Securing Your AWS Applications - April 2015Journey to the Cloud: Securing Your AWS Applications - April 2015
Journey to the Cloud: Securing Your AWS Applications - April 2015Alert Logic
 
Top Application Security Trends of 2012
Top Application Security Trends of 2012Top Application Security Trends of 2012
Top Application Security Trends of 2012DaveEdwards12
 

Mais conteúdo relacionado

Mais procurados

From Zero To Hero: Continuous Container Security in 4 Simple Steps- A WhiteSo...
From Zero To Hero: Continuous Container Security in 4 Simple Steps- A WhiteSo...From Zero To Hero: Continuous Container Security in 4 Simple Steps- A WhiteSo...
From Zero To Hero: Continuous Container Security in 4 Simple Steps- A WhiteSo...WhiteSource
 
Securing a great Developer Experience - v1.3
Securing a great Developer Experience - v1.3Securing a great Developer Experience - v1.3
Securing a great Developer Experience - v1.3Stefan Streichsbier
 
iOS Threats - Malicious Configuration Profiles, Threat, Detection & Mitigation
iOS Threats - Malicious Configuration Profiles, Threat, Detection & MitigationiOS Threats - Malicious Configuration Profiles, Threat, Detection & Mitigation
iOS Threats - Malicious Configuration Profiles, Threat, Detection & MitigationLacoon Mobile Security
 
Cyber security and its defence (updated)
Cyber security and its defence (updated)Cyber security and its defence (updated)
Cyber security and its defence (updated)Parshu Ram
 
5 Things Every CISO Needs To Know About Open Source Security - A WhiteSource ...
5 Things Every CISO Needs To Know About Open Source Security - A WhiteSource ...5 Things Every CISO Needs To Know About Open Source Security - A WhiteSource ...
5 Things Every CISO Needs To Know About Open Source Security - A WhiteSource ...WhiteSource
 
The road goes ever on and on by Ciaran Conliffe
The road goes ever on and on by Ciaran ConliffeThe road goes ever on and on by Ciaran Conliffe
The road goes ever on and on by Ciaran ConliffeDevSecCon
 
The path of secure software by Katy Anton
The path of secure software by Katy AntonThe path of secure software by Katy Anton
The path of secure software by Katy AntonDevSecCon
 
Securing the container DevOps pipeline by William Henry
Securing the container DevOps pipeline by William HenrySecuring the container DevOps pipeline by William Henry
Securing the container DevOps pipeline by William HenryDevSecCon
 
Chapter 1, Transformasi antivirus
Chapter 1, Transformasi antivirusChapter 1, Transformasi antivirus
Chapter 1, Transformasi antivirusAdi Saputra
 
Threat Modeling Everything
Threat Modeling EverythingThreat Modeling Everything
Threat Modeling EverythingAnne Oikarinen
 
Time based security for cloud computing
Time based security for cloud computingTime based security for cloud computing
Time based security for cloud computingJorge Sebastiao
 
What endpoint protection solutions are available on the market today?
What endpoint protection solutions are available on the market today?What endpoint protection solutions are available on the market today?
What endpoint protection solutions are available on the market today?David Strom
 
DevSecCon Asia 2017 Shannon Lietz: Security is Shifting Left
DevSecCon Asia 2017 Shannon Lietz: Security is Shifting LeftDevSecCon Asia 2017 Shannon Lietz: Security is Shifting Left
DevSecCon Asia 2017 Shannon Lietz: Security is Shifting LeftDevSecCon
 
2019 DerbyCon - Ryan Elkins - Scientific Computing for Information Security
2019 DerbyCon - Ryan Elkins - Scientific Computing for Information Security2019 DerbyCon - Ryan Elkins - Scientific Computing for Information Security
2019 DerbyCon - Ryan Elkins - Scientific Computing for Information SecurityRyan Elkins
 
Soha Systems DevOps Summit New York June 2015
Soha Systems DevOps Summit New York June 2015Soha Systems DevOps Summit New York June 2015
Soha Systems DevOps Summit New York June 2015Robert Berlin
 
