SlideShare a Scribd company logo

Company Profile

Download as PPTX, PDF
Arslan Awan
Arslan Awan
1 of 16
White Hat Solution EXPOSE AND RESOLVETHE SECURITY RISKS www.whitehatsolution.com
Our mission • We at White Hat Solution provide actionable intelligence to uncover major and minor security issues with the potential to negatively affect your corporate environments. • Our team provides automated and manual vulnerability test to identify risks and allow you to take action to mitigate and eliminate threats. www.whitehatsolution.com
Our Services • Penetration Testing. • Vulnerability Assessment. • Software code testing. • User Awareness. www.whitehatsolution.com
Scope • Initial planning of the audit. • External Scanning/ Footprint. • Internal Scanning. • Vulnerability Assessment. • Metasploit basics. • Post Audit reporting. www.whitehatsolution.com
What we look for? • Backdoors in Operating System • Unintentional flaws in the design of the software code. • Improper software configuration management implementation. • Using the actual software application in a way it was not intended to be used. www.whitehatsolution.com
What we target? • We target the following endpoints: • Servers • Network endpoints • Wireless networks • Network Security Devices (Routers, Firewalls, Network Intrusion devices, etc) • Mobile and wireless devices. • Software applications www.whitehatsolution.com
PenetrationTest • It is an information security assessment. • The purpose of Pen Test is to measure the security posture of information systems, software, networks and human resources. • Pen Test involves actual interaction with the above mentioned elements. www.whitehatsolution.com
Purpose of PenTest • It is designed to answer the following question: • What is the real-world effectiveness of my existing security controls against an active, human, skilled attacker? • Identifying higher-risk vulnerabilities that result from a combination of lower-risk vulnerabilities exploited in a particular sequence. • Identifying vulnerabilities that may be difficult or impossible to detect with automated network or application vulnerabilities scanning software. www.whitehatsolution.com
PenTest Strategies • Targeted Testing • External and Internal Testing • Blind testing • Double Blind testing www.whitehatsolution.com
Types of PenTest • Black Box testing. • White Box testing • Gray Box testing. www.whitehatsolution.com
Black BoxTesting • In this test we do have information about internal working of the particular Web Application or its source code and software architecture. In this scenario we use brute-force attack against IT infrastructure. www.whitehatsolution.com
White BoxTesting • This is also known as “Clear Box Testing”, during this test we have full knowledge and access to both the source code and software architecture of the Web Application. www.whitehatsolution.com
Gray BoxTesting • During this test we have partial knowledge of internal workings. This is restricted to just getting access to the software code and system architecture diagrams. www.whitehatsolution.com
Vulnerability Assessment • It is a process of identifying and quantifying security vulnerabilities in an environment. www.whitehatsolution.com
Steps we take forVA • Catalogue assets and resources in a system. • Assign quantifiable value and importance to the resources. • Identify the security vulnerabilities or potential threats to each resource. • Mitigate or eliminate the most serious vulnerabilities for the most valuable resources. www.whitehatsolution.com
Conclusion • We are a team of Certified PenetrationTest, Network Forensics and Ethical Hackers. • After we have performed PenTest and/orVA, we provide a full audit report with recommendations on how to improve IT infrastructure to ensure no unauthorized access occurs. www.whitehatsolution.com

Recommended

A Brief Insight into Penetration Testing
A Brief Insight into Penetration TestingA Brief Insight into Penetration Testing
A Brief Insight into Penetration TestingVikram Khanna
 
shaabani-Final-NC
shaabani-Final-NCshaabani-Final-NC
shaabani-Final-NCMahdi Shabani
 
Introduction to Penetration testing and tools
Introduction to Penetration testing and toolsIntroduction to Penetration testing and tools
Introduction to Penetration testing and toolsVikram Khanna
 
What is penetration testing and career path
What is penetration testing and career pathWhat is penetration testing and career path
What is penetration testing and career pathVikram Khanna
 
