SlideShare a Scribd company logo

Nethemba profil

OWASP (Open Web Application Security Project)
OWASP (Open Web Application Security Project)
Technology
1 of 21
Download to read offline
Why choose Nethemba s.r.o. (company introduction) Ing. Pavol Lupták, CISSP, CEH          www.nethemba.com             www.nethemba.com      
Who we are?  a group of computer security experts from  Czech/Slovak republic with more than 10 years  of experience  holders of world renowned security  certifications – CISSP (Certified Information  System Security Professional), CEH (Certified  Ethical Hacker), SCSecA (Sun Certified  Security Administrator), LPIC­3 (Linux    Professional Institute Certification)        www.nethemba.com       
Our core business  penetration tests  comprehensive web application security audits  design and implementation of ultra­secure and  high­availability systems  security training & courses  design and development of secure VoIP  solutions    highly skilled Unix/Linux outsourcing        www.nethemba.com       
Penetration tests  a method of evaluating the security of a  computer system or network by simulating an  attack by a malicious hacker  involves an active analysis of the system for  any weaknesses, technical flaws or  vulnerabilities and exploitation  experiences with almost all OS, smartphones,  PDAs   OSSTMM methodology is used        www.nethemba.com       
Penetration test approaches  Black box ­ a zero­knowledge attack ­ no  relevant information about the target  environment is provided, the most realistic  external penetration test  White box ­ a full­knowledge attack ­ all the  security information related to an environment  and infrastructure is considered  Grey box ­ a partial­knowledge attack          www.nethemba.com       
Penetration test phases  Discovery ­ information about the target system is identified  and documented (WHOIS service, public search engines,  domain registrators, etc.)  Enumeration ­ using intrusive methods and techniques to gain  more information about the target system (port scanning,  fingerprinting)  Vulnerability mapping ­ mapping the findings from the  enumeration to known and potential vulnerabilities   Exploitation ­ attempting to gain access through vulnerabilities  identified in the vulnerability­mapping phase. The goal is to gain  user­level and privileged (administrator) access to the system    (custom exploit scripts or exploit frameworks are used)        www.nethemba.com       
Comprehensive web application audits  the most comprehensive and deepest web  application audit on Czech/Slovak market  strictly follows the OWASP Testing Guide  practical hacking demonstration (writing exploit  codes, database dump, XSS/CSRF  demonstration etc)  one­day meeting with application's developers  comprehensive report in English/Czech/Slovak          www.nethemba.com       
OWASP involvement  OWASP (Open Web Application Security  Project) – the biggest and most respected free  and open application security community  our employees are OWASP chapter leaders for  Czech and Slovak republic attending OWASP  security conferences / trainings  we are OWASP Testing Guide (the best web  application security testing guide) contributors          www.nethemba.com       
Advanced security testing  comprehensive source code audit  wireless network testing  smartphone / PDAs testing  war dialing  social engineering          www.nethemba.com       
Ultra secure OSes  experts in design and implementation of ultra  secure OS (NSA SELinux, TrustedBSD,  Trusted Solaris)  suitable solution for high­risk critical  environment (banks, insurance companies)  providing full support and outsourcing of these  systems          www.nethemba.com       
Customized security solutions   LAMP security hardening  configuration and implementation of:  WAF (Web Application Firewalls)   IDS (Intrusion Detection System) and IPS  (Intrusion Prevention System)   Honeypot & Honeynet  we are vendor independent and unbiased !          www.nethemba.com       
Load­balanced and high­ availability clusters  design and implementation of big multi­servers  redundant load­balancer and high availability  clusters  based on Linux or any Unix system  ideal solution for the most visited web portals,  database clusters or redundant mail servers  that require high availability and security          www.nethemba.com       
Anti­DDoS hardening  suitable for customers that are threatened by  strong Distributed Denial Of Service attacks  (online casinos, banks, popular e­shops)  provide anti­DDoS server housing  design and implementation of geographical  clusters  own anti­DDoS plugin to HAProxy (load  balancer) development          www.nethemba.com       
VoIP design and implementation  design and implementation of complex VoIP  call centers based on Asterisk and OpenSER  focused on VoIP security (secure encrypted  calls, secure authentication)  we are Asterisk contributors (responsible for  T38 fax gateway development)  ideal for companies that do not trust their PSTN  lines or mobile phones          www.nethemba.com       
Security training & courses  we offer security training and courses in many  security areas including:  web application security  secure programming  wireless network security  ultra secure NSA SELinux  penetration tests & web application hacking          www.nethemba.com       
Highly skilled Unix/Linux  outsourcing  highly skilled and certified administrators  support of all UNIX systems  permanent monitoring of availability, security  patches etc.  good SLA conditions, 24x7 web / email /  telephone support    still on the top of “bleeding­edge” technologies        www.nethemba.com       
Security Research I  we have cracked the most used Czech and  Slovak Mifare Classic smartcards  we are the first ones in the world who have  implemented and publicly released our own  Mifare Classic Offline Cracker that can gain all  keys to all sectors from 1 billion smartcards(!!!)  in a few minutes  see https://www.nethemba.com/research          www.nethemba.com       
Security research II  we have revealed a serious inherent  vulnerability in public transport SMS tickets  which is described in our paper “Public  transport SMS ticket hacking”  Public transport companies in Prague,  Bratislava, Vienna, Kosice, Usti nad Labem are  still vulnerable  we are open for any security research          www.nethemba.com       
Presentations at security  conferences  our employees are frequent presenters on  many world­renowned security conferences  (Confidence, Hacking At Random, SASIB,  Network Security Congress, OpenWeekend,  Barcamp, CVTSS, ..)  do not miss our upcoming presentation about  “Mifare Classic Attacks in Practice” at  Confidence 2.0 in Warsaw          www.nethemba.com       
References  T­Mobile Czech Republic a.s.  NBS (National Bank of Slovakia)   ICZ, a.s  ITEG, a.s.  IPEX a.s.  Limba s.r.o.  Profesia, AUTOVIA, ui42, Ringier Slovakia, KROS,  Pantheon Technologies, Avion Postproduction,    Faculty of Philosophy / Comenius University etc.        www.nethemba.com       
Any questions? Thank you for listening Ing. Pavol Lupták, CISSP CEH          www.nethemba.com       