The Security Pro's Guide to DevSecOps: How to Get Developers To Write Secure ...
The Security Pro's Guide to DevSecOps: How to Get Developers To Write Secure ...The Security Pro's Guide to DevSecOps: How to Get Developers To Write Secure ...
The Security Pro's Guide to DevSecOps: How to Get Developers To Write Secure ...Franklin Mosley
 
Threat Modeling In 2021
Threat Modeling In 2021Threat Modeling In 2021
Threat Modeling In 2021Adam Shostack
 
Summers@Mizzou 2017 Hacker Tracker Talk
Summers@Mizzou 2017 Hacker Tracker TalkSummers@Mizzou 2017 Hacker Tracker Talk
Summers@Mizzou 2017 Hacker Tracker TalkPrasad Calyam
 
DevOps and the Future of Information Security
DevOps and the Future of Information SecurityDevOps and the Future of Information Security
DevOps and the Future of Information SecurityDarin Morris
 

Mais procurados (20)

From Zero To Hero: Continuous Container Security in 4 Simple Steps- A WhiteSo...
From Zero To Hero: Continuous Container Security in 4 Simple Steps- A WhiteSo...From Zero To Hero: Continuous Container Security in 4 Simple Steps- A WhiteSo...
From Zero To Hero: Continuous Container Security in 4 Simple Steps- A WhiteSo...
 
Securing a great Developer Experience - v1.3
Securing a great Developer Experience - v1.3Securing a great Developer Experience - v1.3
Securing a great Developer Experience - v1.3
 
iOS Threats - Malicious Configuration Profiles, Threat, Detection & Mitigation
iOS Threats - Malicious Configuration Profiles, Threat, Detection & MitigationiOS Threats - Malicious Configuration Profiles, Threat, Detection & Mitigation
iOS Threats - Malicious Configuration Profiles, Threat, Detection & Mitigation
 
Cyber security and its defence (updated)
Cyber security and its defence (updated)Cyber security and its defence (updated)
Cyber security and its defence (updated)
 
5 Things Every CISO Needs To Know About Open Source Security - A WhiteSource ...
5 Things Every CISO Needs To Know About Open Source Security - A WhiteSource ...5 Things Every CISO Needs To Know About Open Source Security - A WhiteSource ...
5 Things Every CISO Needs To Know About Open Source Security - A WhiteSource ...
 
The road goes ever on and on by Ciaran Conliffe
The road goes ever on and on by Ciaran ConliffeThe road goes ever on and on by Ciaran Conliffe
The road goes ever on and on by Ciaran Conliffe
 
The path of secure software by Katy Anton
The path of secure software by Katy AntonThe path of secure software by Katy Anton
The path of secure software by Katy Anton
 
Web security
Web security Web security
Web security
 
Securing the container DevOps pipeline by William Henry
Securing the container DevOps pipeline by William HenrySecuring the container DevOps pipeline by William Henry
Securing the container DevOps pipeline by William Henry
 
Chapter 1, Transformasi antivirus
Chapter 1, Transformasi antivirusChapter 1, Transformasi antivirus
Chapter 1, Transformasi antivirus
 
Threat Modeling Everything
Threat Modeling EverythingThreat Modeling Everything
Threat Modeling Everything
 
Time based security for cloud computing
Time based security for cloud computingTime based security for cloud computing
Time based security for cloud computing
 
What endpoint protection solutions are available on the market today?
What endpoint protection solutions are available on the market today?What endpoint protection solutions are available on the market today?
What endpoint protection solutions are available on the market today?
 
