Advertisement
В чому різниця між тестами на проникнення, аудитами, та іншими послугами з кібербезпеки
В чому різниця між тестами на проникнення, аудитами, та іншими послугами з кібербезпеки
В чому різниця між тестами на проникнення, аудитами, та іншими послугами з кібербезпеки
В чому різниця між тестами на проникнення, аудитами, та іншими послугами з кібербезпеки
В чому різниця між тестами на проникнення, аудитами, та іншими послугами з кібербезпеки
В чому різниця між тестами на проникнення, аудитами, та іншими послугами з кібербезпеки
В чому різниця між тестами на проникнення, аудитами, та іншими послугами з кібербезпеки
В чому різниця між тестами на проникнення, аудитами, та іншими послугами з кібербезпеки
В чому різниця між тестами на проникнення, аудитами, та іншими послугами з кібербезпеки
В чому різниця між тестами на проникнення, аудитами, та іншими послугами з кібербезпеки
В чому різниця між тестами на проникнення, аудитами, та іншими послугами з кібербезпеки
В чому різниця між тестами на проникнення, аудитами, та іншими послугами з кібербезпеки

Check these out next

CSA Raleigh application security and deception in the cloud
CSA Raleigh application security and deception in the cloud
Phillip Maddux
A worldwide journey to build a secure development environment
A worldwide journey to build a secure development environment
Priyanka Aash
The left is not wrong, just not right; It's time to shift right!
The left is not wrong, just not right; It's time to shift right!
Phillip Maddux
Shift Left. Wait, what? No, Shift Right!!!
Shift Left. Wait, what? No, Shift Right!!!
Phillip Maddux
Ops Happen: Improve Security Without Getting in the Way
Ops Happen: Improve Security Without Getting in the Way
SeniorStoryteller
Security at Scale - Lessons from Six Months at Yahoo
Security at Scale - Lessons from Six Months at Yahoo
Alex Stamos
Deception in Cyber Security (League of Women in Cyber Security)
Deception in Cyber Security (League of Women in Cyber Security)
Phillip Maddux
The R.O.A.D to DevOps
The R.O.A.D to DevOps
SeniorStoryteller
1 of 12

В чому різниця між тестами на проникнення, аудитами, та іншими послугами з кібербезпеки

Feb. 6, 2021
Technology

Відео виступу: https://www.youtube.com/watch?list=PLDLqQj8RuUFszVSKOvM7nxhnzO5016-Te&v=of08ANtBNnM Коротко текстом: https://styran.com/pentest-vs-audit/

Vlad Styran
CEO at BSG, OSCP CISSP CISA
Advertisement
Advertisement
Advertisement

Recommended

QA Fest 2019. Володимир Стиран. Чим раніше – тим вигідніше, але ніколи не піз...QA Fest 2019. Володимир Стиран. Чим раніше – тим вигідніше, але ніколи не піз...
QA Fest 2019. Володимир Стиран. Чим раніше – тим вигідніше, але ніколи не піз...QAFest298 views47 slides
The sooner the better but never too lateThe sooner the better but never too late
The sooner the better but never too lateVlad Styran343 views47 slides
Berezha SecurityBerezha Security
Berezha SecurityVlad Styran726 views10 slides
Application Security WebcastApplication Security Webcast
Application Security WebcastVlad Styran161 views25 slides
How to transform developers into security peopleHow to transform developers into security people
How to transform developers into security peoplePriyanka Aash177 views43 slides
Securing 100 products - How hard can it be?Securing 100 products - How hard can it be?
Securing 100 products - How hard can it be?Priyanka Aash129 views41 slides

More Related Content

Slideshows for you(20)

