SlideShare una empresa de Scribd logo

Advanced Security Testing in the Age of Cyber War

Descargar como PPTX, PDF
S
Sailaja Tennati

Aswath Mohan & Ankur Chadda discuss why an advanced security testing strategy is an essential component in preparing for the onslaught of cyber-attacks. Learn more about security testing: http://bit.ly/P5cTXz

Tecnología
1 de 10
Advanced Security Testing In The Age of Cyber War Oct 11, 2012 PROPRIETARY AND CONFIDENTIAL
Cyber Security Market Trends Growth of Targeted Attacks Rise of Social Engineering CaaS – Crime as a Service 2 PROPRIETARY AND CONFIDENTIAL
Rapid Increase In Targeted Attacks  Between 2005 to 2011 the number of targeted attacks rose by a factor of: • 10 • 50 • 500 • 1000  In 2005 the number of targeted attacks detected by Symantec.cloud was 1 per week. In Nov 2011 it was 95 per day 3 PROPRIETARY AND CONFIDENTIAL
Social Engineering Is The Main Attack Vector  Report indicates that a large % of people reused passwords or the passwords were very similar: • 55 % • 75 % • 95 %  University of Cambridge study found that 75% of users shared passwords between two separate accounts 4 PROPRIETARY AND CONFIDENTIAL
The Growth Of The Zero Day Market  The price for one exploit is as high as $250K • iOS • Chrome • Windows • Microsoft Word  A Bangkok based security researcher with a handle called ‘The Grugq’ sold an iOS exploit for $250K. He is on track to make over $1M this year. 5 PROPRIETARY AND CONFIDENTIAL
Requirements for Advanced Security Testing  Accurate • Test with the latest attacks and vulnerabilities • Discover unknown weaknesses in software  Agile • Recreate new apps and attacks immediately • Leverage new threat profiles  Simple • Intuitive workflow for ease-of-use and adoption • Auto-generate test cases using Studio 7 PROPRIETARY AND CONFIDENTIAL
Spirent TestCloud – Apps & Security Test Store  1,000s of ready-to-run tests  Continuous stream of the latest attacks and apps  Multiple end–points (iPhone, PC, Android) & versions (Skype v5.3.0.8) 8 8 PROPRIETARY AND CONFIDENTIAL
DEMO 1 – Let’s Discover A Zero Day in Jabber 10 PROPRIETARY AND CONFIDENTIAL
DEMO 2 – Now Let’s Unleash Attacks At Scale 11 PROPRIETARY AND CONFIDENTIAL
Thank you PROPRIETARY AND CONFIDENTIAL

Recomendados

Turning security into code by Jeff Williams
Turning security into code by Jeff WilliamsTurning security into code by Jeff Williams
Turning security into code by Jeff WilliamsDevSecCon
 
BlackHat Europe 2013 - Practical Attacks against Mobile Device Management (MDM)
BlackHat Europe 2013 - Practical Attacks against Mobile Device Management (MDM)BlackHat Europe 2013 - Practical Attacks against Mobile Device Management (MDM)
BlackHat Europe 2013 - Practical Attacks against Mobile Device Management (MDM)Lacoon Mobile Security
 
Lessons learned from Detroit to Deming by Derek Weeks
Lessons learned from Detroit to Deming by Derek WeeksLessons learned from Detroit to Deming by Derek Weeks
Lessons learned from Detroit to Deming by Derek WeeksDevSecCon
 
CI/CD pipeline security from start to finish with WhiteSource & CircleCI
CI/CD pipeline security from start to finish with WhiteSource & CircleCICI/CD pipeline security from start to finish with WhiteSource & CircleCI
CI/CD pipeline security from start to finish with WhiteSource & CircleCIWhiteSource
 
Man in the Binder
Man in the BinderMan in the Binder
Man in the Bindernitayart
 
From Zero to DevSecOps: How to Implement Security at the Speed of DevOps
From Zero to DevSecOps: How to Implement Security at the Speed of DevOps From Zero to DevSecOps: How to Implement Security at the Speed of DevOps
From Zero to DevSecOps: How to Implement Security at the Speed of DevOps WhiteSource
 
DevSecCon Asia 2017 Ofer Maor: AppSec DevOps automation – real world cases
DevSecCon Asia 2017 Ofer Maor: AppSec DevOps automation – real world casesDevSecCon Asia 2017 Ofer Maor: AppSec DevOps automation – real world cases
DevSecCon Asia 2017 Ofer Maor: AppSec DevOps automation – real world casesDevSecCon
 
The Changing Landscape of Information Security
The Changing Landscape of Information SecurityThe Changing Landscape of Information Security
The Changing Landscape of Information SecurityDevSecOpsSg
 

Recomendados

Turning security into code by Jeff Williams
Turning security into code by Jeff WilliamsTurning security into code by Jeff Williams
Turning security into code by Jeff WilliamsDevSecCon
 
BlackHat Europe 2013 - Practical Attacks against Mobile Device Management (MDM)
BlackHat Europe 2013 - Practical Attacks against Mobile Device Management (MDM)BlackHat Europe 2013 - Practical Attacks against Mobile Device Management (MDM)
BlackHat Europe 2013 - Practical Attacks against Mobile Device Management (MDM)Lacoon Mobile Security
 
Lessons learned from Detroit to Deming by Derek Weeks
Lessons learned from Detroit to Deming by Derek WeeksLessons learned from Detroit to Deming by Derek Weeks
Lessons learned from Detroit to Deming by Derek WeeksDevSecCon
 