DevSecCon Asia 2017 Shannon Lietz: Security is Shifting Left
DevSecCon Asia 2017 Shannon Lietz: Security is Shifting LeftDevSecCon Asia 2017 Shannon Lietz: Security is Shifting Left
DevSecCon Asia 2017 Shannon Lietz: Security is Shifting Left
 
2019 DerbyCon - Ryan Elkins - Scientific Computing for Information Security
2019 DerbyCon - Ryan Elkins - Scientific Computing for Information Security2019 DerbyCon - Ryan Elkins - Scientific Computing for Information Security
2019 DerbyCon - Ryan Elkins - Scientific Computing for Information Security
 
Soha Systems DevOps Summit New York June 2015
Soha Systems DevOps Summit New York June 2015Soha Systems DevOps Summit New York June 2015
Soha Systems DevOps Summit New York June 2015
 
The Security Pro's Guide to DevSecOps: How to Get Developers To Write Secure ...
The Security Pro's Guide to DevSecOps: How to Get Developers To Write Secure ...The Security Pro's Guide to DevSecOps: How to Get Developers To Write Secure ...
The Security Pro's Guide to DevSecOps: How to Get Developers To Write Secure ...
 
Threat Modeling In 2021
Threat Modeling In 2021Threat Modeling In 2021
Threat Modeling In 2021
 
Summers@Mizzou 2017 Hacker Tracker Talk
Summers@Mizzou 2017 Hacker Tracker TalkSummers@Mizzou 2017 Hacker Tracker Talk
Summers@Mizzou 2017 Hacker Tracker Talk
 
DevOps and the Future of Information Security
DevOps and the Future of Information SecurityDevOps and the Future of Information Security
DevOps and the Future of Information Security
 

Semelhante a Advanced Security Testing in the Age of Cyber War

Journey to the Cloud: Securing Your AWS Applications - April 2015
Journey to the Cloud: Securing Your AWS Applications - April 2015Journey to the Cloud: Securing Your AWS Applications - April 2015
Journey to the Cloud: Securing Your AWS Applications - April 2015Alert Logic
 
Top Application Security Trends of 2012
Top Application Security Trends of 2012Top Application Security Trends of 2012
Top Application Security Trends of 2012DaveEdwards12
 
30 it securitythreatsvulnerabilitiesandcountermeasuresv1_2
30 it securitythreatsvulnerabilitiesandcountermeasuresv1_230 it securitythreatsvulnerabilitiesandcountermeasuresv1_2
30 it securitythreatsvulnerabilitiesandcountermeasuresv1_2Gaurav Srivastav
 
CSS 17: NYC - Realities of Security in the Cloud
CSS 17: NYC - Realities of Security in the CloudCSS 17: NYC - Realities of Security in the Cloud
CSS 17: NYC - Realities of Security in the CloudAlert Logic
 
Security at the Breaking Point: Rethink Security in 2013
Security at the Breaking Point: Rethink Security in 2013 Security at the Breaking Point: Rethink Security in 2013
Security at the Breaking Point: Rethink Security in 2013 Skybox Security
 
Transitioning to Next-Generation Firewall Management - 3 Ways to Accelerate t...
Transitioning to Next-Generation Firewall Management - 3 Ways to Accelerate t...Transitioning to Next-Generation Firewall Management - 3 Ways to Accelerate t...
Transitioning to Next-Generation Firewall Management - 3 Ways to Accelerate t...Skybox Security
 
CSS17: Atlanta - Realities of Security in the Cloud
CSS17: Atlanta - Realities of Security in the CloudCSS17: Atlanta - Realities of Security in the Cloud
CSS17: Atlanta - Realities of Security in the CloudAlert Logic
 
Secure application deployment in the age of continuous delivery
Secure application deployment in the age of continuous deliverySecure application deployment in the age of continuous delivery
Secure application deployment in the age of continuous deliveryTim Mackey
 
Secure application deployment in the age of continuous delivery
Secure application deployment in the age of continuous deliverySecure application deployment in the age of continuous delivery
Secure application deployment in the age of continuous deliveryBlack Duck by Synopsys
 
Css sf azure_8-9-17-intro to security in the cloud_mark brooks_al
Css sf azure_8-9-17-intro to security in the cloud_mark brooks_alCss sf azure_8-9-17-intro to security in the cloud_mark brooks_al
Css sf azure_8-9-17-intro to security in the cloud_mark brooks_alAlert Logic
 
