Security Testing. Who, What, When and How of Security Testing. Heidi Harmes-Campbell.
|
|
- Kathryn Sullivan
- 6 years ago
- Views:
Transcription
1 Security Testing Who, What, When and How of Security Testing Heidi Harmes-Campbell
2 Quick Info Bathroom breaks Phones calls Silence or Vibrate Take the call if needed please step out Snacks Sugar boost in center of your table Go get a drink if you need one Ask questions to me & each other!! It depends Ask me.why or why not? I will tell you if I don t know!!!!
3 Professional Stuff Me A Poll Interactive = means we ALL participate Get on with it Heidi
4 Who, What, When and How of Security Testing Definition of Security Types of threats & attacks CIA Hacker vs. Cracker vs. Tester vs. Script Kittie Access Control Authentication SQL Injection XXS Cookies
5 Windows 98 Blue Screen of Death
6 Toyota Blames Prius Brake Software Toyota said that a software glitch is to blame for brake problems. Toyota found some parts weren t being tested as rigorously as thought.
7 D-Link Router Design Error D-Link DIR-300 WiFi Key Security Bypass Vulnerability The D-Link DIR-300 wireless router is prone to a security-bypass vulnerability. Remote attackers can exploit this issue to modify the WiFi key and possibly other configuration settings. Successful exploits will lead to other attacks.
8 Signing Off Remember Signing Off on software? and then IT BLOWS UP!!!
9 What s going on in the world? Nasdaq Twitter Michael Jackson Gmail (cloud computing) EC-Council Webinar Costco Really???
10 True/False? Software can be correct without being secure. (1) It s cheaper to let System Admins deal with security. MORE
11 Rebuilding Trust
12 Types of Functional Testing White Box Black Box Grey Box Unit Integration System Regression Acceptance Verification Validation Static Dynamic Smoke User Acceptance
13 True or False? Definition of SECURITY + Definition of TESTING = Security Testing??
14 What is Security? You first! This is the interactive part that I referenced earlier
15 Different Definitions Referring to: Business Career Home Bank Banking Website Family Children Property Car Software Hardware Safety Credit Cards Country Many more
16 Definition of SECURITY 1. Freedom from risk or danger; safety 2. Freedom from doubt, anxiety, or fear; confidence 3. Something that gives or assures safety a. A group or department of private guards b. Measures adopted by a government to prevent espionage, sabotage, or attack c. Measures adopted to prevent escape 4. Computer Science. a. The level to which a program or device is safe from unauthorized use. b. Prevention of unauthorized use of a program or device.
17 Just out of Curiousity What does security testing mean to you or your company? Is QA and development included? Does QA management know? Who performs security testing? Who is responsible in your organization for testing application security? Manual or automated? Do you know what s being tested? How many of your requirements include security functionality? How many of you have test cases that specifically addresses security? Again, this is the interaction piece discussed earlier.
18 Fundamental Principles of Security 3 main principles: C Confidentiality I Integrity A Availability CIA (AIC, CAI, IAC, ICA) triad
19 CIA Confidentiality has anyone else been able to read your document Integrity has anyone else been able to change your document Availability has anyone else been able to access your document
20 Threat vs. Vulnerability Threat an indication, circumstance, or event with the intent and capability to cause loss of damage to an asset Vulnerability a weakness that can be exploited
21 Where is Risk? Assets Vulnerability Threats
22 Security Terminology, Threats, Attacks and People Hacker Cracker Script Kiddie Vulnerability Threat Social Engineering Phishing Vishing Viruses Worms Trojans Cross Site Scripting (XXS) Keyloggers Rootkits Spyware Adware Logic Bombs Denial of Service Spamming Hoaxes Port Scanners Password Crackers Boot Sector Virus Attack Corrupted Registry Buffer Overflows Dictionary Attacks Cookie Manipulation SQL Injections Etc, etc, etc
23 Titles/Roles - WHO Hacker hired by companies to help identify vulnerabilities Script Kittie (a.k.a Skittie, Script bunny) annoying people playing around Cracker methodically attack for a purpose people exploiting the threats Let s talk about these people. Tester -????
24 Worm Vs. Virus - WHAT Used interchangeably. Same? or Different? Virus small application or string of code that infects application REQUIRES host application to do this! Worm different than viruses they Do Not Need a host application they can reproduce on their own.
