SlideShare a Scribd company logo

Nethemba profil

OWASP (Open Web Application Security Project)
OWASP (Open Web Application Security Project)
Technology
1 of 21
Download to read offline
Why choose Nethemba s.r.o. (company introduction) Ing. Pavol Lupták, CISSP, CEH          www.nethemba.com             www.nethemba.com      
Who we are?  a group of computer security experts from  Czech/Slovak republic with more than 10 years  of experience  holders of world renowned security  certifications – CISSP (Certified Information  System Security Professional), CEH (Certified  Ethical Hacker), SCSecA (Sun Certified  Security Administrator), LPIC­3 (Linux    Professional Institute Certification)        www.nethemba.com       
Our core business  penetration tests  comprehensive web application security audits  design and implementation of ultra­secure and  high­availability systems  security training & courses  design and development of secure VoIP  solutions    highly skilled Unix/Linux outsourcing        www.nethemba.com       
Penetration tests  a method of evaluating the security of a  computer system or network by simulating an  attack by a malicious hacker  involves an active analysis of the system for  any weaknesses, technical flaws or  vulnerabilities and exploitation  experiences with almost all OS, smartphones,  PDAs   OSSTMM methodology is used        www.nethemba.com       
Penetration test approaches  Black box ­ a zero­knowledge attack ­ no  relevant information about the target  environment is provided, the most realistic  external penetration test  White box ­ a full­knowledge attack ­ all the  security information related to an environment  and infrastructure is considered  Grey box ­ a partial­knowledge attack          www.nethemba.com       
Penetration test phases  Discovery ­ information about the target system is identified  and documented (WHOIS service, public search engines,  domain registrators, etc.)  Enumeration ­ using intrusive methods and techniques to gain  more information about the target system (port scanning,  fingerprinting)  Vulnerability mapping ­ mapping the findings from the  enumeration to known and potential vulnerabilities   Exploitation ­ attempting to gain access through vulnerabilities  identified in the vulnerability­mapping phase. The goal is to gain  user­level and privileged (administrator) access to the system    (custom exploit scripts or exploit frameworks are used)        www.nethemba.com       
Comprehensive web application audits  the most comprehensive and deepest web  application audit on Czech/Slovak market  strictly follows the OWASP Testing Guide  practical hacking demonstration (writing exploit  codes, database dump, XSS/CSRF  demonstration etc)  one­day meeting with application's developers  comprehensive report in English/Czech/Slovak          www.nethemba.com       
OWASP involvement  OWASP (Open Web Application Security  Project) – the biggest and most respected free  and open application security community  our employees are OWASP chapter leaders for  Czech and Slovak republic attending OWASP  security conferences / trainings  we are OWASP Testing Guide (the best web  application security testing guide) contributors          www.nethemba.com       
Advanced security testing  comprehensive source code audit  wireless network testing  smartphone / PDAs testing  war dialing  social engineering          www.nethemba.com       
Ultra secure OSes  experts in design and implementation of ultra  secure OS (NSA SELinux, TrustedBSD,  Trusted Solaris)  suitable solution for high­risk critical  environment (banks, insurance companies)  providing full support and outsourcing of these  systems          www.nethemba.com       
Customized security solutions   LAMP security hardening  configuration and implementation of:  WAF (Web Application Firewalls)   IDS (Intrusion Detection System) and IPS  (Intrusion Prevention System)   Honeypot & Honeynet  we are vendor independent and unbiased !          www.nethemba.com       
Load­balanced and high­ availability clusters  design and implementation of big multi­servers  redundant load­balancer and high availability  clusters  based on Linux or any Unix system  ideal solution for the most visited web portals,  database clusters or redundant mail servers  that require high availability and security          www.nethemba.com       
Anti­DDoS hardening  suitable for customers that are threatened by  strong Distributed Denial Of Service attacks  (online casinos, banks, popular e­shops)  provide anti­DDoS server housing  design and implementation of geographical  clusters  own anti­DDoS plugin to HAProxy (load  balancer) development          www.nethemba.com       
VoIP design and implementation  design and implementation of complex VoIP  call centers based on Asterisk and OpenSER  focused on VoIP security (secure encrypted  calls, secure authentication)  we are Asterisk contributors (responsible for  T38 fax gateway development)  ideal for companies that do not trust their PSTN  lines or mobile phones          www.nethemba.com       
Security training & courses  we offer security training and courses in many  security areas including:  web application security  secure programming  wireless network security  ultra secure NSA SELinux  penetration tests & web application hacking          www.nethemba.com       
Highly skilled Unix/Linux  outsourcing  highly skilled and certified administrators  support of all UNIX systems  permanent monitoring of availability, security  patches etc.  good SLA conditions, 24x7 web / email /  telephone support    still on the top of “bleeding­edge” technologies        www.nethemba.com       
Security Research I  we have cracked the most used Czech and  Slovak Mifare Classic smartcards  we are the first ones in the world who have  implemented and publicly released our own  Mifare Classic Offline Cracker that can gain all  keys to all sectors from 1 billion smartcards(!!!)  in a few minutes  see https://www.nethemba.com/research          www.nethemba.com       
Security research II  we have revealed a serious inherent  vulnerability in public transport SMS tickets  which is described in our paper “Public  transport SMS ticket hacking”  Public transport companies in Prague,  Bratislava, Vienna, Kosice, Usti nad Labem are  still vulnerable  we are open for any security research          www.nethemba.com       
Presentations at security  conferences  our employees are frequent presenters on  many world­renowned security conferences  (Confidence, Hacking At Random, SASIB,  Network Security Congress, OpenWeekend,  Barcamp, CVTSS, ..)  do not miss our upcoming presentation about  “Mifare Classic Attacks in Practice” at  Confidence 2.0 in Warsaw          www.nethemba.com       
References  T­Mobile Czech Republic a.s.  NBS (National Bank of Slovakia)   ICZ, a.s  ITEG, a.s.  IPEX a.s.  Limba s.r.o.  Profesia, AUTOVIA, ui42, Ringier Slovakia, KROS,  Pantheon Technologies, Avion Postproduction,    Faculty of Philosophy / Comenius University etc.        www.nethemba.com       
Any questions? Thank you for listening Ing. Pavol Lupták, CISSP CEH          www.nethemba.com       