CSS17: Houston - Introduction to Security in the Cloud
CSS17: Houston - Introduction to Security in the CloudCSS17: Houston - Introduction to Security in the Cloud
CSS17: Houston - Introduction to Security in the CloudAlert Logic
 
Security: more important than ever - Sophos Day Belux 2014
Security: more important than ever - Sophos Day Belux 2014Security: more important than ever - Sophos Day Belux 2014
Security: more important than ever - Sophos Day Belux 2014Sophos Benelux
 
Security Lifecycle Management Process
Security Lifecycle Management ProcessSecurity Lifecycle Management Process
Security Lifecycle Management ProcessBill Ross
 
Realities of Security in the Cloud
Realities of Security in the CloudRealities of Security in the Cloud
Realities of Security in the CloudAlert Logic
 
Achieving Deeper Network, Mobile and Email Security
Achieving Deeper Network, Mobile and Email SecurityAchieving Deeper Network, Mobile and Email Security
Achieving Deeper Network, Mobile and Email SecurityDell World
 
Mobile Application Security Threats through the Eyes of the Attacker
Mobile Application Security Threats through the Eyes of the AttackerMobile Application Security Threats through the Eyes of the Attacker
Mobile Application Security Threats through the Eyes of the Attackerbugcrowd
 

Semelhante a Advanced Security Testing in the Age of Cyber War (20)

Journey to the Cloud: Securing Your AWS Applications - April 2015
Journey to the Cloud: Securing Your AWS Applications - April 2015Journey to the Cloud: Securing Your AWS Applications - April 2015
Journey to the Cloud: Securing Your AWS Applications - April 2015
 
Top Application Security Trends of 2012
Top Application Security Trends of 2012Top Application Security Trends of 2012
Top Application Security Trends of 2012
 
30 it securitythreatsvulnerabilitiesandcountermeasuresv1_2
30 it securitythreatsvulnerabilitiesandcountermeasuresv1_230 it securitythreatsvulnerabilitiesandcountermeasuresv1_2
30 it securitythreatsvulnerabilitiesandcountermeasuresv1_2
 
CSS 17: NYC - Realities of Security in the Cloud
CSS 17: NYC - Realities of Security in the CloudCSS 17: NYC - Realities of Security in the Cloud
CSS 17: NYC - Realities of Security in the Cloud
 
Security at the Breaking Point: Rethink Security in 2013
Security at the Breaking Point: Rethink Security in 2013 Security at the Breaking Point: Rethink Security in 2013
Security at the Breaking Point: Rethink Security in 2013
 
Transitioning to Next-Generation Firewall Management - 3 Ways to Accelerate t...
Transitioning to Next-Generation Firewall Management - 3 Ways to Accelerate t...Transitioning to Next-Generation Firewall Management - 3 Ways to Accelerate t...
Transitioning to Next-Generation Firewall Management - 3 Ways to Accelerate t...
 
Mobile App Security Testing -2
Mobile App Security Testing -2Mobile App Security Testing -2
Mobile App Security Testing -2
 
CSS17: Atlanta - Realities of Security in the Cloud
CSS17: Atlanta - Realities of Security in the CloudCSS17: Atlanta - Realities of Security in the Cloud
CSS17: Atlanta - Realities of Security in the Cloud
 
Application Hackers Have A Handbook. Why Shouldn't You?
Application Hackers Have A Handbook. Why Shouldn't You?Application Hackers Have A Handbook. Why Shouldn't You?
Application Hackers Have A Handbook. Why Shouldn't You?
 