What is pentest
What is pentestWhat is pentest
What is pentestitissolutions
 
Introduction to Penetration testing - GDG DevFest Caribbean 2021 presentation
Introduction to Penetration testing - GDG DevFest Caribbean 2021 presentationIntroduction to Penetration testing - GDG DevFest Caribbean 2021 presentation
Introduction to Penetration testing - GDG DevFest Caribbean 2021 presentationObika Gellineau
 
What is penetration testing
What is penetration testingWhat is penetration testing
What is penetration testingsakshisoni076
 
The Basics of Hacking and Penetration Testing Tools
The Basics of Hacking and Penetration Testing ToolsThe Basics of Hacking and Penetration Testing Tools
The Basics of Hacking and Penetration Testing ToolsHacker Combat
 

Recommended

A Brief Insight into Penetration Testing
A Brief Insight into Penetration TestingA Brief Insight into Penetration Testing
A Brief Insight into Penetration TestingVikram Khanna
 
shaabani-Final-NC
shaabani-Final-NCshaabani-Final-NC
shaabani-Final-NCMahdi Shabani
 
Introduction to Penetration testing and tools
Introduction to Penetration testing and toolsIntroduction to Penetration testing and tools
Introduction to Penetration testing and toolsVikram Khanna
 
What is penetration testing and career path
What is penetration testing and career pathWhat is penetration testing and career path
What is penetration testing and career pathVikram Khanna
 
What is pentest
What is pentestWhat is pentest
What is pentestitissolutions
 
Introduction to Penetration testing - GDG DevFest Caribbean 2021 presentation
Introduction to Penetration testing - GDG DevFest Caribbean 2021 presentationIntroduction to Penetration testing - GDG DevFest Caribbean 2021 presentation
Introduction to Penetration testing - GDG DevFest Caribbean 2021 presentationObika Gellineau
 
What is penetration testing
What is penetration testingWhat is penetration testing
What is penetration testingsakshisoni076
 
The Basics of Hacking and Penetration Testing Tools
The Basics of Hacking and Penetration Testing ToolsThe Basics of Hacking and Penetration Testing Tools
The Basics of Hacking and Penetration Testing ToolsHacker Combat
 
Security testing-What can we do - Trinh Minh Hien
Security testing-What can we do - Trinh Minh HienSecurity testing-What can we do - Trinh Minh Hien
Security testing-What can we do - Trinh Minh HienHo Chi Minh City Software Testing Club
 
Static Analysis Techniques For Testing Application Security - Houston Tech Fest
Static Analysis Techniques For Testing Application Security - Houston Tech FestStatic Analysis Techniques For Testing Application Security - Houston Tech Fest
Static Analysis Techniques For Testing Application Security - Houston Tech FestDenim Group
 
Heuristics ofsoftwaretestability
Heuristics ofsoftwaretestabilityHeuristics ofsoftwaretestability
Heuristics ofsoftwaretestabilityjicheng687
 
Affordable app sec for startups by - Sandeep Singh, Vaibhav Gupta and Vishal ...
Affordable app sec for startups by - Sandeep Singh, Vaibhav Gupta and Vishal ...Affordable app sec for startups by - Sandeep Singh, Vaibhav Gupta and Vishal ...
Affordable app sec for startups by - Sandeep Singh, Vaibhav Gupta and Vishal ...OWASP Delhi
 
Black box security testing
Black box security testingBlack box security testing
Black box security testingAmbientia
 
BlueHat v18 || Go build a tool - best practices for building a robust & e...
BlueHat v18 || Go build a tool - best practices for building a robust & e...BlueHat v18 || Go build a tool - best practices for building a robust & e...
BlueHat v18 || Go build a tool - best practices for building a robust & e...BlueHat Security Conference
 
Agility reboot iv
Agility reboot ivAgility reboot iv
Agility reboot ivAndrew Chum
 
