Submit Search
Upload
Cybersecurity Fundamentals for Bar Associations
•
1 like
•
511 views
NowSecure
Follow
Practical infosec tips for non-security firms
Read less
Read more
Law
Report
Share
Report
Share
1 of 36
Download now
Download to read offline
Recommended
+ How do vulnerable mobile apps and insecure V2D communications put drivers and manufacturers at risk? + Applying crashworthiness and safety ratings concepts to mobile app and connected car cybersecurity + How to manage mobile app security defects and vulnerabilities in the connected car and mobile app development process
Mobile App Crashworthiness - Securing Vehicle-to-Device (V2D) Interfaces and ...
Mobile App Crashworthiness - Securing Vehicle-to-Device (V2D) Interfaces and ...
NowSecure
NowSecure CEO Andrew Hoog offers an encore session of his highly anticipated talk at RSA Conference 2016, “The incident response playbook for Android and iOS." This presentation covers the challenges in mobile as they pertain to incident response, how and why mobile differs from traditional incident response, and building blocks you can use to craft your own mobile incident response plan. To learn more about mobile incident response, bookmark Andrew's free book "Incident Response Playbook for Android and iOS" here: https://www.nowsecure.com/resources/mobile-incident-response/en/
Preparing for the inevitable: The mobile incident response playbook
Preparing for the inevitable: The mobile incident response playbook
NowSecure
Credit Union Tech Talk asked us to lead a webinar on cyber trends, managed detection and response and where NetWatcher fits
Netwatcher Credit Union Tech Talk
Netwatcher Credit Union Tech Talk
NetWatcher
Legacy network security approaches define and defend a perimeter. Mobile technology explodes boundaries with apps you’re not always aware of on public networks you don't control. Dual-use devices complicate managing access to sensitive corporate resources and protecting endpoints. Traditional approaches to network, cloud, and application security don't solve the mobile security challenge. Sam Bakken, Content Marketing Manager at NowSecure, discusses the state of mobile security in 2016 and shares strategies for managing the boundless mobile periphery.
It's not about you: Mobile security in 2016
It's not about you: Mobile security in 2016
NowSecure
Mobile security testing during application development is difficult - but it doesn’t have to be. Director of Mobile Services Katie Strzempka highlights how you can incorporate automated mobile application security testing throughout every step of your app SDLC.
How to scale mobile application security testing
How to scale mobile application security testing
NowSecure
An overview of why knowing programming can make you a better cyber security professional, a look at the most popular languages and some pitfalls to avoid
PROGRAMMING AND CYBER SECURITY
PROGRAMMING AND CYBER SECURITY
Sylvain Martinez
A method to define minimum controls, policies, and procedures to apply to devices not controlled by the organization.
Steven Keil - BYODAWSCYW (Bring Your Own Device And Whatever Security Control...
Steven Keil - BYODAWSCYW (Bring Your Own Device And Whatever Security Control...
centralohioissa
Originally presented on 12/5/2017 To close out the 2017 webinar season, our mobile security expert panel will review the top mobile threats of 2017 (e.g., Cloudbleed, Bootstomp, Broadpwn, and more) and then debate what’s next in mobile app security and mobile app security testing for 2018. See the slides from this spirited discussion of the security ramifications of the new iPhone X, iOS 11, Android 8, the latest innovations in the mobile app security testing, and more. Compare your mobile app security and mobile app security testing initiatives with what our experts say should be your top priorities in 2018.
5 Mobile App Security MUST-DOs in 2018
5 Mobile App Security MUST-DOs in 2018
NowSecure
Recommended
+ How do vulnerable mobile apps and insecure V2D communications put drivers and manufacturers at risk? + Applying crashworthiness and safety ratings concepts to mobile app and connected car cybersecurity + How to manage mobile app security defects and vulnerabilities in the connected car and mobile app development process
Mobile App Crashworthiness - Securing Vehicle-to-Device (V2D) Interfaces and ...
Mobile App Crashworthiness - Securing Vehicle-to-Device (V2D) Interfaces and ...