New Horizons SCYBER Presentation
New Horizons SCYBER PresentationNew Horizons SCYBER Presentation
New Horizons SCYBER Presentation
 
Secure application deployment in the age of continuous delivery
Secure application deployment in the age of continuous deliverySecure application deployment in the age of continuous delivery
Secure application deployment in the age of continuous delivery
 
Secure application deployment in the age of continuous delivery
Secure application deployment in the age of continuous deliverySecure application deployment in the age of continuous delivery
Secure application deployment in the age of continuous delivery
 
Css sf azure_8-9-17-intro to security in the cloud_mark brooks_al
Css sf azure_8-9-17-intro to security in the cloud_mark brooks_alCss sf azure_8-9-17-intro to security in the cloud_mark brooks_al
Css sf azure_8-9-17-intro to security in the cloud_mark brooks_al
 
CSS17: Houston - Introduction to Security in the Cloud
CSS17: Houston - Introduction to Security in the CloudCSS17: Houston - Introduction to Security in the Cloud
CSS17: Houston - Introduction to Security in the Cloud
 
Security: more important than ever - Sophos Day Belux 2014
Security: more important than ever - Sophos Day Belux 2014Security: more important than ever - Sophos Day Belux 2014
Security: more important than ever - Sophos Day Belux 2014
 
Security Lifecycle Management Process
Security Lifecycle Management ProcessSecurity Lifecycle Management Process
Security Lifecycle Management Process
 
News Bytes June 2012
News Bytes June 2012News Bytes June 2012
News Bytes June 2012
 
Realities of Security in the Cloud
Realities of Security in the CloudRealities of Security in the Cloud
Realities of Security in the Cloud
 
Achieving Deeper Network, Mobile and Email Security
Achieving Deeper Network, Mobile and Email SecurityAchieving Deeper Network, Mobile and Email Security
Achieving Deeper Network, Mobile and Email Security
 
Mobile Application Security Threats through the Eyes of the Attacker
Mobile Application Security Threats through the Eyes of the AttackerMobile Application Security Threats through the Eyes of the Attacker
Mobile Application Security Threats through the Eyes of the Attacker
 

Mais de Sailaja Tennati

Retail Transformation Begins with a Unified Commerce Platfrom.pdf
Retail Transformation Begins with a Unified Commerce Platfrom.pdfRetail Transformation Begins with a Unified Commerce Platfrom.pdf
Retail Transformation Begins with a Unified Commerce Platfrom.pdfSailaja Tennati
 
IEEE Buenaventura cs Chapter March 9 2016 v4
IEEE Buenaventura cs Chapter March 9 2016 v4IEEE Buenaventura cs Chapter March 9 2016 v4
IEEE Buenaventura cs Chapter March 9 2016 v4Sailaja Tennati
 
Spirent Accelerating SDN and NFV Deployments
Spirent Accelerating SDN and NFV DeploymentsSpirent Accelerating SDN and NFV Deployments
Spirent Accelerating SDN and NFV DeploymentsSailaja Tennati
 
Spirent: The Internet of Things: The Expanded Security Perimeter
Spirent: The Internet of Things: The Expanded Security Perimeter Spirent: The Internet of Things: The Expanded Security Perimeter
Spirent: The Internet of Things: The Expanded Security Perimeter Sailaja Tennati
 
Spirent's Study on Battery life Competition: Samsung S5 vs. S4
Spirent's Study on Battery life Competition: Samsung S5 vs. S4Spirent's Study on Battery life Competition: Samsung S5 vs. S4
Spirent's Study on Battery life Competition: Samsung S5 vs. S4Sailaja Tennati
 
Spirent: Datum User Experience Analytics System
Spirent: Datum User Experience Analytics SystemSpirent: Datum User Experience Analytics System
Spirent: Datum User Experience Analytics SystemSailaja Tennati
 
DevOps Continuous Testing and LaaS – The Perfect Match for SDN
DevOps Continuous Testing and LaaS – The Perfect Match for SDNDevOps Continuous Testing and LaaS – The Perfect Match for SDN
DevOps Continuous Testing and LaaS – The Perfect Match for SDNSailaja Tennati
 
Best Practices for Accelerating Continuous Testing
Best Practices for Accelerating Continuous TestingBest Practices for Accelerating Continuous Testing
Best Practices for Accelerating Continuous TestingSailaja Tennati
 