CI/CD pipeline security from start to finish with WhiteSource & CircleCI
CI/CD pipeline security from start to finish with WhiteSource & CircleCICI/CD pipeline security from start to finish with WhiteSource & CircleCI
CI/CD pipeline security from start to finish with WhiteSource & CircleCIWhiteSource
 
Man in the Binder
Man in the BinderMan in the Binder
Man in the Bindernitayart
 
From Zero to DevSecOps: How to Implement Security at the Speed of DevOps
From Zero to DevSecOps: How to Implement Security at the Speed of DevOps From Zero to DevSecOps: How to Implement Security at the Speed of DevOps
From Zero to DevSecOps: How to Implement Security at the Speed of DevOps WhiteSource
 
DevSecCon Asia 2017 Ofer Maor: AppSec DevOps automation – real world cases
DevSecCon Asia 2017 Ofer Maor: AppSec DevOps automation – real world casesDevSecCon Asia 2017 Ofer Maor: AppSec DevOps automation – real world cases
DevSecCon Asia 2017 Ofer Maor: AppSec DevOps automation – real world casesDevSecCon
 
The Changing Landscape of Information Security
The Changing Landscape of Information SecurityThe Changing Landscape of Information Security
The Changing Landscape of Information SecurityDevSecOpsSg
 
From Zero To Hero: Continuous Container Security in 4 Simple Steps- A WhiteSo...
From Zero To Hero: Continuous Container Security in 4 Simple Steps- A WhiteSo...From Zero To Hero: Continuous Container Security in 4 Simple Steps- A WhiteSo...
From Zero To Hero: Continuous Container Security in 4 Simple Steps- A WhiteSo...WhiteSource
 
Securing a great Developer Experience - v1.3
Securing a great Developer Experience - v1.3Securing a great Developer Experience - v1.3
Securing a great Developer Experience - v1.3Stefan Streichsbier
 
iOS Threats - Malicious Configuration Profiles, Threat, Detection & Mitigation
iOS Threats - Malicious Configuration Profiles, Threat, Detection & MitigationiOS Threats - Malicious Configuration Profiles, Threat, Detection & Mitigation
iOS Threats - Malicious Configuration Profiles, Threat, Detection & MitigationLacoon Mobile Security
 
Cyber security and its defence (updated)
Cyber security and its defence (updated)Cyber security and its defence (updated)
Cyber security and its defence (updated)Parshu Ram
 
5 Things Every CISO Needs To Know About Open Source Security - A WhiteSource ...
5 Things Every CISO Needs To Know About Open Source Security - A WhiteSource ...5 Things Every CISO Needs To Know About Open Source Security - A WhiteSource ...
5 Things Every CISO Needs To Know About Open Source Security - A WhiteSource ...WhiteSource
 
The road goes ever on and on by Ciaran Conliffe
The road goes ever on and on by Ciaran ConliffeThe road goes ever on and on by Ciaran Conliffe
The road goes ever on and on by Ciaran ConliffeDevSecCon
 
The path of secure software by Katy Anton
The path of secure software by Katy AntonThe path of secure software by Katy Anton
The path of secure software by Katy AntonDevSecCon
 
Web security
Web security Web security
Web security Kaushal Bhavsar
 
Securing the container DevOps pipeline by William Henry
Securing the container DevOps pipeline by William HenrySecuring the container DevOps pipeline by William Henry
Securing the container DevOps pipeline by William HenryDevSecCon
 
Chapter 1, Transformasi antivirus
Chapter 1, Transformasi antivirusChapter 1, Transformasi antivirus
Chapter 1, Transformasi antivirusAdi Saputra
 
Threat Modeling Everything
Threat Modeling EverythingThreat Modeling Everything
Threat Modeling EverythingAnne Oikarinen
 
Time based security for cloud computing
Time based security for cloud computingTime based security for cloud computing
Time based security for cloud computingJorge Sebastiao
 
What endpoint protection solutions are available on the market today?
What endpoint protection solutions are available on the market today?What endpoint protection solutions are available on the market today?
What endpoint protection solutions are available on the market today?David Strom
 
DevSecCon Asia 2017 Shannon Lietz: Security is Shifting Left
DevSecCon Asia 2017 Shannon Lietz: Security is Shifting LeftDevSecCon Asia 2017 Shannon Lietz: Security is Shifting Left
DevSecCon Asia 2017 Shannon Lietz: Security is Shifting LeftDevSecCon
 
2019 DerbyCon - Ryan Elkins - Scientific Computing for Information Security
2019 DerbyCon - Ryan Elkins - Scientific Computing for Information Security2019 DerbyCon - Ryan Elkins - Scientific Computing for Information Security
2019 DerbyCon - Ryan Elkins - Scientific Computing for Information SecurityRyan Elkins
 
Soha Systems DevOps Summit New York June 2015
Soha Systems DevOps Summit New York June 2015Soha Systems DevOps Summit New York June 2015
Soha Systems DevOps Summit New York June 2015Robert Berlin
 
The Security Pro's Guide to DevSecOps: How to Get Developers To Write Secure ...
The Security Pro's Guide to DevSecOps: How to Get Developers To Write Secure ...The Security Pro's Guide to DevSecOps: How to Get Developers To Write Secure ...
The Security Pro's Guide to DevSecOps: How to Get Developers To Write Secure ...Franklin Mosley
 
Threat Modeling In 2021
Threat Modeling In 2021Threat Modeling In 2021
Threat Modeling In 2021Adam Shostack
 
