SlideShare a Scribd company logo

Information Security Awareness

Download as PPT, PDF
Shritam Bhowmick
Shritam Bhowmick

The excerpts are from late 2016's post my dropout from 4 years of Engineering college & this was the final semester actual project slides .. It got me in with A+. .. and few showed up for the last day of what profession I was already into before I graduated. Funny!

Internet
1 of 18
INFORMATION SECURITY 1
About ■ Shritam Bhowmick  Application Security/ Red Team Lead @Defencely – 2016  Information Security Sciences Trainer @CTG Security Solutions – 2014  Penetration Tester & Associate Consultant R&D @Lucideus Tech - 2012 ■ Primary Focus  Application Security  R&D @Information Security Sciences – refer: http://pwntoken.github.io/  Security Operations Center & Active Threat Intelligence (SOC)  Accessing & Auditing Security Threats for Organizations & “others” 2
AGENDA ■ Information Security - Explaination ■ Domains of Information Security - Explaination ■ Demonstration of Hacks ■ Information Security Advisory ■ Conclusion & Questionnaire 3
Why Information Security!? 4
What Information Security!? 5 ■ Science of post-exploitation & maintaining access privileges ■ Science of reporting advisories to governments & corporate clients into contract security engagements ■ Science of public disclosures ■ Science of enumeration of active services, hosts, networks & applications ■ Science of information gathering regarding the active hosts, services, networks & applications ■ Science of research to manually figure vulnerabilities & proceed to exploitation phase
How Domains of Information Security Application Security ■Web Application Security ■Web Business Logic Security ■Web Database Security ■JavaScript Security 6 Network Security ■Internal Network Security ■External Network Security ■VOIP Network Security ■Wireless Network Security Infrastructure Security ■Network Security Architectural Review ■Application Security Architectural Review ■Network Configuration Security Audits ■Infrastructure Security Compliances & Audits e.g. PCI-DSS, ISO 27001, NIST, OWASP, WASCAlert! Boring part!
Domains of Information Security Application Security ■Perform security application security assessments ■Perform validation, authentication, authorization security checks ■Perform Application Security checks against RFI, LFI, SQL Injections & other complicated security test cases ■Perform Business Logic flow security checks such as parameter tampering, session handling & management security checks 7 Network Security ■Perform network security assessments ■Perform network security services assessment checks ■Perform network security internal + external perimeter checks & assessments which are exploitable ■Perform Wireless Security protocols security check such as weak protocols supported, etc. Infrastructure Security ■Perform security audits & reviews – these are not assessments but reviews ■Perform network architectural security checks ■Perform application architectural security checks ■Perform compliance security checks for top e-commerce & govt. sectors & baking industries THREAT REPORTING BENCHMARK
8 THREAT REPORTING BENCHMARK SAMPLE CLIENTS HATE THIS PART!!
Demonstration of Hacks 9
Demonstration of Hacks 10
Demonstration of Hacks 11
Demonstration of Hacks 12
Getting Hacks Ethically Resolved!? - contracts, engagements, corporate agreements, patches 13
Demonstration of Hacks 14 Refer: https://www.facebook.com/whitehat/thanks/
Information Security Advisory Public Disclosure Non-Disclosure Agreement 15
16 CURRENTLY SERVING
Blogs .. Connect. Leverage. 17 ■ Blog @ http://pwntoken.github.io/ ■ LinkedIn: /in/shritambhowmick
Thank You! 18 Questions!?

Recommended

Lesson 2 Cryptography tools
Lesson 2 Cryptography toolsLesson 2 Cryptography tools
Lesson 2 Cryptography toolsMLG College of Learning, Inc
 
Jupiter physical security ppt 2016 1
Jupiter physical security ppt 2016 1Jupiter physical security ppt 2016 1
Jupiter physical security ppt 2016 1Maxpromotion
 
Lesson 1
Lesson 1Lesson 1
Lesson 1MLG College of Learning, Inc
 
Information Assurance And Security - Chapter 1 - Lesson 1
Information Assurance And Security - Chapter 1 - Lesson 1Information Assurance And Security - Chapter 1 - Lesson 1
Information Assurance And Security - Chapter 1 - Lesson 1MLG College of Learning, Inc
 
