SlideShare a Scribd company logo

Nethemba profil

OWASP (Open Web Application Security Project)
OWASP (Open Web Application Security Project)
Technology
1 of 21
Download to read offline
Why choose Nethemba s.r.o. (company introduction) Ing. Pavol Lupták, CISSP, CEH          www.nethemba.com             www.nethemba.com      
Who we are?  a group of computer security experts from  Czech/Slovak republic with more than 10 years  of experience  holders of world renowned security  certifications – CISSP (Certified Information  System Security Professional), CEH (Certified  Ethical Hacker), SCSecA (Sun Certified  Security Administrator), LPIC­3 (Linux    Professional Institute Certification)        www.nethemba.com       
Our core business  penetration tests  comprehensive web application security audits  design and implementation of ultra­secure and  high­availability systems  security training & courses  design and development of secure VoIP  solutions    highly skilled Unix/Linux outsourcing        www.nethemba.com       
Penetration tests  a method of evaluating the security of a  computer system or network by simulating an  attack by a malicious hacker  involves an active analysis of the system for  any weaknesses, technical flaws or  vulnerabilities and exploitation  experiences with almost all OS, smartphones,  PDAs   OSSTMM methodology is used        www.nethemba.com       
Penetration test approaches  Black box ­ a zero­knowledge attack ­ no  relevant information about the target  environment is provided, the most realistic  external penetration test  White box ­ a full­knowledge attack ­ all the  security information related to an environment  and infrastructure is considered  Grey box ­ a partial­knowledge attack          www.nethemba.com       
Penetration test phases  Discovery ­ information about the target system is identified  and documented (WHOIS service, public search engines,  domain registrators, etc.)  Enumeration ­ using intrusive methods and techniques to gain  more information about the target system (port scanning,  fingerprinting)  Vulnerability mapping ­ mapping the findings from the  enumeration to known and potential vulnerabilities   Exploitation ­ attempting to gain access through vulnerabilities  identified in the vulnerability­mapping phase. The goal is to gain  user­level and privileged (administrator) access to the system    (custom exploit scripts or exploit frameworks are used)        www.nethemba.com       
Comprehensive web application audits  the most comprehensive and deepest web  application audit on Czech/Slovak market  strictly follows the OWASP Testing Guide  practical hacking demonstration (writing exploit  codes, database dump, XSS/CSRF  demonstration etc)  one­day meeting with application's developers  comprehensive report in English/Czech/Slovak          www.nethemba.com       
OWASP involvement  OWASP (Open Web Application Security  Project) – the biggest and most respected free  and open application security community  our employees are OWASP chapter leaders for  Czech and Slovak republic attending OWASP  security conferences / trainings  we are OWASP Testing Guide (the best web  application security testing guide) contributors          www.nethemba.com       
Advanced security testing  comprehensive source code audit  wireless network testing  smartphone / PDAs testing  war dialing  social engineering          www.nethemba.com       
Ultra secure OSes  experts in design and implementation of ultra  secure OS (NSA SELinux, TrustedBSD,  Trusted Solaris)  suitable solution for high­risk critical  environment (banks, insurance companies)  providing full support and outsourcing of these  systems          www.nethemba.com       
Customized security solutions   LAMP security hardening  configuration and implementation of:  WAF (Web Application Firewalls)   IDS (Intrusion Detection System) and IPS  (Intrusion Prevention System)   Honeypot & Honeynet  we are vendor independent and unbiased !          www.nethemba.com       
Load­balanced and high­ availability clusters  design and implementation of big multi­servers  redundant load­balancer and high availability  clusters  based on Linux or any Unix system  ideal solution for the most visited web portals,  database clusters or redundant mail servers  that require high availability and security          www.nethemba.com       
Anti­DDoS hardening  suitable for customers that are threatened by  strong Distributed Denial Of Service attacks  (online casinos, banks, popular e­shops)  provide anti­DDoS server housing  design and implementation of geographical  clusters  own anti­DDoS plugin to HAProxy (load  balancer) development          www.nethemba.com       
VoIP design and implementation  design and implementation of complex VoIP  call centers based on Asterisk and OpenSER  focused on VoIP security (secure encrypted  calls, secure authentication)  we are Asterisk contributors (responsible for  T38 fax gateway development)  ideal for companies that do not trust their PSTN  lines or mobile phones          www.nethemba.com       
Security training & courses  we offer security training and courses in many  security areas including:  web application security  secure programming  wireless network security  ultra secure NSA SELinux  penetration tests & web application hacking          www.nethemba.com       
Highly skilled Unix/Linux  outsourcing  highly skilled and certified administrators  support of all UNIX systems  permanent monitoring of availability, security  patches etc.  good SLA conditions, 24x7 web / email /  telephone support    still on the top of “bleeding­edge” technologies        www.nethemba.com       
Security Research I  we have cracked the most used Czech and  Slovak Mifare Classic smartcards  we are the first ones in the world who have  implemented and publicly released our own  Mifare Classic Offline Cracker that can gain all  keys to all sectors from 1 billion smartcards(!!!)  in a few minutes  see https://www.nethemba.com/research          www.nethemba.com       
Security research II  we have revealed a serious inherent  vulnerability in public transport SMS tickets  which is described in our paper “Public  transport SMS ticket hacking”  Public transport companies in Prague,  Bratislava, Vienna, Kosice, Usti nad Labem are  still vulnerable  we are open for any security research          www.nethemba.com       
Presentations at security  conferences  our employees are frequent presenters on  many world­renowned security conferences  (Confidence, Hacking At Random, SASIB,  Network Security Congress, OpenWeekend,  Barcamp, CVTSS, ..)  do not miss our upcoming presentation about  “Mifare Classic Attacks in Practice” at  Confidence 2.0 in Warsaw          www.nethemba.com       
References  T­Mobile Czech Republic a.s.  NBS (National Bank of Slovakia)   ICZ, a.s  ITEG, a.s.  IPEX a.s.  Limba s.r.o.  Profesia, AUTOVIA, ui42, Ringier Slovakia, KROS,  Pantheon Technologies, Avion Postproduction,    Faculty of Philosophy / Comenius University etc.        www.nethemba.com       
Any questions? Thank you for listening Ing. Pavol Lupták, CISSP CEH          www.nethemba.com       

