SlideShare a Scribd company logo

gas_company_PT

Download as PPTX, PDF
Stanislav Breslavskyi
Stanislav Breslavskyi
1 of 31
TAKING-OVER THE PETROL STATION
Company Overview Global fuel company with chapters in more then 80 countries Filling stations all over the country Massive network infrastructure Public websites
Audit Scope Internal Penetration Testing and IT-security Assessment Social Engineering Attacks External Penetration Testing and IT-security Assessment
Areas assessed
Actions performed Network Security Testing Web Application Security Testing Social Engineering Attacks Malware Attacks Internal Network Infrastructure Analysis Incident Response Planning
Business risks discovered Personal Identifiable Information leakage through web- sites Third party resources configuration files leakage which may lead to malicious actions on filling stations Employees are prone to Social Engineering attacks
VULNERABILITIES DISCOVERED
EMPLOYEE SECURITY UNAWARENESS
Cybersquatting Victim’s domain is example.com Attacker registers example.nl Attacker send email with malicious link or malware Victim receives it but ignores the mistake Victim triggers the payload
Cybersquatting results – hooked browsers Hooked employee browsers
Cybersquatting results – malware executed Crafted malware files
NETWORK BREACHES
No anti-bruteforce mechanisms SSH accounts bruteforce
Numerous protocol and outdated services vulnerabilities
WEB APPLICATION VULNERABILITIES
SQL-Injections Dumped admin password hashes
Cross-Site Scripting
SOFTWARE AND OS MISCONFIGURATION
Outdated OS and software installed
Publicly available sensitive resources
COMPANY’S PARTNER SECURITY BREACHES
Primitive passwords to password-storage
Publicly available sensitive resources Public ftp with radmin keys
LESSONS LEARNED
EMPLOYEE SECURITY AWARENESS IS A MUST
DO NOT COMPLETELY RELY ON YOUR BUSINESS-PARTNER’S SECURITY
USE WELL-KNOWN TOOLS AND FRAMEWORKS FOR YOUR WEBSITE
KEEP YOUR NETWORK SIMPLE AND SCALABLE
KEEP YOUR SOFTWARE UP TO DATE
QUESTIONS?
NAZAR TYMOSHYK BOHDAN SEREDNYTSKYI YURII BILYK STANISLAV BRESLAVSKYI http://owasp-lviv.blogspot.com/

Recommended

Reducing Your Attack Surface and Yuor Role in Cloud Workload Protection
Reducing Your Attack Surface and Yuor Role in Cloud Workload ProtectionReducing Your Attack Surface and Yuor Role in Cloud Workload Protection
Reducing Your Attack Surface and Yuor Role in Cloud Workload ProtectionAlert Logic
 
Reducing Your Attack Surface & Your Role in Cloud Workload Protection
Reducing Your Attack Surface & Your Role in Cloud Workload ProtectionReducing Your Attack Surface & Your Role in Cloud Workload Protection
Reducing Your Attack Surface & Your Role in Cloud Workload ProtectionAlert Logic
 
Security Implications of the Cloud - CSS ATX 2017
Security Implications of the Cloud - CSS ATX 2017Security Implications of the Cloud - CSS ATX 2017
Security Implications of the Cloud - CSS ATX 2017Alert Logic
 
CSS Trivia
CSS TriviaCSS Trivia
CSS TriviaAlert Logic
 
Ransomware Threats to the Healthcare Industry
Ransomware Threats to the Healthcare IndustryRansomware Threats to the Healthcare Industry
Ransomware Threats to the Healthcare IndustryTim Gurganus
 
Security testing
Security testingSecurity testing
Security testingbaskar p
 
Critical thinking 2
Critical thinking 2Critical thinking 2
Critical thinking 2qnorman
 
Tripwire Adaptive Threat Protection
Tripwire Adaptive Threat ProtectionTripwire Adaptive Threat Protection
Tripwire Adaptive Threat ProtectionTripwire
 

Recommended

Reducing Your Attack Surface and Yuor Role in Cloud Workload Protection
Reducing Your Attack Surface and Yuor Role in Cloud Workload ProtectionReducing Your Attack Surface and Yuor Role in Cloud Workload Protection
Reducing Your Attack Surface and Yuor Role in Cloud Workload ProtectionAlert Logic
 