Lesson 4
Lesson 4Lesson 4
Lesson 4MLG College of Learning, Inc
 
Chapter 1
Chapter 1Chapter 1
Chapter 1Hadi Aoun
 
Lesson 2 - IDPS
Lesson 2 - IDPSLesson 2 - IDPS
Lesson 2 - IDPSMLG College of Learning, Inc
 
Security Analysis Findings and Recommendations for the Department of Veterans...
Security Analysis Findings and Recommendations for the Department of Veterans...Security Analysis Findings and Recommendations for the Department of Veterans...
Security Analysis Findings and Recommendations for the Department of Veterans...David Bustin
 

Recommended

Lesson 2 Cryptography tools
Lesson 2 Cryptography toolsLesson 2 Cryptography tools
Lesson 2 Cryptography toolsMLG College of Learning, Inc
 
Jupiter physical security ppt 2016 1
Jupiter physical security ppt 2016 1Jupiter physical security ppt 2016 1
Jupiter physical security ppt 2016 1Maxpromotion
 
Lesson 1
Lesson 1Lesson 1
Lesson 1MLG College of Learning, Inc
 
Information Assurance And Security - Chapter 1 - Lesson 1
Information Assurance And Security - Chapter 1 - Lesson 1Information Assurance And Security - Chapter 1 - Lesson 1
Information Assurance And Security - Chapter 1 - Lesson 1MLG College of Learning, Inc
 
Lesson 4
Lesson 4Lesson 4
Lesson 4MLG College of Learning, Inc
 
Chapter 1
Chapter 1Chapter 1
Chapter 1Hadi Aoun
 
Lesson 2 - IDPS
Lesson 2 - IDPSLesson 2 - IDPS
Lesson 2 - IDPSMLG College of Learning, Inc
 
Security Analysis Findings and Recommendations for the Department of Veterans...
Security Analysis Findings and Recommendations for the Department of Veterans...Security Analysis Findings and Recommendations for the Department of Veterans...
Security Analysis Findings and Recommendations for the Department of Veterans...David Bustin
 
Lesson 1
Lesson 1Lesson 1
Lesson 1MLG College of Learning, Inc
 
IIoT Endpoint Security – The Model in Practice
IIoT Endpoint Security – The Model in PracticeIIoT Endpoint Security – The Model in Practice
IIoT Endpoint Security – The Model in Practiceteam-WIBU
 
Lesson 1- Intrusion Detection
Lesson 1- Intrusion DetectionLesson 1- Intrusion Detection
Lesson 1- Intrusion DetectionMLG College of Learning, Inc
 
Information Assurance And Security - Chapter 1 - Lesson 2
Information Assurance And Security - Chapter 1 - Lesson 2Information Assurance And Security - Chapter 1 - Lesson 2
Information Assurance And Security - Chapter 1 - Lesson 2MLG College of Learning, Inc
 
Lesson 1- Risk Managment
Lesson 1- Risk ManagmentLesson 1- Risk Managment
Lesson 1- Risk ManagmentMLG College of Learning, Inc
 
IoT Security
IoT SecurityIoT Security
IoT SecurityNarudom Roongsiriwong, CISSP
 
Chapter 2 phisycal security threat
Chapter 2 phisycal security threatChapter 2 phisycal security threat
Chapter 2 phisycal security threatSyaiful Ahdan
 
CNIT 140: Perimeter Security
CNIT 140: Perimeter SecurityCNIT 140: Perimeter Security
CNIT 140: Perimeter SecuritySam Bowne
 
Intro to Security
Intro to SecurityIntro to Security
Intro to Securityprimeteacher32
 
Security Aspects in IoT - A Review
Security Aspects in IoT - A Review Security Aspects in IoT - A Review
Security Aspects in IoT - A Review Asiri Hewage
 
Security Fundamentals and Threat Modelling
Security Fundamentals and Threat ModellingSecurity Fundamentals and Threat Modelling
Security Fundamentals and Threat ModellingKnoldus Inc.
 