Recommended

English Curriculum Csirt
English Curriculum CsirtEnglish Curriculum Csirt
English Curriculum Csirt
francisco_monserrat
 
VSEC Company Profile
VSEC Company ProfileVSEC Company Profile
VSEC Company Profile
Vietnamese Network Security J.S.C
 
Environmental wireless sensors networks
Environmental wireless sensors networksEnvironmental wireless sensors networks
Environmental wireless sensors networks
Achref Ben helel
 
Kerry Taylor - Semantics & sensors
Kerry Taylor - Semantics & sensorsKerry Taylor - Semantics & sensors
Kerry Taylor - Semantics & sensors
Web Directions
 
Environmental sensors
Environmental sensorsEnvironmental sensors
Environmental sensors
Optimus Energy Philippines
 
Research__Retailing Activities
Research__Retailing ActivitiesResearch__Retailing Activities
Research__Retailing Activities
Tung Duong Duc
 
Czech without aspect: Marrying functional schemas with functional representat...
Czech without aspect: Marrying functional schemas with functional representat...Czech without aspect: Marrying functional schemas with functional representat...
Czech without aspect: Marrying functional schemas with functional representat...
Dominik Lukes
 
Nov Anncts
Nov AnnctsNov Anncts
Nov Anncts
bonierin
 

Recommended

English Curriculum Csirt
English Curriculum CsirtEnglish Curriculum Csirt
English Curriculum Csirt
francisco_monserrat
 
VSEC Company Profile
VSEC Company ProfileVSEC Company Profile
VSEC Company Profile
Vietnamese Network Security J.S.C
 
Environmental wireless sensors networks
Environmental wireless sensors networksEnvironmental wireless sensors networks
Environmental wireless sensors networks
Achref Ben helel
 
Kerry Taylor - Semantics & sensors
Kerry Taylor - Semantics & sensorsKerry Taylor - Semantics & sensors
Kerry Taylor - Semantics & sensors
Web Directions
 
Environmental sensors
Environmental sensorsEnvironmental sensors
Environmental sensors
Optimus Energy Philippines
 
Research__Retailing Activities
Research__Retailing ActivitiesResearch__Retailing Activities
Research__Retailing Activities
Tung Duong Duc
 