Declaration of Mal(WAR)e
Declaration of Mal(WAR)eDeclaration of Mal(WAR)e
Declaration of Mal(WAR)eNetSPI
 
Static code analysis
Static code analysisStatic code analysis
Static code analysisRushana Bandara
 
c
cc
cRishav Upreti
 
BlackHat Presentation - Lies and Damn Lies: Getting past the Hype of Endpoint...
BlackHat Presentation - Lies and Damn Lies: Getting past the Hype of Endpoint...BlackHat Presentation - Lies and Damn Lies: Getting past the Hype of Endpoint...
BlackHat Presentation - Lies and Damn Lies: Getting past the Hype of Endpoint...Mike Spaulding
 
Application Risk Prioritization - Overview - Secure360 2015 - Part 1 of 2
Application Risk Prioritization - Overview - Secure360 2015 - Part 1 of 2Application Risk Prioritization - Overview - Secure360 2015 - Part 1 of 2
Application Risk Prioritization - Overview - Secure360 2015 - Part 1 of 2NetSPI
 
Develop, Test & Maintain Secure Systems (While Being PCI Compliant)
Develop, Test & Maintain Secure Systems (While Being PCI Compliant)Develop, Test & Maintain Secure Systems (While Being PCI Compliant)
Develop, Test & Maintain Secure Systems (While Being PCI Compliant)Security Innovation
 
Manual Code Review
Manual Code ReviewManual Code Review
Manual Code Reviewn|u - The Open Security Community
 
BlueHat v18 || Improving security posture through increased agility with meas...
BlueHat v18 || Improving security posture through increased agility with meas...BlueHat v18 || Improving security posture through increased agility with meas...
BlueHat v18 || Improving security posture through increased agility with meas...BlueHat Security Conference
 
Software Testing
Software TestingSoftware Testing
Software TestingSKumar11384
 
9. Vulnerability Assessments-cyber51
9. Vulnerability Assessments-cyber519. Vulnerability Assessments-cyber51
9. Vulnerability Assessments-cyber51Doree Garcia, CCNA, OSWP
 
Testing Tools and Tips
Testing Tools and TipsTesting Tools and Tips
Testing Tools and TipsSoftServe
 
Applying formal methods to existing software by B.Monate
Applying formal methods to existing software by B.MonateApplying formal methods to existing software by B.Monate
Applying formal methods to existing software by B.MonateMahaut Gouhier
 
Seminar on Software Testing
Seminar on Software TestingSeminar on Software Testing
Seminar on Software TestingMD ISLAM
 
Memorandum
MemorandumMemorandum
MemorandumMinahil Hashim
 
Informatica
InformaticaInformatica
InformaticaIsmael Zambrano Zerpa
 

More Related Content

What's hot

Static Analysis Techniques For Testing Application Security - Houston Tech Fest
Static Analysis Techniques For Testing Application Security - Houston Tech FestStatic Analysis Techniques For Testing Application Security - Houston Tech Fest
Static Analysis Techniques For Testing Application Security - Houston Tech FestDenim Group
 
Heuristics ofsoftwaretestability
Heuristics ofsoftwaretestabilityHeuristics ofsoftwaretestability
Heuristics ofsoftwaretestabilityjicheng687
 
Affordable app sec for startups by - Sandeep Singh, Vaibhav Gupta and Vishal ...
Affordable app sec for startups by - Sandeep Singh, Vaibhav Gupta and Vishal ...Affordable app sec for startups by - Sandeep Singh, Vaibhav Gupta and Vishal ...
Affordable app sec for startups by - Sandeep Singh, Vaibhav Gupta and Vishal ...OWASP Delhi
 
Black box security testing
Black box security testingBlack box security testing
Black box security testingAmbientia
 
BlueHat v18 || Go build a tool - best practices for building a robust & e...
BlueHat v18 || Go build a tool - best practices for building a robust & e...BlueHat v18 || Go build a tool - best practices for building a robust & e...
BlueHat v18 || Go build a tool - best practices for building a robust & e...BlueHat Security Conference
 