Cybersecurity Risks In the Mobile Environment
Cybersecurity Risks In the Mobile EnvironmentCybersecurity Risks In the Mobile Environment
Cybersecurity Risks In the Mobile EnvironmentHamilton Turner
 
Lesson 2
Lesson 2Lesson 2
Lesson 2MLG College of Learning, Inc
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information securityDhani Ahmad
 
Lessson 2 - Application Layer
Lessson 2 - Application LayerLessson 2 - Application Layer
Lessson 2 - Application LayerMLG College of Learning, Inc
 
Compliance a career view
Compliance a career viewCompliance a career view
Compliance a career viewn|u - The Open Security Community
 
Advanced Persistent Threats (APTs) - Information Security Management
Advanced Persistent Threats (APTs) - Information Security ManagementAdvanced Persistent Threats (APTs) - Information Security Management
Advanced Persistent Threats (APTs) - Information Security ManagementMayur Nanotkar
 
IoT/M2M Security
IoT/M2M SecurityIoT/M2M Security
IoT/M2M SecurityYu-Hsin Hung
 
Lesson 3- Effectiveness of IDPS
Lesson 3- Effectiveness of IDPSLesson 3- Effectiveness of IDPS
Lesson 3- Effectiveness of IDPSMLG College of Learning, Inc
 
IoT Device Hacking and New Direction of IoT Security Evaluation Using Common ...
IoT Device Hacking and New Direction of IoT Security Evaluation Using Common ...IoT Device Hacking and New Direction of IoT Security Evaluation Using Common ...
IoT Device Hacking and New Direction of IoT Security Evaluation Using Common ...Seungjoo Kim
 
Information Security Audit Consultant
Information Security Audit ConsultantInformation Security Audit Consultant
Information Security Audit Consultantdcs HH
 
Starting your Career in Information Security
Starting your Career in Information SecurityStarting your Career in Information Security
Starting your Career in Information SecurityAhmed Sayed-
 

More Related Content

What's hot

IIoT Endpoint Security – The Model in Practice
IIoT Endpoint Security – The Model in PracticeIIoT Endpoint Security – The Model in Practice
IIoT Endpoint Security – The Model in Practiceteam-WIBU
 
Information Assurance And Security - Chapter 1 - Lesson 2
Information Assurance And Security - Chapter 1 - Lesson 2Information Assurance And Security - Chapter 1 - Lesson 2
Information Assurance And Security - Chapter 1 - Lesson 2MLG College of Learning, Inc
 
Chapter 2 phisycal security threat
Chapter 2 phisycal security threatChapter 2 phisycal security threat
Chapter 2 phisycal security threatSyaiful Ahdan
 
CNIT 140: Perimeter Security
CNIT 140: Perimeter SecurityCNIT 140: Perimeter Security
CNIT 140: Perimeter SecuritySam Bowne
 
Security Aspects in IoT - A Review
Security Aspects in IoT - A Review Security Aspects in IoT - A Review
Security Aspects in IoT - A Review Asiri Hewage
 
Security Fundamentals and Threat Modelling
Security Fundamentals and Threat ModellingSecurity Fundamentals and Threat Modelling
Security Fundamentals and Threat ModellingKnoldus Inc.
 
Cybersecurity Risks In the Mobile Environment
Cybersecurity Risks In the Mobile EnvironmentCybersecurity Risks In the Mobile Environment
Cybersecurity Risks In the Mobile EnvironmentHamilton Turner
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information securityDhani Ahmad
 
Advanced Persistent Threats (APTs) - Information Security Management
Advanced Persistent Threats (APTs) - Information Security ManagementAdvanced Persistent Threats (APTs) - Information Security Management
Advanced Persistent Threats (APTs) - Information Security ManagementMayur Nanotkar
 
IoT Device Hacking and New Direction of IoT Security Evaluation Using Common ...
IoT Device Hacking and New Direction of IoT Security Evaluation Using Common ...IoT Device Hacking and New Direction of IoT Security Evaluation Using Common ...
IoT Device Hacking and New Direction of IoT Security Evaluation Using Common ...Seungjoo Kim
 