CSA Raleigh application security and deception in the cloudCSA Raleigh application security and deception in the cloud
CSA Raleigh application security and deception in the cloud
Phillip Maddux187 views
A worldwide journey to build a secure development environmentA worldwide journey to build a secure development environment
A worldwide journey to build a secure development environment
Priyanka Aash261 views
The left is not wrong, just not right; It's time to shift right!The left is not wrong, just not right; It's time to shift right!
The left is not wrong, just not right; It's time to shift right!
Phillip Maddux299 views
Shift Left. Wait, what? No, Shift Right!!!Shift Left. Wait, what? No, Shift Right!!!
Shift Left. Wait, what? No, Shift Right!!!
Phillip Maddux1.6K views
Ops Happen: Improve Security Without Getting in the WayOps Happen: Improve Security Without Getting in the Way
Ops Happen: Improve Security Without Getting in the Way
SeniorStoryteller1.4K views
Security at Scale - Lessons from Six Months at YahooSecurity at Scale - Lessons from Six Months at Yahoo
Security at Scale - Lessons from Six Months at Yahoo
Alex Stamos15K views
Deception in Cyber Security (League of Women in Cyber Security)Deception in Cyber Security (League of Women in Cyber Security)
Deception in Cyber Security (League of Women in Cyber Security)
Phillip Maddux247 views
The R.O.A.D to DevOpsThe R.O.A.D to DevOps
The R.O.A.D to DevOps
SeniorStoryteller1.5K views
SecOps Armageddon: A look into the future of security & operationsSecOps Armageddon: A look into the future of security & operations
SecOps Armageddon: A look into the future of security & operations
Phillip Maddux1.6K views
DEVSECOPS: Coding DevSecOps journeyDEVSECOPS: Coding DevSecOps journey
DEVSECOPS: Coding DevSecOps journey
Jason Suttie1.2K views
Silver Lining for Miles: DevOps for Building Security SolutionsSilver Lining for Miles: DevOps for Building Security Solutions
Silver Lining for Miles: DevOps for Building Security Solutions
SeniorStoryteller784 views
Amy DeMartine - 7 Habits of Rugged DevOpsAmy DeMartine - 7 Habits of Rugged DevOps
Amy DeMartine - 7 Habits of Rugged DevOps
SeniorStoryteller2.5K views
[1.1] Почему вам стоит поучаствовать в жизни OWASP Russia - Александр Антух[1.1] Почему вам стоит поучаствовать в жизни OWASP Russia - Александр Антух
[1.1] Почему вам стоит поучаствовать в жизни OWASP Russia - Александр Антух
OWASP Russia502 views
5 Tips to Successfully Running a Bug Bounty Program5 Tips to Successfully Running a Bug Bounty Program
5 Tips to Successfully Running a Bug Bounty Program
bugcrowd1.9K views
Secure Software Development Lifecycle - Devoxx MA 2018Secure Software Development Lifecycle - Devoxx MA 2018
Secure Software Development Lifecycle - Devoxx MA 2018
Imola Informatica1.1K views
Mobile Application Security Threats through the Eyes of the AttackerMobile Application Security Threats through the Eyes of the Attacker
Mobile Application Security Threats through the Eyes of the Attacker
bugcrowd1.7K views
7 Bug Bounty Myths, BUSTED7 Bug Bounty Myths, BUSTED
7 Bug Bounty Myths, BUSTED
bugcrowd706 views
Pivotal APJ Security Chaos EngineeringPivotal APJ Security Chaos Engineering
Pivotal APJ Security Chaos Engineering
Aaron Rinehart134 views
New Era of Software with modern Application Security (v0.6)New Era of Software with modern Application Security (v0.6)
New Era of Software with modern Application Security (v0.6)
Dinis Cruz2.4K views
Getting to Know Security and Devs: Keys to Successful DevSecOpsGetting to Know Security and Devs: Keys to Successful DevSecOps
Getting to Know Security and Devs: Keys to Successful DevSecOps
Franklin Mosley234 views

Similar to В чому різниця між тестами на проникнення, аудитами, та іншими послугами з кібербезпеки(20)

Secure Application Development TrainingSecure Application Development Training
Secure Application Development Training
pivotalsecurity700 views
O'Reilly SACon 2019 - (Continuous) Threat Modeling - What works?O'Reilly SACon 2019 - (Continuous) Threat Modeling - What works?
O'Reilly SACon 2019 - (Continuous) Threat Modeling - What works?
Izar Tarandach950 views
Agnitio: its static analysis, but not as we know itAgnitio: its static analysis, but not as we know it
Agnitio: its static analysis, but not as we know it
Security BSides London1.3K views
CyberSecurity Portfolio ManagementCyberSecurity Portfolio Management
CyberSecurity Portfolio Management
Priyanka Aash4.8K views
Shift Left Security – Guidance on embedding security for a Digital Transforma...Shift Left Security – Guidance on embedding security for a Digital Transforma...
Shift Left Security – Guidance on embedding security for a Digital Transforma...
Yazad Khandhadia158 views
Vulnerability Ass... Penetrate What?Vulnerability Ass... Penetrate What?
Vulnerability Ass... Penetrate What?
Jorge Orchilles1.8K views
What Every Developer And Tester Should Know About Software SecurityWhat Every Developer And Tester Should Know About Software Security
What Every Developer And Tester Should Know About Software Security
Anne Oikarinen790 views
OWASP: Building Secure Web AppsOWASP: Building Secure Web Apps
OWASP: Building Secure Web Apps
mlogvinov221 views
Application Security on a Dime: A Practical Guide to Using Functional Open So...Application Security on a Dime: A Practical Guide to Using Functional Open So...
Application Security on a Dime: A Practical Guide to Using Functional Open So...
POSSCON1K views
Security Code ReviewSecurity Code Review
Security Code Review
Aung Khant485 views
Charting a Career in Information Security - August 2020Charting a Career in Information Security - August 2020
Charting a Career in Information Security - August 2020
JayTymchuk81 views
Agile Relevance in the age of Continuous Everything ....Agile Relevance in the age of Continuous Everything ....
Agile Relevance in the age of Continuous Everything ....
Eturnti Consulting Pvt Ltd186 views
NTXISSACSC2 - Software Assurance (SwA) by John WhitedNTXISSACSC2 - Software Assurance (SwA) by John Whited
NTXISSACSC2 - Software Assurance (SwA) by John Whited
North Texas Chapter of the ISSA1.8K views
OWASPOWASP
OWASP
Pen Testeronyguy175 views
Cost effective web application testingCost effective web application testing
Cost effective web application testing
Harinath Pudipeddi410 views
Cost effective web application testingCost effective web application testing
Cost effective web application testing
Harinath Pudipeddi71 views
Cost Effective Web Application TestingCost Effective Web Application Testing
Cost Effective Web Application Testing
Hari Pudipeddi804 views
Succeeding-Marriage-Cybersecurity-DevOps finalSucceeding-Marriage-Cybersecurity-DevOps final
Succeeding-Marriage-Cybersecurity-DevOps final
rkadayam643 views
OISF - AppSec PresentationOISF - AppSec Presentation
OISF - AppSec Presentation
CiNPA Security SIG139 views
Owasp Community in LvivOwasp Community in Lviv
Owasp Community in Lviv
Tjylen Veselyj471 views
Advertisement

More from Vlad Styran(20)

Human is an amateur; the monkey is an expert. How to stop trying to secure yo...Human is an amateur; the monkey is an expert. How to stop trying to secure yo...
Human is an amateur; the monkey is an expert. How to stop trying to secure yo...
Vlad Styran316 views
Threat Modeling 101Threat Modeling 101
Threat Modeling 101
Vlad Styran936 views
BSides Kharkiv 2018: Social-engineering your quality of work, personal, and s...BSides Kharkiv 2018: Social-engineering your quality of work, personal, and s...
BSides Kharkiv 2018: Social-engineering your quality of work, personal, and s...
Vlad Styran84 views
Sigma Open Tech Week: Bitter Truth About Software SecuritySigma Open Tech Week: Bitter Truth About Software Security
Sigma Open Tech Week: Bitter Truth About Software Security
Vlad Styran144 views
NoNameCon partnership opportunitiesNoNameCon partnership opportunities
NoNameCon partnership opportunities
Vlad Styran211 views
BruCON 0x09 Building Security Awareness Programs That Don't SuckBruCON 0x09 Building Security Awareness Programs That Don't Suck
BruCON 0x09 Building Security Awareness Programs That Don't Suck
Vlad Styran49 views
Организация, культура, и управление кибер-безопасностьюОрганизация, культура, и управление кибер-безопасностью
Организация, культура, и управление кибер-безопасностью
Vlad Styran284 views
Cybersecurity Framework 021214 Final UACybersecurity Framework 021214 Final UA
Cybersecurity Framework 021214 Final UA
Vlad Styran4.9K views
Fantastic Beasts and where to hide from themFantastic Beasts and where to hide from them
Fantastic Beasts and where to hide from them
Vlad Styran359 views
Кібер-ШміберКібер-Шмібер
Кібер-Шмібер
Vlad Styran549 views
Recon-Fu @BsidesKyiv 2016Recon-Fu @BsidesKyiv 2016
Recon-Fu @BsidesKyiv 2016
Vlad Styran2.3K views
#root это только начало#root это только начало
#root это только начало
Vlad Styran629 views
Путевые заметки социального инженераПутевые заметки социального инженера
Путевые заметки социального инженера
Vlad Styran3.2K views
Наступательная безопасность: шпаргалка заказчика тестов на проникновениеНаступательная безопасность: шпаргалка заказчика тестов на проникновение
Наступательная безопасность: шпаргалка заказчика тестов на проникновение
Vlad Styran3K views
Построение Secure Development Lifecycle Построение Secure Development Lifecycle
Построение Secure Development Lifecycle
Vlad Styran730 views
Использование приватных, публичных и гибридных облаков для обеспечения информ...Использование приватных, публичных и гибридных облаков для обеспечения информ...
Использование приватных, публичных и гибридных облаков для обеспечения информ...
Vlad Styran430 views
Центр оперативного управления информационной безопасностьюЦентр оперативного управления информационной безопасностью
Центр оперативного управления информационной безопасностью
Vlad Styran2.1K views
Прелюдия к атаке: практика и автоматизация OSINTПрелюдия к атаке: практика и автоматизация OSINT
Прелюдия к атаке: практика и автоматизация OSINT
Vlad Styran8.2K views
Next generation pentest your company cannot buyNext generation pentest your company cannot buy
Next generation pentest your company cannot buy
Vlad Styran948 views
правда про ложьправда про ложь
правда про ложь
Vlad Styran1.7K views

Recently uploaded(20)

ETECH Q1 Wk4-GIMP.pptxETECH Q1 Wk4-GIMP.pptx
ETECH Q1 Wk4-GIMP.pptx
John Carlo Rollon0 views
【本科生、研究生】英国约克大学毕业证文凭购买指南【本科生、研究生】英国约克大学毕业证文凭购买指南
【本科生、研究生】英国约克大学毕业证文凭购买指南
foxupud0 views
#9 Calicut MuleSoft Meetup - Munits in Mule 4.pptx#9 Calicut MuleSoft Meetup - Munits in Mule 4.pptx
#9 Calicut MuleSoft Meetup - Munits in Mule 4.pptx
AnoopRamachandran130 views
#9 Calicut MuleSoft Meetup - Munits in Mule 4.pptx#9 Calicut MuleSoft Meetup - Munits in Mule 4.pptx
#9 Calicut MuleSoft Meetup - Munits in Mule 4.pptx
JohnMathewPhilip10 views
OODBMSvsORDBMSppt.pptxOODBMSvsORDBMSppt.pptx
OODBMSvsORDBMSppt.pptx
MEHMOODNadeem0 views
stock.pptstock.ppt
stock.ppt
ruber7311 view
IoT system development.pdfIoT system development.pdf
IoT system development.pdf
Mahdi_Fahmideh4 views
Bosch BSG8_8100 Service Manual.pdfBosch BSG8_8100 Service Manual.pdf
Bosch BSG8_8100 Service Manual.pdf
ssuser78bec113 views
Cutting Edge Robotics Innovation.pdfCutting Edge Robotics Innovation.pdf
Cutting Edge Robotics Innovation.pdf
bgoyani30 views
Module II Partition and Generating Function (2).pptModule II Partition and Generating Function (2).ppt
Module II Partition and Generating Function (2).ppt
ssuser26e2190 views
【本科生、研究生】英国克兰菲尔德大学毕业证文凭购买指南【本科生、研究生】英国克兰菲尔德大学毕业证文凭购买指南
【本科生、研究生】英国克兰菲尔德大学毕业证文凭购买指南
akuufux3 views
NS-CUK Seminar: J.H.Lee, Review on "GCC: Graph Contrastive Coding for Graph ...NS-CUK Seminar: J.H.Lee, Review on "GCC: Graph Contrastive Coding for Graph ...
NS-CUK Seminar: J.H.Lee, Review on "GCC: Graph Contrastive Coding for Graph ...
ssuser4b1f485 views
Configure Network Services.pptxConfigure Network Services.pptx
Configure Network Services.pptx
YanaDangle2 views
Hackolade Tutorial - part 4 - Create your first data modelHackolade Tutorial - part 4 - Create your first data model
Hackolade Tutorial - part 4 - Create your first data model
PascalDesmarets10 views
Scan 26 Apr 23 11·57·23.pdfScan 26 Apr 23 11·57·23.pdf
Scan 26 Apr 23 11·57·23.pdf
SmrDDhrk0 views
fis-cn all staff 8.19.19.pptxfis-cn all staff 8.19.19.pptx
fis-cn all staff 8.19.19.pptx
tamz3310 views
fyp presentation of group 43011 final.pptxfyp presentation of group 43011 final.pptx
fyp presentation of group 43011 final.pptx
IIEE - NEDUET0 views
Hackolade Tutorial - part 3 - Query-driven data modeling based on access patt...Hackolade Tutorial - part 3 - Query-driven data modeling based on access patt...
Hackolade Tutorial - part 3 - Query-driven data modeling based on access patt...
PascalDesmarets10 views
Raspberry pi presentation.pptxRaspberry pi presentation.pptx
Raspberry pi presentation.pptx
FrankAnthonyChin2 views
Swarm Intelligence Applications in Unmanned Aerial Vehicles.pdfSwarm Intelligence Applications in Unmanned Aerial Vehicles.pdf
Swarm Intelligence Applications in Unmanned Aerial Vehicles.pdf
AswathiM280 views
Advertisement

В чому різниця між тестами на проникнення, аудитами, та іншими послугами з кібербезпеки

  1. AppSec, Pentest, Audit & Assessment Vlad Styran CISSP - CISA - OSCP OWASP Kyiv - Berezha Security
  2. Mission Objectives What is Application Security? What is a Pentest? How an Audit is different? Why an Assessment is totally other thing?
  3. Application Security (wrong) OWASP (Top-10) ”requirements” Application Pentest Dev environment & toolchain security
  4. Application Security (true)
  5. A demo of how wrong people could be about Application Security
  6. Pentest If you can test pens, you can test anything. – HD Moore
  7. Mitre ATT&CK Navigator and… how wrong people could be about Penetration Testing https://mitre-attack.github.io/attack-navigator/enterprise/
  8. Audit and Assessment Assessment Audit Framework or standard Framework or standard Gaps between AS IS and TO BE Gaps between AS IS and TO BE Snapshot in time A historic period Compliance of controls Compliance and/or effectiveness of controls May provide guidance May provide direction, not guidance Evidence and observation Hard evidence Can be DIY Cannot be DIY Requires some subject matter expertise Doesn’t really require subject matter expertise
  9. Why do we need all four and when we need them?
  10. Compliance Business Risk Security Baseline Technology Risk Time covered Space covered Self-assessment Qualified 3rd party assessment Internal audit External audit Security testing Application pentest Vulnerability assessment Infrastructure pentest
Advertisement