Reducing Your Attack Surface & Your Role in Cloud Workload Protection
Reducing Your Attack Surface & Your Role in Cloud Workload ProtectionReducing Your Attack Surface & Your Role in Cloud Workload Protection
Reducing Your Attack Surface & Your Role in Cloud Workload ProtectionAlert Logic
 
Security Implications of the Cloud - CSS ATX 2017
Security Implications of the Cloud - CSS ATX 2017Security Implications of the Cloud - CSS ATX 2017
Security Implications of the Cloud - CSS ATX 2017Alert Logic
 
CSS Trivia
CSS TriviaCSS Trivia
CSS TriviaAlert Logic
 
Ransomware Threats to the Healthcare Industry
Ransomware Threats to the Healthcare IndustryRansomware Threats to the Healthcare Industry
Ransomware Threats to the Healthcare IndustryTim Gurganus
 
Security testing
Security testingSecurity testing
Security testingbaskar p
 
Critical thinking 2
Critical thinking 2Critical thinking 2
Critical thinking 2qnorman
 
Tripwire Adaptive Threat Protection
Tripwire Adaptive Threat ProtectionTripwire Adaptive Threat Protection
Tripwire Adaptive Threat ProtectionTripwire
 
Protecting Windows Networks From Malware
Protecting Windows Networks From MalwareProtecting Windows Networks From Malware
Protecting Windows Networks From MalwareRishu Mehra
 
Ch08 Microsoft Operating System Vulnerabilities
Ch08 Microsoft Operating System VulnerabilitiesCh08 Microsoft Operating System Vulnerabilities
Ch08 Microsoft Operating System Vulnerabilitiesphanleson
 
Security-testing presentation
Security-testing presentationSecurity-testing presentation
Security-testing presentationEzhilan Elangovan (Eril)
 
Equifax & Apache Struts Vulnerability CVE-2017-5638
Equifax & Apache Struts Vulnerability CVE-2017-5638Equifax & Apache Struts Vulnerability CVE-2017-5638
Equifax & Apache Struts Vulnerability CVE-2017-5638Black Duck by Synopsys
 
Security Implications of the Cloud
Security Implications of the CloudSecurity Implications of the Cloud
Security Implications of the CloudAlert Logic
 
Security in Computing and IT
Security in Computing and ITSecurity in Computing and IT
Security in Computing and ITKomalah Nair
 
Next Dimension and Veeam | Solutions for PIPEDA Compliance
Next Dimension and Veeam | Solutions for PIPEDA ComplianceNext Dimension and Veeam | Solutions for PIPEDA Compliance
Next Dimension and Veeam | Solutions for PIPEDA ComplianceNext Dimension Inc.
 
IoT Threat Intel - Steppa
IoT Threat Intel - SteppaIoT Threat Intel - Steppa
IoT Threat Intel - SteppaSteppa Cyber Security
 
Security testing vikesh kumar
Security testing vikesh kumarSecurity testing vikesh kumar
Security testing vikesh kumarVikesh Kumar
 
Security Testing for Test Professionals
Security Testing for Test ProfessionalsSecurity Testing for Test Professionals
Security Testing for Test ProfessionalsTechWell
 
How Does a Data Breach Happen?
How Does a Data Breach Happen? How Does a Data Breach Happen?
How Does a Data Breach Happen? Claranet UK
 
Pen testing and how does it help strengthen cybersecurity
Pen testing and how does it help strengthen cybersecurityPen testing and how does it help strengthen cybersecurity
Pen testing and how does it help strengthen cybersecurityTestingXperts
 
OWASP: Building Secure Web Apps
OWASP: Building Secure Web AppsOWASP: Building Secure Web Apps
OWASP: Building Secure Web Appsmlogvinov
 
3rd Party Cyber Security: Manage your ecosystem!
3rd Party Cyber Security: Manage your ecosystem!3rd Party Cyber Security: Manage your ecosystem!
3rd Party Cyber Security: Manage your ecosystem!NormShield, Inc.
 
