Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Tgt 25 Testowanie bezpieczenstwa

48 views

Published on

Czym jest testowanie bezpieczeństwa i dlaczego powinniśmy to robić

Published in: Internet
  • Be the first to comment

  • Be the first to like this

Tgt 25 Testowanie bezpieczenstwa

  1. 1. “ Czym jest testowanie bezpieczeństwa i dlaczego powinniśmy to robić? ”
  2. 2. “What is security testing and why should we do it? ” ~ On examples of known attacks ~
  3. 3. [ What is security testing? ] Source: https://www.freepik.com/ , https://www.flaticon.com/authors/flat-icons
  4. 4. Security testing = providing the evidence (input data) which violates the security requirements of application. Source: https://www.freepik.com/ , https://www.flaticon.com/authors/flat-icons , “Testowanie bezpieczeństwa aplikacji internetowych” Paco Hope, Ben Walther [ What is security testing? ]
  5. 5. What is needed to test security? Source: https://www.flaticon.com/, https://www.pexels.com/photo/person-wearing-scream-mask-and-black-dress-shirt-while-facing-computer-table-during-daytime-218413/ , ToolsTechnical knowledge Testing skills [ What is security testing? ]
  6. 6. Differences in testing, depends on area: Source: https://www.flaticon.com/authors/flat-icons [ What is security testing? ] Web application OS / Software Mobile applicationCloud Server Network Architecture
  7. 7. Source: https://pixabay.com/photos/frog-mobile-phone-toilet-loo-wc-914131/ “ Story time ”
  8. 8. Types of security testing: Source: https://www.flaticon.com/authors/flat-icons [ What is security testing? ] Penetration testing Ethical hacking Posture assessment Security auditing Risk assessment Security scanning Vulnerability scanning
  9. 9. [ What is security testing? ] Internal penetration tests VS External penetration tests Source: https://www.flaticon.com/authors/flat-icons , https://pixabay.com/en/cats-jump-play-playful-feline-558077/
  10. 10. “ Story time – internal tests ” Source: https://pixabay.com/photos/mailbox-letter-boxes-blacksmithing-341744/
  11. 11. “ Story time – external tests ” Source: https://pixabay.com/photos/mailbox-letter-boxes-blacksmithing-341744/
  12. 12. Source: https://www.freepik.com/ [ Why should we do security testing? ]
  13. 13. Source: https://www.flaticon.com/ , https://medium.com/@VidrihMarko/this-happens-every-60-seconds-online-in-2018-27a81e5fa306 [ Why should we do security testing? ] Whathappensevery minute oftheday? c
  14. 14. How tofindthe properlevel of security? Risk assessment (Estimating the risk) Source: https://www.flaticon.com/authors/flat-icons [ Why should we do security testing? ] Security Usability Functionality (Features) Usability (GUI) Security (Restrictions)
  15. 15. The most important reason is.. ? Source: https://www.flaticon.com/authors/flat-icons , https://pixabay.com/videos/tickets-money-currency-dollar-23094/ [ Why should we do security testing? ]
  16. 16. Big Bounty Programs: Source: https://www.flaticon.com/authors/flat-icons , https://zerodium.com , https://www.guru99.com/bug-bounty-programs.html , https://www.pexels.com/photo/close-up-photo-of-dog- wearing-sunglasses-1629781/ [ Why should we do security testing? ] Max. $32,768Max. $15,000 Max. NO LIMIT Max. $31,337Max. NO LIMITMax. $15,000Max. $30,000 Max. $250,000
  17. 17. Prevent from leaks: Source: https://www.flaticon.com/authors/flat-icons , https://zerodium.com [ Why should we do security testing? ]