Agility reboot iv
Agility reboot ivAgility reboot iv
Agility reboot ivAndrew Chum
 
Declaration of Mal(WAR)e
Declaration of Mal(WAR)eDeclaration of Mal(WAR)e
Declaration of Mal(WAR)eNetSPI
 
BlackHat Presentation - Lies and Damn Lies: Getting past the Hype of Endpoint...
BlackHat Presentation - Lies and Damn Lies: Getting past the Hype of Endpoint...BlackHat Presentation - Lies and Damn Lies: Getting past the Hype of Endpoint...
BlackHat Presentation - Lies and Damn Lies: Getting past the Hype of Endpoint...Mike Spaulding
 
Application Risk Prioritization - Overview - Secure360 2015 - Part 1 of 2
Application Risk Prioritization - Overview - Secure360 2015 - Part 1 of 2Application Risk Prioritization - Overview - Secure360 2015 - Part 1 of 2
Application Risk Prioritization - Overview - Secure360 2015 - Part 1 of 2NetSPI
 
Develop, Test & Maintain Secure Systems (While Being PCI Compliant)
Develop, Test & Maintain Secure Systems (While Being PCI Compliant)Develop, Test & Maintain Secure Systems (While Being PCI Compliant)
Develop, Test & Maintain Secure Systems (While Being PCI Compliant)Security Innovation
 
BlueHat v18 || Improving security posture through increased agility with meas...
BlueHat v18 || Improving security posture through increased agility with meas...BlueHat v18 || Improving security posture through increased agility with meas...
BlueHat v18 || Improving security posture through increased agility with meas...BlueHat Security Conference
 
Software Testing
Software TestingSoftware Testing
Software TestingSKumar11384
 
Testing Tools and Tips
Testing Tools and TipsTesting Tools and Tips
Testing Tools and TipsSoftServe
 
Applying formal methods to existing software by B.Monate
Applying formal methods to existing software by B.MonateApplying formal methods to existing software by B.Monate
Applying formal methods to existing software by B.MonateMahaut Gouhier
 
Seminar on Software Testing
Seminar on Software TestingSeminar on Software Testing
Seminar on Software TestingMD ISLAM
 

What's hot (20)

Security testing-What can we do - Trinh Minh Hien
Security testing-What can we do - Trinh Minh HienSecurity testing-What can we do - Trinh Minh Hien
Security testing-What can we do - Trinh Minh Hien
 
Static Analysis Techniques For Testing Application Security - Houston Tech Fest
Static Analysis Techniques For Testing Application Security - Houston Tech FestStatic Analysis Techniques For Testing Application Security - Houston Tech Fest
Static Analysis Techniques For Testing Application Security - Houston Tech Fest
 
Heuristics ofsoftwaretestability
Heuristics ofsoftwaretestabilityHeuristics ofsoftwaretestability
Heuristics ofsoftwaretestability
 
Affordable app sec for startups by - Sandeep Singh, Vaibhav Gupta and Vishal ...
Affordable app sec for startups by - Sandeep Singh, Vaibhav Gupta and Vishal ...Affordable app sec for startups by - Sandeep Singh, Vaibhav Gupta and Vishal ...
Affordable app sec for startups by - Sandeep Singh, Vaibhav Gupta and Vishal ...
 
Black box security testing
Black box security testingBlack box security testing
Black box security testing
 
BlueHat v18 || Go build a tool - best practices for building a robust & e...
BlueHat v18 || Go build a tool - best practices for building a robust & e...BlueHat v18 || Go build a tool - best practices for building a robust & e...
BlueHat v18 || Go build a tool - best practices for building a robust & e...
 