Gaining A Foothold
Gaining A FootholdGaining A Foothold
Gaining A FootholdClaranet UK
 
Software Security Testing
Software Security TestingSoftware Security Testing
Software Security Testingsrivinayak
 
ByteCode pentest report example
ByteCode pentest report exampleByteCode pentest report example
ByteCode pentest report exampleIhor Uzhvenko
 
2019resume
2019resume2019resume
2019resumeJeremiahLanier
 
Think Like a Hacker
Think Like a HackerThink Like a Hacker
Think Like a HackerNormShield, Inc.
 
2017 Cyber Risk Grades by Industry: Normshield Executive Presentation
2017 Cyber Risk Grades by Industry: Normshield Executive Presentation2017 Cyber Risk Grades by Industry: Normshield Executive Presentation
2017 Cyber Risk Grades by Industry: Normshield Executive PresentationNormShield, Inc.
 
Petrol station
Petrol stationPetrol station
Petrol stationAhmed Nabil
 
Dg Symbols Ppt
Dg Symbols PptDg Symbols Ppt
Dg Symbols Pptgeokting
 

More Related Content

What's hot

Protecting Windows Networks From Malware
Protecting Windows Networks From MalwareProtecting Windows Networks From Malware
Protecting Windows Networks From MalwareRishu Mehra
 
Ch08 Microsoft Operating System Vulnerabilities
Ch08 Microsoft Operating System VulnerabilitiesCh08 Microsoft Operating System Vulnerabilities
Ch08 Microsoft Operating System Vulnerabilitiesphanleson
 
Equifax & Apache Struts Vulnerability CVE-2017-5638
Equifax & Apache Struts Vulnerability CVE-2017-5638Equifax & Apache Struts Vulnerability CVE-2017-5638
Equifax & Apache Struts Vulnerability CVE-2017-5638Black Duck by Synopsys
 
Security Implications of the Cloud
Security Implications of the CloudSecurity Implications of the Cloud
Security Implications of the CloudAlert Logic
 
Security in Computing and IT
Security in Computing and ITSecurity in Computing and IT
Security in Computing and ITKomalah Nair
 
Next Dimension and Veeam | Solutions for PIPEDA Compliance
Next Dimension and Veeam | Solutions for PIPEDA ComplianceNext Dimension and Veeam | Solutions for PIPEDA Compliance
Next Dimension and Veeam | Solutions for PIPEDA ComplianceNext Dimension Inc.
 
Security testing vikesh kumar
Security testing vikesh kumarSecurity testing vikesh kumar
Security testing vikesh kumarVikesh Kumar
 
Security Testing for Test Professionals
Security Testing for Test ProfessionalsSecurity Testing for Test Professionals
Security Testing for Test ProfessionalsTechWell
 
How Does a Data Breach Happen?
How Does a Data Breach Happen? How Does a Data Breach Happen?
How Does a Data Breach Happen? Claranet UK
 
Pen testing and how does it help strengthen cybersecurity
Pen testing and how does it help strengthen cybersecurityPen testing and how does it help strengthen cybersecurity
Pen testing and how does it help strengthen cybersecurityTestingXperts
 
OWASP: Building Secure Web Apps
OWASP: Building Secure Web AppsOWASP: Building Secure Web Apps
OWASP: Building Secure Web Appsmlogvinov
 
3rd Party Cyber Security: Manage your ecosystem!
3rd Party Cyber Security: Manage your ecosystem!3rd Party Cyber Security: Manage your ecosystem!
3rd Party Cyber Security: Manage your ecosystem!NormShield, Inc.
 
Gaining A Foothold
Gaining A FootholdGaining A Foothold
Gaining A FootholdClaranet UK
 
Software Security Testing
Software Security TestingSoftware Security Testing
Software Security Testingsrivinayak
 
ByteCode pentest report example
ByteCode pentest report exampleByteCode pentest report example
ByteCode pentest report exampleIhor Uzhvenko
 
2017 Cyber Risk Grades by Industry: Normshield Executive Presentation
2017 Cyber Risk Grades by Industry: Normshield Executive Presentation2017 Cyber Risk Grades by Industry: Normshield Executive Presentation
2017 Cyber Risk Grades by Industry: Normshield Executive PresentationNormShield, Inc.
 