What's hot (20)

Lesson 1
Lesson 1Lesson 1
Lesson 1
 
IIoT Endpoint Security – The Model in Practice
IIoT Endpoint Security – The Model in PracticeIIoT Endpoint Security – The Model in Practice
IIoT Endpoint Security – The Model in Practice
 
Lesson 1- Intrusion Detection
Lesson 1- Intrusion DetectionLesson 1- Intrusion Detection
Lesson 1- Intrusion Detection
 
Information Assurance And Security - Chapter 1 - Lesson 2
Information Assurance And Security - Chapter 1 - Lesson 2Information Assurance And Security - Chapter 1 - Lesson 2
Information Assurance And Security - Chapter 1 - Lesson 2
 
Lesson 1- Risk Managment
Lesson 1- Risk ManagmentLesson 1- Risk Managment
Lesson 1- Risk Managment
 
IoT Security
IoT SecurityIoT Security
IoT Security
 
Chapter 2 phisycal security threat
Chapter 2 phisycal security threatChapter 2 phisycal security threat
Chapter 2 phisycal security threat
 
CNIT 140: Perimeter Security
CNIT 140: Perimeter SecurityCNIT 140: Perimeter Security
CNIT 140: Perimeter Security
 
Intro to Security
Intro to SecurityIntro to Security
Intro to Security
 
Security Aspects in IoT - A Review
Security Aspects in IoT - A Review Security Aspects in IoT - A Review
Security Aspects in IoT - A Review
 
Security Fundamentals and Threat Modelling
Security Fundamentals and Threat ModellingSecurity Fundamentals and Threat Modelling
Security Fundamentals and Threat Modelling
 
Cybersecurity Risks In the Mobile Environment
Cybersecurity Risks In the Mobile EnvironmentCybersecurity Risks In the Mobile Environment
Cybersecurity Risks In the Mobile Environment
 
Lesson 2
Lesson 2Lesson 2
Lesson 2
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information security
 
Lessson 2 - Application Layer
Lessson 2 - Application LayerLessson 2 - Application Layer
Lessson 2 - Application Layer
 
Compliance a career view
Compliance a career viewCompliance a career view
Compliance a career view
 
Advanced Persistent Threats (APTs) - Information Security Management
Advanced Persistent Threats (APTs) - Information Security ManagementAdvanced Persistent Threats (APTs) - Information Security Management
Advanced Persistent Threats (APTs) - Information Security Management
 
IoT/M2M Security
IoT/M2M SecurityIoT/M2M Security
IoT/M2M Security
 
Lesson 3- Effectiveness of IDPS
Lesson 3- Effectiveness of IDPSLesson 3- Effectiveness of IDPS
Lesson 3- Effectiveness of IDPS
 
IoT Device Hacking and New Direction of IoT Security Evaluation Using Common ...
IoT Device Hacking and New Direction of IoT Security Evaluation Using Common ...IoT Device Hacking and New Direction of IoT Security Evaluation Using Common ...
IoT Device Hacking and New Direction of IoT Security Evaluation Using Common ...
 

Similar to Information Security Awareness

Information Security Audit Consultant
Information Security Audit ConsultantInformation Security Audit Consultant
Information Security Audit Consultantdcs HH
 
Starting your Career in Information Security
Starting your Career in Information SecurityStarting your Career in Information Security
Starting your Career in Information SecurityAhmed Sayed-
 
[Webinar] Why Security Certification is Crucial for IoT Success
[Webinar] Why Security Certification is Crucial for IoT Success[Webinar] Why Security Certification is Crucial for IoT Success
[Webinar] Why Security Certification is Crucial for IoT SuccessElectric Imp
 
PhD-Guidance-in-Security
PhD-Guidance-in-SecurityPhD-Guidance-in-Security
PhD-Guidance-in-SecurityPhdtopiccom
 
Dealing with Web Application Security, Regulation Style
Dealing with Web Application Security, Regulation StyleDealing with Web Application Security, Regulation Style
Dealing with Web Application Security, Regulation StyleRochester Security Summit
 