Agility reboot iv
Agility reboot ivAgility reboot iv
Agility reboot iv
 
Declaration of Mal(WAR)e
Declaration of Mal(WAR)eDeclaration of Mal(WAR)e
Declaration of Mal(WAR)e
 
Static code analysis
Static code analysisStatic code analysis
Static code analysis
 
c
cc
c
 
BlackHat Presentation - Lies and Damn Lies: Getting past the Hype of Endpoint...
BlackHat Presentation - Lies and Damn Lies: Getting past the Hype of Endpoint...BlackHat Presentation - Lies and Damn Lies: Getting past the Hype of Endpoint...
BlackHat Presentation - Lies and Damn Lies: Getting past the Hype of Endpoint...
 
Application Risk Prioritization - Overview - Secure360 2015 - Part 1 of 2
Application Risk Prioritization - Overview - Secure360 2015 - Part 1 of 2Application Risk Prioritization - Overview - Secure360 2015 - Part 1 of 2
Application Risk Prioritization - Overview - Secure360 2015 - Part 1 of 2
 
Develop, Test & Maintain Secure Systems (While Being PCI Compliant)
Develop, Test & Maintain Secure Systems (While Being PCI Compliant)Develop, Test & Maintain Secure Systems (While Being PCI Compliant)
Develop, Test & Maintain Secure Systems (While Being PCI Compliant)
 
Manual Code Review
Manual Code ReviewManual Code Review
Manual Code Review
 
BlueHat v18 || Improving security posture through increased agility with meas...
BlueHat v18 || Improving security posture through increased agility with meas...BlueHat v18 || Improving security posture through increased agility with meas...
BlueHat v18 || Improving security posture through increased agility with meas...
 
Software Testing
Software TestingSoftware Testing
Software Testing
 
9. Vulnerability Assessments-cyber51
9. Vulnerability Assessments-cyber519. Vulnerability Assessments-cyber51
9. Vulnerability Assessments-cyber51
 
Testing Tools and Tips
Testing Tools and TipsTesting Tools and Tips
Testing Tools and Tips
 
Applying formal methods to existing software by B.Monate
Applying formal methods to existing software by B.MonateApplying formal methods to existing software by B.Monate
Applying formal methods to existing software by B.Monate
 
Seminar on Software Testing
Seminar on Software TestingSeminar on Software Testing
Seminar on Software Testing
 

Viewers also liked

Why technology needs design
Why technology needs designWhy technology needs design
Why technology needs designAlain Dujardin
 
Presentazione Guinizelli 2013-14
Presentazione Guinizelli 2013-14 Presentazione Guinizelli 2013-14
Presentazione Guinizelli 2013-14 ele70
 
tips para viajar
tips para viajartips para viajar
tips para viajarjmartell2
 
Proyecto de instalaciones electricas y de iluminacion de un campo de futbol.
Proyecto de instalaciones electricas y de iluminacion de un campo de futbol.Proyecto de instalaciones electricas y de iluminacion de un campo de futbol.
Proyecto de instalaciones electricas y de iluminacion de un campo de futbol.Daniel Tapia
 

Viewers also liked (14)

Memorandum
MemorandumMemorandum
Memorandum
 
Informatica
InformaticaInformatica
Informatica
 
Hassan Mohamed CV
Hassan Mohamed CVHassan Mohamed CV
Hassan Mohamed CV
 
Firmes
FirmesFirmes
Firmes
 
Why technology needs design
Why technology needs designWhy technology needs design
Why technology needs design
 
EAPA
EAPAEAPA
EAPA
 
Referee for Paula. Hertel Modern
Referee for Paula. Hertel ModernReferee for Paula. Hertel Modern
Referee for Paula. Hertel Modern
 
Tissera
TisseraTissera
Tissera
 
Presentazione Guinizelli 2013-14
Presentazione Guinizelli 2013-14 Presentazione Guinizelli 2013-14
Presentazione Guinizelli 2013-14
 
Prevision dim
Prevision dimPrevision dim
Prevision dim
 
Sub10 usage illustration
Sub10 usage illustrationSub10 usage illustration
Sub10 usage illustration
 
tips para viajar
tips para viajartips para viajar
tips para viajar
 
Proyecto de instalaciones electricas y de iluminacion de un campo de futbol.
Proyecto de instalaciones electricas y de iluminacion de un campo de futbol.Proyecto de instalaciones electricas y de iluminacion de un campo de futbol.
Proyecto de instalaciones electricas y de iluminacion de un campo de futbol.
 