25 Trojan & Buffer Overflow WHAT Trojan a program disguised as another program. normally deletes or replaces system files. commonly leaves backdoor to allow re-entry. Buffer Overflow Too much data are accepted as input to an application. Buffer is allocated only so much memory
26 SQL Injection - WHAT SQL Injection - when user input is either incorrectly filtered for string literal characters embedded in SQL statements or user input is not strongly typed and thereby unexpectedly executed
27 Social Engineering - WHAT What is it? Let s talk, shall we?
28 Examples of Social Engineering Brief Chit-Chat Conversation Play dumb Shoulder surfing ing with questions Contacting help desk Flash!! Manipulation, trickery, deception
29 Rules for each table: Game Time Each table will have a list of definitions. The table must tell us: 1. Who 2. What 3. How
30 Access Control - HOW Definition Controlling Access? Yes!!! The ability of a subject to interact with an object. e.g. subject: person, process, computer)
31 Models of Access Control Discretionary Access Control - DAC Mandatory Access Control - MAC Role-based Access Control - RBAC Rule-based Access Control RBAC Why is this important?
32 Methods of Access Control DAC and MAC was used by the military to describe two different ways to control access to system and objects. Discretionary owner of the object decides who gets permission to access it Mandatory owner does NOT decide who has access. Operating system decides access based on sensitivity of object. Ex. Clearance in Military. This does not mean that everyone who has Top Secret Clearance has access to everything marked Top Secret. Also implemented is the need to know principle. Role Based system admins set this up based on the role(s) you are playing in a project. Rule Based system admins set this up based on the rules of the project e.g. no employees may access payroll files on weekends and after 6 p.m. on weekdays.
33 Authentication - HOW Definition - Verifying the identity of the subject That s all Authentication should confirm!!
34 Access Control vs. Authentication? 1. Change the pages the user sees 2. Log in with username/password
35 Authentication Testing - HOW Minimum testing: 1. Correct username and password 2. Incorrect username and correct password 3. Correct username and Incorrect password 4. Correct password and empty username 5. Correct username and empty password Are all of you at least doing this?
36 Authentication Testing - HOW 6. Secure login make sure when you are logging into an application you see HTTPS in address bar.
37 Authentication Testing - HOW 7. Message testing malicious users can find out a whole bunch of information from messages Incorrect combination of username and password
38 Authentication Testing - HOW 8. Logout then press Browser <Back> button. Capture URL via Print Screen
39 Authentication Testing - HOW Session Timeout Login with active username and password Go to lunch or have some soda Time how long the session is live What is correct? When does the session finally die?
40 Authentication Testing HOW 9. Bookmark page login to application navigate to another page in application bookmark the page logout application Go to bookmarked page
41 Authentication Testing - HOW 10. Change the ID to an ID of another account WHAT?? When browsing in the application 1. look for ID in header or in URL specifically related to your application ID 2. try to change it to something else Story I read about this in Security Act s magazine. Security Acts Issue 4
42 Authentication Testing - HOW 11. Different browsers accessing at same time 1. Copy user information into new browser 2. Copy url to new browser AFTER application has been opened in another browser. Don t just use another tab in the brower, try Firefox or Chrome. If possible send url to a different computer.
43 Authentication Testing - HOW 12. Manipulate URL after login 1. delete id s one by one 2. continue browsing the application 3. breaking down the url in to pieces and parts
44 Authentication Testing - HOW 13. How many times can I type the incorrect password before being locked out? Susceptible to brute force attack Crucial: 14. What are the consequences of being locked out? Lockouts have caused some companies to become unavailable. This would be bad.
45 Authentication Testing - HOW 15. There was a study a couple of years ago (2009) that brought to light the number of companies that keep default passwords for: Applications Firewalls O/S Security Software Etc.
46 Authentication Testing HOW Test Default Values Test/Test Guest/Guest Test1234/Test1234 Admin/Admin Training/Training Training1/Training1 /password
47 Authentication Testing HOW 16. SQL Injection simplest: 1,or 1 = 1 1. Type this into your password field and username = admin. 2. if it works then this is bad! User often ends up with administrator
48 Authenication Testing Game Rules: Object of the game
49 Common Fields in Database passwd login_id full_name Don t ask for a list of fields in the database! Guess! Use your experience to guide you. Sql injections by example
50 Cookies - HOW Simpliest Definiton: A small ASCII text file used in HTTP exchanges between a browser and web server, commonly stored on the hard drive. Session Cookies Tracking Cookies Does your application use them? Do you test them?
51 Issues with Cookies - HOW Easy for spyware to read them Many applications require you to accept thirdparty cookies Sessions may not expire as expected May include sensitive information possibly allowing access to secure site If using HTTP can be hijacked by malicious user
52 Testing Cookies - HOW Test using Mozilla stores all cookies for you to view.
53 Cookie - HOW
54 Convincing Management of the Importance - WHEN Show manager the list of threats & attacks Explain this is only a partial list Recommend adding line item under QA for security testing Let Project Manager cut it base on time constraints
55 More time for QA?? - WHEN We are going to give you an extra week.because we think you are SWELL and you to include security testing!!! How often does that really happen? NEVER!!!!
56 Justifying testing Joanna Rothman
57 Cost to fix defect during different times in a project
58 How YOU can implement Add this to your annual goals Build security test cases in your projects as if you have always done this testing Add security testing to your test plan Build it as a separate section or appendix in your test plan
59 Let s Be VERY Clear!! Testing Security is not the same as Testing Functionality.
60 QUESTIONS???
61 References
CompTIA Security+ Malware. Threats and Vulnerabilities Vulnerability Management
CompTIA Security+ Lecture Six Threats and Vulnerabilities Vulnerability Management Copyright 2011 - VTC Malware Malicious code refers to software threats to network and systems, including viruses, Trojan
More informationEthics and Information Security. 10 주차 - 경영정보론 Spring 2014
Ethics and Information Security 10 주차 - 경영정보론 Spring 2014 Ethical issue in using ICT? Learning Outcomes E-policies in an organization relationships and differences between hackers and viruses relationship
More informationProvide you with a quick introduction to web application security Increase you awareness and knowledge of security in general Show you that any
OWASP Top 10 Provide you with a quick introduction to web application security Increase you awareness and knowledge of security in general Show you that any tester can (and should) do security testing
More informationExam : JK Title : CompTIA E2C Security+ (2008 Edition) Exam. Version : Demo
Exam : JK0-015 Title : CompTIA E2C Security+ (2008 Edition) Exam Version : Demo 1.Which of the following logical access control methods would a security administrator need to modify in order to control
More informationINTERNET SAFETY IS IMPORTANT
INTERNET SAFETY IS IMPORTANT Internet safety is not just the ability to avoid dangerous websites, scams, or hacking. It s the idea that knowledge of how the internet works is just as important as being
More informationA Review Paper on Network Security Attacks and Defences
EUROPEAN ACADEMIC RESEARCH Vol. IV, Issue 12/ March 2017 ISSN 2286-4822 www.euacademic.org Impact Factor: 3.4546 (UIF) DRJI Value: 5.9 (B+) A Review Paper on Network Security Attacks and ALLYSA ASHLEY
More informationData Communication. Chapter # 5: Networking Threats. By: William Stalling
Data Communication Chapter # 5: By: Networking Threats William Stalling Risk of Network Intrusion Whether wired or wireless, computer networks are quickly becoming essential to everyday activities. Individuals
More informationPrinciples of ICT Systems and Data Security
Principles of ICT Systems and Data Security Ethical Hacking Ethical Hacking What is ethical hacking? Ethical Hacking It is a process where a computer security expert, who specialises in penetration testing
More informationHacking Terminology. Mark R. Adams, CISSP KPMG LLP
Hacking Terminology Mark R. Adams, CISSP KPMG LLP Backdoor Also referred to as a trap door. A hole in the security of a system deliberately left in place by designers or maintainers. Hackers may also leave
More informationEthical Hacking and Prevention
Ethical Hacking and Prevention This course is mapped to the popular Ethical Hacking and Prevention Certification Exam from US-Council. This course is meant for those professionals who are looking for comprehensive
More informationAccounting Information Systems
Accounting Information Systems Fourteenth Edition Chapter 6 Computer Fraud and Abuse Techniques ALW AYS LEARNING Learning Objectives Compare and contrast computer attack and abuse tactics. Explain how
More informationChapter 12. Information Security Management
Chapter 12 Information Security Management We Have to Design It for Privacy... and Security. Tension between Maggie and Ajit regarding terminology to use with Dr. Flores. Overly technical communication
More informationOnline Threats. This include human using them!
Online Threats There are many dangers from using the web (and computer in general). One should watch out for malware, automated programs designed to cause harm to you, your data, and your system. You are
More informationSecurity and Authentication
Security and Authentication Authentication and Security A major problem with computer communication Trust Who is sending you those bits What they allow to do in your system 2 Authentication In distributed
More informationP2_L12 Web Security Page 1
P2_L12 Web Security Page 1 Reference: Computer Security by Stallings and Brown, Chapter (not specified) The web is an extension of our computing environment, because most of our daily tasks involve interaction
More informationGuide to Network Security First Edition. Chapter One Introduction to Information Security
Guide to Network Security First Edition Chapter One Introduction to Information Security About the Presentations The presentations cover the objectives found in the opening of each chapter. All chapter
More informationReview Kaspersky Internet Security - multi-device 2015 online software downloader ]
Review Kaspersky Internet Security - multi-device 2015 online software downloader ] Description: Benefits Protecting all your connected devices the one-licence, easy-touse solution Kaspersky Internet Security
More informationWeb Application Security. Philippe Bogaerts
Web Application Security Philippe Bogaerts OWASP TOP 10 3 Aim of the OWASP Top 10 educate developers, designers, architects and organizations about the consequences of the most common web application security
More informationACS / Computer Security And Privacy. Fall 2018 Mid-Term Review
ACS-3921-001/4921-001 Computer Security And Privacy Fall 2018 Mid-Term Review ACS-3921/4921-001 Slides Used In The Course A note on the use of these slides: These slides has been adopted and/or modified
More informationINF3700 Informasjonsteknologi og samfunn. Application Security. Audun Jøsang University of Oslo Spring 2015
INF3700 Informasjonsteknologi og samfunn Application Security Audun Jøsang University of Oslo Spring 2015 Outline Application Security Malicious Software Attacks on applications 2 Malicious Software 3
More informationCyber Security Basics. Presented by Darrel Karbginsky
Cyber Security Basics Presented by Darrel Karbginsky What s to come In the following slides I am going to discuss amongst other things and in no particular order things to enlighten, frighten, educate,
More informatione-commerce Study Guide Test 2. Security Chapter 10
e-commerce Study Guide Test 2. Security Chapter 10 True/False Indicate whether the sentence or statement is true or false. 1. Necessity refers to preventing data delays or denials (removal) within the
More informationDefine information security Define security as process, not point product.
CSA 223 Network and Web Security Chapter One What is information security. Look at: Define information security Define security as process, not point product. Define information security Information is
More information4 Information Security
4 Information Security 1. Identify the five factors that contribute to the increasing vulnerability of information resources, and provide a specific example of each one. 2. Compare and contrast human mistakes
More informationCERTIFIED SECURE COMPUTER USER COURSE OUTLINE
CERTIFIED SECURE COMPUTER USER COURSE OUTLINE Page 1 TABLE OF CONTENT 1 COURSE DESCRIPTION... 3 2 MODULE-1: INTRODUCTION TO DATA SECURITY... 4 3 MODULE-2: SECURING OPERATING SYSTEMS... 6 4 MODULE-3: MALWARE
More informationCopyright
1 Security Test EXTRA Workshop : ANSWER THESE QUESTIONS 1. What do you consider to be the biggest security issues with mobile phones? 2. How seriously are consumers and companies taking these threats?
More informationUnit 2 Assignment 2. Software Utilities?
1 Unit 2 Assignment 2 Software Utilities? OBJECTIVES Identify software utility types and examples of common software Why are software utilities used? Identify and describe the various networking threats.
More informationWeb insecurity Security strategies General security Listing of server-side risks Language specific security. Web Security.
Web Security Web Programming Uta Priss ZELL, Ostfalia University 2013 Web Programming Web Security Slide 1/25 Outline Web insecurity Security strategies General security Listing of server-side risks Language
More informationQuick Heal Total Security
For secure online banking, smooth Internet surfing, and robust protection for your PC. Features List Ransomware Protection Quick Heal anti-ransomware feature is more effective and advanced than other anti-ransomware
More informationComputer Security. 04r. Pre-exam 1 Concept Review. Paul Krzyzanowski. Rutgers University. Spring 2018
Computer Security 04r. Pre-exam 1 Concept Review Paul Krzyzanowski Rutgers University Spring 2018 February 15, 2018 CS 419 2018 Paul Krzyzanowski 1 Key ideas from the past four lectures February 15, 2018
More informationTechnology in Action 12/11/2014. Cybercrime and Identity Theft (cont.) Cybercrime and Identity Theft (cont.) Chapter Topics
Technology in Action Alan Evans Kendall Martin Mary Anne Poatsy Eleventh Edition Technology in Action Chapter 9 Securing Your System: Protecting Your Digital Data and Devices Copyright 2015 Pearson Education,
More informationANTIVIRUS SITE PROTECTION (by SiteGuarding.com)
ANTIVIRUS SITE PROTECTION (by SiteGuarding.com) USER GUIDE Version 0.1.0 1 Table of content 1. INTRODUCTION. 3 2. HOW IT WORKS.... 6 3. HOW TO CONFIGURE.. 7 2 1. INTRODUCTION Antivirus Site Protection
More informationFAQ: Privacy, Security, and Data Protection at Libraries
FAQ: Privacy, Security, and Data Protection at Libraries This FAQ was developed out of workshops and meetings connected to the Digital Privacy and Data Literacy Project (DPDL) and Brooklyn Public Library
More informationOPSEC and defense agains social engineering for devels, execs, and sart-ups
OPSEC and defense agains social engineering for devels, execs, and sart-ups @KirilsSolovjovs on twitter http://kirils.org for more Mg.sc.comp. Kirils Solovjovs Possible Security Problem: Social Engineering
More informationAttacks Against Websites 3 The OWASP Top 10. Tom Chothia Computer Security, Lecture 14
Attacks Against Websites 3 The OWASP Top 10 Tom Chothia Computer Security, Lecture 14 OWASP top 10. The Open Web Application Security Project Open public effort to improve web security: Many useful documents.
More informationUser Guide. This user guide explains how to use and update Max Secure Anti Virus Enterprise Client.
User Guide This user guide explains how to use and update Max Secure Anti Virus Enterprise Client. Copyright 2002-2016 Max Secure Software. All rights reserved. Contents 2 Contents Introduction... 3 System
More informationSINGLE COURSE. NH9000 Certified Ethical Hacker 104 Total Hours. COURSE TITLE: Certified Ethical Hacker
NH9000 Certified Ethical Hacker 104 Total Hours COURSE TITLE: Certified Ethical Hacker COURSE OVERVIEW: This class will immerse the student into an interactive environment where they will be shown how
More informationCurso: Ethical Hacking and Countermeasures
Curso: Ethical Hacking and Countermeasures Module 1: Introduction to Ethical Hacking Who is a Hacker? Essential Terminologies Effects of Hacking Effects of Hacking on Business Elements of Information Security
More informationSUMMARIES OF INTERACTIVE MULTIMEDIA
SUMMARIES OF INTERACTIVE MULTIMEDIA GRADE 10-12 INTERNET TECHNOLOGIES 1. Introduction to Electronic Communications Use this lesson to: Understand the differences between the various e-communications modes
More informationAURA ACADEMY Training With Expertised Faculty Call Us On For Free Demo
ETHICAL HACKING (CEH) CURRICULUM Introduction to Ethical Hacking What is Hacking? Who is a Hacker? Skills of a Hacker? Types of Hackers? What are the Ethics and Legality?? Who are at the risk of Hacking
More informationBank Infrastructure - Video - 1
Bank Infrastructure - 1 05/09/2017 Threats Threat Source Risk Status Date Created Account Footprinting Web Browser Targeted Malware Web Browser Man in the browser Web Browser Identity Spoofing - Impersonation
More informationAuthentication Security
Authentication Security Hui Zhu Copyright 2005 www.ebizsec.com Agenda Authentication Components Authentication Hacking Consideration for Authentication Security Principle for Authentication Security Case
More informationSecurity Awareness. Presented by OSU Institute of Technology
Security Awareness Presented by OSU Institute of Technology Information Technologies Division Security Awareness Topics Social Engineering Phishing Social Networks Displaying Sensitive Information Wireless
More informationChapter 10: Security. 2. What are the two types of general threats to computer security? Give examples of each.
Name Date Chapter 10: Security After completion of this chapter, students should be able to: Explain why security is important and describe security threats. Explain social engineering, data wiping, hard
More informationSecurity and Privacy. SWE 432, Fall 2016 Design and Implementation of Software for the Web
Security and Privacy SWE 432, Fall 2016 Design and Implementation of Software for the Web Today Security What is it? Most important types of attacks Privacy For further reading: https://www.owasp.org/index.php/
More informationA (sample) computerized system for publishing the daily currency exchange rates
A (sample) computerized system for publishing the daily currency exchange rates The Treasury Department has constructed a computerized system that publishes the daily exchange rates of the local currency
More informationWeb Browser Questions What Web browsers does Johnson Bank Retirement Plan Services support?
FREQUENTLY ASKED QUESTIONS AND ANSWERS Security Questions How secure is the Johnson On-Line - Retirement Account site? What is "strong" SSL encryption? Does the user need a special browser for it? What
More informationCopyright 2006 Prentice-Hall. All rights reserved. 1
PC Basics CPSC 100 Hardware Software Networking Copyright 2006 Prentice-Hall. All rights reserved. 1 Objectives Identify basic components of a computer (hardware) Gain insight into how computers work (software)
More informationW e b A p p l i c a t i o n S e c u r i t y : T h e D e v i l i s i n t h e D e t a i l s
W e b A p p l i c a t i o n S e c u r i t y : T h e D e v i l i s i n t h e D e t a i l s Session I of III JD Nir, Security Analyst Why is this important? ISE Proprietary Agenda About ISE Web Applications
More informationQuick Heal Total Security Multi-Device (Mac) Simple, fast and seamless protection for Mac.
Total Security Multi-Device (Mac) Simple, fast and seamless protection for Mac. Product Highlights Quick Heal Fast and highly responsive Virus Protection. Browsing Protection and Phishing Protection to
More informationOne of the fundamental kinds of websites that SharePoint 2010 allows
Chapter 1 Getting to Know Your Team Site In This Chapter Requesting a new team site and opening it in the browser Participating in a team site Changing your team site s home page One of the fundamental
More informationQuick Heal Total Security for Mac. Simple, fast and seamless protection for Mac.
Simple, fast and seamless protection for Mac. Product Highlights Fast and highly responsive Virus Protection. Browsing Protection and Phishing Protection to keep malicious websites at bay. Smooth email
More informationCross-site request forgery Cross-site scripting Man-in-the-browser Session hijacking Malware Man-in-the-middle DNS cache poisoning DNS spoofing DNS hijacking Dictionary attacks DDoS DDoS Eavesdropping
More informationComputer Security. Assoc. Prof. Pannipa Phaiboonnimit. Adapted for English Section by Kittipitch Kuptavanich and Prakarn Unachak
Computer Security Assoc. Prof. Pannipa Phaiboonnimit 1 Adapted for English Section by Kittipitch Kuptavanich and Prakarn Unachak Classification of Threats Computer Attack Intend to damage files, computers
More informationBEST PRACTICES FOR PERSONAL Security
BEST PRACTICES FOR PERSONAL Email Security Sometimes it feels that the world of email and internet communication is fraught with dangers: malware, viruses, cyber attacks and so on. There are some simple
More informationObjectives. Classes of threats to networks. Network Security. Common types of network attack. Mitigation techniques to protect against threats
ITE I Chapter 6 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 1 Objectives Enterprise Network Security Describe the general methods used to mitigate security threats to Enterprise networks
More informationCross-Site Request Forgery: The Sleeping Giant. Jeremiah Grossman Founder and CTO, WhiteHat Security
Cross-Site Request Forgery: The Sleeping Giant Jeremiah Grossman Founder and CTO, WhiteHat Security Cross-Site Request Forgeries (CSRF) 1. Session Riding 2. Client-Side Trojans 3. Confused Deputy 4. Web
More informationcs642 /introduction computer security adam everspaugh
cs642 computer security /introduction adam everspaugh ace@cs.wisc.edu definition Computer Security := understanding and improving the behavior of computing systems in the presence of adversaries adversaries
More informationMobile Malfeasance. Exploring Dangerous Mobile Code. Jason Haddix, Director of Penetration Testing
Mobile Malfeasance Exploring Dangerous Mobile Code Jason Haddix, Director of Penetration Testing Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to
More informationPROTECTING YOUR BUSINESS ASSETS
PROTECTING YOUR BUSINESS ASSETS How to Spot Danger Before Your Computer Gets Infected, Your Site Hosts Malware, and Your Credit Card Number Gets Stolen A MyNAMS Presentation by Regina Smola @2012 Regina
More informationBackend IV: Authentication, Authorization and Sanitization. Tuesday, January 13, 15
6.148 Backend IV: Authentication, Authorization and Sanitization The Internet is a scary place Security is a big deal! TODAY What is security? How will we try to break your site? Authentication,
More informationStaying Safe on the Internet. Mark Schulman
Staying Safe on the Internet Mark Schulman 1 Your Presenter Mark Schulman IT professional for almost 40 years No affiliation with any product 2 What We ll Talk About Passwords Email Safety Staying Safe
More informationECDL / ICDL IT Security. Syllabus Version 2.0
ECDL / ICDL IT Security Syllabus Version 2.0 Module Goals Purpose This document details the syllabus for the IT Security module. The syllabus describes, through learning outcomes, the knowledge and skills
More informationQuick Heal AntiVirus Pro Advanced. Protects your computer from viruses, malware, and Internet threats.
AntiVirus Pro Advanced Protects your computer from viruses, malware, and Internet threats. Features List Ransomware Protection anti-ransomware feature is more effective and advanced than other anti-ransomware
More informationCOMPUTER NETWORK SECURITY
COMPUTER NETWORK SECURITY Prof. Dr. Hasan Hüseyin BALIK (1 st Week) Outline Course Information and Policies Course Syllabus 1. Overview Course Information Instructor: Prof. Dr. Hasan H. BALIK, balik@yildiz.edu.tr,
More informationMalware, , Database Security
Malware, E-mail, Database Security Malware A general term for all kinds of software with a malign purpose Viruses, Trojan horses, worms etc. Created on purpose Can Prevent correct use of resources (DoS)
More informationMTAT Research Seminar in Cryptography The Security of Mozilla Firefox s Extensions
MTAT.07.019 Research Seminar in Cryptography The Security of Mozilla Firefox s Extensions Kristjan Krips 1 Introduction Mozilla Firefox has 24.05% of the recorded usage share of web browsers as of October
More informationCopyright
1 SECURITY TEST Data flow -- Can you establish an audit trail for data, what goes where, is data in transit protected, and who has access to it? Data storage -- Where is data stored, and is it encrypted?
More informationGCIH. GIAC Certified Incident Handler.
GIAC GCIH GIAC Certified Incident Handler TYPE: DEMO http://www.examskey.com/gcih.html Examskey GIAC GCIH exam demo product is here for you to test the quality of the product. This GIAC GCIH demo also
More informationn Learn about the Security+ exam n Learn basic terminology and the basic approaches n Implement security configuration parameters on network
Always Remember Chapter #1: Network Device Configuration There is no 100 percent secure system, and there is nothing that is foolproof! 2 Outline Learn about the Security+ exam Learn basic terminology
More informationSecurity+ Guide to Network Security Fundamentals, Third Edition. Chapter 3 Protecting Systems
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 3 Protecting Systems Objectives Explain how to harden operating systems List ways to prevent attacks through a Web browser Define
More informationQuick Heal Total Security for Mac. Simple, fast and seamless protection for Mac.
Simple, fast and seamless protection for Mac. Product Highlights Quick Heal Fast and highly responsive Virus Protection. Browsing Protection and Phishing Protection to keep malicious websites at bay. Smooth
More informationSECURE USE OF IT Syllabus Version 2.0
ICDL MODULE SECURE USE OF IT Syllabus Version 2.0 Purpose This document details the syllabus for the Secure Use of IT module. The syllabus describes, through learning outcomes, the knowledge and skills
More informationCS System Security 2nd-Half Semester Review
CS 356 - System Security 2nd-Half Semester Review Fall 2013 Final Exam Wednesday, 2 PM to 4 PM you may bring one 8-1/2 x 11 sheet of paper with any notes you would like no cellphones, calculators This
More informationETHICAL HACKING & COMPUTER FORENSIC SECURITY
ETHICAL HACKING & COMPUTER FORENSIC SECURITY Course Description From forensic computing to network security, the course covers a wide range of subjects. You will learn about web hacking, password cracking,
More informationHow NOT To Get Hacked
How NOT To Get Hacked The right things to do so the bad guys can t do the wrong ones Mark Burnette Partner, LBMC -Risk Services October 25, 2016 Today s Agenda Protecting Against A Hack How should I start?
More informationDrone /12/2018. Threat Model. Description. Threats. Threat Source Risk Status Date Created
Drone - 2 04/12/2018 Threat Model Description Threats Threat Source Risk Status Date Created Mobile Phone: Sensitive Data Leakage Smart Devices Mobile Phone: Session Hijacking Smart Devices Mobile Phone:
More informationThreat analysis. Tuomas Aura CS-C3130 Information security. Aalto University, autumn 2017
Threat analysis Tuomas Aura CS-C3130 Information security Aalto University, autumn 2017 Outline What is security Threat analysis Threat modeling example Systematic threat modeling 2 WHAT IS SECURITY 3
More informationCompTIA Security+(2008 Edition) Exam
http://www.51- pass.com Exam : SY0-201 Title : CompTIA Security+(2008 Edition) Exam Version : Demo 1 / 7 1.An administrator is explaining the conditions under which penetration testing is preferred over
More informationThe process by which a user can associate specific permissions to each username.
Jargon Buster A Antispyware A program that detects and removes malicious programs on your computer called spyware. Once it is installed can collect information without the users consent, that can be almost
More informationANTIVIRUS SITE PROTECTION (by SiteGuarding.com)
ANTIVIRUS SITE PROTECTION (by SiteGuarding.com) USER GUIDE Version 1.0.0 Antivirus Site Protection (by SiteGuarding.com) 1.0.0 1 Table of content 1. INTRODUCTION. 3 2. HOW IT WORKS.... 6 3. HOW TO CONFIGURE..
More informationSystems and Principles Unit Syllabus
Systems and Principles Unit Syllabus Level 2 7540-011 www.cityandguilds.com January 2011 Version 1.0 About City & Guilds City & Guilds is the UK s leading provider of vocational qualifications, offering
More informationINTERNET SAFETY* GALEN GARRETSON RASCAL MARCH 2-3, * Sources include learnfree.org, PC World, wikpedia.com, techterms.com
INTERNET SAFETY* GALEN GARRETSON RASCAL MARCH 2-3, 2016 * Sources include learnfree.org, PC World, wikpedia.com, techterms.com SOME QUESTIONS TO ASK YOURSELF. HAVE YOU.. 1. Googled yourself to see what
More informationLevel 3 Principles of ICT Systems and Data Security ( / )
Level 3 Principles of ICT Systems and Data Security (7540-040/7630-345) Systems and Principles Assignment guide for Candidates Assignment A www.cityandguilds.com September 2017 Version 2.0 About City &
More informationLanguage-Based Protection
Language-Based Protection Specification of protection in a programming language allows the high-level description of policies for the allocation and use of resources. Language implementation can provide
More informationPHP-security Software lifecycle General Security Webserver security PHP security. Security Summary. Server-Side Web Languages
Security Summary Server-Side Web Languages Uta Priss School of Computing Napier University, Edinburgh, UK Copyright Napier University Security Summary Slide 1/15 Outline PHP-security Software lifecycle
More informationSECURITY ON PUBLIC WI-FI New Zealand. A guide to help you stay safe online while using public Wi-Fi
SECURITY ON PUBLIC WI-FI New Zealand A guide to help you stay safe online while using public Wi-Fi WHAT S YOUR WI-FI PASSWORD? Enter password for the COFFEE_TIME Wi-Fi network An all too common question
More informationAdvanced Ethical Hacking & Penetration Testing. Ethical Hacking
Summer Training Internship Program 2017 (STIP - 2017) is a practical oriented & industrial level training program for all students who have aspiration to work in the core technical industry domain. This
More informationSECURITY STORY WE NEVER SEE, TOUCH NOR HOLD YOUR DATA
SECURITY STORY WE NEVER SEE, TOUCH NOR HOLD YOUR DATA CTO Office www.digi.me another Engineering Briefing digi.me keeping your data secure at all times ALL YOUR DATA IN ONE PLACE TO SHARE WITH PEOPLE WHO
More informationAuthentication and Password CS166 Introduction to Computer Security 2/11/18 CS166 1
Authentication and Password CS166 Introduction to Computer Security 2/11/18 CS166 1 CIA Triad Confidentiality Prevent disclosure of information to unauthorized parties Integrity Detect data tampering Availability
More informationIntroduction to Penetration Testing: Part One. Eugene Davis UAH Information Security Club February 21, 2013
Introduction to Penetration Testing: Part One Eugene Davis UAH Information Security Club February 21, 2013 Ethical Considerations: Pen Testing Ethics of penetration testing center on integrity (ISC)² Code
More informationVendor: Microsoft. Exam Code: Exam Name: MTA Security Fundamentals Practice Test. Version: Demo
Vendor: Microsoft Exam Code: 98-367 Exam Name: MTA Security Fundamentals Practice Test Version: Demo DEMO QUESTION 1 To prevent users from copying data to removable media, you should: A. Lock the computer
More informationDuplication and/or selling of the i-safe copyrighted materials, or any other form of unauthorized use of this material, is against the law.
Thank you for your interest in e-safety, and for teaching safe and responsible Internet use to your students. Educators are invited to access and download i-safe curriculum AT NO CHARGE under the following
More informationCHAPTER 3. Information Systems: Ethics, Privacy, and Security
CHAPTER 3 Information Systems: Ethics, Privacy, and Security CHAPTER OUTLINE 3.1 Ethical Issues 3.2 Threats to Information Security 3.3 Protecting Information Resources LEARNING OBJECTIVES n Describe the
More informationWebGoat Lab session overview
WebGoat Lab session overview Initial Setup Virtual Machine Tamper Data Web Goat Basics HTTP Basics Sniffing Web server attacks SQL Injection XSS INITIAL SETUP Tamper Data Hold alt to reveal the menu in
More informationFeasibility study of scenario based self training material for incident response
24th Annual FIRST Conference Feasibility study of scenario based self training material for incident response June 21, 2012 Hitachi Incident Response Team Chief Technology and Coordination Designer Masato
More informationCourse Outline (version 2)
Course Outline (version 2) Page. 1 CERTIFIED SECURE COMPUTER USER This course is aimed at end users in order to educate them about the main threats to their data s security. It also equips the students
More informationAttack Vectors in Computer Security
Attack Vectors in Computer Security Who Am I @WillGoard My first proper hacksoc talk I speak fluent greek Sell more pizzas have more fun Why attack vectors? Didn t know what to do for my dissertation Started
More informationMU2a Authentication, Authorization & Accounting Questions and Answers with Explainations
98-367 MU2a Authentication, Authorization & Accounting Questions and Answers with Explainations Which are common symptoms of a virus infection? (Lesson 5 p 135-136) Poor system performance. Unusually low
More informationThreat Modeling. Bart De Win Secure Application Development Course, Credits to
Threat Modeling Bart De Win bart.dewin@ascure.com Secure Application Development Course, 2009 Credits to Frank Piessens (KUL) for the slides 2 1 Overview Introduction Key Concepts Threats, Vulnerabilities,
More information