NowSecure
NowSecure CEO Andrew Hoog offers an encore session of his highly anticipated talk at RSA Conference 2016, “The incident response playbook for Android and iOS." This presentation covers the challenges in mobile as they pertain to incident response, how and why mobile differs from traditional incident response, and building blocks you can use to craft your own mobile incident response plan. To learn more about mobile incident response, bookmark Andrew's free book "Incident Response Playbook for Android and iOS" here: https://www.nowsecure.com/resources/mobile-incident-response/en/
Preparing for the inevitable: The mobile incident response playbook
Preparing for the inevitable: The mobile incident response playbook
NowSecure
Credit Union Tech Talk asked us to lead a webinar on cyber trends, managed detection and response and where NetWatcher fits
Netwatcher Credit Union Tech Talk
Netwatcher Credit Union Tech Talk
NetWatcher
Legacy network security approaches define and defend a perimeter. Mobile technology explodes boundaries with apps you’re not always aware of on public networks you don't control. Dual-use devices complicate managing access to sensitive corporate resources and protecting endpoints. Traditional approaches to network, cloud, and application security don't solve the mobile security challenge. Sam Bakken, Content Marketing Manager at NowSecure, discusses the state of mobile security in 2016 and shares strategies for managing the boundless mobile periphery.
It's not about you: Mobile security in 2016
It's not about you: Mobile security in 2016
NowSecure
Mobile security testing during application development is difficult - but it doesn’t have to be. Director of Mobile Services Katie Strzempka highlights how you can incorporate automated mobile application security testing throughout every step of your app SDLC.
How to scale mobile application security testing
How to scale mobile application security testing
NowSecure
An overview of why knowing programming can make you a better cyber security professional, a look at the most popular languages and some pitfalls to avoid
PROGRAMMING AND CYBER SECURITY
PROGRAMMING AND CYBER SECURITY
Sylvain Martinez
A method to define minimum controls, policies, and procedures to apply to devices not controlled by the organization.
Steven Keil - BYODAWSCYW (Bring Your Own Device And Whatever Security Control...
Steven Keil - BYODAWSCYW (Bring Your Own Device And Whatever Security Control...
centralohioissa
Originally presented on 12/5/2017 To close out the 2017 webinar season, our mobile security expert panel will review the top mobile threats of 2017 (e.g., Cloudbleed, Bootstomp, Broadpwn, and more) and then debate what’s next in mobile app security and mobile app security testing for 2018. See the slides from this spirited discussion of the security ramifications of the new iPhone X, iOS 11, Android 8, the latest innovations in the mobile app security testing, and more. Compare your mobile app security and mobile app security testing initiatives with what our experts say should be your top priorities in 2018.
5 Mobile App Security MUST-DOs in 2018
5 Mobile App Security MUST-DOs in 2018
NowSecure
Timothy Opsitnick and Eric Vanderburg of TCDI presented at the Risk Management Society's 2017 Northeast Ohio Regional Conference on Cybersecurity incident response strategies and tactics.
Cybersecurity Incident Response Strategies and Tactics - RIMS 2017 - Eric Van...
Cybersecurity Incident Response Strategies and Tactics - RIMS 2017 - Eric Van...
Eric Vanderburg
Mandar Rege, Security Principal, Cisco Security Solutions presents the evolution of security at Cisco Connect Toronto 2015.