Advanced IT and Cyber Security for Your Business
Advanced IT and Cyber Security for Your BusinessAdvanced IT and Cyber Security for Your Business
Advanced IT and Cyber Security for Your BusinessInfopulse
 
Securing the Digital Frontier - An Analysis of Cybersecurity Landscape and Tr...
Securing the Digital Frontier - An Analysis of Cybersecurity Landscape and Tr...Securing the Digital Frontier - An Analysis of Cybersecurity Landscape and Tr...
Securing the Digital Frontier - An Analysis of Cybersecurity Landscape and Tr...Draup3
 
IBM Relay 2015: Securing the Future
IBM Relay 2015: Securing the Future IBM Relay 2015: Securing the Future
IBM Relay 2015: Securing the Future IBM
 
Boosting IoT Protection: An Enterprise Risk Imperative
Boosting IoT Protection: An Enterprise Risk ImperativeBoosting IoT Protection: An Enterprise Risk Imperative
Boosting IoT Protection: An Enterprise Risk ImperativeNational Retail Federation
 
[CLASS 2014] Palestra Técnica - Oliver Narr
[CLASS 2014] Palestra Técnica - Oliver Narr[CLASS 2014] Palestra Técnica - Oliver Narr
[CLASS 2014] Palestra Técnica - Oliver NarrTI Safe
 
Security Incident machnism Security Incident machnismSecurity Incident machni...
Security Incident machnism Security Incident machnismSecurity Incident machni...Security Incident machnism Security Incident machnismSecurity Incident machni...
Security Incident machnism Security Incident machnismSecurity Incident machni...karthikvcyber
 
PPT-Splunk-LegacySIEM-101_FINAL
PPT-Splunk-LegacySIEM-101_FINALPPT-Splunk-LegacySIEM-101_FINAL
PPT-Splunk-LegacySIEM-101_FINALRisi Avila
 
Cyber security event
Cyber security eventCyber security event
Cyber security eventTryzens
 
Enterprise under attack dealing with security threats and compliance
Enterprise under attack dealing with security threats and complianceEnterprise under attack dealing with security threats and compliance
Enterprise under attack dealing with security threats and complianceSPAN Infotech (India) Pvt Ltd
 
Resume-APOORVA KABRA
Resume-APOORVA KABRAResume-APOORVA KABRA
Resume-APOORVA KABRAApoorva Kabra
 
Application Security Done Right
Application Security Done RightApplication Security Done Right
Application Security Done Rightpvanwoud
 
iotsecurity-171108154118.pdf
iotsecurity-171108154118.pdfiotsecurity-171108154118.pdf
iotsecurity-171108154118.pdfKerimBozkanli
 
Virtual Meetup - API Security Best Practices
Virtual Meetup - API Security Best PracticesVirtual Meetup - API Security Best Practices
Virtual Meetup - API Security Best PracticesJimmy Attia
 

Similar to Information Security Awareness (20)

Information Security Audit Consultant
Information Security Audit ConsultantInformation Security Audit Consultant
Information Security Audit Consultant
 
Starting your Career in Information Security
Starting your Career in Information SecurityStarting your Career in Information Security
Starting your Career in Information Security
 
IIoT Endpoint Security
IIoT Endpoint Security IIoT Endpoint Security
IIoT Endpoint Security
 
[Webinar] Why Security Certification is Crucial for IoT Success
[Webinar] Why Security Certification is Crucial for IoT Success[Webinar] Why Security Certification is Crucial for IoT Success
[Webinar] Why Security Certification is Crucial for IoT Success
 
PhD-Guidance-in-Security
PhD-Guidance-in-SecurityPhD-Guidance-in-Security
PhD-Guidance-in-Security
 
Dealing with Web Application Security, Regulation Style
Dealing with Web Application Security, Regulation StyleDealing with Web Application Security, Regulation Style
Dealing with Web Application Security, Regulation Style
 
Advanced IT and Cyber Security for Your Business
Advanced IT and Cyber Security for Your BusinessAdvanced IT and Cyber Security for Your Business
Advanced IT and Cyber Security for Your Business
 
Securing the Digital Frontier - An Analysis of Cybersecurity Landscape and Tr...
Securing the Digital Frontier - An Analysis of Cybersecurity Landscape and Tr...Securing the Digital Frontier - An Analysis of Cybersecurity Landscape and Tr...
Securing the Digital Frontier - An Analysis of Cybersecurity Landscape and Tr...
 