Czech without aspect: Marrying functional schemas with functional representat...
Czech without aspect: Marrying functional schemas with functional representat...Czech without aspect: Marrying functional schemas with functional representat...
Czech without aspect: Marrying functional schemas with functional representat...
Dominik Lukes
 
Nov Anncts
Nov AnnctsNov Anncts
Nov Anncts
bonierin
 
Primera act.agua electricidad
Primera act.agua electricidadPrimera act.agua electricidad
Primera act.agua electricidad
andreaibeth29
 
2011 Jeep Grand Cherokee Detroit
2011 Jeep Grand Cherokee Detroit2011 Jeep Grand Cherokee Detroit
2011 Jeep Grand Cherokee Detroit
Dan
 
Innovacion y emprendimiento para la dinamizacion turistica del territorio
Innovacion y emprendimiento para la dinamizacion turistica del territorioInnovacion y emprendimiento para la dinamizacion turistica del territorio
Innovacion y emprendimiento para la dinamizacion turistica del territorio
Gersón Beltran
 
Context Analysis Facilitators
Context Analysis FacilitatorsContext Analysis Facilitators
Context Analysis Facilitators
TELECENTRE EUROPE
 
Tesis de grado 1
Tesis de grado 1Tesis de grado 1
Tesis de grado 1
Romelia Maria Rangel Rojo
 
Asiaric . the committes
Asiaric . the committesAsiaric . the committes
Asiaric . the committes
David De LawrenceZ
 
Lecture 12 a eco labels
Lecture 12 a eco labelsLecture 12 a eco labels
Lecture 12 a eco labels
Adane Nega
 
Near Field Communications (NFC) in China
Near Field Communications (NFC) in ChinaNear Field Communications (NFC) in China
Near Field Communications (NFC) in China
Exicon
 
La Huella de Irapuato
La Huella de Irapuato La Huella de Irapuato
La Huella de Irapuato
Constanza Gandarillas
 
Magazine Hét Ondernemersbelang Noord Holland Noord / West Friesland 4-2014
Magazine Hét Ondernemersbelang Noord Holland Noord / West Friesland 4-2014Magazine Hét Ondernemersbelang Noord Holland Noord / West Friesland 4-2014
Magazine Hét Ondernemersbelang Noord Holland Noord / West Friesland 4-2014
HetOndernemersBelang
 
ROI - Digital Marketing Case Study
ROI - Digital Marketing Case StudyROI - Digital Marketing Case Study
ROI - Digital Marketing Case Study
Evgeny Tsarkov
 
Breaking through silos - From multi to true crossplatform using the cloud
Breaking through silos - From multi to true crossplatform using the cloudBreaking through silos - From multi to true crossplatform using the cloud
Breaking through silos - From multi to true crossplatform using the cloud
Christof Wegmann
 
Agenda interna de productividad de antioquia 17 09
Agenda interna de productividad de antioquia 17 09Agenda interna de productividad de antioquia 17 09
Agenda interna de productividad de antioquia 17 09
Carlos Alberto Trujillo Vergara
 
Imágenes de mitología (II)
Imágenes de mitología (II)Imágenes de mitología (II)
Imágenes de mitología (II)
Juanjo Castro
 
Industrial Hardware Products | Ronstan Industrial
Industrial Hardware Products | Ronstan Industrial Industrial Hardware Products | Ronstan Industrial
Industrial Hardware Products | Ronstan Industrial
ronstanindustrial
 
Achieving Quality and Compliance Excellence in Pharmaceuticals
Achieving Quality and Compliance Excellence in PharmaceuticalsAchieving Quality and Compliance Excellence in Pharmaceuticals
Achieving Quality and Compliance Excellence in Pharmaceuticals
Alicia Tébar
 
Cisco Security Presentation
Cisco Security PresentationCisco Security Presentation
Cisco Security Presentation
Simplex
 
vtrip
vtripvtrip
vtrip
Dimitris Tsingos
 
David Patterson IT Security Resumes 2016
David Patterson IT Security Resumes 2016David Patterson IT Security Resumes 2016
David Patterson IT Security Resumes 2016
David Patterson
 
Open Security - Chad Cravens
Open Security - Chad CravensOpen Security - Chad Cravens
Open Security - Chad Cravens
IT-oLogy
 
SoftwareSecurity.ppt
SoftwareSecurity.pptSoftwareSecurity.ppt
SoftwareSecurity.ppt
ssuserfb92ae
 