Tomorrow Starts Here - Security Everywhere
Tomorrow Starts Here - Security Everywhere
Cisco Canada
ntxissacsc5
Ntxissacsc5 purple 3-cyber insurance essentials-shawn_tuma.pptx
Ntxissacsc5 purple 3-cyber insurance essentials-shawn_tuma.pptx
North Texas Chapter of the ISSA
Slides to the online event "Creating an effective cybersecurity strategy" by Berezha Security Group, where we debunked myths about cybersecurity and recommended some easy-to-use practical steps to build an effective cybersecurity strategy for your small business. Meeting plan: 1. Widespread misconceptions about the cybersecurity of small and medium-sized businesses. 2. 10 steps to combat cyber threats. How to protect business effectively within a limited budget? About the speakers -Vlad Styran, CISSP CISA, Co-founder & CEO, BSG Vlad is an internationally known cybersecurity expert with over 15+ years of experience in Penetration Testing, Social Engineering, and Security Awareness. He is a BSG Co-founder & CEO and responsible for business and cybersecurity strategies. He could help businesses with consulting services in software security, cybersecurity awareness, strategy, and investment. Also, he acts as a speaker, blogger, podcaster in his volunteer activities. - Andriy Varusha, CISSP, Co-founder & CSO, BSG Andriy is an experienced top manager in IT-audit, consulting, and IT project management by leading outsourcing teams in Ukraine, Poland, and the USA. He also is keen on building customer relationships within the US, UK, and Western Europe geographies. At BSG, he leads the BSG advisory practice and consults development teams in all aspects of cybersecurity. About BSG Berezha Security Group (BSG) is a Ukrainian consulting company focused on application security and penetration testing. Our job is to help companies in all aspects of cybersecurity. We complete more than 50 Penetration Testing and Application Security projects yearly to know the business security vulnerabilities across the verticals. We help our customers address their future security challenges: prevent data breaches and achieve compliance. Our contacts: hello@bsg.tech ; https://bsg.tech
Slides to the online event "Creating an effective cybersecurity strategy" by ...
Slides to the online event "Creating an effective cybersecurity strategy" by ...
Berezha Security Group
Presentation given by Eric Vanderburg at ISACA on IoT security challenges.
2017 March ISACA Security Challenges with the Internet of Things - Eric Vande...
2017 March ISACA Security Challenges with the Internet of Things - Eric Vande...
Eric Vanderburg
Resiliency: Defense Lessons learned from WannaCry, Petya, Equifax, etc. Delivered at the Vancouver Security Special Interest Group.
Cyber Resilency VANCOUVER, BC Nov 2017
Cyber Resilency VANCOUVER, BC Nov 2017
Kevin Murphy
Good Guys vs Bad Guys: Using Big Data to Counteract Advanced Threats
Good Guys vs Bad Guys: Using Big Data to Counteract Advanced Threats
Good Guys vs Bad Guys: Using Big Data to Counteract Advanced Threats
Zivaro Inc
Watch recorded webinar here - http://get.skycure.com/mobile-security-2017-predictions
Mobile Security: 2016 Wrap-Up and 2017 Predictions
Mobile Security: 2016 Wrap-Up and 2017 Predictions
Skycure
Presentation Material of the Live Webinar Event on November 4, 2015: Preview the Findings from CYREN's Newest Cyber Threats Report
Webinar: Insights from CYREN's 2015-Q3 Cyber Threat Report
Webinar: Insights from CYREN's 2015-Q3 Cyber Threat Report
Cyren, Inc
Learn about web security in the modern workplace in this webinar highlight. To view the corresponding webinar, click here: http://bit.ly/2ipmTNQ
Webinar: Cloud-Based Web Security as First/Last Line of Defense
Webinar: Cloud-Based Web Security as First/Last Line of Defense
Cyren, Inc
Over the past few years, penetration testing has gotten easier. What used to take a week of scanning, analysis, and exploit research now happens in one day on average in a common IT environment. The efficiency of compromise has increased based on several factors including increased knowledge sharing, more robust computing, and automated exploitation tools. OT environments are often utilizing the same operating systems and are prone to many of the same attacks. The main differences are the presence of custom protocols, embedded systems, and lack of formal security programs to address the gaps created by two-way data communication networks. This talk will show the most common attacks which our team currently uses to gain access and control over the networks and systems we test. More importantly, we will discuss the “top 10” things an organization can do to mitigate, remediate, and have active visibility into critical systems.
