Network Security Testing— Are There Really Different Types of Testing? July 28, 2015 Start Time: 9 am US Pacific / 12 noon US Eastern / 5 pm London Time.

Slides:



Advertisements
Similar presentations
PENETRATION TESTING Presenters:Chakrit Sanbuapoh Sr. Information Security MFEC.
Advertisements

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation.
Web Vulnerability Assessments
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
The OWASP Foundation Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under.
DevFu! The Inner Ninja in Every Application Developer.
Penetration Testing Presented by: Elham Hojati Advisor: Dr. Akbar Namin July 2014.
Red Team “You keep using that word, I do not think it means what you think it means” – Inigo Montoya.
CSCI 530L Vulnerability Assessment. Process of identifying vulnerabilities that exist in a computer system Has many similarities to risk assessment Four.
Assessing Vulnerabilities ISA 4220 Server Systems Security James A. Edge Jr., CISSP, CISM, CISA, CPTE, MCSE Sr. Security Analyst Cincinnati Bell Technology.
Computer Security and Penetration Testing
Thessaloniki November Penetration Testing with Android Devices Hacking with our pocket device, made easy! Thomas Sermpinis a.k.a. Cr0wTom.
Vulnerability Assessment & Penetration Testing By: Michael Lassiter Jr.
The Business of Penetration Testing
Penetration Testing Edmund Whitehead Rayce West. Introduction - Definition of Penetration Testing - Who needs Penetration Testing? - Penetration Testing.
Security Scanning OWASP Education Nishi Kumar Computer based training
BackTrack Penetration Testing Workshop Michael Holcomb, CISSP Upstate ISSA Chapter.
IDENTIFYING SECURITY ISSUES IN A HIGHER INSTITUTE CMS LAB SITE Panagiotis Loumpardias Konstantinos Chimos.
You Are Not Alone: Pooling Regional Resources to Enhance Information Security Training Kris Monroe, CISA, CISSP Information Security Officer Ithaca College.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Nata Raju Gurrapu Agenda What is Information and Security. Industry Standards Job Profiles Certifications Tips.
Ethical Hacking and Network Defense NCTT Winter Workshop January 11, 2006.
Trust, Transparency: What End-Users Want from their Providers!
Web Applications Testing By Jamie Rougvie Supported by.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the Creative Commons Attribution-ShareAlike.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation.
MVHS Career Night 2015 Information Security. Agenda What is Information and Security. Industry Standards Job Profiles Certifications Tips.
X2VOL.com Student Login July First Time Login:
Mantra – Security Framework Free and Open Source Browser based Security Framework.
The OWASP Foundation OWASP Mantra - An Introduction Prepared By -Team Mantra-
Ethical Hacking License to hack. OVERVIEW Ethical Hacking ? Why do ethical hackers hack? Ethical Hacking - Process Reporting Keeping It Legal.
Computer Security Fundamentals by Chuck Easttom Chapter 11 Network Scanning and Vulnerability Scanning.
Copyright © Microsoft Corp 2006 The Security Development Lifecycle Eric Bidstrup, CISSP Group Program Manager Security Engineering and Communication.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation.
Ethical Hacking and Network Defense. Contact Information Sam Bowne Sam Bowne Website: samsclass.info Website:
Managerial Accounting for Business Professionals ACC 330 UNIT 1 Dr. Doug Letsch I am online waiting for the live session to begin. If you have a general.
Cyber Security – The Changing Landscape Erick Weber Department of Public Works Khaled Tawfik Cyber Security.
Quiz Title Your name goes here. Question 1 Click here for answer Click here for answer Go to question 2 Go to question 2.
FROM CONTINUOUS INTEGRATION TO VIRTUAL PATCHING BUILDING APPSEC ALL ALONG THE WEB APPLICATION LIFECYCLE.
Page 1 Ethical Hacking by Douglas Williams. Page 2 Intro Attackers can potentially use many different paths through your application to do harm to your.
Geeks Need Basements. Who am I? Started in computer industry in 1982 Specializing in security for the past 15 years ASS (Application Security Specialist)
Defining your requirements for a successful security (and compliance
[blank page for bug work-around]
Making an Impact in a Global Society
Penetration Testing Social Engineering Attack and Web-based Exploitation CIS 6395, Incident Response Technologies Fall.
Ethical Hacking By: Erin Noonan.
Radical Membership: Conference Apps & Hacks
WEBINAR Device Labs Boost Mobile Test Automation
CEH vs CISSP Course, Advantage, Career, Salary, Demand!
Welcome to Cisco! Getting Started…
Penetration Testing Karen Miller.
Penetration Testing following OWASP
NEED OF JAILBREAKING IN IOS PENETRATION TESTING
Web Application Penetration Testing
Session title Sub headline
Joaquin Fuentes MBA, CEH, CPT, CISSP, CISA, NACA
HTML Level II (CyberAdvantage)
PT0-001 Dumps PDF CompTIA PenTest+ Exam Exam Code Exam Name.
Infrastructure Readiness Training for FY2018 December 12, 2017
CPE Credit Instructions for CPAs
Validating Your Information Security Program (ISP 3 of 3)
National Cyber Security
OWASP Charlotte What, Why, Where and How
Computer Security Fundamentals
Sebastien Deleersnyder CISSP May, 2006
X2VOL.com Student Login July 2014.
Ethical Hacking ‘Ethical hacking’ is the branch of computer science that involves cybersecurity and preventing cyberattacks. Ethical hackers are not malicious.
Hacking web applications
Presentation transcript:

Network Security Testing— Are There Really Different Types of Testing? July 28, 2015 Start Time: 9 am US Pacific / 12 noon US Eastern / 5 pm London Time Web CONFERENCES #ISSAWebConf

Brought to you by: Title goes here2 Web CONFERENCE: #ISSAWebConf Network Testing—Are There Really Different Types of Testing? Network Security Testing— Are There Really Different Types of Testing?

Welcome Conference Moderator July 28, 2015 Start Time: 9 am US Pacific 12 noon US Eastern 5 pm London Time #ISSAWebConf Web CONFERENCES Jorge Orchilles Vice President, South Florida ISSA Network Security Testing— Are There Really Different Types of Testing?

John Kindervag Vice President & Principal Analyst, Forrrester Research Eric Raisters CISSP, CSSLP Ira Winkler President, Secure Mentem, CISSP Donald Shin Sr. Technical Business Development Manager, IXIA Speaker Introduction Title goes here4 Web CONFERENCE: #ISSAWebConf To ask a question: Type in your question in the Chat area of your screen. You may need to click on the double arrows to open this function. Network Testing—Are There Really Different Types of Testing?

Network Security Testing— Are There Really Different Types of Testing? +1 #ISSAWebConf Web CONFERENCES John Kindervag Vice President, Principal Analyst serving Security & Risk Professionals at Forrester Research Materials omitted due to licensing and reproduction rights.

Network Testing—Are There Really Different Types of Testing?

Network Security Testing— Are There Really Different Types of Testing? #ISSAWebConf Web CONFERENCES Eric Raisters CISSP, CSSLP

Approach SUT as an attacker  Process (from SANS Ethical Hacking)  Planning  Scoping  Reconnaissance  Scanning  Exploitation  Documentation/Reporting Pen Test Basics Network Testing—Are There Really Different Types of Testing?8

Approach SUT as an attacker  In-house developed apps/services  White-box testing  Deployed systems/purchased products  Includes virtual servers and cloud deployments Pen Test Purpose Network Testing—Are There Really Different Types of Testing?9

 SUT object  Network – mis-configs, weak settings  Web apps/services – OWASP Top 10  Mobile apps/services – permissions, data leakage  Attack methods  Known vulnerability scans - automated  Exploitation proof - manual Pen Test Types Network Testing—Are There Really Different Types of Testing?10

 Kali Linux  Samurai Web Test Framework  Pwnie Express Pen Test Toolkits Network Testing—Are There Really Different Types of Testing?11

Look for known vulnerabilities  Nessus (OpenVAS)  Nexpose  Core Impact  Burp Suite (free and commercial)  Zed Attack Proxy (OWASP) Vulnerability Scan Network Testing—Are There Really Different Types of Testing?12

Prove a found vulnerability is exploitable  Metasploit (freed and commercial)  CANVAS Network Exploits Network Testing—Are There Really Different Types of Testing?13

 Burp Suite (free and commercial)  Zed Attack Proxy (OWASP)  Paros proxy  w3af  Netsparker Web App Exploits Network Testing—Are There Really Different Types of Testing?14

 Pwnie Express  zANTI  Hackcode  AndroRAT Android Exploits Network Testing—Are There Really Different Types of Testing?15

 Standard Linux pentest tools  iNalyser iPhone Exploits Network Testing—Are There Really Different Types of Testing?16

 Pen testing is important  Vulnerability scans are not enough  Exploit testing proves that a vulnerability is important enough to fix  Consider contracting experts  Consider a bug bounty program If you don’t do it, the hackers will Summary Network Testing—Are There Really Different Types of Testing?17

 sectools.org  n0where.net/directory  OWASP.prg  kali.org Eric Raisters Resources Network Testing—Are There Really Different Types of Testing?18

19 Thank you! Network Testing—Are There Really Different Types of Testing?

Eric Raisters CISSP, CSSLP Question and Answer Title goes here20 Web CONFERENCE: #ISSAWebConf To ask a question: Type in your question in the Chat area of your screen. You may need to click on the double arrows to open this function. Network Testing—Are There Really Different Types of Testing?

Eric Raisters CISSP, CSSLP Thank You Title goes here21 Web CONFERENCE: #ISSAWebConf Network Testing—Are There Really Different Types of Testing?