Michael Zaytsev-resume-Verint-2013-v3
Michael Zaytsev-resume-Verint-2013-v3Michael Zaytsev-resume-Verint-2013-v3
Michael Zaytsev-resume-Verint-2013-v3
Michael Zaytsev
 

More Related Content

Viewers also liked

Primera act.agua electricidad
Primera act.agua electricidadPrimera act.agua electricidad
Primera act.agua electricidad
andreaibeth29
 
Lecture 12 a eco labels
Lecture 12 a eco labelsLecture 12 a eco labels
Lecture 12 a eco labels
Adane Nega
 
Breaking through silos - From multi to true crossplatform using the cloud
Breaking through silos - From multi to true crossplatform using the cloudBreaking through silos - From multi to true crossplatform using the cloud
Breaking through silos - From multi to true crossplatform using the cloud
Christof Wegmann
 

Viewers also liked (16)

Primera act.agua electricidad
Primera act.agua electricidadPrimera act.agua electricidad
Primera act.agua electricidad
 
2011 Jeep Grand Cherokee Detroit
2011 Jeep Grand Cherokee Detroit2011 Jeep Grand Cherokee Detroit
2011 Jeep Grand Cherokee Detroit
 
Innovacion y emprendimiento para la dinamizacion turistica del territorio
Innovacion y emprendimiento para la dinamizacion turistica del territorioInnovacion y emprendimiento para la dinamizacion turistica del territorio
Innovacion y emprendimiento para la dinamizacion turistica del territorio
 
Context Analysis Facilitators
Context Analysis FacilitatorsContext Analysis Facilitators
Context Analysis Facilitators
 
Tesis de grado 1
Tesis de grado 1Tesis de grado 1
Tesis de grado 1
 
Asiaric . the committes
Asiaric . the committesAsiaric . the committes
Asiaric . the committes
 
Lecture 12 a eco labels
Lecture 12 a eco labelsLecture 12 a eco labels
Lecture 12 a eco labels
 
Near Field Communications (NFC) in China
Near Field Communications (NFC) in ChinaNear Field Communications (NFC) in China
Near Field Communications (NFC) in China
 
La Huella de Irapuato
La Huella de Irapuato La Huella de Irapuato
La Huella de Irapuato
 
Magazine Hét Ondernemersbelang Noord Holland Noord / West Friesland 4-2014
Magazine Hét Ondernemersbelang Noord Holland Noord / West Friesland 4-2014Magazine Hét Ondernemersbelang Noord Holland Noord / West Friesland 4-2014
Magazine Hét Ondernemersbelang Noord Holland Noord / West Friesland 4-2014
 
ROI - Digital Marketing Case Study
ROI - Digital Marketing Case StudyROI - Digital Marketing Case Study
ROI - Digital Marketing Case Study
 
Breaking through silos - From multi to true crossplatform using the cloud
Breaking through silos - From multi to true crossplatform using the cloudBreaking through silos - From multi to true crossplatform using the cloud
Breaking through silos - From multi to true crossplatform using the cloud
 
Agenda interna de productividad de antioquia 17 09
Agenda interna de productividad de antioquia 17 09Agenda interna de productividad de antioquia 17 09
Agenda interna de productividad de antioquia 17 09
 
Imágenes de mitología (II)
Imágenes de mitología (II)Imágenes de mitología (II)
Imágenes de mitología (II)
 
Industrial Hardware Products | Ronstan Industrial
Industrial Hardware Products | Ronstan Industrial Industrial Hardware Products | Ronstan Industrial
Industrial Hardware Products | Ronstan Industrial
 
Achieving Quality and Compliance Excellence in Pharmaceuticals
Achieving Quality and Compliance Excellence in PharmaceuticalsAchieving Quality and Compliance Excellence in Pharmaceuticals
Achieving Quality and Compliance Excellence in Pharmaceuticals
 

Similar to Nethemba profil

David Patterson IT Security Resumes 2016
David Patterson IT Security Resumes 2016David Patterson IT Security Resumes 2016
David Patterson IT Security Resumes 2016
David Patterson
 
Michael Zaytsev-resume-Verint-2013-v3
Michael Zaytsev-resume-Verint-2013-v3Michael Zaytsev-resume-Verint-2013-v3
Michael Zaytsev-resume-Verint-2013-v3
Michael Zaytsev
 