Slide Griffin - Practical Attacks and Mitigations
Slide Griffin - Practical Attacks and Mitigations
EnergySec
In our modern world, we’ve learned to take for granted the universal availability of things like running water and electricity, and more recently, the Internet. As technology progresses, we are rapidly approaching a future in which nearly everything is digitally connected to nearly everything else. At the same time, we are learning to accept that all digital devices are broken from a security perspective. How we respond and adapt to this reality could well determine whether our future is utopian or dystopian. In In this interactive session, we will explore novel avenues of attack using digital “soft-targets”, and discuss how we might hold things together in the face of persistent vulnerability.
Steve Parker - The Internet of Everything: Cyber-defense in an Age of Ubiquit...
Steve Parker - The Internet of Everything: Cyber-defense in an Age of Ubiquit...
EnergySec
You’re a CIO, CISO or DPO - and you’ve been woken up in the middle of the night because personal data held by your organization has been discovered for sale on the dark web. This disclosure puts the privacy of your customers at risk. What do you do next? Join this session to learn about the impact of GDPR and go through a breach investigation and response scenario as it would be after GDPR comes into effect in May 2018. You’ll hear from Splunk’s Data Privacy Officer Elizabeth Davies and Splunk’s Security Ninja Matthias Maier. What you will learn: - What breach response will look like under the GDPR - What tools and processes a data privacy officer will rely on in case of a breach - What departments and entities will be involved beyond IT - What activities are currently happening within organizations to prepare for the GDPR - What the consequences of the breach could be Watch the webinar: http://explore.splunk.com/GDPR_Webinar_EN
A Day in the Life of a GDPR Breach
A Day in the Life of a GDPR Breach
Splunk
With recent attacks on hospital data catching headlines, we wanted to provide some best practices in this webinar to keep your systems safe and sound! We will be co-presenting this webinar with our partners at Intellisuite IT Solutions. What you will learn: How-to use an Intranet to educate staff on IT security How-to Engage staff in pro-active thinking about IT and patient privacy with a social Intranet tools. How a proactive IT plan and an Intranet can help keep an organization safe from Ransomware Attacks How-to publish and ensure readership on HITECH, HIPPA and other IT policies across the entire hospital using a web based Policy Manager How an Intranet can alert staff of an attack and train staff on ways to prevent attacks How to leverage layered security to prevent ransomware attack Important elements of a layer security approach What to do if ransomware attack evades the initial layer Risks of vulnerable or unprotected system Organization’s recourse for getting back to production are restoring from backup or paying the ransom
HOW TO PREPARE FOR AND RESPOND TO A RANDSOMWARE ATTACK [Webinar]
HOW TO PREPARE FOR AND RESPOND TO A RANDSOMWARE ATTACK [Webinar]
Stanton Viaduc
Originally presented on January 23, 2018 A comprehensive analysis of iOS and Android apps found that a staggering 85% of those apps fail one or more of the OWASP Mobile Top 10 criteria. Given that the average mobile device has over 89 mobile apps on it, what are the odds your employees have one or more of the apps and what’s the real risk to your business? Mobile apps power productivity in the modern business; don’t let a few bad apps bring it down.
85% of App Store Apps Fail OWASP Mobile Top 10: Are you exposed?
85% of App Store Apps Fail OWASP Mobile Top 10: Are you exposed?
NowSecure
Key legal data security concerns for 2016; Privacy and security preparation; Vendor management; When and how to engage outside counsel & advisors; EU Privacy update; Sample enforcement actions.
Dino Tsibouris & Mehmet Munur - Legal Perspective on Data Security for 2016
Dino Tsibouris & Mehmet Munur - Legal Perspective on Data Security for 2016
centralohioissa
By Ms. Tan Lay Ngan, Senior Lecturer & Consultant, IT Strategy & Management and Mr. Ng Kok Leong, Senior Manager, Information Services With Singapore’s push towards international connectivity and the adoption of digital technologies, we inadvertently expand our cyber-attack surface. We become more exposed to cyber-threats – from individual, opportunistic hackers, to professional and organised cyber criminals groups, affecting our intellectual property, businesses and even our safety. In this session, you will learn the essentials of cybersecurity and experience how cyber threats can attack your environment through cybersecurity games, ultimately understanding the importance of an informed organisational culture that emphasises cybersecurity.