Summers@Mizzou 2017 Hacker Tracker Talk
Summers@Mizzou 2017 Hacker Tracker TalkSummers@Mizzou 2017 Hacker Tracker Talk
Summers@Mizzou 2017 Hacker Tracker TalkPrasad Calyam
 
DevOps and the Future of Information Security
DevOps and the Future of Information SecurityDevOps and the Future of Information Security
DevOps and the Future of Information SecurityDarin Morris
 
Journey to the Cloud: Securing Your AWS Applications - April 2015
Journey to the Cloud: Securing Your AWS Applications - April 2015Journey to the Cloud: Securing Your AWS Applications - April 2015
Journey to the Cloud: Securing Your AWS Applications - April 2015Alert Logic
 
Top Application Security Trends of 2012
Top Application Security Trends of 2012Top Application Security Trends of 2012
Top Application Security Trends of 2012DaveEdwards12
 

Más contenido relacionado

La actualidad más candente

From Zero To Hero: Continuous Container Security in 4 Simple Steps- A WhiteSo...
From Zero To Hero: Continuous Container Security in 4 Simple Steps- A WhiteSo...From Zero To Hero: Continuous Container Security in 4 Simple Steps- A WhiteSo...
From Zero To Hero: Continuous Container Security in 4 Simple Steps- A WhiteSo...WhiteSource
 
Securing a great Developer Experience - v1.3
Securing a great Developer Experience - v1.3Securing a great Developer Experience - v1.3
Securing a great Developer Experience - v1.3Stefan Streichsbier
 
iOS Threats - Malicious Configuration Profiles, Threat, Detection & Mitigation
iOS Threats - Malicious Configuration Profiles, Threat, Detection & MitigationiOS Threats - Malicious Configuration Profiles, Threat, Detection & Mitigation
iOS Threats - Malicious Configuration Profiles, Threat, Detection & MitigationLacoon Mobile Security
 
Cyber security and its defence (updated)
Cyber security and its defence (updated)Cyber security and its defence (updated)
Cyber security and its defence (updated)Parshu Ram
 
5 Things Every CISO Needs To Know About Open Source Security - A WhiteSource ...
5 Things Every CISO Needs To Know About Open Source Security - A WhiteSource ...5 Things Every CISO Needs To Know About Open Source Security - A WhiteSource ...
5 Things Every CISO Needs To Know About Open Source Security - A WhiteSource ...WhiteSource
 
The road goes ever on and on by Ciaran Conliffe
The road goes ever on and on by Ciaran ConliffeThe road goes ever on and on by Ciaran Conliffe
The road goes ever on and on by Ciaran ConliffeDevSecCon
 
The path of secure software by Katy Anton
The path of secure software by Katy AntonThe path of secure software by Katy Anton
The path of secure software by Katy AntonDevSecCon
 
Securing the container DevOps pipeline by William Henry
Securing the container DevOps pipeline by William HenrySecuring the container DevOps pipeline by William Henry
Securing the container DevOps pipeline by William HenryDevSecCon
 
Chapter 1, Transformasi antivirus
Chapter 1, Transformasi antivirusChapter 1, Transformasi antivirus
Chapter 1, Transformasi antivirusAdi Saputra
 
Threat Modeling Everything
Threat Modeling EverythingThreat Modeling Everything
Threat Modeling EverythingAnne Oikarinen
 
Time based security for cloud computing
Time based security for cloud computingTime based security for cloud computing
Time based security for cloud computingJorge Sebastiao
 
What endpoint protection solutions are available on the market today?
What endpoint protection solutions are available on the market today?What endpoint protection solutions are available on the market today?
What endpoint protection solutions are available on the market today?David Strom
 
DevSecCon Asia 2017 Shannon Lietz: Security is Shifting Left
DevSecCon Asia 2017 Shannon Lietz: Security is Shifting LeftDevSecCon Asia 2017 Shannon Lietz: Security is Shifting Left
DevSecCon Asia 2017 Shannon Lietz: Security is Shifting LeftDevSecCon
 
2019 DerbyCon - Ryan Elkins - Scientific Computing for Information Security
2019 DerbyCon - Ryan Elkins - Scientific Computing for Information Security2019 DerbyCon - Ryan Elkins - Scientific Computing for Information Security
2019 DerbyCon - Ryan Elkins - Scientific Computing for Information SecurityRyan Elkins
 
Soha Systems DevOps Summit New York June 2015
Soha Systems DevOps Summit New York June 2015Soha Systems DevOps Summit New York June 2015
Soha Systems DevOps Summit New York June 2015Robert Berlin
 
The Security Pro's Guide to DevSecOps: How to Get Developers To Write Secure ...
The Security Pro's Guide to DevSecOps: How to Get Developers To Write Secure ...The Security Pro's Guide to DevSecOps: How to Get Developers To Write Secure ...
The Security Pro's Guide to DevSecOps: How to Get Developers To Write Secure ...Franklin Mosley
 
Threat Modeling In 2021
Threat Modeling In 2021Threat Modeling In 2021
Threat Modeling In 2021Adam Shostack
 
Summers@Mizzou 2017 Hacker Tracker Talk
Summers@Mizzou 2017 Hacker Tracker TalkSummers@Mizzou 2017 Hacker Tracker Talk
Summers@Mizzou 2017 Hacker Tracker TalkPrasad Calyam
 
DevOps and the Future of Information Security
DevOps and the Future of Information SecurityDevOps and the Future of Information Security
DevOps and the Future of Information SecurityDarin Morris
 

La actualidad más candente (20)

From Zero To Hero: Continuous Container Security in 4 Simple Steps- A WhiteSo...
From Zero To Hero: Continuous Container Security in 4 Simple Steps- A WhiteSo...From Zero To Hero: Continuous Container Security in 4 Simple Steps- A WhiteSo...
From Zero To Hero: Continuous Container Security in 4 Simple Steps- A WhiteSo...
 
