SlideShare una empresa de Scribd logo

Ethical Hacking & Penetration Testing

Descargar como PPTX, PDF
E
ecmee
Tecnología
1 de 13
Ethical Hacking & Penetration Testing Presented By: Emily Chow July 6, 2011
Agenda #1 What is Ethical Hacking/Penetration Testing? #2 Issues Relevant to Organizations #3 Tools & Techniques of Penetration Testing #4 Benefits & Limitations of Penetration Testing #5 Impact on the CA Profession #6 Current Issues #7 Recommendations
1. What is Ethical Hacking/Penetration Testing? Objective: Improve the security system and close the security gaps before a real hacker penetrates within the organization Preventative measure Exploit a company’s security weaknesses by using same or similar techniques of malicious hackers “White Hat Hackers” “Red Team”
2. Issues Relevant to Organizations Internal Risk: malicious employees & employee’s lack of security awareness External Risk: exploitation of external hackers Non-Financial Losses: damaged reputation, loss of credibility Financial Losses: lost in revenue, litigations
Pros - automation Cost-effective Perform in several hours As frequent as possible Flexibility of substituting different scenarios Pros - manual 2. Types of Penetration Testing: Automated vs. Manual ,[object Object],[object Object]
Web Applications Software 2. Penetration Testing Techniques Denial of Service Wireless Network Social Engineering Google Hacking
Google search: intitle:"index of" site:edu "server at" 3. Google Hacking Example
Benefits Strengthen security procedures and processes Improve efficiency and effectiveness of risk management Increase degree of transparency Not 100% guaranteed Changing technology Legislations and contractual obligations restrictions Limited resources over limited period of time Limitations 4. Benefits & Limitations of Penetration Testing
5. Impact on CA Profession Provide greater assurance in addition to SysTrust, WebTrust and Section 5900 Conformity with PIPEDA, Gramm-Leach-Act and SOX IS Auditing Standards, CISA, COBIT Framework Goes beyond the traditional methods by auditors
6. Current Hacking Issues in 2011 Sony’s PlayStation Video Games – loss of personal data from 77M users’ Sony Ericsson’s Canada eShop- loss of data from 2,000 customer accounts Google’s Gmail Accounts – U.S. Government Officials CitiBank – loss of 200,000 credit card customers data This calls for a greater need for penetration testing!
SIGNIFICANCE Breach of trust LIKELIHOOD “Target of choice” “Target of opportunity” PENETRATION TESTING 7.Recommendations
Thank You! Pleasefeel free to contact me via uwace if you have any questions
Ethical Hacking & Penetration Testing

Recomendados

Vulnerability assessment & Penetration testing Basics
Vulnerability assessment & Penetration testing Basics Vulnerability assessment & Penetration testing Basics
Vulnerability assessment & Penetration testing Basics Mohammed Adam
 
Introduction to penetration testing
Introduction to penetration testingIntroduction to penetration testing
Introduction to penetration testingNezar Alazzabi
 
Penetration Testing
Penetration Testing Penetration Testing
Penetration Testing RomSoft SRL
 
Vulnerability and Assessment Penetration Testing
Vulnerability and Assessment Penetration TestingVulnerability and Assessment Penetration Testing
Vulnerability and Assessment Penetration TestingYvonne Marambanyika
 
Vulnerability assessment and penetration testing
Vulnerability assessment and penetration testingVulnerability assessment and penetration testing
Vulnerability assessment and penetration testingAbu Sadat Mohammed Yasin
 
Introduction To Vulnerability Assessment & Penetration Testing
Introduction To Vulnerability Assessment & Penetration TestingIntroduction To Vulnerability Assessment & Penetration Testing
Introduction To Vulnerability Assessment & Penetration TestingRaghav Bisht
 
Penetration Testing Basics
Penetration Testing BasicsPenetration Testing Basics
Penetration Testing BasicsRick Wanner
 