Congres Dare to Share for Safety- Safety Mindmarker 29 september 2016
Congres Dare to Share for Safety- Safety Mindmarker 29 september 2016Congres Dare to Share for Safety- Safety Mindmarker 29 september 2016
Congres Dare to Share for Safety- Safety Mindmarker 29 september 2016
 

Similar to Company Profile

black-box testing is a type of software testing in which the tester is not co...
black-box testing is a type of software testing in which the tester is not co...black-box testing is a type of software testing in which the tester is not co...
black-box testing is a type of software testing in which the tester is not co...KrishnaVeni451953
 
Vulnerability assessment and penetration testing
Vulnerability assessment and penetration testingVulnerability assessment and penetration testing
Vulnerability assessment and penetration testingAbu Sadat Mohammed Yasin
 
Grey box testing in software security involves assessing the security of a sy...
Grey box testing in software security involves assessing the security of a sy...Grey box testing in software security involves assessing the security of a sy...
Grey box testing in software security involves assessing the security of a sy...KrishnaVeni451953
 
Security Testing.pptx
Security Testing.pptxSecurity Testing.pptx
Security Testing.pptxosandadeshan
 
Various types of software testing by kostcare | London | Waterloo
Various types of software testing by kostcare | London | WaterlooVarious types of software testing by kostcare | London | Waterloo
Various types of software testing by kostcare | London | WaterlooKostCare
 
Securing the continuous integration
Securing the continuous integrationSecuring the continuous integration
Securing the continuous integrationIrene Michlin
 
For Business's Sake, Let's focus on AppSec
For Business's Sake, Let's focus on AppSecFor Business's Sake, Let's focus on AppSec
For Business's Sake, Let's focus on AppSecLalit Kale
 
Ryan Elkins - Simple Security Defense to Thwart an Army of Cyber Ninja Warriors
Ryan Elkins - Simple Security Defense to Thwart an Army of Cyber Ninja WarriorsRyan Elkins - Simple Security Defense to Thwart an Army of Cyber Ninja Warriors
Ryan Elkins - Simple Security Defense to Thwart an Army of Cyber Ninja WarriorsRyan Elkins
 
YOW! Connected 2014 - Developing Secure iOS Applications
YOW! Connected 2014 - Developing Secure iOS ApplicationsYOW! Connected 2014 - Developing Secure iOS Applications
YOW! Connected 2014 - Developing Secure iOS Applicationseightbit
 
Cyber security - It starts with the embedded system
Cyber security - It starts with the embedded systemCyber security - It starts with the embedded system
Cyber security - It starts with the embedded systemRogue Wave Software
 
Ethical Hacking justvamshi .pptx
Ethical Hacking justvamshi .pptxEthical Hacking justvamshi .pptx
Ethical Hacking justvamshi .pptxvamshimatangi
 
Common Web Application Attacks
Common Web Application Attacks Common Web Application Attacks
Common Web Application Attacks Ahmed Sherif
 
chap-1 : Vulnerabilities in Information Systems
chap-1 : Vulnerabilities in Information Systemschap-1 : Vulnerabilities in Information Systems
chap-1 : Vulnerabilities in Information SystemsKashfUlHuda1
 
What Does a Full Featured Security Strategy Look Like?
What Does a Full Featured Security Strategy Look Like?What Does a Full Featured Security Strategy Look Like?
What Does a Full Featured Security Strategy Look Like?Precisely
 
