Hardening Attack Vectors to cars by Fuzzing
|
|
- Joanna Garrison
- 5 years ago
- Views:
Transcription
1 Hardening Attack Vectors to cars by Fuzzing AESIN 2015 Ashley Benn, Regional Sales manager 29 th October, Synopsys, Inc. 1
2 Today, there are more than 100m lines of code in cars 2015 Synopsys, Inc. 2
3 CAR > 100 million lines of software code Cars are Software products, not only hardware anymore! Source : Prime Research 2015 Synopsys, Inc. 3
4 What does software control in these cars? Almost anything we want: Brakes FCW (forward collision warning) assisted braking, ABS to make the car stop better, Traction Control to handle better. Steering LDW (lane departure warning) and Park Assist Lidar yes, cars these days have collision prevention systems that detect other cars or objects and how fast they move Engine controls make the car explode fuel in the cylinders Throttle ACC (adaptive cruise control) make the car go! Network connectivity Mothership activities On-Star, Automatic accident notification - ecall 2015 Synopsys, Inc. 4
5 Software, computers and vehicle infrastructure Not just the vehicles Infrastructure to facilitate cooperating autonomous systems Connected cars in Smart Cities Driverless/autonomous cars will require roadside infrastructure that will communicate with vehicles to inform them of congestion, roadworks, etc 2015 Synopsys, Inc. 5
6 90% of all reported security incidents result from exploits against defects in software
7 Known vs unknown vulnerabilities Known Vulnerabilities: disclosed to the software vendor and/or security community, fixes or patches are available. ~70,000 unique Known Vulnerabilities (CVEs) Known vulnerabilities databases (NVD) Software with known vulnerabilities can be fixed/patched immediately Unknown Vulnerabilities: have not been disclosed to the software vendor and/or security community, do NOT have existing fixes or software patches available. Impossible to know how many unknown vulnerabilities exist You can t fix a problem you re not aware of 2015 Synopsys, Inc. 7
8 2015 Synopsys, Inc. 8 debugging today
9 Software/Security Development Life Cycle (SDLC) Requirements Design Implementation Testing Production Business requirements Quality gates Security and privacy risk assessment Project planning Budget and delivery Design requirements UX design Attack surface analysis Architecture Testing plan Unit testing Static code analysis (SAST) Software Composition Analysis (SCA) Architectural enforcement Open Source compliance Functional testing Protocol fuzzing Security review Interactive Application Security Testing (IAST) Security web dynamic testing (DAST) Application Performance Management Runtime Application Self Protection (RASP) Test management 2015 Synopsys, Inc. 9
10 Software Composition Analysis Manage your software Supply Chain 2015 Synopsys, Inc. 10
11 Today, Up to 90% of an Average Software Package Consists of Third-Party Code Builders and Buyers of Software Falsely Assume Security is an Upstream Responsibility, Bearing the Risk of an Unchecked Cyber Supply Chain Third-Party Code (Commercial Off-The- Shelf) First-Party Custom Code Third-Party Code (Free Open Source Software) 2015 Synopsys, Inc. 11
12 Test for Known Vulnerabilities in Third Party Software With more connectivity and interfaces, automobiles are increasingly exposed to third party software like never before. CAR INFOTAINMENT 35 3 rd -Party SW Components CAR INFOTAINMENT 1,174 CVEs affecting 17 Components 2015 Synopsys, Inc. 12
13 Dynamic Fuzz Testing Manage the infinite space of Unknown Vulnerabilities 2015 Synopsys, Inc. 13
14 What is Fuzz Testing Fuzzing is the process of sending intentionally invalid data to a product in the hopes of triggering an error condition or fault. These error conditions can lead to exploitable vulnerabilities. HD Moore 2015 Synopsys, Inc. 14
15 How is Software Fuzzed? ORGANIC: Invalid inputs sent unintentionally over time. Resulting vulnerabilities are a robustness or quality concern MALICIOUS: Hackers methodically searching for vulnerabilities that can be exploited. Resulting vulnerabilities are a security concern. PROACTIVE: Software builders and buyers who want to detect and remediate vulnerabilities before they are exploited. Mitigate risk by improving the quality and security of the software you build or buy. Fuzzing is the #1 technique used by black hat hackers and security researchers to discover new vulnerabilities Synopsys, Inc. 15
16 More About Fuzz Testing In fuzzing, there are typical invalid input types used to trigger common failure modes. Typical inputs: Boundaries conditions Illegal values Tough strings Good checksums on bad data Session awareness Failure modes: CrashDownload Busy loop Resource Leakage Other anomalous behaviors 2015 Synopsys, Inc. 16
17 Fuzzing No source code required good for buyers and builders Dynamic testing for locating unknown vulnerabilities Fuzzing technique makes a big difference The more legitimate the fuzzer can look, the better Focuses on exposed attack surface The oracle challenge What is failure? How can your fuzzer detect failure? Simple: valid messaging to verify external interface Better: target instrumentation, like valgrind, Asan, etc. Add behavior analysis: how Heartbleed was found DAST: Dynamic Application Software Testing 2015 Synopsys, Inc. 17
18 Fuzz testing is an excellent way to discover unknown vulnerabilities and prevent zero-day attacks Fuzz testing as part of the SDLC 2015 Synopsys, Inc. 18
19 Programmers write software code Developers write source code Multiple teams, perhaps Pull in third party components (More developers) Build finished product 2015 Synopsys, Inc. 19
20 Programmers make mistakes Developers are mortal Third party developers are also mortal 2015 Synopsys, Inc. 20
21 Static Analysis Finds bugs in source code Developers fix bugs Static Analysis 2015 Synopsys, Inc. 21
22 Software Composition Analysis SCA Finds third party components Lists known vulnerabilities Update or patch components Static Analysis 2015 Synopsys, Inc. 22
23 Fuzzing SCA Dynamic fuzz testing Find unknown vulnerabilities Fix more bugs Static Analysis Fuzzing 2015 Synopsys, Inc. 23
24 You Never Get All the Way There SCA There are always more bugs Fewer bugs == lower risk Quantitative & Traceable Static Analysis Fuzzing 2015 Synopsys, Inc. 24
25 What if You Didn t Write the Software? What are you getting? Trust, but verify SCA still works here Fuzzing still works here Fix by negotiating Apply pressure before buying SCA Or exploit! Fuzzing 2015 Synopsys, Inc. 25
26 Attack surfaces and exploit scenario 2015 Synopsys, Inc. 26
27 How do hackers exploit vulnerabilities in these attack surfaces? Well its NOT like in the films the hacker doesn t sit at a keyboard for 5 minutes then declare Yes I m in! 2015 Synopsys, Inc. 27
28 The reality is months/years of laborious effort Identifying individual vulnerabilities Then piecing together the elaborate jigsaw Head-unit RTOS vulnerability Media player audio file processing vulnerability Bluetooth configuration interface vulnerability SPI (serial periphery interface) bus vulnerability Diagnostic (pass through) device vulnerability OBD-II 2015 Synopsys, Inc. 28
29 But the end results can be very dramatic! More Connected, Less Secure. There is no safety without security! 2015 Synopsys, Inc. 29
30 Conclusion To mitigate risk of automotive cyber-security incidents Test your software and your software supply chain with Static Analysis, Software Composition Analysis and Fuzzing 2015 Synopsys, Inc. 30
31 2015 Synopsys, Inc. 31
Cybersecurity Challenges for Connected and Automated Vehicles. Robert W. Heller, Ph.D. Program Director R&D, Southwest Research Institute
Cybersecurity Challenges for Connected and Automated Vehicles Robert W. Heller, Ph.D. Program Director R&D, Southwest Research Institute Cars are becoming complex (and CAV is only part of it) 1965: No
More informationBUILDING APPLICATION SECURITY INTO PRODUCTION CONTAINER ENVIRONMENTS Informed by the National Institute of Standards and Technology
BUILDING APPLICATION SECURITY INTO PRODUCTION CONTAINER ENVIRONMENTS Informed by the National Institute of Standards and Technology ebook BUILDING APPLICATION SECURITY INTO PRODUCTION CONTAINER ENVIRONMENTS
More informationThe modern car has 100 million lines of code and over half of new vehicles will be connected by 2020.
Automotive The modern car has 100 million lines of code and over half of new vehicles will be connected by 2020. Cars are becoming increasingly connected through a range of wireless networks The increased
More informationDevelopment of Intrusion Detection System for vehicle CAN bus cyber security
Development of Intrusion Detection System for vehicle CAN bus cyber security Anastasia Cornelio, Elisa Bragaglia, Cosimo Senni, Walter Nesci Technology Innovation - SSEC 14 Workshop Automotive SPIN Italia
More informationAutomotive Cybersecurity: Why is it so Difficult? Steven W. Dellenback, Ph.D. Vice President R&D Intelligent Systems Division
Automotive Cybersecurity: Why is it so Difficult? Steven W. Dellenback, Ph.D. Vice President R&D Intelligent Systems Division Cybersecurity is not one Entry Point Four Major Aspects of Cybersecurity How
More informationFending Off Cyber Attacks Hardening ECUs by Fuzz Testing
Fending Off Cyber Attacks Hardening ECUs by Fuzz Testing In designing vehicle communication networks, security test procedures play an important role in the development process. Fuzz testing, which originated
More informationCybersecurity Technical Risk Indicators:
Cybersecurity Technical Risk Indicators: A Measure of Technical Debt Joe Jarzombek, CSSLP, PMP Global Manager, Software Supply Chain Solutions Synopsys Software Integrity Group Previously Director, Software
More informationExamining future priorities for cyber security management
Examining future priorities for cyber security management Cybersecurity Focus Day Insurance Telematics 16 Andrew Miller Chief Technical Officer Thatcham Research Owned by the major UK Motor Insurers with
More informationAgenda. About TRL. What is the issue? Security Analysis. Consequences of a Cyber attack. Concluding remarks. Page 2
Security Insert the Vulnerabilities title of your of the presentation Connected here Car Presented Presented by by Peter Name Vermaat Here Principal Job Title ITS - Date Consultant 24/06/2015 Agenda 1
More informationSecure Product Design Lifecycle for Connected Vehicles
Secure Product Design Lifecycle for Connected Vehicles Lisa Boran Vehicle Cybersecurity Manager, Ford Motor Company SAE J3061 Chair SAE/ISO Cybersecurity Engineering Chair AGENDA Cybersecurity Standards
More informationTHE ART OF SECURING 100 PRODUCTS. Nir
THE ART OF SECURING 100 PRODUCTS Nir Valtman @ValtmaNir I work for as the Application Security 1st time speaking publicly, except at Mmmm OH, AND Neither of my previous startups succeeded!
More informationSession 5311 Critical Testing Programs for Security Operations
Session 5311 Critical Testing Programs for Security Operations Introduction Neil Lakomiak UL Rodney Thayer Smithee Spelvin Agnew & Plinge, Inc. Coleman Wolf Environmental Systems Design, Inc. Testing Programs
More informationPreventing Cyber Attacks on Aftermarket Connectivity Solutions Zach Blumenstein, BD Director Argus Cyber Security
Preventing Cyber Attacks on Aftermarket Connectivity Solutions Zach Blumenstein, BD Director Argus Cyber Security In less than a year, 100s of millions connected cars Aftermarket connectivity most prevalent
More informationDiscover Best of Show März 2016, Düsseldorf
Discover Best of Show 2016 2. - 3. März 2016, Düsseldorf 2. - 3. März 2016 Softwaresicherheit im Zeitalter von DevOps Lucas von Stockhausen Regional Product Manager Fortify The case for Application Security
More informationThe Safe State: Design Patterns and Degradation Mechanisms for Fail- Operational Systems
The Safe State: Design Patterns and Degradation Mechanisms for Fail- Operational Systems Alexander Much 2015-11-11 Agenda About EB Automotive Motivation Comparison of different architectures Concept for
More informationThe Key Principles of Cyber Security for Connected and Automated Vehicles. Government
The Key Principles of Cyber Security for Connected and Automated Vehicles Government Contents Intelligent Transport System (ITS) & Connected and Automated Vehicle (CAV) System Security Principles: 1. Organisational
More informationTHE MAIN APPLICATION SECURITY TECHNOLOGIES TO ADOPT BY 2018
THE MAIN APPLICATION SECURITY TECHNOLOGIES TO ADOPT BY 2018 1 Application Security Continues to Evolve This September, consumer credit reporting agency Equifax reported a security breach that occurred
More informationHow to spend $3.6M on one coding mistake and other fun stuff you can do with $3.6M. Matias Madou Ph.D., Secure Code Warrior
How to spend $3.6M on one coding mistake and other fun stuff you can do with $3.6M Matias Madou Ph.D., Secure Code Warrior Matias Madou, Ph.D. CTO and Co-Founder Ph.D. in Computer Engineering from Ghent
More informationPENETRATION TESTING OF AUTOMOTIVE DEVICES. Dr. Ákos Csilling Robert Bosch Kft., Budapest HUSTEF 15/11/2017
PENETRATION TESTING OF AUTOMOTIVE DEVICES Dr. Ákos Csilling Robert Bosch Kft., Budapest HUSTEF 15/11/2017 Imagine your dream car 2 Image: 2017 ESCRYPT. Exemplary attack demonstration only. This is NOT
More informationVulnerability disclosure
Vulnerability disclosure Don t forget overall goal: improve software safety Consider incentives for researchers, software vendors, customers Supply chain can be complex Software component developers Open
More informationEstablishing Technology Trust in a Containerised World
Tim Mackey Senior Technology Evangelist Black Duck by Synopsys Establishing Technology Trust in a ised World Operations Development Design is Like Designing a New Car Engineers Design using internal and
More informationIMPROVING ADAS VALIDATION WITH MBT
Sophia Antipolis, French Riviera 20-22 October 2015 IMPROVING ADAS VALIDATION WITH MBT Presented by Laurent RAFFAELLI ALL4TEC laurent.raffaelli@all4tec.net AGENDA What is an ADAS? ADAS Validation Implementation
More informationCoverity Static Analysis Support for MISRA Coding Standards
Coverity Static Analysis Support for MISRA Coding Standards Fully ensure the safety, reliability, and security of software written in C and C++ Overview Software is eating the world. Industries that have
More informationMeasuring and Evaluating Cyber Risk in ICS Components, Products and Systems
Measuring and Evaluating Cyber Risk in ICS Components, Products and Systems Copyright 2018 UL LLC. All rights reserved. No portion of this material may be reprinted in any form without the express written
More informationCooperative Vehicles Opportunity and Challenges
Cooperative Vehicles Opportunity and Challenges State Smart Transportation Initiative Toyota Motor Engineering & Manufacturing North America (TEMA) Toyota Technical Center (TTC) Hideki Hada 4/24/2012 Presentation
More informationFuture Implications for the Vehicle When Considering the Internet of Things (IoT)
Future Implications for the Vehicle When Considering the Internet of Things (IoT) FTF-AUT-F0082 Richard Soja Automotive MCU Systems Engineer A P R. 2 0 1 4 TM External Use Agenda Overview of Existing Automotive
More informationSecuring the future of mobility
Kaspersky Transportation System Security AVL Software and Functions Securing the future of mobility www.kaspersky.com #truecybersecurity Securing the future of mobility Connected car benefits The need
More informationCase Study: The Evolution of EMC s Product Security Office. Dan Reddy, CISSP, CSSLP EMC Product Security Office
Case Study: The Evolution of EMC s Product Security Office Dan Reddy, CISSP, CSSLP EMC Product Security Office 1 The Evolution of EMC Product Security 2000-2004 2005-2009 2010-Beyond External Drivers Hackers
More informationImproving Security in Embedded Systems Felix Baum, Product Line Manager
Improving Security in Embedded Systems Felix Baum, Product Line Manager The Challenge with Embedded Security Business Imperatives Security Imperatives I need to keep my production expenses as low as possible.
More informationCountermeasures against Cyber-attacks
Countermeasures against Cyber-attacks Case of the Automotive Industry Agenda Automotive Basics ECU, domains, CAN Automotive Security Motivation, trends Hardware and Software Security EVITA, SHE, HSM Secure
More informationSECURIFY: A COMPOSITIONAL APPROACH OF BUILDING SECURITY VERIFIED SYSTEM
1 SRIFY: A COMPOSITIONAL APPROACH OF BUILDING SRITY VERIFIED SYSTEM Liu Yang, Associate Professor, NTU SG-CRC 2018 28 March 2018 2 Securify Approach Compositional Security Reasoning with Untrusted Components
More informationVerification and Validation of High-Integrity Systems
Verification and Validation of High-Integrity Systems Chethan CU, MathWorks Vaishnavi HR, MathWorks 2015 The MathWorks, Inc. 1 Growing Complexity of Embedded Systems Emergency Braking Body Control Module
More information13W-AutoSPIN Automotive Cybersecurity
13W-AutoSPIN Automotive Cybersecurity Challenges and opportunities Alessandro Farsaci (CNH industrial) Cosimo Senni (Magneti Marelli) Milan, Italy November 12th, 2015 Agenda Automotive Cybersecurity Overview
More informationAutomotive Cyber Security
Automotive Cyber Security Rajeev Shorey (Ph.D.) Principal Scientist TCS Innovation Labs Cincinnati, USA & Bangalore, India Copyright 2013 Tata Consultancy Services Limited Connected Vehicles Chennai, 18
More informationA. SERVEL. EuCNC Special Sessions 5G connected car 01/07/2015
A. SERVEL EuCNC 2015 - Special Sessions 5G connected car 01/07/2015 Connected cars, a reality since 12 years for our customers! 2003 A Pioneer for emergency 1.6 million of equipped vehicles 2006 One of
More informationRethinking Product Security: Cloud Demands a New Way
SESSION ID: CSV-R11 Rethinking Product Security: Cloud Demands a New Way Reeny Sondhi Chief of Product Security Autodesk Inc. @reenysondhi Tony Arous Head of Application Security Autodesk Inc. @tonyarous
More informationSecuring the Connected Car. Eystein Stenberg Product Manager Mender.io
Securing the Connected Car Eystein Stenberg Product Manager Mender.io The software defined car Electronics Telematics Infotainment Connected Assisted driving Autonomous Hardware enabled Software enabled
More informationIs Your Web Application Really Secure? Ken Graf, Watchfire
Is Your Web Application Really Secure? Ken Graf, Watchfire What we will discuss today Pressures on the application lifecycle Why application security defects matter How to create hacker resistant business
More informationNathan Desmet. Lead Engineer
Nathan Desmet Lead Engineer Degree in Applied Informatics - Computer and Cyber Crime Professional Co-founder of Sensei Security (which is merged with SCW) Leading the development of Sensei. Pieter De Cremer,
More informationEngineering Your Software For Attack
Engineering Your Software For Attack Robert A. Martin Senior Principal Engineer Cyber Security Center Center for National Security The MITRE Corporation 2013 The MITRE Corporation. All rights reserved.
More informationConvergence of Safety, Systems & Cybersecurity Bill StClair, Director, LDRA, US Operations
Convergence of Safety, Systems & Cybersecurity Bill StClair, Director, LDRA, US Operations Agenda Nexus of Safety and Cybersecurity Separation and Connectivity Trends in Aerospace Cybersecurity Isn t Security
More informationInternet infrastructure
Internet infrastructure Prof. dr. ir. André Mariën (c) A. Mariën 04/03/2014 1 Topic Vulnerability and patch management (c) A. Mariën 04/03/2014 2 Requirements Security principle: Everything can and will
More informationAutomotive Anomaly Monitors and Threat Analysis in the Cloud
Automotive Anomaly Monitors and Threat Analysis in the Cloud Dr. André Weimerskirch Vector Automotive Cyber Security Symposium October 12, 2017 Cybersecurity Components Secure Internal & External Communications
More informationShiftLeft. Real-World Runtime Protection Benchmarking
ShiftLeft Real-World Runtime Protection Benchmarking Table of Contents Executive Summary... 02 Testing Approach... 02 ShiftLeft Technology... 04 Test Application... 06 Results... 07 SQL injection exploits
More informationSecurity Analysis of modern Automobile
Security Analysis of modern Automobile Dixit Verma Department of Electrical & Computer Engineering Missouri University of Science and Technology dv6cb@mst.edu 20 Apr 2017 Outline Introduction Attack Surfaces
More informationAutomotive Security: Challenges, Standards and Solutions. Alexander Much 12 October 2017
Automotive Security: Challenges, Standards and Solutions Alexander Much 12 October 2017 Driver s fears are being fueled by recent news Connected Cars, new opportunities for hackers Autonomous Driving Concepts
More informationMarch 6, Dear Electric Industry Vendor Community: Re: Supply Chain Cyber Security Practices
March 6, 2019 Dear Electric Industry Vendor Community: Re: Supply Chain Cyber Security Practices On July 21, 2016, the Federal Energy Regulatory Commission (FERC) directed the North American Electric Reliability
More informationSecurity for V2X Communications
Security for V2X Communications ITS Canada Annual General Meeting May 1-4, 2016 Brian Romansky VP Strategic Technology Your Connected Car Your Connected Car Security Security Partner Partner TrustPoint
More informationSecurity Challenges with ITS : A law enforcement view
Security Challenges with ITS : A law enforcement view Central Observatory for Intelligent Transportation Systems FRENCH MINISTRY OF INTERIOR GENDARMERIE NATIONALE Colonel Franck MARESCAL franck.marescal@gendarmerie.interieur.gouv.fr
More informationSOCIAL NETWORKING IN TODAY S BUSINESS WORLD
SOCIAL NETWORKING IN TODAY S BUSINESS WORLD AGENDA Review the use of social networking applications within the business environment Review current trends in threats, attacks and incidents Understand how
More informationSGS CYBER SECURITY GROWTH OPPORTUNITIES
SGS CYBER SECURITY GROWTH OPPORTUNITIES Eric Krzyzosiak GENERAL MANAGER DIGITAL Jeffrey Mc Donald Executive Vice President CERTIFICATION & BUSINESS ENHANCEMENT Eric Lee WIRELESS & CONSUMER RETAIL CYBER
More informationSecurity Testing: Terminology, Concepts, Lifecycle
Security Testing: Terminology, Concepts, Lifecycle Ari Takanen, CTO, Codenomicon Ltd. Ian Bryant, Technical Director, UK TSI 1 About the Speakers Ari Takanen Researcher/Teacher 1998-2002 @University of
More informationDEVELOPING SECURE EMBEDDED SOFTWARE
WHITE PAPER DEVELOPING SECURE EMBEDDED SOFTWARE QUALITY DOESN T EQUAL SECURITY www.programmingresearch.com TABLE OF CONTENTS INTRODUCTION... 3 SOFTWARE IS EVERYWHERE AND TIME TO MARKET IS EVERYTHING...
More informationThe Top 6 WAF Essentials to Achieve Application Security Efficacy
The Top 6 WAF Essentials to Achieve Application Security Efficacy Introduction One of the biggest challenges IT and security leaders face today is reducing business risk while ensuring ease of use and
More informationInternet of Things Security standards
Internet of Things Security standards Vangelis Gazis (vangelis.gazis@huawei.com) Chief Architect Security Internet of Things (IoT) Security Solution Planning & Architecture Design (SPD) Security standards
More informationCANSPY A Platform for Auditing CAN Devices
This document and its content is the property of Airbus Defence and Space. It shall not be communicated to any third party without the owner s written consent [Airbus Defence and Space Company name]. All
More informationSecure Development Lifecycle
Secure Development Lifecycle Strengthening Cisco Products The Cisco Secure Development Lifecycle (SDL) is a repeatable and measurable process designed to increase Cisco product resiliency and trustworthiness.
More informationSecuring the Connected Car. Eystein Stenberg CTO Mender.io
Securing the Connected Car Eystein Stenberg CTO Mender.io The software defined car Electronics Telematics Infotainment Connected Assisted driving Autonomous Hardware enabled Software enabled Software defined
More informationAutomotive Security Standardization activities and attacking trend
Automotive Standardization activities and attacking trend Ingo Dassow, Deloitte November 2017 Automotive Risk Overview Trends and risks for connected vehicles 2 Value and Components of a Car Autonomous
More informationBuilding Trustworthiness The Evolution of Secure Development. Glenn Pittaway and Alex Lucas Trustworthy Computing, Microsoft Corporation
Building Trustworthiness The Evolution of Secure Development Glenn Pittaway and Alex Lucas Trustworthy Computing, Microsoft Corporation Goals Provide an understanding of the Microsoft view of security
More informationFunctional Safety Architectural Challenges for Autonomous Drive
Functional Safety Architectural Challenges for Autonomous Drive Ritesh Tyagi: August 2018 Topics Market Forces Functional Safety Overview Deeper Look Fail-Safe vs Fail-Operational Architectural Considerations
More informationProcurement Language for Supply Chain Cyber Assurance
Procurement Language for Supply Chain Cyber Assurance Procurement Language for Supply Chain Cyber Assurance Introduction For optimal viewing of this PDF, please view in Adobe Acrobat. This document serves
More informationCyberLegislation Is Upon Us But Are We Ready?
SESSION ID: FRM-R03 CyberLegislation Is Upon Us But Are We Ready? Joshua Corman CTO, Sonatype Founder, I am The Cavalry #RSAC #RSAC 2 10/23/2013 It s not enough to do your best; you must know what to do,
More informationGujarat Forensic Sciences University
Gujarat Forensic Sciences University Knowledge Wisdom Fulfilment Cyber Security Consulting Services Secure Software Engineering Infrastructure Security Digital Forensics SDLC Assurance Review & Threat
More informationHow to Prepare a Response to Cyber Attack for a Multinational Company.
You Have Been Breached! How to Prepare a Response to Cyber Attack for a Multinational Company. Chayan Chakravarti, MBA, CISM, PMP Patrick Enyart, CISA, CISM, CRISC Presenters Chayan Chakravarti Manager,
More informationApplication Security at Scale
Jake Marcinko Standards Manager, PCI Security Standards Council Jeff Williams CTO, Contrast Security Application Security at Scale AppSec at Scale Delivering Timely Security Solutions / Services to Meet
More informationWeb 2.0, Consumerization, and Application Security
Web 2.0, Consumerization, and Application Security Chenxi Wang, Ph.D. Principal Analyst Forrester Research OWASP, New York City September 25, 2008 Today s enterprises face multitude of challenges Business-driven
More informationCSE 127 Computer Security
CSE 127 Computer Security Alex Gantman, Spring 2018, Lecture 19 SDLC: Secure Development Lifecycle Defining Security Security is not a functionality feature Most of computer science is about providing
More informationCyber Security for Process Control Systems ABB's view
Kaspersky ICS Cybersecurity 2017, 2017-09-28 Cyber Security for Process Control Systems ABB's view Tomas Lindström, Cyber Security Manager, ABB Control Technologies Agenda Cyber security for process control
More informationhidden vulnerabilities
hidden vulnerabilities industrial networks in 30 minutes Cyber Security introduction Frank Kemeling Certified Ethical Hacker [CEH] EC-Council Certified Security Analyst [ESCA] Licensed Penetration Tester
More informationExposing The Misuse of The Foundation of Online Security
Exposing The Misuse of The Foundation of Online Security HLA ID: 90FZSBZFZSB 56BVCXVBVCK 23YSLUSYSLI 01GATCAGATC Cyber space is very similar to organic realm Keys & certificates are like HLA tags But,
More informationDevice Discovery for Vulnerability Assessment: Automating the Handoff
Device Discovery for Vulnerability Assessment: Automating the Handoff O V E R V I E W While vulnerability assessment tools are widely believed to be very mature and approaching commodity status, they are
More informationThe Imperative of Pervasive Security in the Digital Era. Graham Holmes Senior Director, Advanced Security Initiatives Group October 2016
The Imperative of Pervasive Security in the Digital Era Graham Holmes Senior Director, Advanced Security Initiatives Group October 2016 What Does 2030 Look Like? 6.1B 2.5T 18.5% 26 Smartphones Connectable
More informationOffense & Defense in IoT World. Samuel Lv Keen Security Lab, Tencent
Offense & Defense in IoT World Samuel Lv Keen Security Lab, Tencent Keen Security Lab of Tencent Wide coverage of software and hardware security research Mainstream PC & Mobile Operating Systems Mainstream
More informationAgenda. > AUTOSAR Overview. AUTOSAR Solution. AUTOSAR on the way
AUTOSAR Overview Agenda > AUTOSAR Overview AUTOSAR Solution AUTOSAR on the way Slide: 2 Overview and Objectives AUTOSAR Partnership Slide: 3 Development of Functionality Electronic fuel injection Cruise
More informationEstablishing a Framework for Effective Testing and Validation of Critical Infrastructure Cyber-Security
Establishing a Framework for Effective Testing and Validation of Critical Infrastructure Cyber-Security Michael John SmartSec 2016, Amsterdam www.encs.eu European Network for Cyber Security The European
More informationConquering Complexity: Addressing Security Challenges of the Connected Vehicle
Conquering Complexity: Addressing Security Challenges of the Connected Vehicle October 3, 2018 Securely Connecting People, Applications, and Devices Ted Shorter Chief Technology Officer CSS Ted.Shorter@css-security.com
More informationMozilla position paper on the legislative proposal for an EU Cybersecurity Act
Mozilla position paper on the legislative proposal for an EU Cybersecurity Act Enhancing cybersecurity through government vulnerability disclosure I. INTRODUCTION This paper provides an overview of Mozilla
More informationWHITE PAPER. Best Practices for Web Application Firewall Management
WHITE PAPER Best Practices for Web Application Firewall Management WHITE PAPER Best Practices for Web Application Firewall Management.. INTRODUCTION 1 DEPLOYMENT BEST PRACTICES 2 Document your security
More informationAppScan Deployment APPLICATION SECURITY SERVICES. Colin Bell. Applications Security Senior Practice Manager
APPLICATION SECURITY SERVICES AppScan Deployment Colin Bell Applications Security Senior Practice Manager Copyright 2017 HCL Products & Platforms www.hcltech.com The Evolution of Devops 2001 - Continuous
More informationK12 Cybersecurity Roadmap
K12 Cybersecurity Roadmap Introduction Jason Brown, CISSP Chief Information Security Officer Merit Network, Inc jbrown@merit.edu @jasonbrown17 https://linkedin.com/in/jasonbrown17 2 Agenda 3 Why Use the
More informationMicro Focus Fortify Application Security
Micro Focus Fortify Application Security Petr Kunstat SW Consultant +420 603 400 377 petr.kunstat@microfocus.com My web/mobile app is secure. What about yours? High level IT Delivery process Business Idea
More informationProactive Approach to Cyber Security
Proactive roach to Cyber Security Jeffrey Neo Sales Director HP Enterprise Security Products Customers struggle to manage the security challenge Today, security is a board-level agenda item 2 Trends driving
More informationSDLC Maturity Models
www.pwc.com SDLC Maturity Models SecAppDev 2017 Bart De Win Bart De Win? 20 years of Information Security Experience Ph.D. in Computer Science - Application Security Author of >60 scientific publications
More informationSupply Chain Integrity and Security Assurance for ICT. Mats Nilsson
Supply Chain Integrity and Security Assurance for ICT Mats Nilsson The starting point 2 B Internet users 85% Population coverage 5+ B Mobile subscriptions 10 years of Daily upload E-Books surpassing Print
More informationLinux in Automotive From Open Source to Products
Linux in Automotive From Open Source to Products Mark Skarpness Director System Engineering, Intel Tsuguo Nobe Chief Advanced Service Architect and Director, Intel July 1st, 2014 Legal Information INFORMATION
More informationEmergency Response: How dedicated short range communication will help in the future. Matthew Henchey and Tejswaroop Geetla, University at Buffalo
Emergency Response: How dedicated short range communication will help in the future. 1.0 Introduction Matthew Henchey and Tejswaroop Geetla, University at Buffalo Dedicated short range communication (DSRC)
More informationMcAfee Product Security Practices
McAfee Product Security Practices 12 October 2017 McAfee Public Page 1 of 8 12 October 2017 Expires 12 Apr 2018 Importance of Security At McAfee (formerly Intel Security) we take product security very
More informationHP Fortify Software Security Center
HP Fortify Software Security Center Proactively Eliminate Risk in Software Trust Your Software 92% of exploitable vulnerabilities are in software National Institute for Standards and Technology (NIST)
More informationAn Introduction to the Waratek Application Security Platform
Product Analysis January 2017 An Introduction to the Waratek Application Security Platform The Transformational Application Security Technology that Improves Protection and Operations Highly accurate.
More informationFuture and Emerging Threats in ICT
Future and Emerging Threats in ICT www.ict-forward.eu Edita Djambazova Institute for Parallel Processing Bulgarian Academy of Sciences 1 Description ICT-FORWARD is a Coordination Action that aims at promoting
More informationFailure Diagnosis and Prognosis for Automotive Systems. Tom Fuhrman General Motors R&D IFIP Workshop June 25-27, 2010
Failure Diagnosis and Prognosis for Automotive Systems Tom Fuhrman General Motors R&D IFIP Workshop June 25-27, 2010 Automotive Challenges and Goals Driver Challenges Goals Energy Rising cost of petroleum
More informationHave breaches declined since the massive Heartland Payments leak in 2008? What proportion of breaches are the result of hacking?
The financial sector struggles with data leakage in part because many such organizations rely on dinosaurs - security solutions that struggle to protect data outside the corporate network. These orgs also
More informationSynology Security Whitepaper
Synology Security Whitepaper 1 Table of Contents Introduction 3 Security Policy 4 DiskStation Manager Life Cycle Severity Ratings Standards Security Program 10 Product Security Incident Response Team Bounty
More informationTo realize Connected Vehicle Society. Yosuke NISHIMURO Ministry of Internal Affairs and Communications (MIC), Japan
To realize Connected Vehicle Society Yosuke NISHIMURO Ministry of Internal Affairs and Communications (MIC), Japan Services provided by Connected Vehicle 1 Vehicle 5G V2X Connected Vehicle Big Data AI
More informationAddressing Future Challenges in the Development of Safe and Secure Software Components The MathWorks, Inc. 1
Addressing Future Challenges in the Development of Safe and Secure Software Components 2016 The MathWorks, Inc. 1 Cybersecurity Emerging Topic in the Auto Industry Vehicle-to-Infrastructure Wifi Hotspot
More informationIoT and Privacy by Design
IoT and Privacy by Design A recap on previous presentation More recent work on GDPR, NIS Cyber Security, and the Human Right to Privacy The design process for consumer goods and services 2 current examples
More information113 BSIMM Activities at a Glance
113 BSIMM Activities at a Glance (Red indicates most observed BSIMM activity in that practice) Level 1 Activities Governance Strategy & Metrics (SM) Publish process (roles, responsibilities, plan), evolve
More informationFunctional Safety and Cyber Security Experiences and Trends
Functional Safety and Cyber Security Experiences and Trends Vector China Congress, Shanghai, 7. Sep. 2017 Dr. Christof Ebert, Vector Consulting Services V1.0 2017-09-07 Welcome Vector Consulting Services
More informationCybersecurity Risk Mitigation: Protect Your Member Data. Introduction
Cybersecurity Risk Mitigation: Protect Your Member Data Presented by Matt Mitchell, CISSP Knowledge Consulting Group Introduction Matt Mitchell- Director Risk Assurance 17 years information security experience
More information