Pen Testing Explained
Pen Testing ExplainedPen Testing Explained
Pen Testing ExplainedRand W. Hirt
 

Recomendados

Vulnerability assessment & Penetration testing Basics
Vulnerability assessment & Penetration testing Basics Vulnerability assessment & Penetration testing Basics
Vulnerability assessment & Penetration testing Basics Mohammed Adam
 
Introduction to penetration testing
Introduction to penetration testingIntroduction to penetration testing
Introduction to penetration testingNezar Alazzabi
 
Penetration Testing
Penetration Testing Penetration Testing
Penetration Testing RomSoft SRL
 
Vulnerability and Assessment Penetration Testing
Vulnerability and Assessment Penetration TestingVulnerability and Assessment Penetration Testing
Vulnerability and Assessment Penetration TestingYvonne Marambanyika
 
Vulnerability assessment and penetration testing
Vulnerability assessment and penetration testingVulnerability assessment and penetration testing
Vulnerability assessment and penetration testingAbu Sadat Mohammed Yasin
 
Introduction To Vulnerability Assessment & Penetration Testing
Introduction To Vulnerability Assessment & Penetration TestingIntroduction To Vulnerability Assessment & Penetration Testing
Introduction To Vulnerability Assessment & Penetration TestingRaghav Bisht
 
Penetration Testing Basics
Penetration Testing BasicsPenetration Testing Basics
Penetration Testing BasicsRick Wanner
 
Pen Testing Explained
Pen Testing ExplainedPen Testing Explained
Pen Testing ExplainedRand W. Hirt
 
Vulnerabilities in modern web applications
Vulnerabilities in modern web applicationsVulnerabilities in modern web applications
Vulnerabilities in modern web applicationsNiyas Nazar
 
What is Penetration Testing?
What is Penetration Testing?What is Penetration Testing?
What is Penetration Testing?btpsec
 
Intrusion detection system
Intrusion detection system Intrusion detection system
Intrusion detection system gaurav koriya
 
Penetration testing & Ethical Hacking
Penetration testing & Ethical HackingPenetration testing & Ethical Hacking
Penetration testing & Ethical HackingS.E. CTS CERT-GOV-MD
 
Web PenTest Sample Report
Web PenTest Sample ReportWeb PenTest Sample Report
Web PenTest Sample ReportOctogence
 
Vulnerability Management
Vulnerability ManagementVulnerability Management
Vulnerability Managementasherad
 
VAPT PRESENTATION full.pptx
VAPT PRESENTATION full.pptxVAPT PRESENTATION full.pptx
VAPT PRESENTATION full.pptxDARSHANBHAVSAR14
 
Application Security - Your Success Depends on it
Application Security - Your Success Depends on itApplication Security - Your Success Depends on it
Application Security - Your Success Depends on itWSO2
 
WTF is Penetration Testing v.2
WTF is Penetration Testing v.2WTF is Penetration Testing v.2
WTF is Penetration Testing v.2Scott Sutherland
 
Intro to Network Vapt
Intro to Network VaptIntro to Network Vapt
Intro to Network VaptApurv Singh Gautam
 
Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)k33a
 
Ethical hacking/ Penetration Testing
Ethical hacking/ Penetration TestingEthical hacking/ Penetration Testing
Ethical hacking/ Penetration TestingANURAG CHAKRABORTY
 
Penetration testing
Penetration testingPenetration testing
Penetration testingAmmar WK
 
Introduction to Web Application Penetration Testing
Introduction to Web Application Penetration TestingIntroduction to Web Application Penetration Testing
Introduction to Web Application Penetration TestingAnurag Srivastava
 
Penetration testing reporting and methodology
Penetration testing reporting and methodologyPenetration testing reporting and methodology
Penetration testing reporting and methodologyRashad Aliyev
 