What's hot (20)

Protecting Windows Networks From Malware
Protecting Windows Networks From MalwareProtecting Windows Networks From Malware
Protecting Windows Networks From Malware
 
Ch08 Microsoft Operating System Vulnerabilities
Ch08 Microsoft Operating System VulnerabilitiesCh08 Microsoft Operating System Vulnerabilities
Ch08 Microsoft Operating System Vulnerabilities
 
Security-testing presentation
Security-testing presentationSecurity-testing presentation
Security-testing presentation
 
Equifax & Apache Struts Vulnerability CVE-2017-5638
Equifax & Apache Struts Vulnerability CVE-2017-5638Equifax & Apache Struts Vulnerability CVE-2017-5638
Equifax & Apache Struts Vulnerability CVE-2017-5638
 
Security Implications of the Cloud
Security Implications of the CloudSecurity Implications of the Cloud
Security Implications of the Cloud
 
Security in Computing and IT
Security in Computing and ITSecurity in Computing and IT
Security in Computing and IT
 
Next Dimension and Veeam | Solutions for PIPEDA Compliance
Next Dimension and Veeam | Solutions for PIPEDA ComplianceNext Dimension and Veeam | Solutions for PIPEDA Compliance
Next Dimension and Veeam | Solutions for PIPEDA Compliance
 
IoT Threat Intel - Steppa
IoT Threat Intel - SteppaIoT Threat Intel - Steppa
IoT Threat Intel - Steppa
 
Security testing vikesh kumar
Security testing vikesh kumarSecurity testing vikesh kumar
Security testing vikesh kumar
 
Security Testing for Test Professionals
Security Testing for Test ProfessionalsSecurity Testing for Test Professionals
Security Testing for Test Professionals
 
How Does a Data Breach Happen?
How Does a Data Breach Happen? How Does a Data Breach Happen?
How Does a Data Breach Happen?
 
Pen testing and how does it help strengthen cybersecurity
Pen testing and how does it help strengthen cybersecurityPen testing and how does it help strengthen cybersecurity
Pen testing and how does it help strengthen cybersecurity
 
OWASP: Building Secure Web Apps
OWASP: Building Secure Web AppsOWASP: Building Secure Web Apps
OWASP: Building Secure Web Apps
 
3rd Party Cyber Security: Manage your ecosystem!
3rd Party Cyber Security: Manage your ecosystem!3rd Party Cyber Security: Manage your ecosystem!
3rd Party Cyber Security: Manage your ecosystem!
 
Gaining A Foothold
Gaining A FootholdGaining A Foothold
Gaining A Foothold
 
Software Security Testing
Software Security TestingSoftware Security Testing
Software Security Testing
 
ByteCode pentest report example
ByteCode pentest report exampleByteCode pentest report example
ByteCode pentest report example
 
2019resume
2019resume2019resume
2019resume
 
Think Like a Hacker
Think Like a HackerThink Like a Hacker
Think Like a Hacker
 
2017 Cyber Risk Grades by Industry: Normshield Executive Presentation
2017 Cyber Risk Grades by Industry: Normshield Executive Presentation2017 Cyber Risk Grades by Industry: Normshield Executive Presentation
2017 Cyber Risk Grades by Industry: Normshield Executive Presentation
 

Viewers also liked

Dg Symbols Ppt
Dg Symbols PptDg Symbols Ppt
Dg Symbols Pptgeokting
 
Feasibility report
Feasibility reportFeasibility report
Feasibility reportali habib
 
Petrol station safety
Petrol station safetyPetrol station safety
Petrol station safetyZay Yar Tun
 
Dangerous Symbols
Dangerous SymbolsDangerous Symbols
Dangerous Symbolsjanetan
 
Petrol pump ppt
Petrol pump pptPetrol pump ppt
Petrol pump pptLilac Soft
 
Customer service training for mobil filling station attendants(1)
Customer service training for mobil filling station attendants(1)Customer service training for mobil filling station attendants(1)
Customer service training for mobil filling station attendants(1)Olatunji Olajide
 
Operations Management at Petrol retail outlet
Operations Management at Petrol retail outletOperations Management at Petrol retail outlet
Operations Management at Petrol retail outletDarshit Paun
 

Viewers also liked (9)

Petrol station
Petrol stationPetrol station
Petrol station
 
Dg Symbols Ppt
Dg Symbols PptDg Symbols Ppt
Dg Symbols Ppt
 
Feasibility report
Feasibility reportFeasibility report
Feasibility report
 
Petrol station safety
Petrol station safetyPetrol station safety
Petrol station safety
 