Recommended

English Curriculum Csirt
English Curriculum CsirtEnglish Curriculum Csirt
English Curriculum Csirtfrancisco_monserrat
 
VSEC Company Profile
VSEC Company ProfileVSEC Company Profile
VSEC Company ProfileVietnamese Network Security J.S.C
 
1.nove trendy-zranitelnosti luptak
1.nove trendy-zranitelnosti luptak1.nove trendy-zranitelnosti luptak
1.nove trendy-zranitelnosti luptakOWASP (Open Web Application Security Project)
 
Paralelni polisweb
Paralelni poliswebParalelni polisweb
Paralelni poliswebOWASP (Open Web Application Security Project)
 
Nove trendy-zranitelnosti
Nove trendy-zranitelnostiNove trendy-zranitelnosti
Nove trendy-zranitelnostiOWASP (Open Web Application Security Project)
 
Php sec
Php secPhp sec
Php secOWASP (Open Web Application Security Project)
 
New web attacks-nethemba
New web attacks-nethembaNew web attacks-nethemba
New web attacks-nethembaOWASP (Open Web Application Security Project)
 
Mifare classic-slides
Mifare classic-slidesMifare classic-slides
Mifare classic-slidesOWASP (Open Web Application Security Project)
 

Recommended

English Curriculum Csirt
English Curriculum CsirtEnglish Curriculum Csirt
English Curriculum Csirtfrancisco_monserrat
 
VSEC Company Profile
VSEC Company ProfileVSEC Company Profile
VSEC Company ProfileVietnamese Network Security J.S.C
 
1.nove trendy-zranitelnosti luptak
1.nove trendy-zranitelnosti luptak1.nove trendy-zranitelnosti luptak
1.nove trendy-zranitelnosti luptakOWASP (Open Web Application Security Project)
 