Présentation ELK/SIEM et démo Wazuh
Présentation ELK/SIEM et démo WazuhPrésentation ELK/SIEM et démo Wazuh
Présentation ELK/SIEM et démo WazuhAurélie Henriot
 
Ethical Hacking n VAPT presentation by Suvrat jain
Ethical Hacking n VAPT presentation by Suvrat jainEthical Hacking n VAPT presentation by Suvrat jain
Ethical Hacking n VAPT presentation by Suvrat jainSuvrat Jain
 
Penetration Testing Execution Phases
Penetration Testing Execution Phases Penetration Testing Execution Phases
Penetration Testing Execution Phases Nasir Bhutta
 
What is Penetration & Penetration test ?
What is Penetration & Penetration test ?What is Penetration & Penetration test ?
What is Penetration & Penetration test ?Bhavin Shah
 
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...Edureka!
 
Introduction to Penetration Testing
Introduction to Penetration TestingIntroduction to Penetration Testing
Introduction to Penetration TestingAndrew McNicol
 
NETWORK PENETRATION TESTING
NETWORK PENETRATION TESTINGNETWORK PENETRATION TESTING
NETWORK PENETRATION TESTINGEr Vivek Rana
 

Más contenido relacionado

La actualidad más candente

Vulnerabilities in modern web applications
Vulnerabilities in modern web applicationsVulnerabilities in modern web applications
Vulnerabilities in modern web applicationsNiyas Nazar
 
What is Penetration Testing?
What is Penetration Testing?What is Penetration Testing?
What is Penetration Testing?btpsec
 
Intrusion detection system
Intrusion detection system Intrusion detection system
Intrusion detection system gaurav koriya
 
Penetration testing & Ethical Hacking
Penetration testing & Ethical HackingPenetration testing & Ethical Hacking
Penetration testing & Ethical HackingS.E. CTS CERT-GOV-MD
 
Web PenTest Sample Report
Web PenTest Sample ReportWeb PenTest Sample Report
Web PenTest Sample ReportOctogence
 
Vulnerability Management
Vulnerability ManagementVulnerability Management
Vulnerability Managementasherad
 
VAPT PRESENTATION full.pptx
VAPT PRESENTATION full.pptxVAPT PRESENTATION full.pptx
VAPT PRESENTATION full.pptxDARSHANBHAVSAR14
 
Application Security - Your Success Depends on it
Application Security - Your Success Depends on itApplication Security - Your Success Depends on it
Application Security - Your Success Depends on itWSO2
 
WTF is Penetration Testing v.2
WTF is Penetration Testing v.2WTF is Penetration Testing v.2
WTF is Penetration Testing v.2Scott Sutherland
 
Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)k33a
 
Ethical hacking/ Penetration Testing
Ethical hacking/ Penetration TestingEthical hacking/ Penetration Testing
Ethical hacking/ Penetration TestingANURAG CHAKRABORTY
 
Penetration testing
Penetration testingPenetration testing
Penetration testingAmmar WK
 
Introduction to Web Application Penetration Testing
Introduction to Web Application Penetration TestingIntroduction to Web Application Penetration Testing
Introduction to Web Application Penetration TestingAnurag Srivastava
 
Penetration testing reporting and methodology
Penetration testing reporting and methodologyPenetration testing reporting and methodology
Penetration testing reporting and methodologyRashad Aliyev
 
Présentation ELK/SIEM et démo Wazuh
Présentation ELK/SIEM et démo WazuhPrésentation ELK/SIEM et démo Wazuh
Présentation ELK/SIEM et démo WazuhAurélie Henriot
 
Ethical Hacking n VAPT presentation by Suvrat jain
Ethical Hacking n VAPT presentation by Suvrat jainEthical Hacking n VAPT presentation by Suvrat jain
Ethical Hacking n VAPT presentation by Suvrat jainSuvrat Jain
 
Penetration Testing Execution Phases
Penetration Testing Execution Phases Penetration Testing Execution Phases
Penetration Testing Execution Phases Nasir Bhutta
 
What is Penetration & Penetration test ?
What is Penetration & Penetration test ?What is Penetration & Penetration test ?
What is Penetration & Penetration test ?Bhavin Shah
 
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...Edureka!
 