CNIT 125 7. Security Assessment and Testing
CNIT 125 7. Security Assessment and TestingCNIT 125 7. Security Assessment and Testing
CNIT 125 7. Security Assessment and TestingSam Bowne
 
CISSP Prep: Ch 7. Security Assessment and Testing
CISSP Prep: Ch 7. Security Assessment and TestingCISSP Prep: Ch 7. Security Assessment and Testing
CISSP Prep: Ch 7. Security Assessment and TestingSam Bowne
 
IBM AppScan - the total software security solution
IBM AppScan - the total software security solutionIBM AppScan - the total software security solution
IBM AppScan - the total software security solutionhearme limited company
 
Exploitation techniques and fuzzing
Exploitation techniques and fuzzingExploitation techniques and fuzzing
Exploitation techniques and fuzzingG Prachi
 

Similar to Company Profile (20)

black-box testing is a type of software testing in which the tester is not co...
black-box testing is a type of software testing in which the tester is not co...black-box testing is a type of software testing in which the tester is not co...
black-box testing is a type of software testing in which the tester is not co...
 
Vulnerability assessment and penetration testing
Vulnerability assessment and penetration testingVulnerability assessment and penetration testing
Vulnerability assessment and penetration testing
 
Grey box testing in software security involves assessing the security of a sy...
Grey box testing in software security involves assessing the security of a sy...Grey box testing in software security involves assessing the security of a sy...
Grey box testing in software security involves assessing the security of a sy...
 
Security Testing.pptx
Security Testing.pptxSecurity Testing.pptx
Security Testing.pptx
 
Various types of software testing by kostcare | London | Waterloo
Various types of software testing by kostcare | London | WaterlooVarious types of software testing by kostcare | London | Waterloo
Various types of software testing by kostcare | London | Waterloo
 
Securing the continuous integration
Securing the continuous integrationSecuring the continuous integration
Securing the continuous integration
 
For Business's Sake, Let's focus on AppSec
For Business's Sake, Let's focus on AppSecFor Business's Sake, Let's focus on AppSec
For Business's Sake, Let's focus on AppSec
 
penetration testing
penetration testingpenetration testing
penetration testing
 
Ryan Elkins - Simple Security Defense to Thwart an Army of Cyber Ninja Warriors
Ryan Elkins - Simple Security Defense to Thwart an Army of Cyber Ninja WarriorsRyan Elkins - Simple Security Defense to Thwart an Army of Cyber Ninja Warriors
Ryan Elkins - Simple Security Defense to Thwart an Army of Cyber Ninja Warriors
 
YOW! Connected 2014 - Developing Secure iOS Applications
YOW! Connected 2014 - Developing Secure iOS ApplicationsYOW! Connected 2014 - Developing Secure iOS Applications
YOW! Connected 2014 - Developing Secure iOS Applications
 
Cyber security - It starts with the embedded system
Cyber security - It starts with the embedded systemCyber security - It starts with the embedded system
Cyber security - It starts with the embedded system
 
Ethical Hacking justvamshi .pptx
Ethical Hacking justvamshi .pptxEthical Hacking justvamshi .pptx
Ethical Hacking justvamshi .pptx
 
SoftwareTesting
SoftwareTestingSoftwareTesting
SoftwareTesting
 
Common Web Application Attacks
Common Web Application Attacks Common Web Application Attacks
Common Web Application Attacks
 
chap-1 : Vulnerabilities in Information Systems
chap-1 : Vulnerabilities in Information Systemschap-1 : Vulnerabilities in Information Systems
chap-1 : Vulnerabilities in Information Systems
 
What Does a Full Featured Security Strategy Look Like?
What Does a Full Featured Security Strategy Look Like?What Does a Full Featured Security Strategy Look Like?
What Does a Full Featured Security Strategy Look Like?
 