IBM Relay 2015: Securing the Future
IBM Relay 2015: Securing the Future IBM Relay 2015: Securing the Future
IBM Relay 2015: Securing the Future
 
Boosting IoT Protection: An Enterprise Risk Imperative
Boosting IoT Protection: An Enterprise Risk ImperativeBoosting IoT Protection: An Enterprise Risk Imperative
Boosting IoT Protection: An Enterprise Risk Imperative
 
Secure Design: Threat Modeling
Secure Design: Threat ModelingSecure Design: Threat Modeling
Secure Design: Threat Modeling
 
[CLASS 2014] Palestra Técnica - Oliver Narr
[CLASS 2014] Palestra Técnica - Oliver Narr[CLASS 2014] Palestra Técnica - Oliver Narr
[CLASS 2014] Palestra Técnica - Oliver Narr
 
Security Incident machnism Security Incident machnismSecurity Incident machni...
Security Incident machnism Security Incident machnismSecurity Incident machni...Security Incident machnism Security Incident machnismSecurity Incident machni...
Security Incident machnism Security Incident machnismSecurity Incident machni...
 
PPT-Splunk-LegacySIEM-101_FINAL
PPT-Splunk-LegacySIEM-101_FINALPPT-Splunk-LegacySIEM-101_FINAL
PPT-Splunk-LegacySIEM-101_FINAL
 
Cyber security event
Cyber security eventCyber security event
Cyber security event
 
Enterprise under attack dealing with security threats and compliance
Enterprise under attack dealing with security threats and complianceEnterprise under attack dealing with security threats and compliance
Enterprise under attack dealing with security threats and compliance
 
Resume-APOORVA KABRA
Resume-APOORVA KABRAResume-APOORVA KABRA
Resume-APOORVA KABRA
 
Application Security Done Right
Application Security Done RightApplication Security Done Right
Application Security Done Right
 
iotsecurity-171108154118.pdf
iotsecurity-171108154118.pdfiotsecurity-171108154118.pdf
iotsecurity-171108154118.pdf
 
Virtual Meetup - API Security Best Practices
Virtual Meetup - API Security Best PracticesVirtual Meetup - API Security Best Practices
Virtual Meetup - API Security Best Practices
 

Recently uploaded

VIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls Kolkata
VIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls KolkataVIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls Kolkata
VIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls Kolkataanamikaraghav4
 
Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
Best VIP Call Girls Noida Sector 75 Call Me: 8448380779
Best VIP Call Girls Noida Sector 75 Call Me: 8448380779Best VIP Call Girls Noida Sector 75 Call Me: 8448380779
Best VIP Call Girls Noida Sector 75 Call Me: 8448380779Delhi Call girls
 
VIP Kolkata Call Girl Kestopur 👉 8250192130 Available With Room
VIP Kolkata Call Girl Kestopur 👉 8250192130 Available With RoomVIP Kolkata Call Girl Kestopur 👉 8250192130 Available With Room
VIP Kolkata Call Girl Kestopur 👉 8250192130 Available With Roomdivyansh0kumar0
 
Challengers I Told Ya ShirtChallengers I Told Ya Shirt
Challengers I Told Ya ShirtChallengers I Told Ya ShirtChallengers I Told Ya ShirtChallengers I Told Ya Shirt
Challengers I Told Ya ShirtChallengers I Told Ya Shirtrahman018755
 
Low Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls Kolkata
Low Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls KolkataLow Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls Kolkata
Low Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls Kolkataanamikaraghav4
 
Moving Beyond Twitter/X and Facebook - Social Media for local news providers
Moving Beyond Twitter/X and Facebook - Social Media for local news providersMoving Beyond Twitter/X and Facebook - Social Media for local news providers
Moving Beyond Twitter/X and Facebook - Social Media for local news providersDamian Radcliffe
 