Recommended

English Curriculum Csirt
English Curriculum CsirtEnglish Curriculum Csirt
English Curriculum Csirtfrancisco_monserrat
 
VSEC Company Profile
VSEC Company ProfileVSEC Company Profile
VSEC Company ProfileVietnamese Network Security J.S.C
 
1.nove trendy-zranitelnosti luptak
1.nove trendy-zranitelnosti luptak1.nove trendy-zranitelnosti luptak
1.nove trendy-zranitelnosti luptakOWASP (Open Web Application Security Project)
 
Paralelni polisweb
Paralelni poliswebParalelni polisweb
Paralelni poliswebOWASP (Open Web Application Security Project)
 
Nove trendy-zranitelnosti
Nove trendy-zranitelnostiNove trendy-zranitelnosti
Nove trendy-zranitelnostiOWASP (Open Web Application Security Project)
 
Php sec
Php secPhp sec
Php secOWASP (Open Web Application Security Project)
 
New web attacks-nethemba
New web attacks-nethembaNew web attacks-nethemba
New web attacks-nethembaOWASP (Open Web Application Security Project)
 
Mifare classic-slides
Mifare classic-slidesMifare classic-slides
Mifare classic-slidesOWASP (Open Web Application Security Project)
 

Recommended

English Curriculum Csirt
English Curriculum CsirtEnglish Curriculum Csirt
English Curriculum Csirtfrancisco_monserrat
 
VSEC Company Profile
VSEC Company ProfileVSEC Company Profile
VSEC Company ProfileVietnamese Network Security J.S.C
 
1.nove trendy-zranitelnosti luptak
1.nove trendy-zranitelnosti luptak1.nove trendy-zranitelnosti luptak
1.nove trendy-zranitelnosti luptakOWASP (Open Web Application Security Project)
 
Paralelni polisweb
Paralelni poliswebParalelni polisweb
Paralelni poliswebOWASP (Open Web Application Security Project)
 
Nove trendy-zranitelnosti
Nove trendy-zranitelnostiNove trendy-zranitelnosti
Nove trendy-zranitelnostiOWASP (Open Web Application Security Project)
 
Php sec
Php secPhp sec
Php secOWASP (Open Web Application Security Project)
 
New web attacks-nethemba
New web attacks-nethembaNew web attacks-nethemba
New web attacks-nethembaOWASP (Open Web Application Security Project)
 
Mifare classic-slides
Mifare classic-slidesMifare classic-slides
Mifare classic-slidesOWASP (Open Web Application Security Project)
 
Cisco Security Presentation
Cisco Security PresentationCisco Security Presentation
Cisco Security PresentationSimplex
 
vtrip
vtripvtrip
vtripDimitris Tsingos
 
David Patterson IT Security Resumes 2016
David Patterson IT Security Resumes 2016David Patterson IT Security Resumes 2016
David Patterson IT Security Resumes 2016David Patterson
 
Open Security - Chad Cravens
Open Security - Chad CravensOpen Security - Chad Cravens
Open Security - Chad CravensIT-oLogy
 
SoftwareSecurity.ppt
SoftwareSecurity.pptSoftwareSecurity.ppt
SoftwareSecurity.pptssuserfb92ae
 
Michael Zaytsev-resume-Verint-2013-v3
Michael Zaytsev-resume-Verint-2013-v3Michael Zaytsev-resume-Verint-2013-v3
Michael Zaytsev-resume-Verint-2013-v3Michael Zaytsev
 
Network Security - Defense Through Layered Information Security
Network Security - Defense Through Layered Information SecurityNetwork Security - Defense Through Layered Information Security
Network Security - Defense Through Layered Information SecurityEryk Budi Pratama
 
OWASP an Introduction
OWASP an Introduction OWASP an Introduction
OWASP an Introduction alessiomarziali
 
CYBER SECURITY CAREER GUIDE CHEAT SHEET
CYBER SECURITY CAREER GUIDE CHEAT SHEETCYBER SECURITY CAREER GUIDE CHEAT SHEET
CYBER SECURITY CAREER GUIDE CHEAT SHEETTravarsaPrivateLimit
 
Dhishant -Latest Resume
Dhishant -Latest ResumeDhishant -Latest Resume
Dhishant -Latest ResumeDhishant Abrol
 
FPT IS
FPT ISFPT IS
FPT ISCông Trần Minh
 
Qualys Corporate Brochure
Qualys Corporate BrochureQualys Corporate Brochure
Qualys Corporate BrochureQualys
 
Recent Cybersecurity Concerns and How to Protect SCADA/HMI Applications Prese...
Recent Cybersecurity Concerns and How to Protect SCADA/HMI Applications Prese...Recent Cybersecurity Concerns and How to Protect SCADA/HMI Applications Prese...
Recent Cybersecurity Concerns and How to Protect SCADA/HMI Applications Prese...AVEVA
 
santoskumaarResume - updated
santoskumaarResume - updatedsantoskumaarResume - updated
santoskumaarResume - updatedSantos Kumaar.S
 
Mohammad Tahir_CV
Mohammad Tahir_CVMohammad Tahir_CV
Mohammad Tahir_CVMohammad Tahir Shaikh
 
Layer 7 Technologies: Web Services Hacking And Hardening
Layer 7 Technologies: Web Services Hacking And HardeningLayer 7 Technologies: Web Services Hacking And Hardening
Layer 7 Technologies: Web Services Hacking And HardeningCA API Management
 
ADVANCED PENETRATION TESTING.pdf
ADVANCED PENETRATION TESTING.pdfADVANCED PENETRATION TESTING.pdf
ADVANCED PENETRATION TESTING.pdfCert Hippo
 
Light sec for service providers brochure
Light sec for service providers brochureLight sec for service providers brochure
Light sec for service providers brochureGeorge Wainblat
 
RSA Europe 2013 OWASP Training
RSA Europe 2013 OWASP TrainingRSA Europe 2013 OWASP Training
RSA Europe 2013 OWASP TrainingJim Manico
 
Corporate Security Issues and countering them using Unified Threat Management...
Corporate Security Issues and countering them using Unified Threat Management...Corporate Security Issues and countering them using Unified Threat Management...
Corporate Security Issues and countering them using Unified Threat Management...Rishabh Dangwal
 
Nethemba - Writing exploits
Nethemba - Writing exploitsNethemba - Writing exploits
Nethemba - Writing exploitsOWASP (Open Web Application Security Project)
 
Preco sa rozhodnut pre spolocnost Nethemba
Preco sa rozhodnut pre spolocnost NethembaPreco sa rozhodnut pre spolocnost Nethemba
Preco sa rozhodnut pre spolocnost NethembaOWASP (Open Web Application Security Project)
 

More Related Content

Similar to Nethemba profil

Cisco Security Presentation
Cisco Security PresentationCisco Security Presentation
Cisco Security PresentationSimplex
 
David Patterson IT Security Resumes 2016
David Patterson IT Security Resumes 2016David Patterson IT Security Resumes 2016
David Patterson IT Security Resumes 2016David Patterson
 
Open Security - Chad Cravens
Open Security - Chad CravensOpen Security - Chad Cravens
Open Security - Chad CravensIT-oLogy
 
SoftwareSecurity.ppt
SoftwareSecurity.pptSoftwareSecurity.ppt
SoftwareSecurity.pptssuserfb92ae
 
Michael Zaytsev-resume-Verint-2013-v3
Michael Zaytsev-resume-Verint-2013-v3Michael Zaytsev-resume-Verint-2013-v3
Michael Zaytsev-resume-Verint-2013-v3Michael Zaytsev
 
Network Security - Defense Through Layered Information Security
Network Security - Defense Through Layered Information SecurityNetwork Security - Defense Through Layered Information Security
Network Security - Defense Through Layered Information SecurityEryk Budi Pratama
 
CYBER SECURITY CAREER GUIDE CHEAT SHEET
CYBER SECURITY CAREER GUIDE CHEAT SHEETCYBER SECURITY CAREER GUIDE CHEAT SHEET
CYBER SECURITY CAREER GUIDE CHEAT SHEETTravarsaPrivateLimit
 
Dhishant -Latest Resume
Dhishant -Latest ResumeDhishant -Latest Resume
Dhishant -Latest ResumeDhishant Abrol
 
Qualys Corporate Brochure
Qualys Corporate BrochureQualys Corporate Brochure
Qualys Corporate BrochureQualys
 
Recent Cybersecurity Concerns and How to Protect SCADA/HMI Applications Prese...
Recent Cybersecurity Concerns and How to Protect SCADA/HMI Applications Prese...Recent Cybersecurity Concerns and How to Protect SCADA/HMI Applications Prese...
Recent Cybersecurity Concerns and How to Protect SCADA/HMI Applications Prese...AVEVA
 
santoskumaarResume - updated
santoskumaarResume - updatedsantoskumaarResume - updated
santoskumaarResume - updatedSantos Kumaar.S
 
Layer 7 Technologies: Web Services Hacking And Hardening
Layer 7 Technologies: Web Services Hacking And HardeningLayer 7 Technologies: Web Services Hacking And Hardening
Layer 7 Technologies: Web Services Hacking And HardeningCA API Management
 
ADVANCED PENETRATION TESTING.pdf
ADVANCED PENETRATION TESTING.pdfADVANCED PENETRATION TESTING.pdf
ADVANCED PENETRATION TESTING.pdfCert Hippo
 
Light sec for service providers brochure
Light sec for service providers brochureLight sec for service providers brochure
Light sec for service providers brochureGeorge Wainblat
 
RSA Europe 2013 OWASP Training
RSA Europe 2013 OWASP TrainingRSA Europe 2013 OWASP Training
RSA Europe 2013 OWASP TrainingJim Manico
 
Corporate Security Issues and countering them using Unified Threat Management...
Corporate Security Issues and countering them using Unified Threat Management...Corporate Security Issues and countering them using Unified Threat Management...
Corporate Security Issues and countering them using Unified Threat Management...Rishabh Dangwal
 

Similar to Nethemba profil (20)

Cisco Security Presentation
Cisco Security PresentationCisco Security Presentation
Cisco Security Presentation
 
vtrip
vtripvtrip
vtrip
 
David Patterson IT Security Resumes 2016
David Patterson IT Security Resumes 2016David Patterson IT Security Resumes 2016
David Patterson IT Security Resumes 2016
 
Open Security - Chad Cravens
Open Security - Chad CravensOpen Security - Chad Cravens
Open Security - Chad Cravens
 
SoftwareSecurity.ppt
SoftwareSecurity.pptSoftwareSecurity.ppt
SoftwareSecurity.ppt
 
Michael Zaytsev-resume-Verint-2013-v3
Michael Zaytsev-resume-Verint-2013-v3Michael Zaytsev-resume-Verint-2013-v3
Michael Zaytsev-resume-Verint-2013-v3
 
Network Security - Defense Through Layered Information Security
Network Security - Defense Through Layered Information SecurityNetwork Security - Defense Through Layered Information Security
Network Security - Defense Through Layered Information Security
 
OWASP an Introduction
OWASP an Introduction OWASP an Introduction
OWASP an Introduction
 
CYBER SECURITY CAREER GUIDE CHEAT SHEET
CYBER SECURITY CAREER GUIDE CHEAT SHEETCYBER SECURITY CAREER GUIDE CHEAT SHEET
CYBER SECURITY CAREER GUIDE CHEAT SHEET
 
Dhishant -Latest Resume
Dhishant -Latest ResumeDhishant -Latest Resume
Dhishant -Latest Resume
 
FPT IS
FPT ISFPT IS
FPT IS
 
Qualys Corporate Brochure
Qualys Corporate BrochureQualys Corporate Brochure
Qualys Corporate Brochure
 
Recent Cybersecurity Concerns and How to Protect SCADA/HMI Applications Prese...
Recent Cybersecurity Concerns and How to Protect SCADA/HMI Applications Prese...Recent Cybersecurity Concerns and How to Protect SCADA/HMI Applications Prese...
Recent Cybersecurity Concerns and How to Protect SCADA/HMI Applications Prese...
 
santoskumaarResume - updated
santoskumaarResume - updatedsantoskumaarResume - updated
santoskumaarResume - updated
 
Mohammad Tahir_CV
Mohammad Tahir_CVMohammad Tahir_CV
Mohammad Tahir_CV
 
Layer 7 Technologies: Web Services Hacking And Hardening
Layer 7 Technologies: Web Services Hacking And HardeningLayer 7 Technologies: Web Services Hacking And Hardening
Layer 7 Technologies: Web Services Hacking And Hardening
 
ADVANCED PENETRATION TESTING.pdf
ADVANCED PENETRATION TESTING.pdfADVANCED PENETRATION TESTING.pdf
ADVANCED PENETRATION TESTING.pdf
 
Light sec for service providers brochure
Light sec for service providers brochureLight sec for service providers brochure
Light sec for service providers brochure
 
RSA Europe 2013 OWASP Training
RSA Europe 2013 OWASP TrainingRSA Europe 2013 OWASP Training
RSA Europe 2013 OWASP Training
 
Corporate Security Issues and countering them using Unified Threat Management...
Corporate Security Issues and countering them using Unified Threat Management...Corporate Security Issues and countering them using Unified Threat Management...
Corporate Security Issues and countering them using Unified Threat Management...
 

More from OWASP (Open Web Application Security Project)

More from OWASP (Open Web Application Security Project) (10)

Nethemba - Writing exploits
Nethemba - Writing exploitsNethemba - Writing exploits
Nethemba - Writing exploits
 
Preco sa rozhodnut pre spolocnost Nethemba
Preco sa rozhodnut pre spolocnost NethembaPreco sa rozhodnut pre spolocnost Nethemba
Preco sa rozhodnut pre spolocnost Nethemba
 
Planning the OWASP Testing Guide v4
Planning the OWASP Testing Guide v4Planning the OWASP Testing Guide v4
Planning the OWASP Testing Guide v4
 
Bypassing Web Application Firewalls
Bypassing Web Application FirewallsBypassing Web Application Firewalls
Bypassing Web Application Firewalls
 
Nethemba metasploit
Nethemba metasploitNethemba metasploit
Nethemba metasploit
 
Sms ticket-hack4
Sms ticket-hack4Sms ticket-hack4
Sms ticket-hack4
 
Se linux course1
Se linux course1Se linux course1
Se linux course1
 
Real web-attack-scenario
Real web-attack-scenarioReal web-attack-scenario
Real web-attack-scenario
 
Practical web-attacks2
Practical web-attacks2Practical web-attacks2
Practical web-attacks2
 
Nethemba profil
Nethemba profilNethemba profil
Nethemba profil
 

Recently uploaded

Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobeapidays
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesBoston Institute of Analytics
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?Antenna Manufacturer Coco
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessPixlogix Infotech
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...DianaGray10
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfhans926745
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 

Recently uploaded (20)

Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation Strategies
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdf
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 

Nethemba profil

  • 1. Why choose Nethemba s.r.o. (company introduction) Ing. Pavol Lupták, CISSP, CEH          www.nethemba.com             www.nethemba.com      
  • 2. Who we are?  a group of computer security experts from  Czech/Slovak republic with more than 10 years  of experience  holders of world renowned security  certifications – CISSP (Certified Information  System Security Professional), CEH (Certified  Ethical Hacker), SCSecA (Sun Certified  Security Administrator), LPIC­3 (Linux    Professional Institute Certification)        www.nethemba.com       
  • 3. Our core business  penetration tests  comprehensive web application security audits  design and implementation of ultra­secure and  high­availability systems  security training & courses  design and development of secure VoIP  solutions    highly skilled Unix/Linux outsourcing        www.nethemba.com       
  • 4. Penetration tests  a method of evaluating the security of a  computer system or network by simulating an  attack by a malicious hacker  involves an active analysis of the system for  any weaknesses, technical flaws or  vulnerabilities and exploitation  experiences with almost all OS, smartphones,  PDAs   OSSTMM methodology is used        www.nethemba.com       
  • 5. Penetration test approaches  Black box ­ a zero­knowledge attack ­ no  relevant information about the target  environment is provided, the most realistic  external penetration test  White box ­ a full­knowledge attack ­ all the  security information related to an environment  and infrastructure is considered  Grey box ­ a partial­knowledge attack          www.nethemba.com       
  • 6. Penetration test phases  Discovery ­ information about the target system is identified  and documented (WHOIS service, public search engines,  domain registrators, etc.)  Enumeration ­ using intrusive methods and techniques to gain  more information about the target system (port scanning,  fingerprinting)  Vulnerability mapping ­ mapping the findings from the  enumeration to known and potential vulnerabilities   Exploitation ­ attempting to gain access through vulnerabilities  identified in the vulnerability­mapping phase. The goal is to gain  user­level and privileged (administrator) access to the system    (custom exploit scripts or exploit frameworks are used)        www.nethemba.com       
  • 7. Comprehensive web application audits  the most comprehensive and deepest web  application audit on Czech/Slovak market  strictly follows the OWASP Testing Guide  practical hacking demonstration (writing exploit  codes, database dump, XSS/CSRF  demonstration etc)  one­day meeting with application's developers  comprehensive report in English/Czech/Slovak          www.nethemba.com       
  • 8. OWASP involvement  OWASP (Open Web Application Security  Project) – the biggest and most respected free  and open application security community  our employees are OWASP chapter leaders for  Czech and Slovak republic attending OWASP  security conferences / trainings  we are OWASP Testing Guide (the best web  application security testing guide) contributors          www.nethemba.com       
  • 9. Advanced security testing  comprehensive source code audit  wireless network testing  smartphone / PDAs testing  war dialing  social engineering          www.nethemba.com       
  • 10. Ultra secure OSes  experts in design and implementation of ultra  secure OS (NSA SELinux, TrustedBSD,  Trusted Solaris)  suitable solution for high­risk critical  environment (banks, insurance companies)  providing full support and outsourcing of these  systems          www.nethemba.com       
  • 11. Customized security solutions   LAMP security hardening  configuration and implementation of:  WAF (Web Application Firewalls)   IDS (Intrusion Detection System) and IPS  (Intrusion Prevention System)   Honeypot & Honeynet  we are vendor independent and unbiased !          www.nethemba.com       
  • 12. Load­balanced and high­ availability clusters  design and implementation of big multi­servers  redundant load­balancer and high availability  clusters  based on Linux or any Unix system  ideal solution for the most visited web portals,  database clusters or redundant mail servers  that require high availability and security          www.nethemba.com       
  • 13. Anti­DDoS hardening  suitable for customers that are threatened by  strong Distributed Denial Of Service attacks  (online casinos, banks, popular e­shops)  provide anti­DDoS server housing  design and implementation of geographical  clusters  own anti­DDoS plugin to HAProxy (load  balancer) development          www.nethemba.com       
  • 14. VoIP design and implementation  design and implementation of complex VoIP  call centers based on Asterisk and OpenSER  focused on VoIP security (secure encrypted  calls, secure authentication)  we are Asterisk contributors (responsible for  T38 fax gateway development)  ideal for companies that do not trust their PSTN  lines or mobile phones          www.nethemba.com       
  • 15. Security training & courses  we offer security training and courses in many  security areas including:  web application security  secure programming  wireless network security  ultra secure NSA SELinux  penetration tests & web application hacking          www.nethemba.com       
  • 16. Highly skilled Unix/Linux  outsourcing  highly skilled and certified administrators  support of all UNIX systems  permanent monitoring of availability, security  patches etc.  good SLA conditions, 24x7 web / email /  telephone support    still on the top of “bleeding­edge” technologies        www.nethemba.com       
  • 17. Security Research I  we have cracked the most used Czech and  Slovak Mifare Classic smartcards  we are the first ones in the world who have  implemented and publicly released our own  Mifare Classic Offline Cracker that can gain all  keys to all sectors from 1 billion smartcards(!!!)  in a few minutes  see https://www.nethemba.com/research          www.nethemba.com       
  • 18. Security research II  we have revealed a serious inherent  vulnerability in public transport SMS tickets  which is described in our paper “Public  transport SMS ticket hacking”  Public transport companies in Prague,  Bratislava, Vienna, Kosice, Usti nad Labem are  still vulnerable  we are open for any security research          www.nethemba.com       
  • 19. Presentations at security  conferences  our employees are frequent presenters on  many world­renowned security conferences  (Confidence, Hacking At Random, SASIB,  Network Security Congress, OpenWeekend,  Barcamp, CVTSS, ..)  do not miss our upcoming presentation about  “Mifare Classic Attacks in Practice” at  Confidence 2.0 in Warsaw          www.nethemba.com       
  • 20. References  T­Mobile Czech Republic a.s.  NBS (National Bank of Slovakia)   ICZ, a.s  ITEG, a.s.  IPEX a.s.  Limba s.r.o.  Profesia, AUTOVIA, ui42, Ringier Slovakia, KROS,  Pantheon Technologies, Avion Postproduction,    Faculty of Philosophy / Comenius University etc.        www.nethemba.com       
  • 21. Any questions? Thank you for listening Ing. Pavol Lupták, CISSP CEH          www.nethemba.com