CNIT 125 7. Security Assessment and Testing
CNIT 125 7. Security Assessment and TestingCNIT 125 7. Security Assessment and Testing
CNIT 125 7. Security Assessment and Testing
 
CISSP Prep: Ch 7. Security Assessment and Testing
CISSP Prep: Ch 7. Security Assessment and TestingCISSP Prep: Ch 7. Security Assessment and Testing
CISSP Prep: Ch 7. Security Assessment and Testing
 
IBM AppScan - the total software security solution
IBM AppScan - the total software security solutionIBM AppScan - the total software security solution
IBM AppScan - the total software security solution
 
Exploitation techniques and fuzzing
Exploitation techniques and fuzzingExploitation techniques and fuzzing
Exploitation techniques and fuzzing
 

Company Profile

  • 1. White Hat Solution EXPOSE AND RESOLVETHE SECURITY RISKS www.whitehatsolution.com
  • 2. Our mission • We at White Hat Solution provide actionable intelligence to uncover major and minor security issues with the potential to negatively affect your corporate environments. • Our team provides automated and manual vulnerability test to identify risks and allow you to take action to mitigate and eliminate threats. www.whitehatsolution.com
  • 3. Our Services • Penetration Testing. • Vulnerability Assessment. • Software code testing. • User Awareness. www.whitehatsolution.com
  • 4. Scope • Initial planning of the audit. • External Scanning/ Footprint. • Internal Scanning. • Vulnerability Assessment. • Metasploit basics. • Post Audit reporting. www.whitehatsolution.com
  • 5. What we look for? • Backdoors in Operating System • Unintentional flaws in the design of the software code. • Improper software configuration management implementation. • Using the actual software application in a way it was not intended to be used. www.whitehatsolution.com
  • 6. What we target? • We target the following endpoints: • Servers • Network endpoints • Wireless networks • Network Security Devices (Routers, Firewalls, Network Intrusion devices, etc) • Mobile and wireless devices. • Software applications www.whitehatsolution.com
  • 7. PenetrationTest • It is an information security assessment. • The purpose of Pen Test is to measure the security posture of information systems, software, networks and human resources. • Pen Test involves actual interaction with the above mentioned elements. www.whitehatsolution.com
  • 8. Purpose of PenTest • It is designed to answer the following question: • What is the real-world effectiveness of my existing security controls against an active, human, skilled attacker? • Identifying higher-risk vulnerabilities that result from a combination of lower-risk vulnerabilities exploited in a particular sequence. • Identifying vulnerabilities that may be difficult or impossible to detect with automated network or application vulnerabilities scanning software. www.whitehatsolution.com
  • 9. PenTest Strategies • Targeted Testing • External and Internal Testing • Blind testing • Double Blind testing www.whitehatsolution.com
  • 10. Types of PenTest • Black Box testing. • White Box testing • Gray Box testing. www.whitehatsolution.com
  • 11. Black BoxTesting • In this test we do have information about internal working of the particular Web Application or its source code and software architecture. In this scenario we use brute-force attack against IT infrastructure. www.whitehatsolution.com
  • 12. White BoxTesting • This is also known as “Clear Box Testing”, during this test we have full knowledge and access to both the source code and software architecture of the Web Application. www.whitehatsolution.com
  • 13. Gray BoxTesting • During this test we have partial knowledge of internal workings. This is restricted to just getting access to the software code and system architecture diagrams. www.whitehatsolution.com
  • 14. Vulnerability Assessment • It is a process of identifying and quantifying security vulnerabilities in an environment. www.whitehatsolution.com
  • 15. Steps we take forVA • Catalogue assets and resources in a system. • Assign quantifiable value and importance to the resources. • Identify the security vulnerabilities or potential threats to each resource. • Mitigate or eliminate the most serious vulnerabilities for the most valuable resources. www.whitehatsolution.com
  • 16. Conclusion • We are a team of Certified PenetrationTest, Network Forensics and Ethical Hackers. • After we have performed PenTest and/orVA, we provide a full audit report with recommendations on how to improve IT infrastructure to ensure no unauthorized access occurs. www.whitehatsolution.com