How is AI changing journalism? (v. April 2024)
How is AI changing journalism? (v. April 2024)How is AI changing journalism? (v. April 2024)
How is AI changing journalism? (v. April 2024)Damian Radcliffe
 
FULL ENJOY Call Girls In Mayur Vihar Delhi Contact Us 8377087607
FULL ENJOY Call Girls In Mayur Vihar Delhi Contact Us 8377087607FULL ENJOY Call Girls In Mayur Vihar Delhi Contact Us 8377087607
FULL ENJOY Call Girls In Mayur Vihar Delhi Contact Us 8377087607dollysharma2066
 
VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Room
VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With RoomVIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Room
VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Roomishabajaj13
 
Enjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort Service
Enjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort ServiceEnjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort Service
Enjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort ServiceDelhi Call girls
 
Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...
Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...
Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...Sheetaleventcompany
 
Russian Call Girls in Kolkata Samaira 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Samaira 🤌 8250192130 🚀 Vip Call Girls KolkataRussian Call Girls in Kolkata Samaira 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Samaira 🤌 8250192130 🚀 Vip Call Girls Kolkataanamikaraghav4
 
Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.soniya singh
 
Russian Call girl in Ajman +971563133746 Ajman Call girl Service
Russian Call girl in Ajman +971563133746 Ajman Call girl ServiceRussian Call girl in Ajman +971563133746 Ajman Call girl Service
Russian Call girl in Ajman +971563133746 Ajman Call girl Servicegwenoracqe6
 
Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$
Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$
Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$kojalkojal131
 

Recently uploaded (20)

VIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls Kolkata
VIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls KolkataVIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls Kolkata
VIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls Kolkata
 
Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝
 
Best VIP Call Girls Noida Sector 75 Call Me: 8448380779
Best VIP Call Girls Noida Sector 75 Call Me: 8448380779Best VIP Call Girls Noida Sector 75 Call Me: 8448380779
Best VIP Call Girls Noida Sector 75 Call Me: 8448380779
 
VIP Kolkata Call Girl Kestopur 👉 8250192130 Available With Room
VIP Kolkata Call Girl Kestopur 👉 8250192130 Available With RoomVIP Kolkata Call Girl Kestopur 👉 8250192130 Available With Room
VIP Kolkata Call Girl Kestopur 👉 8250192130 Available With Room
 
Challengers I Told Ya ShirtChallengers I Told Ya Shirt
Challengers I Told Ya ShirtChallengers I Told Ya ShirtChallengers I Told Ya ShirtChallengers I Told Ya Shirt
Challengers I Told Ya ShirtChallengers I Told Ya Shirt
 
Low Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls Kolkata
Low Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls KolkataLow Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls Kolkata
Low Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls Kolkata
 
Rohini Sector 22 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
Rohini Sector 22 Call Girls Delhi 9999965857 @Sabina Saikh No AdvanceRohini Sector 22 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
Rohini Sector 22 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
 
Moving Beyond Twitter/X and Facebook - Social Media for local news providers
Moving Beyond Twitter/X and Facebook - Social Media for local news providersMoving Beyond Twitter/X and Facebook - Social Media for local news providers
Moving Beyond Twitter/X and Facebook - Social Media for local news providers
 
How is AI changing journalism? (v. April 2024)
How is AI changing journalism? (v. April 2024)How is AI changing journalism? (v. April 2024)
How is AI changing journalism? (v. April 2024)
 
Call Girls In South Ex 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SERVICE
Call Girls In South Ex 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SERVICECall Girls In South Ex 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SERVICE
Call Girls In South Ex 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SERVICE
 
Model Call Girl in Jamuna Vihar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Jamuna Vihar Delhi reach out to us at 🔝9953056974🔝Model Call Girl in Jamuna Vihar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Jamuna Vihar Delhi reach out to us at 🔝9953056974🔝
 
Rohini Sector 6 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
Rohini Sector 6 Call Girls Delhi 9999965857 @Sabina Saikh No AdvanceRohini Sector 6 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
Rohini Sector 6 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
 