La actualidad más candente (20)

Vulnerabilities in modern web applications
Vulnerabilities in modern web applicationsVulnerabilities in modern web applications
Vulnerabilities in modern web applications
 
What is Penetration Testing?
What is Penetration Testing?What is Penetration Testing?
What is Penetration Testing?
 
Intrusion detection system
Intrusion detection system Intrusion detection system
Intrusion detection system
 
Penetration testing & Ethical Hacking
Penetration testing & Ethical HackingPenetration testing & Ethical Hacking
Penetration testing & Ethical Hacking
 
Web PenTest Sample Report
Web PenTest Sample ReportWeb PenTest Sample Report
Web PenTest Sample Report
 
Vulnerability Management
Vulnerability ManagementVulnerability Management
Vulnerability Management
 
VAPT PRESENTATION full.pptx
VAPT PRESENTATION full.pptxVAPT PRESENTATION full.pptx
VAPT PRESENTATION full.pptx
 
Application Security - Your Success Depends on it
Application Security - Your Success Depends on itApplication Security - Your Success Depends on it
Application Security - Your Success Depends on it
 
WTF is Penetration Testing v.2
WTF is Penetration Testing v.2WTF is Penetration Testing v.2
WTF is Penetration Testing v.2
 
Intro to Network Vapt
Intro to Network VaptIntro to Network Vapt
Intro to Network Vapt
 
Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)
 
Ethical hacking/ Penetration Testing
Ethical hacking/ Penetration TestingEthical hacking/ Penetration Testing
Ethical hacking/ Penetration Testing
 
Penetration testing
Penetration testingPenetration testing
Penetration testing
 
Introduction to Web Application Penetration Testing
Introduction to Web Application Penetration TestingIntroduction to Web Application Penetration Testing
Introduction to Web Application Penetration Testing
 
Penetration testing reporting and methodology
Penetration testing reporting and methodologyPenetration testing reporting and methodology
Penetration testing reporting and methodology
 
Présentation ELK/SIEM et démo Wazuh
Présentation ELK/SIEM et démo WazuhPrésentation ELK/SIEM et démo Wazuh
Présentation ELK/SIEM et démo Wazuh
 
Ethical Hacking n VAPT presentation by Suvrat jain
Ethical Hacking n VAPT presentation by Suvrat jainEthical Hacking n VAPT presentation by Suvrat jain
Ethical Hacking n VAPT presentation by Suvrat jain
 
Penetration Testing Execution Phases
Penetration Testing Execution Phases Penetration Testing Execution Phases
Penetration Testing Execution Phases
 
What is Penetration & Penetration test ?
What is Penetration & Penetration test ?What is Penetration & Penetration test ?
What is Penetration & Penetration test ?
 
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...
 

Destacado

Introduction to Penetration Testing
Introduction to Penetration TestingIntroduction to Penetration Testing
Introduction to Penetration TestingAndrew McNicol
 
NETWORK PENETRATION TESTING
NETWORK PENETRATION TESTINGNETWORK PENETRATION TESTING
NETWORK PENETRATION TESTINGEr Vivek Rana
 
Le pentest face au droit - Cyber@Hack 2015
Le pentest face au droit - Cyber@Hack 2015Le pentest face au droit - Cyber@Hack 2015
Le pentest face au droit - Cyber@Hack 2015Benjamin Benifei
 
Vulnerability Scanning or Penetration Testing?
Vulnerability Scanning or Penetration Testing?Vulnerability Scanning or Penetration Testing?
Vulnerability Scanning or Penetration Testing?amiable_indian
 
Painting a Company Red and Blue
Painting a Company Red and BluePainting a Company Red and Blue
Painting a Company Red and BlueIftach Ian Amit
 
