Presentation is loading. Please wait.

Presentation is loading. Please wait.

CULLEN ACHESON Samuel Garcia Zachary Blum

Published byMinna Johannsen Modified over 5 years ago

Similar presentations

Presentation on theme: "CULLEN ACHESON Samuel Garcia Zachary Blum"— Presentation transcript:

1 CULLEN ACHESON Samuel Garcia Zachary Blum
Vulnerabilities CULLEN ACHESON Samuel Garcia Zachary Blum

2 Vulnerabilities Basic Information
What's different from an exploit? Common Vulnerabilities and Exposures (CVE) Vulnerability is a flaw in a system, or in some software within a system, that could provide an attacker with a way to bypass the security infrastructure. While an exploit is the act of trying to turn a vulnerability into an actual way to breach a system. CVE is a reference-method for publicly known Information-security vulnerabilities and exposures. 

3 NIST CVE/Website NIST = National Institute for Standards and Technology NVD =  National Vulnerability Database - sponsored by the depart

4 How? Accidental Programming Errors

5 Defense? Scan Update Secure Coding ( geId=637) Bug Bounty Programs? ( The reality we must face is that Internet security vulnerabilities are never going away. Every year the number of identified vulnerabilities increases at an alarming rate. There are a few steps needed to be taken to defend against vulnerabilities. Step 1: Identification/Discovery of Systems gives you, the security admin, a view of the network through the use of an assessment tool or network mapping software, which will be able to determine used tcp/ip addresses. Step 2: Vulnerability Assessment Vulnerability assessment tools or scanners are used to identify vulnerabilities within the network.  Step 3: Vulnerability review Vulnerability scanners generate reports that can be hundreds or even thousands of pages long. They provide details such as names, descriptions and assessments of severity. Some scanners provide remedies that can be manually applied to effectively neutralize the vulnerability. Step 4: Vulnerability remediation Can be done in many different ways: Manual remediation, patch deployment tools, and automated remediation tools. Step 5: Ongoing vulnerability management The need for ongoing management of network vulnerabilities is often overlooked at the onset of a vulnerability remediation project. However, its very important to scan regularly, after updates, and installs of programs to prevent new vulnerabilities from popping up.

6 Bug Bounty Market Vupen Google Facebook
Zerodium ( DJI They were able to obtain the private key for its SSL certificate, which DJI had accidentally published on GitHub, allowing them access to sensitive customer information stored on DJI’s servers. He asked DJI if this problem was within the scope of its bug bounty, and the company confirmed it was. So Finisterre wrote up and submitted a detailed report. DJI approved of the work and offered him a $30,000 bounty, their highest reward.

7

8 Vulnerability Scanners
Nessus OpenVAS Burp Suite

9 Fuzzing Random Input Dumb, Smart, Black-Box, White-Box
Burp Intruder (Both Scanner and Fuzzer) Fuzz testing (fuzzing) is a quality assurance technique used to discover coding errors and security loopholes in software, operating systems or networks. It involves inputting massive amounts of random data, called fuzz, to the test subject in an attempt to make it crash.

10 Hackers: Asset or Detriment?

11 Questions?

Download ppt "CULLEN ACHESON Samuel Garcia Zachary Blum"

Similar presentations

Security Update Server Registration, Active scanning and Windows patching.

Security Update Server Registration, Active scanning and Windows patching.
Federal Desktop Core Configuration and the Security Content Automation Protocol Peter Mell, National Vulnerability Database National Institute of Standards.

Federal Desktop Core Configuration and the Security Content Automation Protocol Peter Mell, National Vulnerability Database National Institute of Standards.
Abirami Poonkundran 2/22/10.  Goal  Introduction  Testing Methods  Testing Scope  My Focus  Current Progress  Explanation of Tools  Things to.

Abirami Poonkundran 2/22/10.  Goal  Introduction  Testing Methods  Testing Scope  My Focus  Current Progress  Explanation of Tools  Things to.
INDEX  Ethical Hacking Terminology.  What is Ethical hacking?  Who are Ethical hacker?  How many types of hackers?  White Hats (Ethical hackers)

INDEX  Ethical Hacking Terminology.  What is Ethical hacking?  Who are Ethical hacker?  How many types of hackers?  White Hats (Ethical hackers)
Hands-On Ethical Hacking and Network Defense

Hands-On Ethical Hacking and Network Defense
Fuzzing Dan Fleck CS 469: Security Engineering Sources:

Fuzzing Dan Fleck CS 469: Security Engineering Sources:
Leveraging User Interactions for In-Depth Testing of Web Applications Sean McAllister, Engin Kirda, and Christopher Kruegel RAID ’08 1 Seoyeon Kang November.

Leveraging User Interactions for In-Depth Testing of Web Applications Sean McAllister, Engin Kirda, and Christopher Kruegel RAID ’08 1 Seoyeon Kang November.
Network Vulnerability Scanning Xiaozhen Xue Dept. of Computer Science Texas Tech University, USA Akbar Siami Namin Dept. of Computer.

Network Vulnerability Scanning Xiaozhen Xue Dept. of Computer Science Texas Tech University, USA Akbar Siami Namin Dept. of Computer.
SELECTING AND IMPLEMENTING VULNERABILITY SCANNER FOR FUN AND PROFIT by Tim Jett and Mike Townes.

SELECTING AND IMPLEMENTING VULNERABILITY SCANNER FOR FUN AND PROFIT by Tim Jett and Mike Townes.
This is a work of the U.S. Government and is not subject to copyright protection in the United States. The OWASP Foundation OWASP AppSec DC October 2005.

This is a work of the U.S. Government and is not subject to copyright protection in the United States. The OWASP Foundation OWASP AppSec DC October 2005.
Leveraging User Interactions for In-Depth Testing of Web Application Sean McAllister Secure System Lab, Technical University Vienna, Austria Engin Kirda.

Leveraging User Interactions for In-Depth Testing of Web Application Sean McAllister Secure System Lab, Technical University Vienna, Austria Engin Kirda.
Web Application Security Assessment and Vulnerability Assessment.

Web Application Security Assessment and Vulnerability Assessment.
Security+ Guide to Network Security Fundamentals, Fourth Edition

Security+ Guide to Network Security Fundamentals, Fourth Edition
Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.

Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.
E-business Security Dana Vasiloaica Institute of Technology Sligo 22 April 2006.

E-business Security Dana Vasiloaica Institute of Technology Sligo 22 April 2006.
0 Kluge Burch Zimmerling GRC Advisors Commodity Services Specification Penetration Testing & Application Security Assessment January 2015.

0 Kluge Burch Zimmerling GRC Advisors Commodity Services Specification Penetration Testing & Application Security Assessment January 2015.
 Protect customers with more secure software  Reduce the number of vulnerabilities  Reduce the severity of vulnerabilities  Address compliance requirements.

 Protect customers with more secure software  Reduce the number of vulnerabilities  Reduce the severity of vulnerabilities  Address compliance requirements.
Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.

Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.
1 ITGD 2202 Supervision:- Assistant Professor Dr. Sana’a Wafa Al-Sayegh Dr. Sana’a Wafa Al-SayeghStudent: Anwaar Ahmed Abu-AlQumboz.

1 ITGD 2202 Supervision:- Assistant Professor Dr. Sana’a Wafa Al-Sayegh Dr. Sana’a Wafa Al-SayeghStudent: Anwaar Ahmed Abu-AlQumboz.
Introduction: Information security services. We adhere to the strictest and most respected standards in the industry, including: -The National Institute.

Introduction: Information security services. We adhere to the strictest and most respected standards in the industry, including: -The National Institute.

Similar presentations

Ads by Google