Paralelni polisweb
Paralelni poliswebParalelni polisweb
Paralelni poliswebOWASP (Open Web Application Security Project)
 
Nove trendy-zranitelnosti
Nove trendy-zranitelnostiNove trendy-zranitelnosti
Nove trendy-zranitelnostiOWASP (Open Web Application Security Project)
 
Php sec
Php secPhp sec
Php secOWASP (Open Web Application Security Project)
 
New web attacks-nethemba
New web attacks-nethembaNew web attacks-nethemba
New web attacks-nethembaOWASP (Open Web Application Security Project)
 
Mifare classic-slides
Mifare classic-slidesMifare classic-slides
Mifare classic-slidesOWASP (Open Web Application Security Project)
 
Cisco Security Presentation
Cisco Security PresentationCisco Security Presentation
Cisco Security PresentationSimplex
 
vtrip
vtripvtrip
vtripDimitris Tsingos
 
David Patterson IT Security Resumes 2016
David Patterson IT Security Resumes 2016David Patterson IT Security Resumes 2016
David Patterson IT Security Resumes 2016David Patterson
 
Open Security - Chad Cravens
Open Security - Chad CravensOpen Security - Chad Cravens
Open Security - Chad CravensIT-oLogy
 
SoftwareSecurity.ppt
SoftwareSecurity.pptSoftwareSecurity.ppt
SoftwareSecurity.pptssuserfb92ae
 
Michael Zaytsev-resume-Verint-2013-v3
Michael Zaytsev-resume-Verint-2013-v3Michael Zaytsev-resume-Verint-2013-v3
Michael Zaytsev-resume-Verint-2013-v3Michael Zaytsev
 
Network Security - Defense Through Layered Information Security
Network Security - Defense Through Layered Information SecurityNetwork Security - Defense Through Layered Information Security
Network Security - Defense Through Layered Information SecurityEryk Budi Pratama
 
OWASP an Introduction
OWASP an Introduction OWASP an Introduction
OWASP an Introduction alessiomarziali
 
CYBER SECURITY CAREER GUIDE CHEAT SHEET
CYBER SECURITY CAREER GUIDE CHEAT SHEETCYBER SECURITY CAREER GUIDE CHEAT SHEET
CYBER SECURITY CAREER GUIDE CHEAT SHEETTravarsaPrivateLimit
 
Dhishant -Latest Resume
Dhishant -Latest ResumeDhishant -Latest Resume
Dhishant -Latest ResumeDhishant Abrol
 
FPT IS
FPT ISFPT IS
FPT ISCông Trần Minh
 
Qualys Corporate Brochure
Qualys Corporate BrochureQualys Corporate Brochure
Qualys Corporate BrochureQualys
 
Recent Cybersecurity Concerns and How to Protect SCADA/HMI Applications Prese...
Recent Cybersecurity Concerns and How to Protect SCADA/HMI Applications Prese...Recent Cybersecurity Concerns and How to Protect SCADA/HMI Applications Prese...
Recent Cybersecurity Concerns and How to Protect SCADA/HMI Applications Prese...AVEVA
 
santoskumaarResume - updated
santoskumaarResume - updatedsantoskumaarResume - updated
santoskumaarResume - updatedSantos Kumaar.S
 
Mohammad Tahir_CV
Mohammad Tahir_CVMohammad Tahir_CV
Mohammad Tahir_CVMohammad Tahir Shaikh
 
Layer 7 Technologies: Web Services Hacking And Hardening
Layer 7 Technologies: Web Services Hacking And HardeningLayer 7 Technologies: Web Services Hacking And Hardening
Layer 7 Technologies: Web Services Hacking And HardeningCA API Management
 
ADVANCED PENETRATION TESTING.pdf
ADVANCED PENETRATION TESTING.pdfADVANCED PENETRATION TESTING.pdf
ADVANCED PENETRATION TESTING.pdfCert Hippo
 
Light sec for service providers brochure
Light sec for service providers brochureLight sec for service providers brochure
Light sec for service providers brochureGeorge Wainblat
 
RSA Europe 2013 OWASP Training
RSA Europe 2013 OWASP TrainingRSA Europe 2013 OWASP Training
RSA Europe 2013 OWASP TrainingJim Manico
 
Corporate Security Issues and countering them using Unified Threat Management...
Corporate Security Issues and countering them using Unified Threat Management...Corporate Security Issues and countering them using Unified Threat Management...
Corporate Security Issues and countering them using Unified Threat Management...Rishabh Dangwal
 
Nethemba - Writing exploits
Nethemba - Writing exploitsNethemba - Writing exploits
Nethemba - Writing exploitsOWASP (Open Web Application Security Project)
 
Preco sa rozhodnut pre spolocnost Nethemba
Preco sa rozhodnut pre spolocnost NethembaPreco sa rozhodnut pre spolocnost Nethemba
Preco sa rozhodnut pre spolocnost NethembaOWASP (Open Web Application Security Project)
 

More Related Content

Similar to Nethemba profil

Cisco Security Presentation
Cisco Security PresentationCisco Security Presentation
Cisco Security PresentationSimplex
 
David Patterson IT Security Resumes 2016
David Patterson IT Security Resumes 2016David Patterson IT Security Resumes 2016
David Patterson IT Security Resumes 2016David Patterson
 
Open Security - Chad Cravens
Open Security - Chad CravensOpen Security - Chad Cravens
Open Security - Chad CravensIT-oLogy
 
SoftwareSecurity.ppt
SoftwareSecurity.pptSoftwareSecurity.ppt
SoftwareSecurity.pptssuserfb92ae
 
Michael Zaytsev-resume-Verint-2013-v3
Michael Zaytsev-resume-Verint-2013-v3Michael Zaytsev-resume-Verint-2013-v3
Michael Zaytsev-resume-Verint-2013-v3Michael Zaytsev
 
Network Security - Defense Through Layered Information Security
Network Security - Defense Through Layered Information SecurityNetwork Security - Defense Through Layered Information Security
Network Security - Defense Through Layered Information SecurityEryk Budi Pratama
 
CYBER SECURITY CAREER GUIDE CHEAT SHEET
CYBER SECURITY CAREER GUIDE CHEAT SHEETCYBER SECURITY CAREER GUIDE CHEAT SHEET
CYBER SECURITY CAREER GUIDE CHEAT SHEETTravarsaPrivateLimit
 
Dhishant -Latest Resume
Dhishant -Latest ResumeDhishant -Latest Resume
Dhishant -Latest ResumeDhishant Abrol
 
Qualys Corporate Brochure
Qualys Corporate BrochureQualys Corporate Brochure
Qualys Corporate BrochureQualys
 
Recent Cybersecurity Concerns and How to Protect SCADA/HMI Applications Prese...
Recent Cybersecurity Concerns and How to Protect SCADA/HMI Applications Prese...Recent Cybersecurity Concerns and How to Protect SCADA/HMI Applications Prese...
Recent Cybersecurity Concerns and How to Protect SCADA/HMI Applications Prese...AVEVA
 
santoskumaarResume - updated
santoskumaarResume - updatedsantoskumaarResume - updated
santoskumaarResume - updatedSantos Kumaar.S
 
Layer 7 Technologies: Web Services Hacking And Hardening
Layer 7 Technologies: Web Services Hacking And HardeningLayer 7 Technologies: Web Services Hacking And Hardening
Layer 7 Technologies: Web Services Hacking And HardeningCA API Management
 
ADVANCED PENETRATION TESTING.pdf
ADVANCED PENETRATION TESTING.pdfADVANCED PENETRATION TESTING.pdf
ADVANCED PENETRATION TESTING.pdfCert Hippo
 
Light sec for service providers brochure
Light sec for service providers brochureLight sec for service providers brochure
Light sec for service providers brochureGeorge Wainblat
 
RSA Europe 2013 OWASP Training
RSA Europe 2013 OWASP TrainingRSA Europe 2013 OWASP Training
RSA Europe 2013 OWASP TrainingJim Manico
 
Corporate Security Issues and countering them using Unified Threat Management...
Corporate Security Issues and countering them using Unified Threat Management...Corporate Security Issues and countering them using Unified Threat Management...
Corporate Security Issues and countering them using Unified Threat Management...Rishabh Dangwal
 

Similar to Nethemba profil (20)

Cisco Security Presentation
Cisco Security PresentationCisco Security Presentation
Cisco Security Presentation
 
vtrip
vtripvtrip
vtrip
 
David Patterson IT Security Resumes 2016
David Patterson IT Security Resumes 2016David Patterson IT Security Resumes 2016
David Patterson IT Security Resumes 2016
 
Open Security - Chad Cravens
Open Security - Chad CravensOpen Security - Chad Cravens
Open Security - Chad Cravens
 
SoftwareSecurity.ppt
SoftwareSecurity.pptSoftwareSecurity.ppt
SoftwareSecurity.ppt
 
Michael Zaytsev-resume-Verint-2013-v3
Michael Zaytsev-resume-Verint-2013-v3Michael Zaytsev-resume-Verint-2013-v3
Michael Zaytsev-resume-Verint-2013-v3
 
Network Security - Defense Through Layered Information Security
Network Security - Defense Through Layered Information SecurityNetwork Security - Defense Through Layered Information Security
Network Security - Defense Through Layered Information Security
 
OWASP an Introduction
OWASP an Introduction OWASP an Introduction
OWASP an Introduction
 
CYBER SECURITY CAREER GUIDE CHEAT SHEET
CYBER SECURITY CAREER GUIDE CHEAT SHEETCYBER SECURITY CAREER GUIDE CHEAT SHEET
CYBER SECURITY CAREER GUIDE CHEAT SHEET
 
Dhishant -Latest Resume
Dhishant -Latest ResumeDhishant -Latest Resume
Dhishant -Latest Resume
 
FPT IS
FPT ISFPT IS
FPT IS
 
Qualys Corporate Brochure
Qualys Corporate BrochureQualys Corporate Brochure
Qualys Corporate Brochure
 
Recent Cybersecurity Concerns and How to Protect SCADA/HMI Applications Prese...
Recent Cybersecurity Concerns and How to Protect SCADA/HMI Applications Prese...Recent Cybersecurity Concerns and How to Protect SCADA/HMI Applications Prese...
Recent Cybersecurity Concerns and How to Protect SCADA/HMI Applications Prese...
 
santoskumaarResume - updated
santoskumaarResume - updatedsantoskumaarResume - updated
santoskumaarResume - updated
 
Mohammad Tahir_CV
Mohammad Tahir_CVMohammad Tahir_CV
Mohammad Tahir_CV
 
Layer 7 Technologies: Web Services Hacking And Hardening
Layer 7 Technologies: Web Services Hacking And HardeningLayer 7 Technologies: Web Services Hacking And Hardening
Layer 7 Technologies: Web Services Hacking And Hardening
 
ADVANCED PENETRATION TESTING.pdf
ADVANCED PENETRATION TESTING.pdfADVANCED PENETRATION TESTING.pdf
ADVANCED PENETRATION TESTING.pdf
 
Light sec for service providers brochure
Light sec for service providers brochureLight sec for service providers brochure
Light sec for service providers brochure
 
RSA Europe 2013 OWASP Training
RSA Europe 2013 OWASP TrainingRSA Europe 2013 OWASP Training
RSA Europe 2013 OWASP Training
 
Corporate Security Issues and countering them using Unified Threat Management...
Corporate Security Issues and countering them using Unified Threat Management...Corporate Security Issues and countering them using Unified Threat Management...
Corporate Security Issues and countering them using Unified Threat Management...
 

More from OWASP (Open Web Application Security Project)

More from OWASP (Open Web Application Security Project) (10)

Nethemba - Writing exploits
Nethemba - Writing exploitsNethemba - Writing exploits
Nethemba - Writing exploits
 
Preco sa rozhodnut pre spolocnost Nethemba
Preco sa rozhodnut pre spolocnost NethembaPreco sa rozhodnut pre spolocnost Nethemba
Preco sa rozhodnut pre spolocnost Nethemba
 
Planning the OWASP Testing Guide v4
Planning the OWASP Testing Guide v4Planning the OWASP Testing Guide v4
Planning the OWASP Testing Guide v4
 
Bypassing Web Application Firewalls
Bypassing Web Application FirewallsBypassing Web Application Firewalls
Bypassing Web Application Firewalls
 
Nethemba metasploit
Nethemba metasploitNethemba metasploit
Nethemba metasploit
 
Sms ticket-hack4
Sms ticket-hack4Sms ticket-hack4
Sms ticket-hack4
 
Se linux course1
Se linux course1Se linux course1
Se linux course1
 
Real web-attack-scenario
Real web-attack-scenarioReal web-attack-scenario
Real web-attack-scenario
 
Practical web-attacks2
Practical web-attacks2Practical web-attacks2
Practical web-attacks2
 
Nethemba profil
Nethemba profilNethemba profil
Nethemba profil
 

Recently uploaded

"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024BookNet Canada
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
Bluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdfBluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdfngoud9212
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
Science&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdfScience&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdfjimielynbastida
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsAndrey Dotsenko
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024The Digital Insurer
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxnull - The Open Security Community
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentationphoebematthew05
 

Recently uploaded (20)

"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
Bluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdfBluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdf
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptxVulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
Science&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdfScience&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdf
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort ServiceHot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentation
 

Nethemba profil

  • 1. Why choose Nethemba s.r.o. (company introduction) Ing. Pavol Lupták, CISSP, CEH          www.nethemba.com             www.nethemba.com      
  • 2. Who we are?  a group of computer security experts from  Czech/Slovak republic with more than 10 years  of experience  holders of world renowned security  certifications – CISSP (Certified Information  System Security Professional), CEH (Certified  Ethical Hacker), SCSecA (Sun Certified  Security Administrator), LPIC­3 (Linux    Professional Institute Certification)        www.nethemba.com       
  • 3. Our core business  penetration tests  comprehensive web application security audits  design and implementation of ultra­secure and  high­availability systems  security training & courses  design and development of secure VoIP  solutions    highly skilled Unix/Linux outsourcing        www.nethemba.com       
  • 4. Penetration tests  a method of evaluating the security of a  computer system or network by simulating an  attack by a malicious hacker  involves an active analysis of the system for  any weaknesses, technical flaws or  vulnerabilities and exploitation  experiences with almost all OS, smartphones,  PDAs   OSSTMM methodology is used        www.nethemba.com       
  • 5. Penetration test approaches  Black box ­ a zero­knowledge attack ­ no  relevant information about the target  environment is provided, the most realistic  external penetration test  White box ­ a full­knowledge attack ­ all the  security information related to an environment  and infrastructure is considered  Grey box ­ a partial­knowledge attack          www.nethemba.com       
  • 6. Penetration test phases  Discovery ­ information about the target system is identified  and documented (WHOIS service, public search engines,  domain registrators, etc.)  Enumeration ­ using intrusive methods and techniques to gain  more information about the target system (port scanning,  fingerprinting)  Vulnerability mapping ­ mapping the findings from the  enumeration to known and potential vulnerabilities   Exploitation ­ attempting to gain access through vulnerabilities  identified in the vulnerability­mapping phase. The goal is to gain  user­level and privileged (administrator) access to the system    (custom exploit scripts or exploit frameworks are used)        www.nethemba.com       
  • 7. Comprehensive web application audits  the most comprehensive and deepest web  application audit on Czech/Slovak market  strictly follows the OWASP Testing Guide  practical hacking demonstration (writing exploit  codes, database dump, XSS/CSRF  demonstration etc)  one­day meeting with application's developers  comprehensive report in English/Czech/Slovak          www.nethemba.com       
  • 8. OWASP involvement  OWASP (Open Web Application Security  Project) – the biggest and most respected free  and open application security community  our employees are OWASP chapter leaders for  Czech and Slovak republic attending OWASP  security conferences / trainings  we are OWASP Testing Guide (the best web  application security testing guide) contributors          www.nethemba.com       
  • 9. Advanced security testing  comprehensive source code audit  wireless network testing  smartphone / PDAs testing  war dialing  social engineering          www.nethemba.com       
  • 10. Ultra secure OSes  experts in design and implementation of ultra  secure OS (NSA SELinux, TrustedBSD,  Trusted Solaris)  suitable solution for high­risk critical  environment (banks, insurance companies)  providing full support and outsourcing of these  systems          www.nethemba.com       
  • 11. Customized security solutions   LAMP security hardening  configuration and implementation of:  WAF (Web Application Firewalls)   IDS (Intrusion Detection System) and IPS  (Intrusion Prevention System)   Honeypot & Honeynet  we are vendor independent and unbiased !          www.nethemba.com       
  • 12. Load­balanced and high­ availability clusters  design and implementation of big multi­servers  redundant load­balancer and high availability  clusters  based on Linux or any Unix system  ideal solution for the most visited web portals,  database clusters or redundant mail servers  that require high availability and security          www.nethemba.com       
  • 13. Anti­DDoS hardening  suitable for customers that are threatened by  strong Distributed Denial Of Service attacks  (online casinos, banks, popular e­shops)  provide anti­DDoS server housing  design and implementation of geographical  clusters  own anti­DDoS plugin to HAProxy (load  balancer) development          www.nethemba.com       
  • 14. VoIP design and implementation  design and implementation of complex VoIP  call centers based on Asterisk and OpenSER  focused on VoIP security (secure encrypted  calls, secure authentication)  we are Asterisk contributors (responsible for  T38 fax gateway development)  ideal for companies that do not trust their PSTN  lines or mobile phones          www.nethemba.com       
  • 15. Security training & courses  we offer security training and courses in many  security areas including:  web application security  secure programming  wireless network security  ultra secure NSA SELinux  penetration tests & web application hacking          www.nethemba.com       
  • 16. Highly skilled Unix/Linux  outsourcing  highly skilled and certified administrators  support of all UNIX systems  permanent monitoring of availability, security  patches etc.  good SLA conditions, 24x7 web / email /  telephone support    still on the top of “bleeding­edge” technologies        www.nethemba.com       
  • 17. Security Research I  we have cracked the most used Czech and  Slovak Mifare Classic smartcards  we are the first ones in the world who have  implemented and publicly released our own  Mifare Classic Offline Cracker that can gain all  keys to all sectors from 1 billion smartcards(!!!)  in a few minutes  see https://www.nethemba.com/research          www.nethemba.com       
  • 18. Security research II  we have revealed a serious inherent  vulnerability in public transport SMS tickets  which is described in our paper “Public  transport SMS ticket hacking”  Public transport companies in Prague,  Bratislava, Vienna, Kosice, Usti nad Labem are  still vulnerable  we are open for any security research          www.nethemba.com       
  • 19. Presentations at security  conferences  our employees are frequent presenters on  many world­renowned security conferences  (Confidence, Hacking At Random, SASIB,  Network Security Congress, OpenWeekend,  Barcamp, CVTSS, ..)  do not miss our upcoming presentation about  “Mifare Classic Attacks in Practice” at  Confidence 2.0 in Warsaw          www.nethemba.com       
  • 20. References  T­Mobile Czech Republic a.s.  NBS (National Bank of Slovakia)   ICZ, a.s  ITEG, a.s.  IPEX a.s.  Limba s.r.o.  Profesia, AUTOVIA, ui42, Ringier Slovakia, KROS,  Pantheon Technologies, Avion Postproduction,    Faculty of Philosophy / Comenius University etc.        www.nethemba.com       
  • 21. Any questions? Thank you for listening Ing. Pavol Lupták, CISSP CEH          www.nethemba.com