Ethical Hacking & Penetration Testing


Published on

Published in: Technology
1 Like
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide
  • Welcome to the Ethical Hacking and Penetration Testing slidecast.The purpose of today’s presentation will be focused on increasing the awareness of the CA profession about ethical hacking and how it can largely impact both the assurance and business community. I am your presenter, Emily Chow, Master of Accounting Student at the University of Waterloo.
  • Ethical Hacking & Penetration Testing

    1. 1. Ethical Hacking & Penetration Testing<br />Presented By: Emily Chow<br />July 6, 2011<br />
    2. 2. Agenda<br />#1<br />What is Ethical Hacking/Penetration Testing?<br />#2<br />Issues Relevant to Organizations <br />#3<br />Tools & Techniques of Penetration Testing<br />#4<br />Benefits & Limitations of Penetration Testing<br />#5<br />Impact on the CA Profession<br />#6<br />Current Issues<br />#7<br />Recommendations<br />
    3. 3. 1. What is Ethical Hacking/Penetration Testing?<br />Objective: Improve the security system and close the security gaps before a real hacker penetrates within the organization<br />Preventative measure<br />Exploit a company’s security weaknesses by using same or similar techniques of malicious hackers<br />“White Hat Hackers” <br />“Red Team”<br />
    4. 4. 2. Issues Relevant to Organizations<br />Internal Risk: malicious employees & employee’s lack of security awareness<br />External Risk: exploitation of external hackers<br />Non-Financial Losses: damaged reputation, loss of credibility<br />Financial Losses: lost in revenue, litigations<br />
    5. 5. Pros - automation<br />Cost-effective<br />Perform in several hours<br />As frequent as possible<br />Flexibility of substituting different scenarios <br />Pros - manual<br />2. Types of Penetration Testing: Automated vs. Manual<br /><ul><li>WARNING: Both are NOT 100% Guaranteed!</li></li></ul><li>External<br />Simulate Malicious Hacker<br />Use of Internet or Extranet<br />Simulate Employee<br /> Use of Intranet <br />Internal<br />2. Types of Penetration Testing: External vs. Internal<br />
    6. 6. Web Applications Software<br />2. Penetration Testing Techniques<br />Denial of Service<br />Wireless Network<br />Social Engineering<br />Google Hacking<br />
    7. 7. Google search: <br />intitle:"index of" site:edu "server at"<br />3. Google Hacking Example<br />
    8. 8. Benefits<br />Strengthen security procedures and processes<br />Improve efficiency and effectiveness of risk management<br />Increase degree of transparency <br />Not 100% guaranteed<br />Changing technology<br />Legislations and contractual obligations restrictions<br />Limited resources over limited period of time<br />Limitations<br />4. Benefits & Limitations of Penetration Testing<br />
    9. 9. 5. Impact on CA Profession<br />Provide greater assurance in addition to SysTrust, WebTrust and Section 5900<br />Conformity with PIPEDA, Gramm-Leach-Act and SOX<br />IS Auditing Standards, CISA, COBIT Framework<br />Goes beyond the traditional methods by auditors<br />
    10. 10. 6. Current Hacking Issues in 2011<br />Sony’s PlayStation Video Games – loss of personal data from 77M users’<br />Sony Ericsson’s Canada eShop- loss of data from 2,000 customer accounts<br />Google’s Gmail Accounts – U.S. Government Officials<br />CitiBank – loss of 200,000 credit card customers data<br />This calls for a greater need for penetration testing!<br />
    11. 11. SIGNIFICANCE<br />Breach of trust<br />LIKELIHOOD<br />“Target of choice”<br />“Target of opportunity”<br />PENETRATION TESTING<br />7.Recommendations<br />
    12. 12. Thank You!<br />Pleasefeel free to contact me via uwace if you have any questions<br />