DevOps – what is it? Why? Is it real? How to do it?
DevOps – what is it? Why? Is it real? How to do it?DevOps – what is it? Why? Is it real? How to do it?
DevOps – what is it? Why? Is it real? How to do it?Sailaja Tennati
 
Case Study - Implementing DevOps for a complex hardware/software-based networ...
Case Study - Implementing DevOps for a complex hardware/software-based networ...Case Study - Implementing DevOps for a complex hardware/software-based networ...
Case Study - Implementing DevOps for a complex hardware/software-based networ...Sailaja Tennati
 
DevOps Summit 2015 Presentation: Continuous Testing At the Speed of DevOps
DevOps Summit 2015 Presentation: Continuous Testing At the Speed of DevOpsDevOps Summit 2015 Presentation: Continuous Testing At the Speed of DevOps
DevOps Summit 2015 Presentation: Continuous Testing At the Speed of DevOpsSailaja Tennati
 
GNSS Receivers and the Cyber Threat
GNSS Receivers and the Cyber ThreatGNSS Receivers and the Cyber Threat
GNSS Receivers and the Cyber ThreatSailaja Tennati
 
Ensuring the User Experience for Global Mobile Device Launches
Ensuring the User Experience for Global Mobile Device LaunchesEnsuring the User Experience for Global Mobile Device Launches
Ensuring the User Experience for Global Mobile Device LaunchesSailaja Tennati
 
Testing Network Routers for Extreme Scale and Performance
Testing Network Routers for Extreme Scale and Performance Testing Network Routers for Extreme Scale and Performance
Testing Network Routers for Extreme Scale and Performance Sailaja Tennati
 
Spirent 400G Ethernet Test Solution - A Technical Overview
Spirent 400G Ethernet Test Solution - A Technical OverviewSpirent 400G Ethernet Test Solution - A Technical Overview
Spirent 400G Ethernet Test Solution - A Technical OverviewSailaja Tennati
 
ICSA Presents: Scalable Performance Testing - How Spirent Makes That Possible
ICSA Presents: Scalable Performance Testing - How Spirent Makes That PossibleICSA Presents: Scalable Performance Testing - How Spirent Makes That Possible
ICSA Presents: Scalable Performance Testing - How Spirent Makes That PossibleSailaja Tennati
 
Spirent Communications - Networking Field Day Presentation 6 - Sept. 2013
Spirent Communications - Networking Field Day Presentation 6 - Sept. 2013Spirent Communications - Networking Field Day Presentation 6 - Sept. 2013
Spirent Communications - Networking Field Day Presentation 6 - Sept. 2013Sailaja Tennati
 
App-Aware Security Testing with Spirent Avalanche NEXT
App-Aware Security Testing with Spirent Avalanche NEXTApp-Aware Security Testing with Spirent Avalanche NEXT
App-Aware Security Testing with Spirent Avalanche NEXTSailaja Tennati
 
The VoLTE User Experience--Better or Worse
The VoLTE User Experience--Better or WorseThe VoLTE User Experience--Better or Worse
The VoLTE User Experience--Better or WorseSailaja Tennati
 

Mais de Sailaja Tennati (20)

Retail Transformation Begins with a Unified Commerce Platfrom.pdf
Retail Transformation Begins with a Unified Commerce Platfrom.pdfRetail Transformation Begins with a Unified Commerce Platfrom.pdf
Retail Transformation Begins with a Unified Commerce Platfrom.pdf
 
IEEE Buenaventura cs Chapter March 9 2016 v4
IEEE Buenaventura cs Chapter March 9 2016 v4IEEE Buenaventura cs Chapter March 9 2016 v4
IEEE Buenaventura cs Chapter March 9 2016 v4
 
Spirent Accelerating SDN and NFV Deployments
Spirent Accelerating SDN and NFV DeploymentsSpirent Accelerating SDN and NFV Deployments
Spirent Accelerating SDN and NFV Deployments
 
Spirent: The Internet of Things: The Expanded Security Perimeter
Spirent: The Internet of Things: The Expanded Security Perimeter Spirent: The Internet of Things: The Expanded Security Perimeter
Spirent: The Internet of Things: The Expanded Security Perimeter
 