Master Serial Killer - DEF CON 22 - ICS Village
Master Serial Killer - DEF CON 22 - ICS VillageMaster Serial Killer - DEF CON 22 - ICS Village
Master Serial Killer - DEF CON 22 - ICS VillageChris Sistrunk
 
Ethical hacking Chapter 7 - Enumeration - Eric Vanderburg
Ethical hacking Chapter 7 - Enumeration - Eric VanderburgEthical hacking Chapter 7 - Enumeration - Eric Vanderburg
Ethical hacking Chapter 7 - Enumeration - Eric VanderburgEric Vanderburg
 
2016 TTL Security Gap Analysis with Kali Linux
2016 TTL Security Gap Analysis with Kali Linux2016 TTL Security Gap Analysis with Kali Linux
2016 TTL Security Gap Analysis with Kali LinuxJason Murray
 
Penetration Testing as an auditing tool
Penetration Testing as an auditing toolPenetration Testing as an auditing tool
Penetration Testing as an auditing toolsyrinxtech
 
Kali Linux, Introduction to Ethical Hacking and Penetration Tools
Kali Linux, Introduction to Ethical Hacking and Penetration ToolsKali Linux, Introduction to Ethical Hacking and Penetration Tools
Kali Linux, Introduction to Ethical Hacking and Penetration ToolsRassoul Ghaznavi Zadeh
 
Network Security & Ethical Hacking
Network Security & Ethical HackingNetwork Security & Ethical Hacking
Network Security & Ethical HackingSripati Mahapatra
 

Destacado (16)

Introduction to Penetration Testing
Introduction to Penetration TestingIntroduction to Penetration Testing
Introduction to Penetration Testing
 
NETWORK PENETRATION TESTING
NETWORK PENETRATION TESTINGNETWORK PENETRATION TESTING
NETWORK PENETRATION TESTING
 
Le pentest face au droit - Cyber@Hack 2015
Le pentest face au droit - Cyber@Hack 2015Le pentest face au droit - Cyber@Hack 2015
Le pentest face au droit - Cyber@Hack 2015
 
Vulnerability Scanning or Penetration Testing?
Vulnerability Scanning or Penetration Testing?Vulnerability Scanning or Penetration Testing?
Vulnerability Scanning or Penetration Testing?
 
Ethical Hacking & Penetration Testing
Ethical Hacking & Penetration TestingEthical Hacking & Penetration Testing
Ethical Hacking & Penetration Testing
 
Painting a Company Red and Blue
Painting a Company Red and BluePainting a Company Red and Blue
Painting a Company Red and Blue
 
Master Serial Killer - DEF CON 22 - ICS Village
Master Serial Killer - DEF CON 22 - ICS VillageMaster Serial Killer - DEF CON 22 - ICS Village
Master Serial Killer - DEF CON 22 - ICS Village
 
Ethical hacking Chapter 7 - Enumeration - Eric Vanderburg
Ethical hacking Chapter 7 - Enumeration - Eric VanderburgEthical hacking Chapter 7 - Enumeration - Eric Vanderburg
Ethical hacking Chapter 7 - Enumeration - Eric Vanderburg
 
H2HC University 2014
H2HC University 2014H2HC University 2014
H2HC University 2014
 
2016 TTL Security Gap Analysis with Kali Linux
2016 TTL Security Gap Analysis with Kali Linux2016 TTL Security Gap Analysis with Kali Linux
2016 TTL Security Gap Analysis with Kali Linux
 
Penetration Testing as an auditing tool
Penetration Testing as an auditing toolPenetration Testing as an auditing tool
Penetration Testing as an auditing tool
 
What is pentest
What is pentestWhat is pentest
What is pentest
 
Kali Linux, Introduction to Ethical Hacking and Penetration Tools
Kali Linux, Introduction to Ethical Hacking and Penetration ToolsKali Linux, Introduction to Ethical Hacking and Penetration Tools
Kali Linux, Introduction to Ethical Hacking and Penetration Tools
 
