security partners or security police
play

Security Partners or Security Police? Presented by: Janna - PDF document

Mar 17, 2023 •7 likes •157 views

T12 Security Testing 2019-05-02 11:15 Security Partners or Security Police? Presented by: Janna Loeffler , Carnival Corp. Yesenia Yser, Ultimate Software Brought to you

  1. T12 ¡ Security ¡Testing ¡ 2019-­‑05-­‑02 ¡11:15 ¡ Security ¡Partners ¡or ¡Security ¡Police? ¡ Presented ¡by: ¡ Janna ¡Loeffler , Carnival Corp. ¡ Yesenia Yser, Ultimate Software Brought ¡to ¡you ¡by: ¡ 888 -­‑-­‑-­‑ 268 -­‑-­‑-­‑ 8770 ¡ ·√·√ ¡904 -­‑-­‑-­‑ 278 -­‑-­‑-­‑ 0524 ¡-­‑ ¡info@techwell.com ¡-­‑ ¡ http://www.stareast.techwell.com/ ¡

  2. Janna ¡Loeffler ¡ Janna ¡Loeffler ¡has ¡more ¡than ¡fifteen ¡years ¡of ¡software ¡quality ¡experience. ¡She ¡holds ¡a ¡ bachelor's ¡degree ¡in ¡computer ¡engineering ¡and ¡a ¡master's ¡degree ¡in ¡business ¡ administration. ¡Working ¡in ¡a ¡variety ¡of ¡software ¡engineering ¡roles, ¡including ¡ development, ¡testing, ¡quality ¡assurance, ¡and ¡DevOps, ¡has ¡provided ¡her ¡with ¡a ¡holistic ¡ view ¡of ¡software ¡engineering. ¡She ¡has ¡worked ¡on ¡a ¡wide ¡variety ¡of ¡products, ¡such ¡as ¡ industrial ¡controls, ¡embedded ¡medical ¡devices, ¡websites, ¡mobile ¡applications, ¡and ¡ theme ¡park ¡attractions. ¡Janna ¡has ¡a ¡passion ¡for ¡helping ¡people ¡build ¡high2 quality ¡ software ¡more ¡efficiently. ¡ Yesenia Yser Yesenia Yser has over eight years in Information Technology and Software Security. She holds a bachelor's degree in computer science and a master's degree in digital forensics. Her professional background is composed of security software development and incident response, with emphasis on customer support, communication, training, security, and leadership awareness. She has managed and worked on a wide range of tools, such as certificate authority, encryption service, detection and alerting, mobile applications, and risk evaluation tools on a global scale. Yesenia is also passionate learner who studies Brazilian jiu jitsu and yoga in her free time.

  3. 4/24/19 ¡ SECURITY POLICE OR SECURITY PARTNERS? REALITY CHECK T ESLA M ODEL S • U PGRADED A UTOPILOT , FULL • SELF - DRIVING CAPABILITY , AND THE WORKS (~10 K ) S PENT OVER 70 K • A RRIVED VERY LATE • YESTERDAY • Y OU DECIDE TO DRIVE IT TOMORROW 1 ¡

  4. 4/24/19 ¡ WATCH THIEVES STEAL YOUR CAR WITH ONLY A MOBILE PHONE AND A TABLET! HEALTH CHECK 2 ¡

  5. 4/24/19 ¡ WHAT ARE TOP CYBERSECURITY THREATS FACING THE ENTERPRISE? OWASP TOP TEN T OP T EN W EB V ULNERABILITIES 2017 T OP T EN M OBILE S ECURITIES 2018 ● ● I NJECTION I MPROPER P LATFORM U SAGE ○ ○ B ROKEN A UTHENTICATION I NSECURE D ATA S TORAGE ○ ○ S ENSITIVE D ATA E XPOSURE I NSECURE C OMMUNICATION ○ ○ XML E XTERNAL E NTITIES (XXE) I NSECURE A UTHENTICATION ○ ○ ○ B ROKEN A CCESS C ONTROL ○ I NSUFFICIENT C RYPTOGRAPHY S ECURITY M ISCONFIGURATION I NSECURE A UTHORIZATION ○ ○ C ROSS -S ITE S CRIPTING (XSS) C LIENT C ODE Q UALITY ○ ○ I NSECURE D ESERIALIZATION C ODE T AMPERING ○ ○ U SING C OMPONENTS WITH K NOWN R EVERSE E NGINEERING ○ ○ V ULNERABILITIES E XTRANEOUS F UNCTIONALITY ○ I NSUFFICIENT L OGGING & M ONITORING ○ 3 ¡

  6. 4/24/19 ¡ TOP THREATS 4 ¡

  7. 4/24/19 ¡ HTTPS://WWW.YOUTUBE.COM/WATCH?V=F78UDORLL-Q TOP COMPLAINTS ABOUT SECURITY 5 ¡

  8. 4/24/19 ¡ W HY DO I HAVE TO GET PERMISSION OR GO THROUGH ACTIVE DIRECTORY FOR ACCESS ? ● S ERVICE A CCOUNTS ○ U SER A CCOUNTS ○ U SER R OLES AND P ERMISSIONS ○ W HY CAN ’ T I JUST USE GOOGLE DRIVE TO SHARE MY DOCUMENTS ? ● C LOUD P ROVIDER BREACHES ○ ● W HY CAN ’ T I JUST USE THIS OPEN SOURCE TOOL I FOUND ON GITHUB ? ● W HY DO I HAVE TO DO TWO FACTOR ? I SN ’ T MY PASSWORD GOOD ENOUGH ? A TTACK L AYERS ○ S OCIAL E NGINEERING ○ 6 ¡

  9. 4/24/19 ¡ HOW CAN YOU BECOME A SECURITY PARTNER? • • TRAINING • • • • • HTTPS :// APP . CYBRARY . IT / BROWSE • • • • • 7 ¡

  10. 4/24/19 ¡ WHEN IS ENOUGH GOOD ENOUGH? • • • • • • • PASSWORD • • • • • • • • 8 ¡

  11. 4/24/19 ¡ • VIRTUAL • • PRIVATE • • NETWORK • • (VPN) 9 ¡

  12. 4/24/19 ¡ SSL / TLS CERTIFICATES 10 ¡

  13. 4/24/19 ¡ TWO-FACTOR AUTHENTICATION AND IAM SERVICES T WO -F ACTOR AUTHENTICATION IAM S ERVICES ● ● Y UBIKEY OR U2F S ERVICE A CCOUNTS ○ ○ P USH N OTIFICATION R OLE -B ASED A CCESS C ONTROL ○ ○ T IME - BASED O NE T IME P ASSWORD (TOTP) T HIRD P ARTY SAML A UTH ○ ○ SMS / E MAIL (N OT R ECOMMENDED ) A MAZON ○ ■ ● TOTP T OOLS G OOGLE ■ G OOGLE A UTHENTICATOR ○ F ACEBOOK ■ ○ A MAZON A UTHENTICATOR F ACEBOOK A UTHENTICATOR ○ TESTING F UZZY TESTING • R AINBOW TABLES FOR BRUTE FORCING • AUTHENTICATION S ANITIZE AND V ALIDATE YOUR INPUTS • I F A USER CAN WRITE TEXT , THEY CAN EXPLOIT IT • I NJECT SQL AND XSS DURING YOUR TESTING • E NCRYPTION IN TRANSITION AND AT REST • E NCRYPT PII D ATABASES • B USINESS DEFINE PII • P ROPER ENVIRONMENT CONFIGURATIONS , SUCH AS • T HRESHOLD • L OAD BALANCING • T HROTTLE • C ACHING • 11 ¡

  14. 4/24/19 ¡ SECURITY TOOLS VPN ● S TATIC C ODE A NALYSIS ● ○ E XPRESS VPN B ANDIT (P YTHON ) ○ ○ N ORD VPN B RAKEMAN (R UBY ON R AILS ) ○ ○ C YBER G HOST G RAUDIT ○ ● T ESTING T OOLS S ONAR Q UBE ○ W APITI ○ P ASSWORD M ANAGEMENT T OOLS ● ○ Z ED A TTACK P ROXY L AST P ASS ○ ○ W3 AF 1P ASSWORD ○ ○ S KIPFISH ○ P OST M AN SECURITY TOOLS CONT. V IRUS S CANNING / M ALWARE / A D W ARE N ETWORK A NALYSIS ● ● M ALWARE B YTES W IRESHARK ○ ○ P HYSICAL P ROTECTION ● B IT D EFENDER A NTI V IRUS ○ P RIVACY S CREEN P ROTECTOR ○ K ASPERSKY A NTI V IRUS ○ F ILE T RANSFER ● A LWAYS L OCK Y OUR M ACHINE !!! ○ ○ F ILE Z ILLA ○ S TAY A CTIVE ○ W IN S CP (W INDOWS ) ■ S ELF -D EFENSE W ORKSHOPS SCP COMMAND (U NIX T ERMINAL ) M ARITAL A RTS / MMA ○ ■ C ARDIO ■ 12 ¡

  15. 4/24/19 ¡ QUESTIONS? CONTACT US! Y ESENIA Y SER YSER @ ULTIMATESOFTWARE . COM @ DORKTUX U LTIMATE SOFTWARE D IGITAL F ORENSICS | I NCIDENT R ESPONSE | S ECURITY S OFTWARE E NGINEER | J IU J ITERIA /Y OGI R ESPONSIBLE FOR DEVELOPING AND MANAGING INTERNAL SECURITY TOOLS AND FRAMEWORKS FOR DETECTING , ALERTING , ENCRYPTION AND SECURITY STANDARDS AT U LTIMATE S OFTWARE F UN F ACT : F IRST PRESENTATION AND I GRADUATE TODAY !! J ANNA L OEFFLER J LOEFFLER @ CARNIVAL . COM @J ANNA L OEFFLER C ARNIVAL C ORP & PLC S OFTWARE T ESTING | T ESTING L EADERSHIP | S ITE R ELIABILITY E NGINEERING (I DO “ THE D EV O PS ”) R ESPONSIBLE FOR DEVELOPING AND MANAGING THE TESTING AND QUALITY STANDARDS OF THE OCEAN EXPERIENCE SOFTWARE AT C ARNIVAL C ORPORATION & PLC F UN F ACT : F IRST TIME PRESENTING AT S TAR E AST ! (B UT NOT MY FIRST TIME PRESENTING ) 13 ¡

Recommend

Safety and Security Update Department / District Supports Police & Security School

Safety and Security Update Department / District Supports Police & Security School

Safety and Security Update Department / District Supports Police & Security School Leadership Social & Emotional Learning Psychological Services Operations & School Safety 2 Police & Security Staffing FY 19-20 Position

516 views • 14 slides
The Higher Institute of Police Sciences and Internal Security is the only Police University in

The Higher Institute of Police Sciences and Internal Security is the only Police University in

The Higher Institute of Police Sciences and Internal Security is the only Police University in Portugal and one of the 14 Police Universities in Europe accredited to Bologna and delivering a Master Degree on Police Sciences for Senior Police

254 views • 3 slides
2 nd Partners Meeting Security Outline of activities/floorplans Timeline and practical

2 nd Partners Meeting Security Outline of activities/floorplans Timeline and practical

2 nd Partners Meeting Security Outline of activities/floorplans Timeline and practical information EMAS: Waste reduction Se Security, ou our resp sponsib ibil ilit ity Specific security measures Ensuring safety of visitors,

282 views • 15 slides
What is network security? Friends and enemies: Alice, Bob, Trudy What is network security?

What is network security? Friends and enemies: Alice, Bob, Trudy What is network security?

Network security Network security Foundations: what is security? cryptography Network Security Network Security authentication message integrity key distribution and certification Security in practice: Srinidhi Varadarajan

332 views • 6 slides
Victorian Protective Data Security Framework Victorian Information Security Network PARTNERS

Victorian Protective Data Security Framework Victorian Information Security Network PARTNERS

Victorian Protective Data Security Framework Victorian Information Security Network PARTNERS Forum December 2016 C ommissioner for P rivacy and D ata P rotection Introductions Pr Presenter esenter Commissioner Privacy and Data Protection

363 views • 23 slides
Security Security as term, Possible Security violations Authentication Criteria for

Security Security as term, Possible Security violations Authentication Criteria for

BS1 WS19/20 topic-based slides Security Security as term, Possible Security violations Authentication Criteria for Trust in Computer Systems Three hearts of Windows Security DACLs A Look at Security System is secure if

988 views • 20 slides
CPSC410/611: Security Security Security Attacks Security Threats Crypto

CPSC410/611: Security Security Security Attacks Security Threats Crypto

CPSC 410 / 611 : Operating Systems CPSC410/611: Security Security Security Attacks Security Threats Crypto Authentication Examples SSL Security Threats Breach of confidentiality unauthorized access to

458 views • 18 slides
Biometrics and Security Biometrics and Security Biometrics and Security Biometrics and Security

Biometrics and Security Biometrics and Security Biometrics and Security Biometrics and Security

Biometrics and Security Biometrics and Security Biometrics and Security Biometrics and Security WS 06/07 Seminar Prof. Dr.-Ing. Jana Dittmann & Dr.-Ing. Claus Vielhauer with support from Tobias Scheidat

419 views • 16 slides
1 X.800 Security Services X.800 Security Services X.800 Security Services Data integrity

1 X.800 Security Services X.800 Security Services X.800 Security Services Data integrity

Course Overview Course Requirements EECS 498-7/8 Cryptography and Network Security: www.citi.umich.edu/u/honey/security Principles and Practice (Third Edition) Computer Security Monday & Friday, 9:00 10:30 William Stallings

670 views • 19 slides
A (re)introduction to Spring Security Agenda Before Spring Security: Acegi security

A (re)introduction to Spring Security Agenda Before Spring Security: Acegi security

A (re)introduction to Spring Security Agenda Before Spring Security: Acegi security Introducing Spring Security View layer security Whats coming in Spring Security 3 E-mail: craig@habuma.com Blog: http://www.springloaded.info

452 views • 19 slides
Police and Public Security in Mexico Police and Public Security in Mexico Edited by Robert A.

Police and Public Security in Mexico Police and Public Security in Mexico Edited by Robert A.

Police and Public Security in Mexico Police and Public Security in Mexico Edited by Robert A. Donnelly & David A. Shirk Edited by Robert A. Donnelly & David A. Shirk Overview Overview Background Background Summary

602 views • 27 slides
Network Security Network Security Srinidhi Varadarajan Network security Network security

Network Security Network Security Srinidhi Varadarajan Network security Network security

Network Security Network Security Srinidhi Varadarajan Network security Network security Foundations: what is security? cryptography authentication message integrity key distribution and certification Security in practice:

634 views • 36 slides
Security Overview Security Goals The Attack Space Security Mechanisms

Security Overview Security Goals The Attack Space Security Mechanisms

CSCE Intro to Computer Systems Security Security Overview Security Goals The Attack Space Security Mechanisms Introduction to Cryptography Authentication Authorization Confidentiality Case Studies Security

472 views • 20 slides
Preserving commodity security in the post-TRIPS world: The role of Partners Toby Kasper MSF -

Preserving commodity security in the post-TRIPS world: The role of Partners Toby Kasper MSF -

Preserving commodity security in the post-TRIPS world: The role of Partners Toby Kasper MSF - South Africa Partners in Population and Development Technical Consultation, 13 June The context Why IPRs matter to Partners Patients US$1

298 views • 16 slides
Security Profs. Bracy and Van Renesse based on slides by Prof. Sirer Security in the real world

Security Profs. Bracy and Van Renesse based on slides by Prof. Sirer Security in the real world

Security Profs. Bracy and Van Renesse based on slides by Prof. Sirer Security in the real world Security decisions based on: Value: How much is it worth? Locks: How hard is it to circumvent protection? Police: What are the

980 views • 47 slides
SECURITY TESTING Towards a safer web world AGENDA 1. 3 WS OF SECURITY TESTING 2. SECURITY

SECURITY TESTING Towards a safer web world AGENDA 1. 3 WS OF SECURITY TESTING 2. SECURITY

SECURITY TESTING Towards a safer web world AGENDA 1. 3 WS OF SECURITY TESTING 2. SECURITY TESTING CONCEPTS 3. SECURITY TESTING TYPES 4. TOP 10 SECURITY RISKS Few Security Breaches Date: 2013-14 September 2016, while in negotiations to

404 views • 18 slides
Security Security with Distributed Systems Why Security? The need for security mechanisms in

Security Security with Distributed Systems Why Security? The need for security mechanisms in

Security Security with Distributed Systems Why Security? The need for security mechanisms in distributed systems arises from the desire to share resources Resources must be protected against unauthorized access, as enemies (attackers)

1.16k views • 67 slides
Security Overview Security Goals The Attack Space Security Mechanisms

Security Overview Security Goals The Attack Space Security Mechanisms

CPSC 410/611 Operating Systems Security Security Overview Security Goals The Attack Space Security Mechanisms Introduction to Cryptography Authentication Authorization Confidentiality Case Studies

419 views • 19 slides
International and Global Security 1 Peer Discussion What is security? 2 International

International and Global Security 1 Peer Discussion What is security? 2 International

International and Global Security 1 Peer Discussion What is security? 2 International Security What is security? Freedom from threats to core values? Contestation over referent object: Individual? State? System? How is security achieved?

715 views • 11 slides
Security 101 Definition of Information Security Information security is the protection of

Security 101 Definition of Information Security Information security is the protection of

Computing Services Information Security Office Security 101 Definition of Information Security Information security is the protection of information and systems from unauthorized access, disclosure, modification, destruction or disruption. The

469 views • 22 slides
Think like a Hacker Not So Smart Phone security Introduction Peter Rietveld Liviu

Think like a Hacker Not So Smart Phone security Introduction Peter Rietveld Liviu

Partners in Information Security Think like a Hacker Not So Smart Phone security Introduction Peter Rietveld Liviu Rombaut Traxion Smartphones will never be secure Since security is not a simple notion What & Whom

331 views • 18 slides
Security Update Security Plans Our Security plans are For Official Use Only, Safety

Security Update Security Plans Our Security plans are For Official Use Only, Safety

Security Update Security Plans Our Security plans are For Official Use Only, Safety Sensitive Information Not for public or media release F.S. 119.071. Required by law, rule and regulation: Homeland Security Directive 5 and 8.

393 views • 11 slides
Maryland State Police Licensing Division Professional Licensing Section Security Guard Unit

Maryland State Police Licensing Division Professional Licensing Section Security Guard Unit

Maryland State Police Licensing Division Professional Licensing Section Security Guard Unit Private Detective Unit Maryland State Police Licensing Division (29) Division Commander Management Assoc. Capt. Dalaine Brady Carol Herron

372 views • 15 slides
IVR Security:- Internal A3acks Via Phone Line Who

IVR Security:- Internal A3acks Via Phone Line Who

IVR Security:- Internal A3acks Via Phone Line Who am I ? Rahul Sasi Security Researcher @ iSIGHT Partners . Member Garage4Hackers.

891 views • 33 slides

More recommend