Network Security Testing— Are There Really Different Types of Testing? #ISSAWebConf Web CONFERENCES Ira Winkler President, Secure Mentem, CISSP

23 Network Testing—Are There Really Different Types of Testing? Copyright Secure Mentem

24 Network Testing—Are There Really Different Types of Testing?

25 Network Testing—Are There Really Different Types of Testing?

26 Network Testing—Are There Really Different Types of Testing? Copyright Secure Mentem

27 Network Testing—Are There Really Different Types of Testing? Copyright Secure Mentem

28 Network Testing—Are There Really Different Types of Testing? Copyright Secure Mentem

29 Network Testing—Are There Really Different Types of Testing?

30 Network Testing—Are There Really Different Types of Testing? Copyright Secure Mentem

31 Network Testing—Are There Really Different Types of Testing? Copyright Secure Mentem

32 Network Testing—Are There Really Different Types of Testing?

33 Network Testing—Are There Really Different Types of Testing?

34 Network Testing—Are There Really Different Types of Testing?

35 Network Testing—Are There Really Different Types of Testing?

36 Network Testing—Are There Really Different Types of Testing?

37 Network Testing—Are There Really Different Types of Testing?

38 Network Testing—Are There Really Different Types of Testing? Thank You

Ira Winkler President, Secure Mentem, CISSP @irawinkler Question and Answer Title goes here39 Web CONFERENCE: #ISSAWebConf To ask a question: Type in your question in the Chat area of your screen. You may need to click on the double arrows to open this function. Network Testing—Are There Really Different Types of Testing?

Ira Winkler President, Secure Mentem, CISSP Thank You Title goes here40 Web CONFERENCE: #ISSAWebConf Network Testing—Are There Really Different Types of Testing?

Network Security Testing— Are There Really Different Types of Testing? #ISSAWebConf Web CONFERENCES Donald Shin Sr. Technical Business Development Manager, IXIA

42 Network Testing—Are There Really Different Types of Testing?

43 Network Testing—Are There Really Different Types of Testing?

44 Network Testing—Are There Really Different Types of Testing?

45 Network Testing—Are There Really Different Types of Testing?

46 Network Testing—Are There Really Different Types of Testing?

47 Network Testing—Are There Really Different Types of Testing?

48 Network Testing—Are There Really Different Types of Testing?

49 Network Testing—Are There Really Different Types of Testing?

50 Network Testing—Are There Really Different Types of Testing?

51 Network Testing—Are There Really Different Types of Testing?

52 Network Testing—Are There Really Different Types of Testing?

53 Network Testing—Are There Really Different Types of Testing?

54 Network Testing—Are There Really Different Types of Testing?

55 Network Testing—Are There Really Different Types of Testing?

56 Network Testing—Are There Really Different Types of Testing?

57 Network Testing—Are There Really Different Types of Testing?

58 Network Testing—Are There Really Different Types of Testing?

59 Network Testing—Are There Really Different Types of Testing?

60 Network Testing—Are There Really Different Types of Testing?

61 Network Testing—Are There Really Different Types of Testing?

62 Network Testing—Are There Really Different Types of Testing?

Donald Shin Sr. Technical Business Development Manager IXIA Question and Answer Title goes here63 Web CONFERENCE: #ISSAWebConf To ask a question: Type in your question in the Chat area of your screen. You may need to click on the double arrows to open this function. Network Testing—Are There Really Different Types of Testing?

Donald Shin Sr. Technical Business Development Manager IXIA Thank You Title goes here64 Web CONFERENCE: #ISSAWebConf Network Testing—Are There Really Different Types of Testing?

John Kindervag Vice President & Principal Analyst, Forrester Research Eric Raisters CISSP, CSSLP Ira Winkler President, Secure Mentem, CISSP Donald Shin Sr. Technical Business Development Manager, IXIA Open Panel with Audience Q&A Title goes here65 Web CONFERENCE: #ISSAWebConf To ask a question: Type in your question in the Chat area of your screen. You may need to click on the double arrows to open this function. Network Testing—Are There Really Different Types of Testing?

Thank you Citrix for donating the Webcast service Closing Remarks Title goes here66 Web CONFERENCE: #ISSAWebConf Thank You Network Testing—Are There Really Different Types of Testing?

Within 24 hours of the conclusion of this webcast, you will receive a link via to a post Web Conference quiz. After the successful completion of the quiz you will be given an opportunity to PRINT a certificate of attendance to use for the submission of CPE credits. On-Demand Viewers Quiz Link: Conference-July Network-Security-Testing-Are- There-Really-Different-Types-of-Testing Conference-July Network-Security-Testing-Are- There-Really-Different-Types-of-Testing CPE Credit Title goes here67 Web CONFERENCE: #ISSAWebConf Network Testing—Are There Really Different Types of Testing?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.