NUS-ISS Learning Day 2017 - Managing Cybersecurity Risk in the Digital Era fo...
NUS-ISS Learning Day 2017 - Managing Cybersecurity Risk in the Digital Era fo...
NUS-ISS
This presentation highlights the business value for IACS cyber incident management. Discover the life-cycle approach to IACS cyber incident management that reduces risk, improves safety and increases reliability within an operating asset
2015 ISA Calgary Show: IACS Cyber Incident Preparation
2015 ISA Calgary Show: IACS Cyber Incident Preparation
Cimation
IDS are great tools for blue teams and resource for network forensics, however they can also be a great resource for the red teams and as part of a penetration testing exercise.
OFFENSIVE IDS
OFFENSIVE IDS
Sylvain Martinez
OWASP Day - Lets secure!
OWASP Day - OWASP Day - Lets secure!
OWASP Day - OWASP Day - Lets secure!
Prathan Phongthiproek
Industrial Cybersecurity & SCADA hacks presentation
Industrial Cybersecurity & SCADA hacks presentation
Gavin Davey
There are new threats to cybersecurity for HMI/SCADA applications every week, and it can be difficult to stay on top of current threats and concerns. InduSoft is here to help, with an analysis of recent cybersecurity threats and how to take steps to protect SCADA/HMI systems from the vulnerabilities they seek to exploit. We will also be discussing the security features available in InduSoft Web Studio and how to take advantage of them to create the most stable, secure HMI or SCADA application possible.
Recent Cybersecurity Concerns and How to Protect SCADA/HMI Applications Prese...
Recent Cybersecurity Concerns and How to Protect SCADA/HMI Applications Prese...
AVEVA
More Related Content
What's hot
Timothy Opsitnick and Eric Vanderburg of TCDI presented at the Risk Management Society's 2017 Northeast Ohio Regional Conference on Cybersecurity incident response strategies and tactics.
Cybersecurity Incident Response Strategies and Tactics - RIMS 2017 - Eric Van...
Cybersecurity Incident Response Strategies and Tactics - RIMS 2017 - Eric Van...
Eric Vanderburg
Mandar Rege, Security Principal, Cisco Security Solutions presents the evolution of security at Cisco Connect Toronto 2015.
Tomorrow Starts Here - Security Everywhere
Tomorrow Starts Here - Security Everywhere
Cisco Canada
ntxissacsc5
Ntxissacsc5 purple 3-cyber insurance essentials-shawn_tuma.pptx
Ntxissacsc5 purple 3-cyber insurance essentials-shawn_tuma.pptx
North Texas Chapter of the ISSA
Slides to the online event "Creating an effective cybersecurity strategy" by Berezha Security Group, where we debunked myths about cybersecurity and recommended some easy-to-use practical steps to build an effective cybersecurity strategy for your small business. Meeting plan: 1. Widespread misconceptions about the cybersecurity of small and medium-sized businesses. 2. 10 steps to combat cyber threats. How to protect business effectively within a limited budget? About the speakers -Vlad Styran, CISSP CISA, Co-founder & CEO, BSG Vlad is an internationally known cybersecurity expert with over 15+ years of experience in Penetration Testing, Social Engineering, and Security Awareness. He is a BSG Co-founder & CEO and responsible for business and cybersecurity strategies. He could help businesses with consulting services in software security, cybersecurity awareness, strategy, and investment. Also, he acts as a speaker, blogger, podcaster in his volunteer activities. - Andriy Varusha, CISSP, Co-founder & CSO, BSG Andriy is an experienced top manager in IT-audit, consulting, and IT project management by leading outsourcing teams in Ukraine, Poland, and the USA. He also is keen on building customer relationships within the US, UK, and Western Europe geographies. At BSG, he leads the BSG advisory practice and consults development teams in all aspects of cybersecurity. About BSG Berezha Security Group (BSG) is a Ukrainian consulting company focused on application security and penetration testing. Our job is to help companies in all aspects of cybersecurity. We complete more than 50 Penetration Testing and Application Security projects yearly to know the business security vulnerabilities across the verticals. We help our customers address their future security challenges: prevent data breaches and achieve compliance. Our contacts: hello@bsg.tech ; https://bsg.tech
Slides to the online event "Creating an effective cybersecurity strategy" by ...
