Presentation is loading. Please wait.

Presentation is loading. Please wait.

Network Security Testing— Are There Really Different Types of Testing? July 28, 2015 Start Time: 9 am US Pacific / 12 noon US Eastern / 5 pm London Time.

Published byMae Todd Modified over 9 years ago

Similar presentations

Presentation on theme: "Network Security Testing— Are There Really Different Types of Testing? July 28, 2015 Start Time: 9 am US Pacific / 12 noon US Eastern / 5 pm London Time."— Presentation transcript:

1 Network Security Testing— Are There Really Different Types of Testing? July 28, 2015 Start Time: 9 am US Pacific / 12 noon US Eastern / 5 pm London Time Web CONFERENCES #ISSAWebConf

2 Brought to you by: Title goes here2 Web CONFERENCE: #ISSAWebConf Network Testing—Are There Really Different Types of Testing? Network Security Testing— Are There Really Different Types of Testing?

3 Welcome Conference Moderator July 28, 2015 Start Time: 9 am US Pacific 12 noon US Eastern 5 pm London Time #ISSAWebConf Web CONFERENCES Jorge Orchilles Vice President, South Florida ISSA Network Security Testing— Are There Really Different Types of Testing?

4 John Kindervag Vice President & Principal Analyst, Forrrester Research Eric Raisters CISSP, CSSLP Ira Winkler President, Secure Mentem, CISSP Donald Shin Sr. Technical Business Development Manager, IXIA Speaker Introduction Title goes here4 Web CONFERENCE: #ISSAWebConf To ask a question: Type in your question in the Chat area of your screen. You may need to click on the double arrows to open this function. Network Testing—Are There Really Different Types of Testing?

5 Network Security Testing— Are There Really Different Types of Testing? +1 469.221.5372 4kindervag@forrester.com @Kindervag 4kindervag@forrester.com #ISSAWebConf Web CONFERENCES John Kindervag Vice President, Principal Analyst serving Security & Risk Professionals at Forrester Research Materials omitted due to licensing and reproduction rights.

6 Network Testing—Are There Really Different Types of Testing?

7 Network Security Testing— Are There Really Different Types of Testing? raisters@comcast.net #ISSAWebConf Web CONFERENCES Eric Raisters CISSP, CSSLP

8 Approach SUT as an attacker  Process (from SANS Ethical Hacking)  Planning  Scoping  Reconnaissance  Scanning  Exploitation  Documentation/Reporting Pen Test Basics Network Testing—Are There Really Different Types of Testing?8

9 Approach SUT as an attacker  In-house developed apps/services  White-box testing  Deployed systems/purchased products  Includes virtual servers and cloud deployments Pen Test Purpose Network Testing—Are There Really Different Types of Testing?9

10  SUT object  Network – mis-configs, weak settings  Web apps/services – OWASP Top 10  Mobile apps/services – permissions, data leakage  Attack methods  Known vulnerability scans - automated  Exploitation proof - manual Pen Test Types Network Testing—Are There Really Different Types of Testing?10

11  Kali Linux  Samurai Web Test Framework  Pwnie Express Pen Test Toolkits Network Testing—Are There Really Different Types of Testing?11

12 Look for known vulnerabilities  Nessus (OpenVAS)  Nexpose  Core Impact  Burp Suite (free and commercial)  Zed Attack Proxy (OWASP) Vulnerability Scan Network Testing—Are There Really Different Types of Testing?12

13 Prove a found vulnerability is exploitable  Metasploit (freed and commercial)  CANVAS Network Exploits Network Testing—Are There Really Different Types of Testing?13

14  Burp Suite (free and commercial)  Zed Attack Proxy (OWASP)  Paros proxy  w3af  Netsparker Web App Exploits Network Testing—Are There Really Different Types of Testing?14

15  Pwnie Express  zANTI  Hackcode  AndroRAT Android Exploits Network Testing—Are There Really Different Types of Testing?15

16  Standard Linux pentest tools  iNalyser iPhone Exploits Network Testing—Are There Really Different Types of Testing?16

17  Pen testing is important  Vulnerability scans are not enough  Exploit testing proves that a vulnerability is important enough to fix  Consider contracting experts  Consider a bug bounty program If you don’t do it, the hackers will Summary Network Testing—Are There Really Different Types of Testing?17

18  sectools.org  n0where.net/directory  OWASP.prg  kali.org Eric Raisters raisters@comcast.net Resources Network Testing—Are There Really Different Types of Testing?18

19 19 Thank you! Network Testing—Are There Really Different Types of Testing?

20 Eric Raisters CISSP, CSSLP raisters@comcast.net raisters@comcast.net Question and Answer Title goes here20 Web CONFERENCE: #ISSAWebConf To ask a question: Type in your question in the Chat area of your screen. You may need to click on the double arrows to open this function. Network Testing—Are There Really Different Types of Testing?

21 Eric Raisters CISSP, CSSLP raisters@comcast.net Thank You Title goes here21 Web CONFERENCE: #ISSAWebConf Network Testing—Are There Really Different Types of Testing?

22 Network Security Testing— Are There Really Different Types of Testing? ira@securementem.com #ISSAWebConf Web CONFERENCES Ira Winkler President, Secure Mentem, CISSP

23 23 Network Testing—Are There Really Different Types of Testing? Copyright Secure Mentem

24 24 Network Testing—Are There Really Different Types of Testing?

25 25 Network Testing—Are There Really Different Types of Testing?

26 26 Network Testing—Are There Really Different Types of Testing? Copyright Secure Mentem

27 27 Network Testing—Are There Really Different Types of Testing? Copyright Secure Mentem

28 28 Network Testing—Are There Really Different Types of Testing? Copyright Secure Mentem

29 29 Network Testing—Are There Really Different Types of Testing?

30 30 Network Testing—Are There Really Different Types of Testing? Copyright Secure Mentem

31 31 Network Testing—Are There Really Different Types of Testing? Copyright Secure Mentem

32 32 Network Testing—Are There Really Different Types of Testing?

33 33 Network Testing—Are There Really Different Types of Testing?

34 34 Network Testing—Are There Really Different Types of Testing?

35 35 Network Testing—Are There Really Different Types of Testing?

36 36 Network Testing—Are There Really Different Types of Testing?

37 37 Network Testing—Are There Really Different Types of Testing?

38 38 Network Testing—Are There Really Different Types of Testing? Thank You

39 Ira Winkler President, Secure Mentem, CISSP +1-443-603-0200 ira@securementem.com ira@securementem.com @irawinkler Question and Answer Title goes here39 Web CONFERENCE: #ISSAWebConf To ask a question: Type in your question in the Chat area of your screen. You may need to click on the double arrows to open this function. Network Testing—Are There Really Different Types of Testing?

40 Ira Winkler President, Secure Mentem, CISSP +1-443-603-02500 ira@securementem.com @irawinkler Thank You Title goes here40 Web CONFERENCE: #ISSAWebConf Network Testing—Are There Really Different Types of Testing?

41 Network Security Testing— Are There Really Different Types of Testing? www.ixiacom.com #ISSAWebConf Web CONFERENCES Donald Shin Sr. Technical Business Development Manager, IXIA

42 42 Network Testing—Are There Really Different Types of Testing?

43 43 Network Testing—Are There Really Different Types of Testing?

44 44 Network Testing—Are There Really Different Types of Testing?

45 45 Network Testing—Are There Really Different Types of Testing?

46 46 Network Testing—Are There Really Different Types of Testing?

47 47 Network Testing—Are There Really Different Types of Testing?

48 48 Network Testing—Are There Really Different Types of Testing?

49 49 Network Testing—Are There Really Different Types of Testing?

50 50 Network Testing—Are There Really Different Types of Testing?

51 51 Network Testing—Are There Really Different Types of Testing?

52 52 Network Testing—Are There Really Different Types of Testing?

53 53 Network Testing—Are There Really Different Types of Testing?

54 54 Network Testing—Are There Really Different Types of Testing?

55 55 Network Testing—Are There Really Different Types of Testing?

56 56 Network Testing—Are There Really Different Types of Testing?

57 57 Network Testing—Are There Really Different Types of Testing?

58 58 Network Testing—Are There Really Different Types of Testing?

59 59 Network Testing—Are There Really Different Types of Testing?

60 60 Network Testing—Are There Really Different Types of Testing?

61 61 Network Testing—Are There Really Different Types of Testing?

62 62 Network Testing—Are There Really Different Types of Testing?

63 Donald Shin Sr. Technical Business Development Manager IXIA www.ixiacom.com Question and Answer Title goes here63 Web CONFERENCE: #ISSAWebConf To ask a question: Type in your question in the Chat area of your screen. You may need to click on the double arrows to open this function. Network Testing—Are There Really Different Types of Testing?

64 Donald Shin Sr. Technical Business Development Manager IXIA www.ixiacom.com Thank You Title goes here64 Web CONFERENCE: #ISSAWebConf Network Testing—Are There Really Different Types of Testing?

65 John Kindervag Vice President & Principal Analyst, Forrester Research Eric Raisters CISSP, CSSLP Ira Winkler President, Secure Mentem, CISSP Donald Shin Sr. Technical Business Development Manager, IXIA Open Panel with Audience Q&A Title goes here65 Web CONFERENCE: #ISSAWebConf To ask a question: Type in your question in the Chat area of your screen. You may need to click on the double arrows to open this function. Network Testing—Are There Really Different Types of Testing?

66 Thank you Citrix for donating the Webcast service Closing Remarks Title goes here66 Web CONFERENCE: #ISSAWebConf Thank You Network Testing—Are There Really Different Types of Testing?

67 Within 24 hours of the conclusion of this webcast, you will receive a link via email to a post Web Conference quiz. After the successful completion of the quiz you will be given an opportunity to PRINT a certificate of attendance to use for the submission of CPE credits. On-Demand Viewers Quiz Link: http://www.surveygizmo.com/s3/2241426/ISSA-Web- Conference-July-28-2015-Network-Security-Testing-Are- There-Really-Different-Types-of-Testing http://www.surveygizmo.com/s3/2241426/ISSA-Web- Conference-July-28-2015-Network-Security-Testing-Are- There-Really-Different-Types-of-Testing CPE Credit Title goes here67 Web CONFERENCE: #ISSAWebConf Network Testing—Are There Really Different Types of Testing?

Download ppt "Network Security Testing— Are There Really Different Types of Testing? July 28, 2015 Start Time: 9 am US Pacific / 12 noon US Eastern / 5 pm London Time."

Similar presentations

PENETRATION TESTING Presenters:Chakrit Sanbuapoh Sr. Information Security MFEC.

PENETRATION TESTING Presenters:Chakrit Sanbuapoh Sr. Information Security MFEC.
Copyright © 2005 - The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation.
Web Vulnerability Assessments

Web Vulnerability Assessments
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
The OWASP Foundation Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under.

The OWASP Foundation Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under.
DevFu! The Inner Ninja in Every Application Developer.

DevFu! The Inner Ninja in Every Application Developer.
Penetration Testing Presented by: Elham Hojati Advisor: Dr. Akbar Namin July 2014.

Penetration Testing Presented by: Elham Hojati Advisor: Dr. Akbar Namin July 2014.
Red Team “You keep using that word, I do not think it means what you think it means” – Inigo Montoya.

Red Team “You keep using that word, I do not think it means what you think it means” – Inigo Montoya.
CSCI 530L Vulnerability Assessment. Process of identifying vulnerabilities that exist in a computer system Has many similarities to risk assessment Four.

CSCI 530L Vulnerability Assessment. Process of identifying vulnerabilities that exist in a computer system Has many similarities to risk assessment Four.
Assessing Vulnerabilities ISA 4220 Server Systems Security James A. Edge Jr., CISSP, CISM, CISA, CPTE, MCSE Sr. Security Analyst Cincinnati Bell Technology.

Assessing Vulnerabilities ISA 4220 Server Systems Security James A. Edge Jr., CISSP, CISM, CISA, CPTE, MCSE Sr. Security Analyst Cincinnati Bell Technology.
Computer Security and Penetration Testing

Computer Security and Penetration Testing
Thessaloniki 28-30 November 2014. Penetration Testing with Android Devices Hacking with our pocket device, made easy! Thomas Sermpinis a.k.a. Cr0wTom.

Thessaloniki November Penetration Testing with Android Devices Hacking with our pocket device, made easy! Thomas Sermpinis a.k.a. Cr0wTom.
Vulnerability Assessment & Penetration Testing By: Michael Lassiter Jr.

Vulnerability Assessment & Penetration Testing By: Michael Lassiter Jr.
The Business of Penetration Testing

The Business of Penetration Testing
Penetration Testing Edmund Whitehead Rayce West. Introduction - Definition of Penetration Testing - Who needs Penetration Testing? - Penetration Testing.

Penetration Testing Edmund Whitehead Rayce West. Introduction - Definition of Penetration Testing - Who needs Penetration Testing? - Penetration Testing.
Security Scanning OWASP Education Nishi Kumar Computer based training

Security Scanning OWASP Education Nishi Kumar Computer based training
BackTrack Penetration Testing Workshop Michael Holcomb, CISSP Upstate ISSA Chapter.

BackTrack Penetration Testing Workshop Michael Holcomb, CISSP Upstate ISSA Chapter.
IDENTIFYING SECURITY ISSUES IN A HIGHER INSTITUTE CMS LAB SITE Panagiotis Loumpardias Konstantinos Chimos.

IDENTIFYING SECURITY ISSUES IN A HIGHER INSTITUTE CMS LAB SITE Panagiotis Loumpardias Konstantinos Chimos.
You Are Not Alone: Pooling Regional Resources to Enhance Information Security Training Kris Monroe, CISA, CISSP Information Security Officer Ithaca College.

You Are Not Alone: Pooling Regional Resources to Enhance Information Security Training Kris Monroe, CISA, CISSP Information Security Officer Ithaca College.
Copyright © 2004 - The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation.

Similar presentations

Ads by Google