CYBER SECURITY CAREER GUIDE CHEAT SHEET
CYBER SECURITY CAREER GUIDE CHEAT SHEETCYBER SECURITY CAREER GUIDE CHEAT SHEET
CYBER SECURITY CAREER GUIDE CHEAT SHEET
TravarsaPrivateLimit
 
Dhishant -Latest Resume
Dhishant -Latest ResumeDhishant -Latest Resume
Dhishant -Latest Resume
Dhishant Abrol
 
santoskumaarResume - updated
santoskumaarResume - updatedsantoskumaarResume - updated
santoskumaarResume - updated
Santos Kumaar.S
 
ADVANCED PENETRATION TESTING.pdf
ADVANCED PENETRATION TESTING.pdfADVANCED PENETRATION TESTING.pdf
ADVANCED PENETRATION TESTING.pdf
Cert Hippo
 

Similar to Nethemba profil (20)

Cisco Security Presentation
Cisco Security PresentationCisco Security Presentation
Cisco Security Presentation
 
vtrip
vtripvtrip
vtrip
 
David Patterson IT Security Resumes 2016
David Patterson IT Security Resumes 2016David Patterson IT Security Resumes 2016
David Patterson IT Security Resumes 2016
 
Open Security - Chad Cravens
Open Security - Chad CravensOpen Security - Chad Cravens
Open Security - Chad Cravens
 
SoftwareSecurity.ppt
SoftwareSecurity.pptSoftwareSecurity.ppt
SoftwareSecurity.ppt
 
Michael Zaytsev-resume-Verint-2013-v3
Michael Zaytsev-resume-Verint-2013-v3Michael Zaytsev-resume-Verint-2013-v3
Michael Zaytsev-resume-Verint-2013-v3
 
Network Security - Defense Through Layered Information Security
Network Security - Defense Through Layered Information SecurityNetwork Security - Defense Through Layered Information Security
Network Security - Defense Through Layered Information Security
 
OWASP an Introduction
OWASP an Introduction OWASP an Introduction
OWASP an Introduction
 
CYBER SECURITY CAREER GUIDE CHEAT SHEET
CYBER SECURITY CAREER GUIDE CHEAT SHEETCYBER SECURITY CAREER GUIDE CHEAT SHEET
CYBER SECURITY CAREER GUIDE CHEAT SHEET
 
Dhishant -Latest Resume
Dhishant -Latest ResumeDhishant -Latest Resume
Dhishant -Latest Resume
 
FPT IS
FPT ISFPT IS
FPT IS
 
Qualys Corporate Brochure
Qualys Corporate BrochureQualys Corporate Brochure
Qualys Corporate Brochure
 
Recent Cybersecurity Concerns and How to Protect SCADA/HMI Applications Prese...
Recent Cybersecurity Concerns and How to Protect SCADA/HMI Applications Prese...Recent Cybersecurity Concerns and How to Protect SCADA/HMI Applications Prese...
Recent Cybersecurity Concerns and How to Protect SCADA/HMI Applications Prese...
 
santoskumaarResume - updated
santoskumaarResume - updatedsantoskumaarResume - updated
santoskumaarResume - updated
 
Mohammad Tahir_CV
Mohammad Tahir_CVMohammad Tahir_CV
Mohammad Tahir_CV
 
Layer 7 Technologies: Web Services Hacking And Hardening
Layer 7 Technologies: Web Services Hacking And HardeningLayer 7 Technologies: Web Services Hacking And Hardening
Layer 7 Technologies: Web Services Hacking And Hardening
 
ADVANCED PENETRATION TESTING.pdf
ADVANCED PENETRATION TESTING.pdfADVANCED PENETRATION TESTING.pdf
ADVANCED PENETRATION TESTING.pdf
 
Light sec for service providers brochure
Light sec for service providers brochureLight sec for service providers brochure
Light sec for service providers brochure
 
RSA Europe 2013 OWASP Training
RSA Europe 2013 OWASP TrainingRSA Europe 2013 OWASP Training
RSA Europe 2013 OWASP Training
 
Corporate Security Issues and countering them using Unified Threat Management...
Corporate Security Issues and countering them using Unified Threat Management...Corporate Security Issues and countering them using Unified Threat Management...
Corporate Security Issues and countering them using Unified Threat Management...
 