Slides to the online event "Creating an effective cybersecurity strategy" by ...
Berezha Security Group
Presentation given by Eric Vanderburg at ISACA on IoT security challenges.
2017 March ISACA Security Challenges with the Internet of Things - Eric Vande...
2017 March ISACA Security Challenges with the Internet of Things - Eric Vande...
Eric Vanderburg
Resiliency: Defense Lessons learned from WannaCry, Petya, Equifax, etc. Delivered at the Vancouver Security Special Interest Group.
Cyber Resilency VANCOUVER, BC Nov 2017
Cyber Resilency VANCOUVER, BC Nov 2017
Kevin Murphy
Good Guys vs Bad Guys: Using Big Data to Counteract Advanced Threats
Good Guys vs Bad Guys: Using Big Data to Counteract Advanced Threats
Good Guys vs Bad Guys: Using Big Data to Counteract Advanced Threats
Zivaro Inc
Watch recorded webinar here - http://get.skycure.com/mobile-security-2017-predictions
Mobile Security: 2016 Wrap-Up and 2017 Predictions
Mobile Security: 2016 Wrap-Up and 2017 Predictions
Skycure
Presentation Material of the Live Webinar Event on November 4, 2015: Preview the Findings from CYREN's Newest Cyber Threats Report
Webinar: Insights from CYREN's 2015-Q3 Cyber Threat Report
Webinar: Insights from CYREN's 2015-Q3 Cyber Threat Report
Cyren, Inc
Learn about web security in the modern workplace in this webinar highlight. To view the corresponding webinar, click here: http://bit.ly/2ipmTNQ
Webinar: Cloud-Based Web Security as First/Last Line of Defense
Webinar: Cloud-Based Web Security as First/Last Line of Defense
Cyren, Inc
Over the past few years, penetration testing has gotten easier. What used to take a week of scanning, analysis, and exploit research now happens in one day on average in a common IT environment. The efficiency of compromise has increased based on several factors including increased knowledge sharing, more robust computing, and automated exploitation tools. OT environments are often utilizing the same operating systems and are prone to many of the same attacks. The main differences are the presence of custom protocols, embedded systems, and lack of formal security programs to address the gaps created by two-way data communication networks. This talk will show the most common attacks which our team currently uses to gain access and control over the networks and systems we test. More importantly, we will discuss the “top 10” things an organization can do to mitigate, remediate, and have active visibility into critical systems.
Slide Griffin - Practical Attacks and Mitigations
Slide Griffin - Practical Attacks and Mitigations
EnergySec
In our modern world, we’ve learned to take for granted the universal availability of things like running water and electricity, and more recently, the Internet. As technology progresses, we are rapidly approaching a future in which nearly everything is digitally connected to nearly everything else. At the same time, we are learning to accept that all digital devices are broken from a security perspective. How we respond and adapt to this reality could well determine whether our future is utopian or dystopian. In In this interactive session, we will explore novel avenues of attack using digital “soft-targets”, and discuss how we might hold things together in the face of persistent vulnerability.
Steve Parker - The Internet of Everything: Cyber-defense in an Age of Ubiquit...
Steve Parker - The Internet of Everything: Cyber-defense in an Age of Ubiquit...