FULL ENJOY Call Girls In Mayur Vihar Delhi Contact Us 8377087607
FULL ENJOY Call Girls In Mayur Vihar Delhi Contact Us 8377087607FULL ENJOY Call Girls In Mayur Vihar Delhi Contact Us 8377087607
FULL ENJOY Call Girls In Mayur Vihar Delhi Contact Us 8377087607
 
VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Room
VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With RoomVIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Room
VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Room
 
Enjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort Service
Enjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort ServiceEnjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort Service
Enjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort Service
 
Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...
Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...
Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...
 
Russian Call Girls in Kolkata Samaira 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Samaira 🤌 8250192130 🚀 Vip Call Girls KolkataRussian Call Girls in Kolkata Samaira 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Samaira 🤌 8250192130 🚀 Vip Call Girls Kolkata
 
Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.
 
Russian Call girl in Ajman +971563133746 Ajman Call girl Service
Russian Call girl in Ajman +971563133746 Ajman Call girl ServiceRussian Call girl in Ajman +971563133746 Ajman Call girl Service
Russian Call girl in Ajman +971563133746 Ajman Call girl Service
 
Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$
Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$
Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$
 

Information Security Awareness

  • 2. About ■ Shritam Bhowmick  Application Security/ Red Team Lead @Defencely – 2016  Information Security Sciences Trainer @CTG Security Solutions – 2014  Penetration Tester & Associate Consultant R&D @Lucideus Tech - 2012 ■ Primary Focus  Application Security  R&D @Information Security Sciences – refer: http://pwntoken.github.io/  Security Operations Center & Active Threat Intelligence (SOC)  Accessing & Auditing Security Threats for Organizations & “others” 2
  • 3. AGENDA ■ Information Security - Explaination ■ Domains of Information Security - Explaination ■ Demonstration of Hacks ■ Information Security Advisory ■ Conclusion & Questionnaire 3
  • 5. What Information Security!? 5 ■ Science of post-exploitation & maintaining access privileges ■ Science of reporting advisories to governments & corporate clients into contract security engagements ■ Science of public disclosures ■ Science of enumeration of active services, hosts, networks & applications ■ Science of information gathering regarding the active hosts, services, networks & applications ■ Science of research to manually figure vulnerabilities & proceed to exploitation phase
  • 6. How Domains of Information Security Application Security ■Web Application Security ■Web Business Logic Security ■Web Database Security ■JavaScript Security 6 Network Security ■Internal Network Security ■External Network Security ■VOIP Network Security ■Wireless Network Security Infrastructure Security ■Network Security Architectural Review ■Application Security Architectural Review ■Network Configuration Security Audits ■Infrastructure Security Compliances & Audits e.g. PCI-DSS, ISO 27001, NIST, OWASP, WASCAlert! Boring part!
  • 7. Domains of Information Security Application Security ■Perform security application security assessments ■Perform validation, authentication, authorization security checks ■Perform Application Security checks against RFI, LFI, SQL Injections & other complicated security test cases ■Perform Business Logic flow security checks such as parameter tampering, session handling & management security checks 7 Network Security ■Perform network security assessments ■Perform network security services assessment checks ■Perform network security internal + external perimeter checks & assessments which are exploitable ■Perform Wireless Security protocols security check such as weak protocols supported, etc. Infrastructure Security ■Perform security audits & reviews – these are not assessments but reviews ■Perform network architectural security checks ■Perform application architectural security checks ■Perform compliance security checks for top e-commerce & govt. sectors & baking industries THREAT REPORTING BENCHMARK
  • 8. 8 THREAT REPORTING BENCHMARK SAMPLE CLIENTS HATE THIS PART!!
  • 13. Getting Hacks Ethically Resolved!? - contracts, engagements, corporate agreements, patches 13
  • 15. Information Security Advisory Public Disclosure Non-Disclosure Agreement 15
  • 17. Blogs .. Connect. Leverage. 17 ■ Blog @ http://pwntoken.github.io/ ■ LinkedIn: /in/shritambhowmick