Spirent's Study on Battery life Competition: Samsung S5 vs. S4
Spirent's Study on Battery life Competition: Samsung S5 vs. S4Spirent's Study on Battery life Competition: Samsung S5 vs. S4
Spirent's Study on Battery life Competition: Samsung S5 vs. S4
 
Spirent: Datum User Experience Analytics System
Spirent: Datum User Experience Analytics SystemSpirent: Datum User Experience Analytics System
Spirent: Datum User Experience Analytics System
 
DevOps Continuous Testing and LaaS – The Perfect Match for SDN
DevOps Continuous Testing and LaaS – The Perfect Match for SDNDevOps Continuous Testing and LaaS – The Perfect Match for SDN
DevOps Continuous Testing and LaaS – The Perfect Match for SDN
 
Best Practices for Accelerating Continuous Testing
Best Practices for Accelerating Continuous TestingBest Practices for Accelerating Continuous Testing
Best Practices for Accelerating Continuous Testing
 
DevOps – what is it? Why? Is it real? How to do it?
DevOps – what is it? Why? Is it real? How to do it?DevOps – what is it? Why? Is it real? How to do it?
DevOps – what is it? Why? Is it real? How to do it?
 
Case Study - Implementing DevOps for a complex hardware/software-based networ...
Case Study - Implementing DevOps for a complex hardware/software-based networ...Case Study - Implementing DevOps for a complex hardware/software-based networ...
Case Study - Implementing DevOps for a complex hardware/software-based networ...
 
DevOps Summit 2015 Presentation: Continuous Testing At the Speed of DevOps
DevOps Summit 2015 Presentation: Continuous Testing At the Speed of DevOpsDevOps Summit 2015 Presentation: Continuous Testing At the Speed of DevOps
DevOps Summit 2015 Presentation: Continuous Testing At the Speed of DevOps
 
GNSS Receivers and the Cyber Threat
GNSS Receivers and the Cyber ThreatGNSS Receivers and the Cyber Threat
GNSS Receivers and the Cyber Threat
 
VoLTE Testing Explained
VoLTE Testing ExplainedVoLTE Testing Explained
VoLTE Testing Explained
 
Ensuring the User Experience for Global Mobile Device Launches
Ensuring the User Experience for Global Mobile Device LaunchesEnsuring the User Experience for Global Mobile Device Launches
Ensuring the User Experience for Global Mobile Device Launches
 
Testing Network Routers for Extreme Scale and Performance
Testing Network Routers for Extreme Scale and Performance Testing Network Routers for Extreme Scale and Performance
Testing Network Routers for Extreme Scale and Performance
 
Spirent 400G Ethernet Test Solution - A Technical Overview
Spirent 400G Ethernet Test Solution - A Technical OverviewSpirent 400G Ethernet Test Solution - A Technical Overview
Spirent 400G Ethernet Test Solution - A Technical Overview
 
ICSA Presents: Scalable Performance Testing - How Spirent Makes That Possible
ICSA Presents: Scalable Performance Testing - How Spirent Makes That PossibleICSA Presents: Scalable Performance Testing - How Spirent Makes That Possible
ICSA Presents: Scalable Performance Testing - How Spirent Makes That Possible
 
Spirent Communications - Networking Field Day Presentation 6 - Sept. 2013
Spirent Communications - Networking Field Day Presentation 6 - Sept. 2013Spirent Communications - Networking Field Day Presentation 6 - Sept. 2013
Spirent Communications - Networking Field Day Presentation 6 - Sept. 2013
 
App-Aware Security Testing with Spirent Avalanche NEXT
App-Aware Security Testing with Spirent Avalanche NEXTApp-Aware Security Testing with Spirent Avalanche NEXT
App-Aware Security Testing with Spirent Avalanche NEXT
 
The VoLTE User Experience--Better or Worse
The VoLTE User Experience--Better or WorseThe VoLTE User Experience--Better or Worse
The VoLTE User Experience--Better or Worse
 