Dangerous Symbols
Dangerous SymbolsDangerous Symbols
Dangerous Symbols
 
Retail Petroleum
Retail PetroleumRetail Petroleum
Retail Petroleum
 
Petrol pump ppt
Petrol pump pptPetrol pump ppt
Petrol pump ppt
 
Customer service training for mobil filling station attendants(1)
Customer service training for mobil filling station attendants(1)Customer service training for mobil filling station attendants(1)
Customer service training for mobil filling station attendants(1)
 
Operations Management at Petrol retail outlet
Operations Management at Petrol retail outletOperations Management at Petrol retail outlet
Operations Management at Petrol retail outlet
 

Similar to gas_company_PT

Discovering the Value of Verifying Web Application Security Using IBM Rationa...
Discovering the Value of Verifying Web Application Security Using IBM Rationa...Discovering the Value of Verifying Web Application Security Using IBM Rationa...
Discovering the Value of Verifying Web Application Security Using IBM Rationa...Alan Kan
 
Are you fighting_new_threats_with_old_weapons
Are you fighting_new_threats_with_old_weaponsAre you fighting_new_threats_with_old_weapons
Are you fighting_new_threats_with_old_weaponsBhargav Modi
 
Why You Need A Web Application Firewall
Why You Need A Web Application FirewallWhy You Need A Web Application Firewall
Why You Need A Web Application FirewallPort80 Software
 
Module 11 (hacking web servers)
Module 11 (hacking web servers)Module 11 (hacking web servers)
Module 11 (hacking web servers)Wail Hassan
 
Web and Mobile Application Security
Web and Mobile Application SecurityWeb and Mobile Application Security
Web and Mobile Application SecurityPrateek Jain
 
Get Ready for Web Application Security Testing
Get Ready for Web Application Security TestingGet Ready for Web Application Security Testing
Get Ready for Web Application Security TestingAlan Kan
 
Web Application Security
Web Application SecurityWeb Application Security
Web Application SecurityColin English
 
Based on the below and using the 12 categories of threats identify 3 .pdf
Based on the below and using the 12 categories of threats identify 3 .pdfBased on the below and using the 12 categories of threats identify 3 .pdf
Based on the below and using the 12 categories of threats identify 3 .pdfarri2009av
 
Mitigating Malware Presentation Jkd 11 10 08 Aitp
Mitigating Malware Presentation Jkd 11 10 08 AitpMitigating Malware Presentation Jkd 11 10 08 Aitp
Mitigating Malware Presentation Jkd 11 10 08 AitpJoann Davis
 
Avoiding Application Attacks: A Guide to Preventing the OWASP Top 10 from Hap...
Avoiding Application Attacks: A Guide to Preventing the OWASP Top 10 from Hap...Avoiding Application Attacks: A Guide to Preventing the OWASP Top 10 from Hap...
Avoiding Application Attacks: A Guide to Preventing the OWASP Top 10 from Hap...IBM Security
 
Bank One App Sec Training
Bank One App Sec TrainingBank One App Sec Training
Bank One App Sec TrainingMike Spaulding
 
Security in the cloud protecting your cloud apps
Security in the cloud protecting your cloud appsSecurity in the cloud protecting your cloud apps
Security in the cloud protecting your cloud appsCenzic
 
Website integrity
Website integrityWebsite integrity
Website integrityjeannie_wu
 
Why Penetration Testing Services Cyber51
Why Penetration Testing Services Cyber51Why Penetration Testing Services Cyber51
Why Penetration Testing Services Cyber51martinvoelk
 
Web Application Security
Web Application SecurityWeb Application Security
Web Application SecurityAbdul Wahid
 
Application Security Review 5 Dec 09 Final
Application Security Review 5 Dec 09 FinalApplication Security Review 5 Dec 09 Final
Application Security Review 5 Dec 09 FinalManoj Agarwal
 
IRJET - Web Vulnerability Scanner
IRJET - Web Vulnerability ScannerIRJET - Web Vulnerability Scanner
IRJET - Web Vulnerability ScannerIRJET Journal
 