Python for Penetration testers
Python for Penetration testersPython for Penetration testers
Python for Penetration testers
 
Network Security & Ethical Hacking
Network Security & Ethical HackingNetwork Security & Ethical Hacking
Network Security & Ethical Hacking
 
Python build your security tools.pdf
Python build your security tools.pdfPython build your security tools.pdf
Python build your security tools.pdf
 

Similar a Ethical Hacking & Penetration Testing

The Inside Job: Detecting, Preventing and Investigating Data Theft
The Inside Job: Detecting, Preventing and Investigating Data TheftThe Inside Job: Detecting, Preventing and Investigating Data Theft
The Inside Job: Detecting, Preventing and Investigating Data TheftCase IQ
 
Finding Your Lost Keys
Finding Your Lost KeysFinding Your Lost Keys
Finding Your Lost Keystrueidentity
 
Digital Forensics 101 – How is it used to protect an Organization’s Data?
Digital Forensics 101 – How is it used to protect an Organization’s Data?Digital Forensics 101 – How is it used to protect an Organization’s Data?
Digital Forensics 101 – How is it used to protect an Organization’s Data?PECB
 
Luncheon 2015-11-19 - Lessons Learned from Avid Life Media by Rob Davis
Luncheon 2015-11-19 - Lessons Learned from Avid Life Media by Rob DavisLuncheon 2015-11-19 - Lessons Learned from Avid Life Media by Rob Davis
Luncheon 2015-11-19 - Lessons Learned from Avid Life Media by Rob DavisNorth Texas Chapter of the ISSA
 
IRJET- Minimize Phishing Attacks: Securing Spear Attacks
IRJET- Minimize Phishing Attacks: Securing Spear AttacksIRJET- Minimize Phishing Attacks: Securing Spear Attacks
IRJET- Minimize Phishing Attacks: Securing Spear AttacksIRJET Journal
 
VAPT - Vulnerability Assessment & Penetration Testing
VAPT - Vulnerability Assessment & Penetration Testing VAPT - Vulnerability Assessment & Penetration Testing
VAPT - Vulnerability Assessment & Penetration Testing Netpluz Asia Pte Ltd
 
Boosting IoT Protection: An Enterprise Risk Imperative
Boosting IoT Protection: An Enterprise Risk ImperativeBoosting IoT Protection: An Enterprise Risk Imperative
Boosting IoT Protection: An Enterprise Risk ImperativeNational Retail Federation
 
Scot Secure 2019 Edinburgh (Day 2)
Scot Secure 2019 Edinburgh (Day 2)Scot Secure 2019 Edinburgh (Day 2)
Scot Secure 2019 Edinburgh (Day 2)Ray Bugg
 
Nikhil wagholikar _risk_based_penetration_testing - ClubHack2009
Nikhil wagholikar _risk_based_penetration_testing - ClubHack2009Nikhil wagholikar _risk_based_penetration_testing - ClubHack2009
Nikhil wagholikar _risk_based_penetration_testing - ClubHack2009ClubHack
 
Network Security - What Every Business Needs to Know
Network Security - What Every Business Needs to KnowNetwork Security - What Every Business Needs to Know
Network Security - What Every Business Needs to Knowmapletronics
 
INFRAGARD 2014: Back to basics security
INFRAGARD 2014: Back to basics securityINFRAGARD 2014: Back to basics security
INFRAGARD 2014: Back to basics securityJoel Cardella
 
Ethical Hacking .pptx
Ethical Hacking .pptxEthical Hacking .pptx
Ethical Hacking .pptxjohnnymaaza
 
ISC2_Cyber_Security_Notes.pdf
ISC2_Cyber_Security_Notes.pdfISC2_Cyber_Security_Notes.pdf
ISC2_Cyber_Security_Notes.pdfCCNAAccount
 
BASICS OF ETHICAL HACKING
BASICS OF ETHICAL HACKINGBASICS OF ETHICAL HACKING
BASICS OF ETHICAL HACKINGDrm Kapoor
 
Application Security: Safeguarding Data, Protecting Reputations
Application Security: Safeguarding Data, Protecting ReputationsApplication Security: Safeguarding Data, Protecting Reputations
Application Security: Safeguarding Data, Protecting ReputationsCognizant
 
Security human
Security humanSecurity human
Security humanJisc
 

Similar a Ethical Hacking & Penetration Testing (20)

The Inside Job: Detecting, Preventing and Investigating Data Theft
The Inside Job: Detecting, Preventing and Investigating Data TheftThe Inside Job: Detecting, Preventing and Investigating Data Theft
The Inside Job: Detecting, Preventing and Investigating Data Theft
 
Under Defense
Under DefenseUnder Defense
Under Defense
 
Finding Your Lost Keys
Finding Your Lost KeysFinding Your Lost Keys
Finding Your Lost Keys
 
Digital Forensics 101 – How is it used to protect an Organization’s Data?
Digital Forensics 101 – How is it used to protect an Organization’s Data?Digital Forensics 101 – How is it used to protect an Organization’s Data?
Digital Forensics 101 – How is it used to protect an Organization’s Data?
 
APT & What we can do TODAY
APT & What we can do TODAYAPT & What we can do TODAY
APT & What we can do TODAY
 
Luncheon 2015-11-19 - Lessons Learned from Avid Life Media by Rob Davis
Luncheon 2015-11-19 - Lessons Learned from Avid Life Media by Rob DavisLuncheon 2015-11-19 - Lessons Learned from Avid Life Media by Rob Davis
Luncheon 2015-11-19 - Lessons Learned from Avid Life Media by Rob Davis
 
IRJET- Minimize Phishing Attacks: Securing Spear Attacks
IRJET- Minimize Phishing Attacks: Securing Spear AttacksIRJET- Minimize Phishing Attacks: Securing Spear Attacks
IRJET- Minimize Phishing Attacks: Securing Spear Attacks
 
VAPT - Vulnerability Assessment & Penetration Testing
VAPT - Vulnerability Assessment & Penetration Testing VAPT - Vulnerability Assessment & Penetration Testing
VAPT - Vulnerability Assessment & Penetration Testing
 
CyberSecurity Update Slides
CyberSecurity Update SlidesCyberSecurity Update Slides
CyberSecurity Update Slides
 
Boosting IoT Protection: An Enterprise Risk Imperative
Boosting IoT Protection: An Enterprise Risk ImperativeBoosting IoT Protection: An Enterprise Risk Imperative
Boosting IoT Protection: An Enterprise Risk Imperative
 
Scot Secure 2019 Edinburgh (Day 2)
Scot Secure 2019 Edinburgh (Day 2)Scot Secure 2019 Edinburgh (Day 2)
Scot Secure 2019 Edinburgh (Day 2)
 
Nikhil wagholikar _risk_based_penetration_testing - ClubHack2009
Nikhil wagholikar _risk_based_penetration_testing - ClubHack2009Nikhil wagholikar _risk_based_penetration_testing - ClubHack2009
Nikhil wagholikar _risk_based_penetration_testing - ClubHack2009
 
Network Security - What Every Business Needs to Know
Network Security - What Every Business Needs to KnowNetwork Security - What Every Business Needs to Know
Network Security - What Every Business Needs to Know
 
INFRAGARD 2014: Back to basics security
INFRAGARD 2014: Back to basics securityINFRAGARD 2014: Back to basics security
INFRAGARD 2014: Back to basics security
 
Ethical Hacking .pptx
Ethical Hacking .pptxEthical Hacking .pptx
Ethical Hacking .pptx
 