Securing a great Developer Experience - v1.3
Securing a great Developer Experience - v1.3Securing a great Developer Experience - v1.3
Securing a great Developer Experience - v1.3
 
iOS Threats - Malicious Configuration Profiles, Threat, Detection & Mitigation
iOS Threats - Malicious Configuration Profiles, Threat, Detection & MitigationiOS Threats - Malicious Configuration Profiles, Threat, Detection & Mitigation
iOS Threats - Malicious Configuration Profiles, Threat, Detection & Mitigation
 
Cyber security and its defence (updated)
Cyber security and its defence (updated)Cyber security and its defence (updated)
Cyber security and its defence (updated)
 
5 Things Every CISO Needs To Know About Open Source Security - A WhiteSource ...
5 Things Every CISO Needs To Know About Open Source Security - A WhiteSource ...5 Things Every CISO Needs To Know About Open Source Security - A WhiteSource ...
5 Things Every CISO Needs To Know About Open Source Security - A WhiteSource ...
 
The road goes ever on and on by Ciaran Conliffe
The road goes ever on and on by Ciaran ConliffeThe road goes ever on and on by Ciaran Conliffe
The road goes ever on and on by Ciaran Conliffe
 
The path of secure software by Katy Anton
The path of secure software by Katy AntonThe path of secure software by Katy Anton
The path of secure software by Katy Anton
 
Web security
Web security Web security
Web security
 
Securing the container DevOps pipeline by William Henry
Securing the container DevOps pipeline by William HenrySecuring the container DevOps pipeline by William Henry
Securing the container DevOps pipeline by William Henry
 
Chapter 1, Transformasi antivirus
Chapter 1, Transformasi antivirusChapter 1, Transformasi antivirus
Chapter 1, Transformasi antivirus
 
Threat Modeling Everything
Threat Modeling EverythingThreat Modeling Everything
Threat Modeling Everything
 
Time based security for cloud computing
Time based security for cloud computingTime based security for cloud computing
Time based security for cloud computing
 
What endpoint protection solutions are available on the market today?
What endpoint protection solutions are available on the market today?What endpoint protection solutions are available on the market today?
What endpoint protection solutions are available on the market today?
 
DevSecCon Asia 2017 Shannon Lietz: Security is Shifting Left
DevSecCon Asia 2017 Shannon Lietz: Security is Shifting LeftDevSecCon Asia 2017 Shannon Lietz: Security is Shifting Left
DevSecCon Asia 2017 Shannon Lietz: Security is Shifting Left
 
2019 DerbyCon - Ryan Elkins - Scientific Computing for Information Security
2019 DerbyCon - Ryan Elkins - Scientific Computing for Information Security2019 DerbyCon - Ryan Elkins - Scientific Computing for Information Security
2019 DerbyCon - Ryan Elkins - Scientific Computing for Information Security
 
Soha Systems DevOps Summit New York June 2015
Soha Systems DevOps Summit New York June 2015Soha Systems DevOps Summit New York June 2015
Soha Systems DevOps Summit New York June 2015
 
The Security Pro's Guide to DevSecOps: How to Get Developers To Write Secure ...
The Security Pro's Guide to DevSecOps: How to Get Developers To Write Secure ...The Security Pro's Guide to DevSecOps: How to Get Developers To Write Secure ...
The Security Pro's Guide to DevSecOps: How to Get Developers To Write Secure ...
 
Threat Modeling In 2021
Threat Modeling In 2021Threat Modeling In 2021
Threat Modeling In 2021
 
Summers@Mizzou 2017 Hacker Tracker Talk
Summers@Mizzou 2017 Hacker Tracker TalkSummers@Mizzou 2017 Hacker Tracker Talk
Summers@Mizzou 2017 Hacker Tracker Talk
 
DevOps and the Future of Information Security
DevOps and the Future of Information SecurityDevOps and the Future of Information Security
DevOps and the Future of Information Security
 

Similar a Advanced Security Testing in the Age of Cyber War

Journey to the Cloud: Securing Your AWS Applications - April 2015
Journey to the Cloud: Securing Your AWS Applications - April 2015Journey to the Cloud: Securing Your AWS Applications - April 2015
Journey to the Cloud: Securing Your AWS Applications - April 2015Alert Logic
 
Top Application Security Trends of 2012
Top Application Security Trends of 2012Top Application Security Trends of 2012
Top Application Security Trends of 2012DaveEdwards12
 
30 it securitythreatsvulnerabilitiesandcountermeasuresv1_2
30 it securitythreatsvulnerabilitiesandcountermeasuresv1_230 it securitythreatsvulnerabilitiesandcountermeasuresv1_2
30 it securitythreatsvulnerabilitiesandcountermeasuresv1_2Gaurav Srivastav
 
CSS 17: NYC - Realities of Security in the Cloud
CSS 17: NYC - Realities of Security in the CloudCSS 17: NYC - Realities of Security in the Cloud
CSS 17: NYC - Realities of Security in the CloudAlert Logic
 
Security at the Breaking Point: Rethink Security in 2013
Security at the Breaking Point: Rethink Security in 2013 Security at the Breaking Point: Rethink Security in 2013
Security at the Breaking Point: Rethink Security in 2013 Skybox Security
 