Último

Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionDilum Bandara
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clashcharlottematthew16
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfRankYa
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningLars Bell
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfPrecisely
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 

Último (20)

Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An Introduction
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clash
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdf
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine Tuning
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 

Advanced Security Testing in the Age of Cyber War

  • 1. Advanced Security Testing In The Age of Cyber War Oct 11, 2012 PROPRIETARY AND CONFIDENTIAL
  • 2. Cyber Security Market Trends Growth of Targeted Attacks Rise of Social Engineering CaaS – Crime as a Service 2 PROPRIETARY AND CONFIDENTIAL
  • 3. Rapid Increase In Targeted Attacks  Between 2005 to 2011 the number of targeted attacks rose by a factor of: • 10 • 50 • 500 • 1000  In 2005 the number of targeted attacks detected by Symantec.cloud was 1 per week. In Nov 2011 it was 95 per day 3 PROPRIETARY AND CONFIDENTIAL
  • 4. Social Engineering Is The Main Attack Vector  Report indicates that a large % of people reused passwords or the passwords were very similar: • 55 % • 75 % • 95 %  University of Cambridge study found that 75% of users shared passwords between two separate accounts 4 PROPRIETARY AND CONFIDENTIAL
  • 5. The Growth Of The Zero Day Market  The price for one exploit is as high as $250K • iOS • Chrome • Windows • Microsoft Word  A Bangkok based security researcher with a handle called ‘The Grugq’ sold an iOS exploit for $250K. He is on track to make over $1M this year. 5 PROPRIETARY AND CONFIDENTIAL
  • 6. Requirements for Advanced Security Testing  Accurate • Test with the latest attacks and vulnerabilities • Discover unknown weaknesses in software  Agile • Recreate new apps and attacks immediately • Leverage new threat profiles  Simple • Intuitive workflow for ease-of-use and adoption • Auto-generate test cases using Studio 7 PROPRIETARY AND CONFIDENTIAL
  • 7. Spirent TestCloud – Apps & Security Test Store  1,000s of ready-to-run tests  Continuous stream of the latest attacks and apps  Multiple end–points (iPhone, PC, Android) & versions (Skype v5.3.0.8) 8 8 PROPRIETARY AND CONFIDENTIAL
  • 8. DEMO 1 – Let’s Discover A Zero Day in Jabber 10 PROPRIETARY AND CONFIDENTIAL
  • 9. DEMO 2 – Now Let’s Unleash Attacks At Scale 11 PROPRIETARY AND CONFIDENTIAL

Notas do Editor

  1. Small and medium businesses are seen as easy targets by hackers as they lack the resources and budget to secure their infrastructure like larger businesses do.Government and private entities are teaming up together to deal a blow to perpetrators which one might not be able to do on its own.Mobile Apps, social media, cloud computing
  2. In 2005 the number of targeted attacks detected by Symantec.cloud was 1 per weekIn Nov 2011 it was 95 per day An attack can be considered as targeted if it is intended for a specific person or organization, typically created toevade traditional security defenses and frequently makes use of advanced social engineering techniques.1. Symantec Intelligence Report Nov 2011. Also the number of attacks against online businesses rose by a factor of 5 according to Verizon Business Report
  3. University of Cambridge researcher - http://www.lightbluetouchpaper.org/2011/02/09/measuring-password-re-use-empirically/. Rootkit.com and gawker.com.An addition 8% only changed capitalization. FaceBook now has 1B accounts (not including China)
  4. http://www.forbes.com/sites/andygreenberg/2012/03/23/shopping-for-zero-days-an-price-list-for-hackers-secret-software-exploits/http://www.forbes.com/sites/andygreenberg/2012/03/21/meet-the-hackers-who-sell-spies-the-tools-to-crack-your-pc-and-get-paid-six-figure-fees/
  5. Systematically test for the unexpectedFind unknown vulnerabilitiesMillions of test casesAutomated lights-out approach