More from OWASP (Open Web Application Security Project)

More from OWASP (Open Web Application Security Project) (16)

Paralelni polisweb
Paralelni poliswebParalelni polisweb
Paralelni polisweb
 
Nethemba - Writing exploits
Nethemba - Writing exploitsNethemba - Writing exploits
Nethemba - Writing exploits
 
Preco sa rozhodnut pre spolocnost Nethemba
Preco sa rozhodnut pre spolocnost NethembaPreco sa rozhodnut pre spolocnost Nethemba
Preco sa rozhodnut pre spolocnost Nethemba
 
Planning the OWASP Testing Guide v4
Planning the OWASP Testing Guide v4Planning the OWASP Testing Guide v4
Planning the OWASP Testing Guide v4
 
Bypassing Web Application Firewalls
Bypassing Web Application FirewallsBypassing Web Application Firewalls
Bypassing Web Application Firewalls
 
Nethemba metasploit
Nethemba metasploitNethemba metasploit
Nethemba metasploit
 
Sms ticket-hack4
Sms ticket-hack4Sms ticket-hack4
Sms ticket-hack4
 
Se linux course1
Se linux course1Se linux course1
Se linux course1
 
Real web-attack-scenario
Real web-attack-scenarioReal web-attack-scenario
Real web-attack-scenario
 
Practical web-attacks2
Practical web-attacks2Practical web-attacks2
Practical web-attacks2
 
Php sec
Php secPhp sec
Php sec
 
Nove trendy-zranitelnosti
Nove trendy-zranitelnostiNove trendy-zranitelnosti
Nove trendy-zranitelnosti
 
New web attacks-nethemba
New web attacks-nethembaNew web attacks-nethemba
New web attacks-nethemba
 
Nethemba profil
Nethemba profilNethemba profil
Nethemba profil
 
Mifare classic-slides
Mifare classic-slidesMifare classic-slides
Mifare classic-slides
 
1.nove trendy-zranitelnosti luptak
1.nove trendy-zranitelnosti luptak1.nove trendy-zranitelnosti luptak
1.nove trendy-zranitelnosti luptak
 

Recently uploaded

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Orbitshub
 
Cyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdfCyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdf
Overkill Security
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Victor Rentea
 

Recently uploaded (20)

DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUKSpring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with Milvus
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
 
Cyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdfCyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdf
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
 

Nethemba profil

  • 1. Why choose Nethemba s.r.o. (company introduction) Ing. Pavol Lupták, CISSP, CEH          www.nethemba.com             www.nethemba.com      
  • 2. Who we are?  a group of computer security experts from  Czech/Slovak republic with more than 10 years  of experience  holders of world renowned security  certifications – CISSP (Certified Information  System Security Professional), CEH (Certified  Ethical Hacker), SCSecA (Sun Certified  Security Administrator), LPIC­3 (Linux    Professional Institute Certification)        www.nethemba.com       
  • 3. Our core business  penetration tests  comprehensive web application security audits  design and implementation of ultra­secure and  high­availability systems  security training & courses  design and development of secure VoIP  solutions    highly skilled Unix/Linux outsourcing        www.nethemba.com       
  • 4. Penetration tests  a method of evaluating the security of a  computer system or network by simulating an  attack by a malicious hacker  involves an active analysis of the system for  any weaknesses, technical flaws or  vulnerabilities and exploitation  experiences with almost all OS, smartphones,  PDAs   OSSTMM methodology is used        www.nethemba.com       
  • 5. Penetration test approaches  Black box ­ a zero­knowledge attack ­ no  relevant information about the target  environment is provided, the most realistic  external penetration test  White box ­ a full­knowledge attack ­ all the  security information related to an environment  and infrastructure is considered  Grey box ­ a partial­knowledge attack          www.nethemba.com       
  • 6. Penetration test phases  Discovery ­ information about the target system is identified  and documented (WHOIS service, public search engines,  domain registrators, etc.)  Enumeration ­ using intrusive methods and techniques to gain  more information about the target system (port scanning,  fingerprinting)  Vulnerability mapping ­ mapping the findings from the  enumeration to known and potential vulnerabilities   Exploitation ­ attempting to gain access through vulnerabilities  identified in the vulnerability­mapping phase. The goal is to gain  user­level and privileged (administrator) access to the system    (custom exploit scripts or exploit frameworks are used)        www.nethemba.com       
  • 7. Comprehensive web application audits  the most comprehensive and deepest web  application audit on Czech/Slovak market  strictly follows the OWASP Testing Guide  practical hacking demonstration (writing exploit  codes, database dump, XSS/CSRF  demonstration etc)  one­day meeting with application's developers  comprehensive report in English/Czech/Slovak          www.nethemba.com       
  • 8. OWASP involvement  OWASP (Open Web Application Security  Project) – the biggest and most respected free  and open application security community  our employees are OWASP chapter leaders for  Czech and Slovak republic attending OWASP  security conferences / trainings  we are OWASP Testing Guide (the best web  application security testing guide) contributors          www.nethemba.com       
  • 9. Advanced security testing  comprehensive source code audit  wireless network testing  smartphone / PDAs testing  war dialing  social engineering          www.nethemba.com       
  • 10. Ultra secure OSes  experts in design and implementation of ultra  secure OS (NSA SELinux, TrustedBSD,  Trusted Solaris)  suitable solution for high­risk critical  environment (banks, insurance companies)  providing full support and outsourcing of these  systems          www.nethemba.com       
  • 11. Customized security solutions   LAMP security hardening  configuration and implementation of:  WAF (Web Application Firewalls)   IDS (Intrusion Detection System) and IPS  (Intrusion Prevention System)   Honeypot & Honeynet  we are vendor independent and unbiased !          www.nethemba.com       
  • 12. Load­balanced and high­ availability clusters  design and implementation of big multi­servers  redundant load­balancer and high availability  clusters  based on Linux or any Unix system  ideal solution for the most visited web portals,  database clusters or redundant mail servers  that require high availability and security          www.nethemba.com       
  • 13. Anti­DDoS hardening  suitable for customers that are threatened by  strong Distributed Denial Of Service attacks  (online casinos, banks, popular e­shops)  provide anti­DDoS server housing  design and implementation of geographical  clusters  own anti­DDoS plugin to HAProxy (load  balancer) development          www.nethemba.com       
  • 14. VoIP design and implementation  design and implementation of complex VoIP  call centers based on Asterisk and OpenSER  focused on VoIP security (secure encrypted  calls, secure authentication)  we are Asterisk contributors (responsible for  T38 fax gateway development)  ideal for companies that do not trust their PSTN  lines or mobile phones          www.nethemba.com       
  • 15. Security training & courses  we offer security training and courses in many  security areas including:  web application security  secure programming  wireless network security  ultra secure NSA SELinux  penetration tests & web application hacking          www.nethemba.com       
  • 16. Highly skilled Unix/Linux  outsourcing  highly skilled and certified administrators  support of all UNIX systems  permanent monitoring of availability, security  patches etc.  good SLA conditions, 24x7 web / email /  telephone support    still on the top of “bleeding­edge” technologies        www.nethemba.com       
  • 17. Security Research I  we have cracked the most used Czech and  Slovak Mifare Classic smartcards  we are the first ones in the world who have  implemented and publicly released our own  Mifare Classic Offline Cracker that can gain all  keys to all sectors from 1 billion smartcards(!!!)  in a few minutes  see https://www.nethemba.com/research          www.nethemba.com       
  • 18. Security research II  we have revealed a serious inherent  vulnerability in public transport SMS tickets  which is described in our paper “Public  transport SMS ticket hacking”  Public transport companies in Prague,  Bratislava, Vienna, Kosice, Usti nad Labem are  still vulnerable  we are open for any security research          www.nethemba.com       
  • 19. Presentations at security  conferences  our employees are frequent presenters on  many world­renowned security conferences  (Confidence, Hacking At Random, SASIB,  Network Security Congress, OpenWeekend,  Barcamp, CVTSS, ..)  do not miss our upcoming presentation about  “Mifare Classic Attacks in Practice” at  Confidence 2.0 in Warsaw          www.nethemba.com       
  • 20. References  T­Mobile Czech Republic a.s.  NBS (National Bank of Slovakia)   ICZ, a.s  ITEG, a.s.  IPEX a.s.  Limba s.r.o.  Profesia, AUTOVIA, ui42, Ringier Slovakia, KROS,  Pantheon Technologies, Avion Postproduction,    Faculty of Philosophy / Comenius University etc.        www.nethemba.com       
  • 21. Any questions? Thank you for listening Ing. Pavol Lupták, CISSP CEH          www.nethemba.com