  18. 18. Prevent from data breach: Source: https://www.flaticon.com/authors/flat-icons , https://haveibeenpwned.com , [ Why should we do security testing? ] 2017 2018 2019
  19. 19. Prevent from illegal cryptojacking: – Detecting it Source: https://www.flaticon.com/authors/flat-icons , https://www.bitdegree.org/tutorials/top-10-cryptocurrencies/ , https://www.pexels.com/photo/four-assorted-cryptocurrency-coins-843700/ , https://documents.trendmicro.com/assets/rpt/rpt-2018-Midyear-Security-Roundup-unseen-threats-imminent-losses.pdf [ Why should we do security testing? ]
  20. 20. [ Why should we do security testing? ] 2016 (Mirai) 800,000 – 2,500,000 2017 (Reaper, Hajime) Botnet servers doubled 2018 (Hide ‘n Seek, Satori, Okiru) 1,500,000,000 2019 4x 2020 20,000,000,000 Prevent IoT Botnets: – Evolution Source: https://www.flaticon.com/authors/flat-icons , https://www.secplicity.org/2018/02/20/iot-botnets-evolving-big-can-get/
  21. 21. Affected mobile applications: Source: https://www.flaticon.com/authors/flat-icons , https://lukasstefanko.com/2019/10/android-security-monthly-recap-9.html , https://pixabay.com/photos/iphone-iphone-x-mockup-mobile- 2854305/ , https://pixabay.com/photos/cop-policewoman-colleagues-funny-2550151/ [ Why should we do security testing? ]
  22. 22. SmartTVs: Source: https://www.flaticon.com/authors/flat-icons , https://mobileidworld.com/iot-botnet-targets-android-smart-tvs-set-top-boxes-082808/ , https://pixabay.com/pl/photos/tv-monitor-ekran- sypialnia-łóżko-2565306/ [ Why should we do security testing? ]
  23. 23. Air conditioners: Source: https://www.flaticon.com/authors/flat-icons [ Why should we do security testing? ]
  24. 24. Buildings: e.g. Google building in Australia namedWharf7 Source: https://www.flaticon.com/authors/flat-icons , http://www.smh.com.au/technology/technology-news/australian-google-office-building-hacked-20130506-2j416.html [ Why should we do security testing? ]
  25. 25. Smart house: e.g. wireless devices Source: https://www.flaticon.com/authors/flat-icons [ Why should we do security testing? ]
  26. 26. Routers: tools, files, repository directories? Source: https://www.flaticon.com/authors/flat-icons [ Why should we do security testing? ]
  27. 27. CCTV cameras: Source: https://www.flaticon.com/authors/flat-icons , https://www.pentestpartners.com/blog/pwning-cctv-cameras/ [ Why should we do security testing? ]
  28. 28. Police cameras: Source: https://www.flaticon.com/authors/flat-icons , https://arstechnica.com/security/2015/11/police-body-cams-found-pre-installed-with-notorious-conficker-worm/ [ Why should we do security testing? ]
  29. 29. Traffic lights: Do you know that place? [ Why should we do security testing? ] Source: https://www.flaticon.com/authors/flat-icons , http://blog.ioactive.com/2014/04/hacking-us-and-uk-australia-france-etc.html
  30. 30. Cars: Rest API? [ Why should we do security testing? ] Source: https://www.flaticon.com/authors/flat-icons , https://www.wired.com/2015/07/hackers-remotely-kill-jeep-highway/ , https://pixabay.com/photos/cat-play-toy-cute-domestic-animal- 932846/
  31. 31. Unlocking cars: Communication [ Why should we do security testing? ] Source: https://www.flaticon.com/authors/flat-icons , https://pixabay.com/photos/car-burglary-thief-burglar-1590508/
  32. 32. Barbie doll: Why not? Source: https://www.flaticon.com/authors/flat-icons , https://www.theguardian.com/technology/2015/nov/26/hackers-can-hijack-wi-fi-hello-barbie-to-spy-on-your-children [ Why should we do security testing? ]
  33. 33. Medical mannequin – named “iStan” Source: https://www.flaticon.com/authors/flat-icons , https://arxiv.org/ftp/arxiv/papers/1509/1509.00065.pdf [ Why should we do security testing? ]
  34. 34. Hospitals. In 2015y exposed online were 68,000 medical systems (21 anesthesia, 488 cardiology, 67 nuclear medical, and 133 infusion systems, 31 pacemakers, 97 MRI scanners, and 323 picture archiving and communications gear, logins to defibrillator defibrillator honeypots) Source: https://www.flaticon.com/authors/flat-icons , https://www.theregister.co.uk/2015/09/29/thousands_of_directly_hackable_hospital_devices_found_exposed/ , https://pixabay.com/photos/defibrillator-defibrillators-3406702/ , https://pixabay.com/photos/mri-magnetic-resonance-imaging-2813911/ [ Why should we do security testing? ]
  35. 35. Planes: Is it possible? Source: https://www.flaticon.com/authors/flat-icons , https://www.forbes.com/sites/thomasbrewster/2018/08/09/this-guy-hacked-hundreds-of-planes-from-the-ground/#41c1620946f2 , https://www.cbsnews.com/news/dhs-issues-hacking-security-alert-small-planes-today-2019-07-30/ [ Why should we do security testing? ]
  36. 36. Antivirus: Is it possible? Source: https://www.flaticon.com/authors/flat-icons , https://niebezpiecznik.pl/post/skandal-w-kaspersky-ten-antywirus-pomagal-rosyjskim-sluzbom-wykradac-dane-z-komputerow-na-calym- swiecie/ [ Why should we do security testing? ]
  37. 37. Weapon: Smart Guns Source: https://www.flaticon.com/authors/flat-icons [ Why should we do security testing? ]
  38. 38. Vacuum cleaner – fileserver, bitcoin mining, webradio [ Why should we do security testing? ] Source: https://www.freepik.com , https://media.ccc.de/v/34c3-9147-unleash_your_smart-home_devices_vacuum_cleaning_robot_hacking
  39. 39. Deepfake –Video, Audio, Photos [ Why should we do security testing? ] Source: https://www.freepik.com , https://www.wsj.com/articles/fraudsters-use-ai-to-mimic-ceos-voice-in-unusual-cybercrime-case-11567157402
  40. 40. Bluetooth: [ Why should we do security testing? ] Source: https://www.freepik.com , https://github.com/marcnewlin/presentation-clickers/blob/master/readme.md , https://www.youtube.com/watch?v=LLNtZKpL0P8
  41. 41. MITM: Is it possible to hack encrypted connection? Source: https://www.flaticon.com/authors/flat-icons , https://en.wikipedia.org/wiki/Kazakhstan_man-in-the-middle_attack , https://pixabay.com/illustrations/https-web-page-internet-security- 3344700/ , https://www.pexels.com/photo/animal-ape-banana-cute-321552/ [ Why should we do security testing? ]
  42. 42. Post-Quantum CryptographyWorld: Source: https://www.flaticon.com/authors/flat-icons , https://fortune.com/2019/09/20/google-claims-quantum-supremacy/ , https://arxiv.org/pdf/1804.00200.pdf [ Why should we do security testing? ][ Fastest super-computer = 10 000 years ] [ 54 Qbits = 200 s ]
  43. 43. Prevent fines: – GDPR, Contracts Source: https://www.flaticon.com/authors/flat-icons , https://www.gdpr.associates/data-breach-penalties/ [ Why should we do security testing? ]
  44. 44. Source: https://pixabay.com/photos/minion-funny-toys-children-figure-972908/ “ Fuckup story ”
  45. 45. Something for you! ^^ Source: https://www.flaticon.com/authors/flat-icons [ Why should we do security testing? ]
  46. 46. [ THE END ] ~ THANK YOU for joining this session ~ Source: https://www.flaticon.com/authors/roundicons ,
  47. 47. [ Questions? ]

×