EnergySec
You’re a CIO, CISO or DPO - and you’ve been woken up in the middle of the night because personal data held by your organization has been discovered for sale on the dark web. This disclosure puts the privacy of your customers at risk. What do you do next? Join this session to learn about the impact of GDPR and go through a breach investigation and response scenario as it would be after GDPR comes into effect in May 2018. You’ll hear from Splunk’s Data Privacy Officer Elizabeth Davies and Splunk’s Security Ninja Matthias Maier. What you will learn: - What breach response will look like under the GDPR - What tools and processes a data privacy officer will rely on in case of a breach - What departments and entities will be involved beyond IT - What activities are currently happening within organizations to prepare for the GDPR - What the consequences of the breach could be Watch the webinar: http://explore.splunk.com/GDPR_Webinar_EN
A Day in the Life of a GDPR Breach
A Day in the Life of a GDPR Breach
Splunk
With recent attacks on hospital data catching headlines, we wanted to provide some best practices in this webinar to keep your systems safe and sound! We will be co-presenting this webinar with our partners at Intellisuite IT Solutions. What you will learn: How-to use an Intranet to educate staff on IT security How-to Engage staff in pro-active thinking about IT and patient privacy with a social Intranet tools. How a proactive IT plan and an Intranet can help keep an organization safe from Ransomware Attacks How-to publish and ensure readership on HITECH, HIPPA and other IT policies across the entire hospital using a web based Policy Manager How an Intranet can alert staff of an attack and train staff on ways to prevent attacks How to leverage layered security to prevent ransomware attack Important elements of a layer security approach What to do if ransomware attack evades the initial layer Risks of vulnerable or unprotected system Organization’s recourse for getting back to production are restoring from backup or paying the ransom
HOW TO PREPARE FOR AND RESPOND TO A RANDSOMWARE ATTACK [Webinar]
HOW TO PREPARE FOR AND RESPOND TO A RANDSOMWARE ATTACK [Webinar]
Stanton Viaduc
Originally presented on January 23, 2018 A comprehensive analysis of iOS and Android apps found that a staggering 85% of those apps fail one or more of the OWASP Mobile Top 10 criteria. Given that the average mobile device has over 89 mobile apps on it, what are the odds your employees have one or more of the apps and what’s the real risk to your business? Mobile apps power productivity in the modern business; don’t let a few bad apps bring it down.
85% of App Store Apps Fail OWASP Mobile Top 10: Are you exposed?
85% of App Store Apps Fail OWASP Mobile Top 10: Are you exposed?
NowSecure
Key legal data security concerns for 2016; Privacy and security preparation; Vendor management; When and how to engage outside counsel & advisors; EU Privacy update; Sample enforcement actions.
Dino Tsibouris & Mehmet Munur - Legal Perspective on Data Security for 2016
Dino Tsibouris & Mehmet Munur - Legal Perspective on Data Security for 2016
centralohioissa
By Ms. Tan Lay Ngan, Senior Lecturer & Consultant, IT Strategy & Management and Mr. Ng Kok Leong, Senior Manager, Information Services With Singapore’s push towards international connectivity and the adoption of digital technologies, we inadvertently expand our cyber-attack surface. We become more exposed to cyber-threats – from individual, opportunistic hackers, to professional and organised cyber criminals groups, affecting our intellectual property, businesses and even our safety. In this session, you will learn the essentials of cybersecurity and experience how cyber threats can attack your environment through cybersecurity games, ultimately understanding the importance of an informed organisational culture that emphasises cybersecurity.
NUS-ISS Learning Day 2017 - Managing Cybersecurity Risk in the Digital Era fo...
NUS-ISS Learning Day 2017 - Managing Cybersecurity Risk in the Digital Era fo...
NUS-ISS
This presentation highlights the business value for IACS cyber incident management. Discover the life-cycle approach to IACS cyber incident management that reduces risk, improves safety and increases reliability within an operating asset
2015 ISA Calgary Show: IACS Cyber Incident Preparation
2015 ISA Calgary Show: IACS Cyber Incident Preparation
Cimation
IDS are great tools for blue teams and resource for network forensics, however they can also be a great resource for the red teams and as part of a penetration testing exercise.
OFFENSIVE IDS
OFFENSIVE IDS
Sylvain Martinez
OWASP Day - