Network Security Testing — Are There Really Different Types of Testing? July 28, 2015 Start Time: 9 am US Pacific / 12 noon US Eastern / 5 pm London Time Web CONFERENCES #ISSAWebConf
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Network Security Testing—Are There Really Different Types of Testing?
July 28, 2015Start Time: 9 am US Pacific / 12 noon US Eastern / 5 pm London Time
WebCONFERENCES
#ISSAWebConf
Brought to you by:
Title goes here 2WebCONFERENCE:
#ISSAWebConf
Network Testing—Are There Really Different Types of Testing?
Network Security Testing—Are There Really Different Types of Testing?
Welcome Conference Moderator
July 28, 2015Start Time: 9 am US Pacific
12 noon US Eastern
5 pm London Time
#ISSAWebConf WebCONFERENCES
Jorge Orchilles
Vice President, South Florida ISSA
Network Security Testing—Are There Really Different Types of Testing?
• John KindervagVice President & Principal Analyst, Forrrester
Research
• Eric RaistersCISSP, CSSLP
• Ira WinklerPresident, Secure Mentem, CISSP
• Donald ShinSr. Technical Business Development Manager, IXIA
Speaker Introduction
Title goes here 4WebCONFERENCE:
#ISSAWebConf
To ask a question:
Type in your question in the Chat area of your screen.
You may need to click on the double arrows to open this function.
Network Testing—Are There Really Different Types of Testing?
Network Security Testing—
Are There Really Different Types of Testing?
+1 469.221.5372
@Kindervag
#ISSAWebConf
WebCONFERENCES
John KindervagVice President, Principal Analyst serving Security & Risk Professionals at Forrester Research
Materials omitted due to licensing and reproduction rights.
Network Testing—Are There Really Different Types of Testing?
Network Security Testing—
Are There Really Different Types of Testing?
#ISSAWebConf
WebCONFERENCES
Eric RaistersCISSP, CSSLP
Approach SUT as an attacker
Process (from SANS Ethical Hacking)
Planning
Scoping
Reconnaissance
Scanning
Exploitation
Documentation/Reporting
Pen Test Basics
Network Testing—Are There Really Different Types of Testing? 8
Approach SUT as an attacker
In-house developed apps/services
White-box testing
Deployed systems/purchased products
Includes virtual servers and cloud deployments
Pen Test Purpose
Network Testing—Are There Really Different Types of Testing? 9
SUT object
Network – mis-configs, weak settings
Web apps/services – OWASP Top 10
Mobile apps/services – permissions, data leakage
Attack methods
Known vulnerability scans - automated
Exploitation proof - manual
Pen Test Types
Network Testing—Are There Really Different Types of Testing? 10
Kali Linux
Samurai Web Test Framework
Pwnie Express
Pen Test Toolkits
Network Testing—Are There Really Different Types of Testing? 11
Look for known vulnerabilities
Nessus (OpenVAS)
Nexpose
Core Impact
Burp Suite (free and commercial)
Zed Attack Proxy (OWASP)
Vulnerability Scan
Network Testing—Are There Really Different Types of Testing? 12
Prove a found vulnerability is exploitable
Metasploit (freed and commercial)
CANVAS
Network Exploits
Network Testing—Are There Really Different Types of Testing? 13
Burp Suite (free and commercial)
Zed Attack Proxy (OWASP)
Paros proxy
w3af
Netsparker
Web App Exploits
Network Testing—Are There Really Different Types of Testing? 14
Pwnie Express
zANTI
Hackcode
AndroRAT
Android Exploits
Network Testing—Are There Really Different Types of Testing? 15
Standard Linux pentest tools
iNalyser
iPhone Exploits
Network Testing—Are There Really Different Types of Testing? 16
Pen testing is important
Vulnerability scans are not enough
Exploit testing proves that a vulnerability is important enough to fix
Consider contracting experts
Consider a bug bounty program
If you don’t do it, the hackers will
Summary
Network Testing—Are There Really Different Types of Testing? 17
sectools.org
n0where.net/directory
OWASP.prg
kali.org
Eric Raisters
Resources
Network Testing—Are There Really Different Types of Testing? 18
19
Thank you!
Network Testing—Are There Really Different Types of Testing?
Eric RaistersCISSP, CSSLP
Question and Answer
Title goes here 20WebCONFERENCE:
#ISSAWebConf
To ask a question:
Type in your question in the Chat area of your screen.
You may need to click on the double arrows to open this function.
Network Testing—Are There Really Different Types of Testing?
Eric RaistersCISSP, CSSLP
Thank You
Title goes here 21WebCONFERENCE:
#ISSAWebConf
Network Testing—Are There Really Different Types of Testing?
Network Security Testing—
Are There Really Different Types of Testing?
#ISSAWebConf
WebCONFERENCES
Ira WinklerPresident, Secure Mentem, CISSP
23Network Testing—Are There Really Different Types of Testing?
Copyright Secure Mentem
24Network Testing—Are There Really Different Types of Testing?
25Network Testing—Are There Really Different Types of Testing?
26Network Testing—Are There Really Different Types of Testing?
Copyright Secure Mentem
27Network Testing—Are There Really Different Types of Testing?
Copyright Secure Mentem
28Network Testing—Are There Really Different Types of Testing?
Copyright Secure Mentem
29Network Testing—Are There Really Different Types of Testing?
30Network Testing—Are There Really Different Types of Testing?
Copyright Secure Mentem
31Network Testing—Are There Really Different Types of Testing?
Copyright Secure Mentem
32Network Testing—Are There Really Different Types of Testing?
33Network Testing—Are There Really Different Types of Testing?
34Network Testing—Are There Really Different Types of Testing?
35Network Testing—Are There Really Different Types of Testing?
36Network Testing—Are There Really Different Types of Testing?
37Network Testing—Are There Really Different Types of Testing?
38Network Testing—Are There Really Different Types of Testing?
Thank You
Ira WinklerPresident, Secure Mentem, CISSP
@irawinkler
Question and Answer
Title goes here 39WebCONFERENCE:
#ISSAWebConf
To ask a question:
Type in your question in the Chat area of your screen.
You may need to click on the double arrows to open this function.
Network Testing—Are There Really Different Types of Testing?
Ira WinklerPresident, Secure Mentem, CISSP
+1-443-603-02500
@irawinkler
Thank You
Title goes here 40WebCONFERENCE:
#ISSAWebConf
Network Testing—Are There Really Different Types of Testing?
Network Security Testing—
Are There Really Different Types of Testing?
www.ixiacom.com
#ISSAWebConf
WebCONFERENCES
Donald ShinSr. Technical Business Development Manager, IXIA
42Network Testing—Are There Really Different Types of Testing?
43Network Testing—Are There Really Different Types of Testing?
44Network Testing—Are There Really Different Types of Testing?
45Network Testing—Are There Really Different Types of Testing?
46Network Testing—Are There Really Different Types of Testing?
47Network Testing—Are There Really Different Types of Testing?
48Network Testing—Are There Really Different Types of Testing?
49Network Testing—Are There Really Different Types of Testing?
50Network Testing—Are There Really Different Types of Testing?
51Network Testing—Are There Really Different Types of Testing?
52Network Testing—Are There Really Different Types of Testing?
53Network Testing—Are There Really Different Types of Testing?
54Network Testing—Are There Really Different Types of Testing?
55Network Testing—Are There Really Different Types of Testing?
56Network Testing—Are There Really Different Types of Testing?
57Network Testing—Are There Really Different Types of Testing?
58Network Testing—Are There Really Different Types of Testing?
59Network Testing—Are There Really Different Types of Testing?
60Network Testing—Are There Really Different Types of Testing?
61Network Testing—Are There Really Different Types of Testing?
62Network Testing—Are There Really Different Types of Testing?
Donald ShinSr. Technical Business Development Manager
IXIAwww.ixiacom.com
Question and Answer
Title goes here 63WebCONFERENCE:
#ISSAWebConf
To ask a question:
Type in your question in the Chat area of your screen.
You may need to click on the double arrows to open this function.
Network Testing—Are There Really Different Types of Testing?
Donald Shin Sr. Technical Business Development Manager
IXIAwww.ixiacom.com
Thank You
Title goes here 64WebCONFERENCE:
#ISSAWebConf
Network Testing—Are There Really Different Types of Testing?
• John KindervagVice President & Principal Analyst, Forrester
Research
• Eric RaistersCISSP, CSSLP
• Ira WinklerPresident, Secure Mentem, CISSP
• Donald ShinSr. Technical Business Development Manager, IXIA
Open Panel with Audience Q&A
Title goes here 65WebCONFERENCE:
#ISSAWebConf
To ask a question:
Type in your question in the Chat area of your screen.
You may need to click on the double arrows to open this function.
Network Testing—Are There Really Different Types of Testing?
Thank you Citrix for donating
the Webcast service
Closing Remarks
Title goes here 66WebCONFERENCE:
#ISSAWebConf
Thank You
Network Testing—Are There Really Different Types of Testing?
• Within 24 hours of the conclusion of this webcast, you will receive a link via email to a post Web Conference quiz.
• After the successful completion of the quiz you will be given an opportunity to PRINT a certificate of attendance to use for the submission of CPE credits.
• On-Demand Viewers Quiz Link:http://www.surveygizmo.com/s3/2241426/ISSA-Web-Conference-July-28-2015-Network-Security-Testing-Are-There-Really-Different-Types-of-Testing
CPE Credit
Title goes here 67WebCONFERENCE:
#ISSAWebConf
Network Testing—Are There Really Different Types of Testing?
Related Documents