ISC2_Cyber_Security_Notes.pdf
ISC2_Cyber_Security_Notes.pdfISC2_Cyber_Security_Notes.pdf
ISC2_Cyber_Security_Notes.pdf
 
BASICS OF ETHICAL HACKING
BASICS OF ETHICAL HACKINGBASICS OF ETHICAL HACKING
BASICS OF ETHICAL HACKING
 
Cybersecurity update 12
Cybersecurity update 12Cybersecurity update 12
Cybersecurity update 12
 
Application Security: Safeguarding Data, Protecting Reputations
Application Security: Safeguarding Data, Protecting ReputationsApplication Security: Safeguarding Data, Protecting Reputations
Application Security: Safeguarding Data, Protecting Reputations
 
Security human
Security humanSecurity human
Security human
 

Último

[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdfSandro Moreira
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobeapidays
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfOrbitshub
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfOverkill Security
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Jeffrey Haguewood
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024The Digital Insurer
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...apidays
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024The Digital Insurer
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWERMadyBayot
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDropbox
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusZilliz
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsNanddeep Nachan
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Angeliki Cooney
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAndrey Devyatkin
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 

Último (20)

[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with Milvus
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 

Ethical Hacking & Penetration Testing

  • 1. Ethical Hacking & Penetration Testing Presented By: Emily Chow July 6, 2011
  • 2. Agenda #1 What is Ethical Hacking/Penetration Testing? #2 Issues Relevant to Organizations #3 Tools & Techniques of Penetration Testing #4 Benefits & Limitations of Penetration Testing #5 Impact on the CA Profession #6 Current Issues #7 Recommendations
  • 3. 1. What is Ethical Hacking/Penetration Testing? Objective: Improve the security system and close the security gaps before a real hacker penetrates within the organization Preventative measure Exploit a company’s security weaknesses by using same or similar techniques of malicious hackers “White Hat Hackers” “Red Team”
  • 4. 2. Issues Relevant to Organizations Internal Risk: malicious employees & employee’s lack of security awareness External Risk: exploitation of external hackers Non-Financial Losses: damaged reputation, loss of credibility Financial Losses: lost in revenue, litigations
  • 5.
  • 6. Web Applications Software 2. Penetration Testing Techniques Denial of Service Wireless Network Social Engineering Google Hacking
  • 7. Google search: intitle:"index of" site:edu "server at" 3. Google Hacking Example
  • 8. Benefits Strengthen security procedures and processes Improve efficiency and effectiveness of risk management Increase degree of transparency Not 100% guaranteed Changing technology Legislations and contractual obligations restrictions Limited resources over limited period of time Limitations 4. Benefits & Limitations of Penetration Testing
  • 9. 5. Impact on CA Profession Provide greater assurance in addition to SysTrust, WebTrust and Section 5900 Conformity with PIPEDA, Gramm-Leach-Act and SOX IS Auditing Standards, CISA, COBIT Framework Goes beyond the traditional methods by auditors
  • 10. 6. Current Hacking Issues in 2011 Sony’s PlayStation Video Games – loss of personal data from 77M users’ Sony Ericsson’s Canada eShop- loss of data from 2,000 customer accounts Google’s Gmail Accounts – U.S. Government Officials CitiBank – loss of 200,000 credit card customers data This calls for a greater need for penetration testing!
  • 11. SIGNIFICANCE Breach of trust LIKELIHOOD “Target of choice” “Target of opportunity” PENETRATION TESTING 7.Recommendations
  • 12. Thank You! Pleasefeel free to contact me via uwace if you have any questions

Notas del editor

  1. Welcome to the Ethical Hacking and Penetration Testing slidecast.The purpose of today’s presentation will be focused on increasing the awareness of the CA profession about ethical hacking and how it can largely impact both the assurance and business community. I am your presenter, Emily Chow, Master of Accounting Student at the University of Waterloo.