Transitioning to Next-Generation Firewall Management - 3 Ways to Accelerate t...
Transitioning to Next-Generation Firewall Management - 3 Ways to Accelerate t...Transitioning to Next-Generation Firewall Management - 3 Ways to Accelerate t...
Transitioning to Next-Generation Firewall Management - 3 Ways to Accelerate t...Skybox Security
 
CSS17: Atlanta - Realities of Security in the Cloud
CSS17: Atlanta - Realities of Security in the CloudCSS17: Atlanta - Realities of Security in the Cloud
CSS17: Atlanta - Realities of Security in the CloudAlert Logic
 
Secure application deployment in the age of continuous delivery
Secure application deployment in the age of continuous deliverySecure application deployment in the age of continuous delivery
Secure application deployment in the age of continuous deliveryTim Mackey
 
Secure application deployment in the age of continuous delivery
Secure application deployment in the age of continuous deliverySecure application deployment in the age of continuous delivery
Secure application deployment in the age of continuous deliveryBlack Duck by Synopsys
 
Css sf azure_8-9-17-intro to security in the cloud_mark brooks_al
Css sf azure_8-9-17-intro to security in the cloud_mark brooks_alCss sf azure_8-9-17-intro to security in the cloud_mark brooks_al
Css sf azure_8-9-17-intro to security in the cloud_mark brooks_alAlert Logic
 
CSS17: Houston - Introduction to Security in the Cloud
CSS17: Houston - Introduction to Security in the CloudCSS17: Houston - Introduction to Security in the Cloud
CSS17: Houston - Introduction to Security in the CloudAlert Logic
 
Security: more important than ever - Sophos Day Belux 2014
Security: more important than ever - Sophos Day Belux 2014Security: more important than ever - Sophos Day Belux 2014
Security: more important than ever - Sophos Day Belux 2014Sophos Benelux
 
Security Lifecycle Management Process
Security Lifecycle Management ProcessSecurity Lifecycle Management Process
Security Lifecycle Management ProcessBill Ross
 
Realities of Security in the Cloud
Realities of Security in the CloudRealities of Security in the Cloud
Realities of Security in the CloudAlert Logic
 
Achieving Deeper Network, Mobile and Email Security
Achieving Deeper Network, Mobile and Email SecurityAchieving Deeper Network, Mobile and Email Security
Achieving Deeper Network, Mobile and Email SecurityDell World
 
Mobile Application Security Threats through the Eyes of the Attacker
Mobile Application Security Threats through the Eyes of the AttackerMobile Application Security Threats through the Eyes of the Attacker
Mobile Application Security Threats through the Eyes of the Attackerbugcrowd
 

Similar a Advanced Security Testing in the Age of Cyber War (20)

Journey to the Cloud: Securing Your AWS Applications - April 2015
Journey to the Cloud: Securing Your AWS Applications - April 2015Journey to the Cloud: Securing Your AWS Applications - April 2015
Journey to the Cloud: Securing Your AWS Applications - April 2015
 
Top Application Security Trends of 2012
Top Application Security Trends of 2012Top Application Security Trends of 2012
Top Application Security Trends of 2012
 
30 it securitythreatsvulnerabilitiesandcountermeasuresv1_2
30 it securitythreatsvulnerabilitiesandcountermeasuresv1_230 it securitythreatsvulnerabilitiesandcountermeasuresv1_2
30 it securitythreatsvulnerabilitiesandcountermeasuresv1_2
 
CSS 17: NYC - Realities of Security in the Cloud
CSS 17: NYC - Realities of Security in the CloudCSS 17: NYC - Realities of Security in the Cloud
CSS 17: NYC - Realities of Security in the Cloud
 
Security at the Breaking Point: Rethink Security in 2013
Security at the Breaking Point: Rethink Security in 2013 Security at the Breaking Point: Rethink Security in 2013
Security at the Breaking Point: Rethink Security in 2013
 
Transitioning to Next-Generation Firewall Management - 3 Ways to Accelerate t...
Transitioning to Next-Generation Firewall Management - 3 Ways to Accelerate t...Transitioning to Next-Generation Firewall Management - 3 Ways to Accelerate t...
Transitioning to Next-Generation Firewall Management - 3 Ways to Accelerate t...
 
Mobile App Security Testing -2
Mobile App Security Testing -2Mobile App Security Testing -2
Mobile App Security Testing -2
 
CSS17: Atlanta - Realities of Security in the Cloud
CSS17: Atlanta - Realities of Security in the CloudCSS17: Atlanta - Realities of Security in the Cloud
CSS17: Atlanta - Realities of Security in the Cloud
 
Application Hackers Have A Handbook. Why Shouldn't You?
Application Hackers Have A Handbook. Why Shouldn't You?Application Hackers Have A Handbook. Why Shouldn't You?
Application Hackers Have A Handbook. Why Shouldn't You?
 