How Can I Reduce The Risk Of A Cyber-Attack?
How Can I Reduce The Risk Of A Cyber-Attack?How Can I Reduce The Risk Of A Cyber-Attack?
How Can I Reduce The Risk Of A Cyber-Attack?Osei Fortune
 
Hackers versus Developers and Secure Web Programming
Hackers versus Developers and Secure Web ProgrammingHackers versus Developers and Secure Web Programming
Hackers versus Developers and Secure Web ProgrammingAkash Mahajan
 

Similar to gas_company_PT (20)

Discovering the Value of Verifying Web Application Security Using IBM Rationa...
Discovering the Value of Verifying Web Application Security Using IBM Rationa...Discovering the Value of Verifying Web Application Security Using IBM Rationa...
Discovering the Value of Verifying Web Application Security Using IBM Rationa...
 
Are you fighting_new_threats_with_old_weapons
Are you fighting_new_threats_with_old_weaponsAre you fighting_new_threats_with_old_weapons
Are you fighting_new_threats_with_old_weapons
 
Why You Need A Web Application Firewall
Why You Need A Web Application FirewallWhy You Need A Web Application Firewall
Why You Need A Web Application Firewall
 
Module 11 (hacking web servers)
Module 11 (hacking web servers)Module 11 (hacking web servers)
Module 11 (hacking web servers)
 
Web and Mobile Application Security
Web and Mobile Application SecurityWeb and Mobile Application Security
Web and Mobile Application Security
 
Get Ready for Web Application Security Testing
Get Ready for Web Application Security TestingGet Ready for Web Application Security Testing
Get Ready for Web Application Security Testing
 
Web Application Security
Web Application SecurityWeb Application Security
Web Application Security
 
Based on the below and using the 12 categories of threats identify 3 .pdf
Based on the below and using the 12 categories of threats identify 3 .pdfBased on the below and using the 12 categories of threats identify 3 .pdf
Based on the below and using the 12 categories of threats identify 3 .pdf
 
Mitigating Malware Presentation Jkd 11 10 08 Aitp
Mitigating Malware Presentation Jkd 11 10 08 AitpMitigating Malware Presentation Jkd 11 10 08 Aitp
Mitigating Malware Presentation Jkd 11 10 08 Aitp
 
Avoiding Application Attacks: A Guide to Preventing the OWASP Top 10 from Hap...
Avoiding Application Attacks: A Guide to Preventing the OWASP Top 10 from Hap...Avoiding Application Attacks: A Guide to Preventing the OWASP Top 10 from Hap...
Avoiding Application Attacks: A Guide to Preventing the OWASP Top 10 from Hap...
 
Bank One App Sec Training
Bank One App Sec TrainingBank One App Sec Training
Bank One App Sec Training
 
Security in the cloud protecting your cloud apps
Security in the cloud protecting your cloud appsSecurity in the cloud protecting your cloud apps
Security in the cloud protecting your cloud apps
 
SOC-as-a-Service - comSpark 2019
SOC-as-a-Service - comSpark 2019SOC-as-a-Service - comSpark 2019
SOC-as-a-Service - comSpark 2019
 
Website integrity
Website integrityWebsite integrity
Website integrity
 
Why Penetration Testing Services Cyber51
Why Penetration Testing Services Cyber51Why Penetration Testing Services Cyber51
Why Penetration Testing Services Cyber51
 
Web Application Security
Web Application SecurityWeb Application Security
Web Application Security
 
Application Security Review 5 Dec 09 Final
Application Security Review 5 Dec 09 FinalApplication Security Review 5 Dec 09 Final
Application Security Review 5 Dec 09 Final
 
IRJET - Web Vulnerability Scanner
IRJET - Web Vulnerability ScannerIRJET - Web Vulnerability Scanner
IRJET - Web Vulnerability Scanner
 
How Can I Reduce The Risk Of A Cyber-Attack?
How Can I Reduce The Risk Of A Cyber-Attack?How Can I Reduce The Risk Of A Cyber-Attack?
How Can I Reduce The Risk Of A Cyber-Attack?
 
Hackers versus Developers and Secure Web Programming
Hackers versus Developers and Secure Web ProgrammingHackers versus Developers and Secure Web Programming
Hackers versus Developers and Secure Web Programming
 

gas_company_PT