New Horizons SCYBER Presentation
New Horizons SCYBER PresentationNew Horizons SCYBER Presentation
New Horizons SCYBER Presentation
 
Secure application deployment in the age of continuous delivery
Secure application deployment in the age of continuous deliverySecure application deployment in the age of continuous delivery
Secure application deployment in the age of continuous delivery
 
Secure application deployment in the age of continuous delivery
Secure application deployment in the age of continuous deliverySecure application deployment in the age of continuous delivery
Secure application deployment in the age of continuous delivery
 
Css sf azure_8-9-17-intro to security in the cloud_mark brooks_al
Css sf azure_8-9-17-intro to security in the cloud_mark brooks_alCss sf azure_8-9-17-intro to security in the cloud_mark brooks_al
Css sf azure_8-9-17-intro to security in the cloud_mark brooks_al
 
CSS17: Houston - Introduction to Security in the Cloud
CSS17: Houston - Introduction to Security in the CloudCSS17: Houston - Introduction to Security in the Cloud
CSS17: Houston - Introduction to Security in the Cloud
 
Security: more important than ever - Sophos Day Belux 2014
Security: more important than ever - Sophos Day Belux 2014Security: more important than ever - Sophos Day Belux 2014
Security: more important than ever - Sophos Day Belux 2014
 
Security Lifecycle Management Process
Security Lifecycle Management ProcessSecurity Lifecycle Management Process
Security Lifecycle Management Process
 
News Bytes June 2012
News Bytes June 2012News Bytes June 2012
News Bytes June 2012
 
Realities of Security in the Cloud
Realities of Security in the CloudRealities of Security in the Cloud
Realities of Security in the Cloud
 
Achieving Deeper Network, Mobile and Email Security
Achieving Deeper Network, Mobile and Email SecurityAchieving Deeper Network, Mobile and Email Security
Achieving Deeper Network, Mobile and Email Security
 
Mobile Application Security Threats through the Eyes of the Attacker
Mobile Application Security Threats through the Eyes of the AttackerMobile Application Security Threats through the Eyes of the Attacker
Mobile Application Security Threats through the Eyes of the Attacker
 

Más de Sailaja Tennati

Retail Transformation Begins with a Unified Commerce Platfrom.pdf
Retail Transformation Begins with a Unified Commerce Platfrom.pdfRetail Transformation Begins with a Unified Commerce Platfrom.pdf
Retail Transformation Begins with a Unified Commerce Platfrom.pdfSailaja Tennati
 
IEEE Buenaventura cs Chapter March 9 2016 v4
IEEE Buenaventura cs Chapter March 9 2016 v4IEEE Buenaventura cs Chapter March 9 2016 v4
IEEE Buenaventura cs Chapter March 9 2016 v4Sailaja Tennati
 
Spirent Accelerating SDN and NFV Deployments
Spirent Accelerating SDN and NFV DeploymentsSpirent Accelerating SDN and NFV Deployments
Spirent Accelerating SDN and NFV DeploymentsSailaja Tennati
 
Spirent: The Internet of Things: The Expanded Security Perimeter
Spirent: The Internet of Things: The Expanded Security Perimeter Spirent: The Internet of Things: The Expanded Security Perimeter
Spirent: The Internet of Things: The Expanded Security Perimeter Sailaja Tennati
 
Spirent's Study on Battery life Competition: Samsung S5 vs. S4
Spirent's Study on Battery life Competition: Samsung S5 vs. S4Spirent's Study on Battery life Competition: Samsung S5 vs. S4
Spirent's Study on Battery life Competition: Samsung S5 vs. S4Sailaja Tennati
 
Spirent: Datum User Experience Analytics System
Spirent: Datum User Experience Analytics SystemSpirent: Datum User Experience Analytics System
Spirent: Datum User Experience Analytics SystemSailaja Tennati
 
DevOps Continuous Testing and LaaS – The Perfect Match for SDN
DevOps Continuous Testing and LaaS – The Perfect Match for SDNDevOps Continuous Testing and LaaS – The Perfect Match for SDN
DevOps Continuous Testing and LaaS – The Perfect Match for SDNSailaja Tennati
 
Best Practices for Accelerating Continuous Testing
Best Practices for Accelerating Continuous TestingBest Practices for Accelerating Continuous Testing
Best Practices for Accelerating Continuous TestingSailaja Tennati
 
DevOps – what is it? Why? Is it real? How to do it?
DevOps – what is it? Why? Is it real? How to do it?DevOps – what is it? Why? Is it real? How to do it?
DevOps – what is it? Why? Is it real? How to do it?Sailaja Tennati
 
Case Study - Implementing DevOps for a complex hardware/software-based networ...
Case Study - Implementing DevOps for a complex hardware/software-based networ...Case Study - Implementing DevOps for a complex hardware/software-based networ...
Case Study - Implementing DevOps for a complex hardware/software-based networ...Sailaja Tennati
 
DevOps Summit 2015 Presentation: Continuous Testing At the Speed of DevOps
DevOps Summit 2015 Presentation: Continuous Testing At the Speed of DevOpsDevOps Summit 2015 Presentation: Continuous Testing At the Speed of DevOps
DevOps Summit 2015 Presentation: Continuous Testing At the Speed of DevOpsSailaja Tennati
 
GNSS Receivers and the Cyber Threat
GNSS Receivers and the Cyber ThreatGNSS Receivers and the Cyber Threat
GNSS Receivers and the Cyber ThreatSailaja Tennati
 
Ensuring the User Experience for Global Mobile Device Launches
Ensuring the User Experience for Global Mobile Device LaunchesEnsuring the User Experience for Global Mobile Device Launches
Ensuring the User Experience for Global Mobile Device LaunchesSailaja Tennati
 
Testing Network Routers for Extreme Scale and Performance
Testing Network Routers for Extreme Scale and Performance Testing Network Routers for Extreme Scale and Performance
Testing Network Routers for Extreme Scale and Performance Sailaja Tennati
 
Spirent 400G Ethernet Test Solution - A Technical Overview
Spirent 400G Ethernet Test Solution - A Technical OverviewSpirent 400G Ethernet Test Solution - A Technical Overview
Spirent 400G Ethernet Test Solution - A Technical OverviewSailaja Tennati
 
ICSA Presents: Scalable Performance Testing - How Spirent Makes That Possible
ICSA Presents: Scalable Performance Testing - How Spirent Makes That PossibleICSA Presents: Scalable Performance Testing - How Spirent Makes That Possible
ICSA Presents: Scalable Performance Testing - How Spirent Makes That PossibleSailaja Tennati
 
Spirent Communications - Networking Field Day Presentation 6 - Sept. 2013
Spirent Communications - Networking Field Day Presentation 6 - Sept. 2013Spirent Communications - Networking Field Day Presentation 6 - Sept. 2013
Spirent Communications - Networking Field Day Presentation 6 - Sept. 2013Sailaja Tennati
 
App-Aware Security Testing with Spirent Avalanche NEXT
App-Aware Security Testing with Spirent Avalanche NEXTApp-Aware Security Testing with Spirent Avalanche NEXT
App-Aware Security Testing with Spirent Avalanche NEXTSailaja Tennati
 
The VoLTE User Experience--Better or Worse
The VoLTE User Experience--Better or WorseThe VoLTE User Experience--Better or Worse
The VoLTE User Experience--Better or WorseSailaja Tennati
 

Más de Sailaja Tennati (20)

Retail Transformation Begins with a Unified Commerce Platfrom.pdf
Retail Transformation Begins with a Unified Commerce Platfrom.pdfRetail Transformation Begins with a Unified Commerce Platfrom.pdf
Retail Transformation Begins with a Unified Commerce Platfrom.pdf
 
IEEE Buenaventura cs Chapter March 9 2016 v4
IEEE Buenaventura cs Chapter March 9 2016 v4IEEE Buenaventura cs Chapter March 9 2016 v4
IEEE Buenaventura cs Chapter March 9 2016 v4
 
Spirent Accelerating SDN and NFV Deployments
Spirent Accelerating SDN and NFV DeploymentsSpirent Accelerating SDN and NFV Deployments
Spirent Accelerating SDN and NFV Deployments
 
Spirent: The Internet of Things: The Expanded Security Perimeter
Spirent: The Internet of Things: The Expanded Security Perimeter Spirent: The Internet of Things: The Expanded Security Perimeter
Spirent: The Internet of Things: The Expanded Security Perimeter
 
Spirent's Study on Battery life Competition: Samsung S5 vs. S4
Spirent's Study on Battery life Competition: Samsung S5 vs. S4Spirent's Study on Battery life Competition: Samsung S5 vs. S4
Spirent's Study on Battery life Competition: Samsung S5 vs. S4
 
Spirent: Datum User Experience Analytics System
Spirent: Datum User Experience Analytics SystemSpirent: Datum User Experience Analytics System
Spirent: Datum User Experience Analytics System
 
DevOps Continuous Testing and LaaS – The Perfect Match for SDN
DevOps Continuous Testing and LaaS – The Perfect Match for SDNDevOps Continuous Testing and LaaS – The Perfect Match for SDN
DevOps Continuous Testing and LaaS – The Perfect Match for SDN
 
Best Practices for Accelerating Continuous Testing
Best Practices for Accelerating Continuous TestingBest Practices for Accelerating Continuous Testing
Best Practices for Accelerating Continuous Testing
 
DevOps – what is it? Why? Is it real? How to do it?
DevOps – what is it? Why? Is it real? How to do it?DevOps – what is it? Why? Is it real? How to do it?
DevOps – what is it? Why? Is it real? How to do it?
 
Case Study - Implementing DevOps for a complex hardware/software-based networ...
Case Study - Implementing DevOps for a complex hardware/software-based networ...Case Study - Implementing DevOps for a complex hardware/software-based networ...
Case Study - Implementing DevOps for a complex hardware/software-based networ...
 
DevOps Summit 2015 Presentation: Continuous Testing At the Speed of DevOps
DevOps Summit 2015 Presentation: Continuous Testing At the Speed of DevOpsDevOps Summit 2015 Presentation: Continuous Testing At the Speed of DevOps
DevOps Summit 2015 Presentation: Continuous Testing At the Speed of DevOps
 
GNSS Receivers and the Cyber Threat
GNSS Receivers and the Cyber ThreatGNSS Receivers and the Cyber Threat
GNSS Receivers and the Cyber Threat
 
VoLTE Testing Explained
VoLTE Testing ExplainedVoLTE Testing Explained
VoLTE Testing Explained
 
Ensuring the User Experience for Global Mobile Device Launches
Ensuring the User Experience for Global Mobile Device LaunchesEnsuring the User Experience for Global Mobile Device Launches
Ensuring the User Experience for Global Mobile Device Launches
 
Testing Network Routers for Extreme Scale and Performance
Testing Network Routers for Extreme Scale and Performance Testing Network Routers for Extreme Scale and Performance
Testing Network Routers for Extreme Scale and Performance
 
Spirent 400G Ethernet Test Solution - A Technical Overview
Spirent 400G Ethernet Test Solution - A Technical OverviewSpirent 400G Ethernet Test Solution - A Technical Overview
Spirent 400G Ethernet Test Solution - A Technical Overview
 
ICSA Presents: Scalable Performance Testing - How Spirent Makes That Possible
ICSA Presents: Scalable Performance Testing - How Spirent Makes That PossibleICSA Presents: Scalable Performance Testing - How Spirent Makes That Possible
ICSA Presents: Scalable Performance Testing - How Spirent Makes That Possible
 
Spirent Communications - Networking Field Day Presentation 6 - Sept. 2013
Spirent Communications - Networking Field Day Presentation 6 - Sept. 2013Spirent Communications - Networking Field Day Presentation 6 - Sept. 2013
Spirent Communications - Networking Field Day Presentation 6 - Sept. 2013
 
App-Aware Security Testing with Spirent Avalanche NEXT
App-Aware Security Testing with Spirent Avalanche NEXTApp-Aware Security Testing with Spirent Avalanche NEXT
App-Aware Security Testing with Spirent Avalanche NEXT
 
The VoLTE User Experience--Better or Worse
The VoLTE User Experience--Better or WorseThe VoLTE User Experience--Better or Worse
The VoLTE User Experience--Better or Worse
 

Último

Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...apidays
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024The Digital Insurer
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024The Digital Insurer
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...Zilliz
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDropbox
 
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Zilliz
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyKhushali Kathiriya
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsNanddeep Nachan
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesrafiqahmad00786416
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 
A Beginners Guide to Building a RAG App Using Open Source Milvus
A Beginners Guide to Building a RAG App Using Open Source MilvusA Beginners Guide to Building a RAG App Using Open Source Milvus
A Beginners Guide to Building a RAG App Using Open Source MilvusZilliz
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...apidays
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc
 
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot ModelNavi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot ModelDeepika Singh
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 

Último (20)

Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
A Beginners Guide to Building a RAG App Using Open Source Milvus
A Beginners Guide to Building a RAG App Using Open Source MilvusA Beginners Guide to Building a RAG App Using Open Source Milvus
A Beginners Guide to Building a RAG App Using Open Source Milvus
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot ModelNavi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 

Advanced Security Testing in the Age of Cyber War

  • 1. Advanced Security Testing In The Age of Cyber War Oct 11, 2012 PROPRIETARY AND CONFIDENTIAL
  • 2. Cyber Security Market Trends Growth of Targeted Attacks Rise of Social Engineering CaaS – Crime as a Service 2 PROPRIETARY AND CONFIDENTIAL
  • 3. Rapid Increase In Targeted Attacks  Between 2005 to 2011 the number of targeted attacks rose by a factor of: • 10 • 50 • 500 • 1000  In 2005 the number of targeted attacks detected by Symantec.cloud was 1 per week. In Nov 2011 it was 95 per day 3 PROPRIETARY AND CONFIDENTIAL
  • 4. Social Engineering Is The Main Attack Vector  Report indicates that a large % of people reused passwords or the passwords were very similar: • 55 % • 75 % • 95 %  University of Cambridge study found that 75% of users shared passwords between two separate accounts 4 PROPRIETARY AND CONFIDENTIAL
  • 5. The Growth Of The Zero Day Market  The price for one exploit is as high as $250K • iOS • Chrome • Windows • Microsoft Word  A Bangkok based security researcher with a handle called ‘The Grugq’ sold an iOS exploit for $250K. He is on track to make over $1M this year. 5 PROPRIETARY AND CONFIDENTIAL
  • 6. Requirements for Advanced Security Testing  Accurate • Test with the latest attacks and vulnerabilities • Discover unknown weaknesses in software  Agile • Recreate new apps and attacks immediately • Leverage new threat profiles  Simple • Intuitive workflow for ease-of-use and adoption • Auto-generate test cases using Studio 7 PROPRIETARY AND CONFIDENTIAL
  • 7. Spirent TestCloud – Apps & Security Test Store  1,000s of ready-to-run tests  Continuous stream of the latest attacks and apps  Multiple end–points (iPhone, PC, Android) & versions (Skype v5.3.0.8) 8 8 PROPRIETARY AND CONFIDENTIAL
  • 8. DEMO 1 – Let’s Discover A Zero Day in Jabber 10 PROPRIETARY AND CONFIDENTIAL
  • 9. DEMO 2 – Now Let’s Unleash Attacks At Scale 11 PROPRIETARY AND CONFIDENTIAL

Notas del editor

  1. Small and medium businesses are seen as easy targets by hackers as they lack the resources and budget to secure their infrastructure like larger businesses do.Government and private entities are teaming up together to deal a blow to perpetrators which one might not be able to do on its own.Mobile Apps, social media, cloud computing
  2. In 2005 the number of targeted attacks detected by Symantec.cloud was 1 per weekIn Nov 2011 it was 95 per day An attack can be considered as targeted if it is intended for a specific person or organization, typically created toevade traditional security defenses and frequently makes use of advanced social engineering techniques.1. Symantec Intelligence Report Nov 2011. Also the number of attacks against online businesses rose by a factor of 5 according to Verizon Business Report
  3. University of Cambridge researcher - http://www.lightbluetouchpaper.org/2011/02/09/measuring-password-re-use-empirically/. Rootkit.com and gawker.com.An addition 8% only changed capitalization. FaceBook now has 1B accounts (not including China)
  4. http://www.forbes.com/sites/andygreenberg/2012/03/23/shopping-for-zero-days-an-price-list-for-hackers-secret-software-exploits/http://www.forbes.com/sites/andygreenberg/2012/03/21/meet-the-hackers-who-sell-spies-the-tools-to-crack-your-pc-and-get-paid-six-figure-fees/
  5. Systematically test for the unexpectedFind unknown vulnerabilitiesMillions of test casesAutomated lights-out approach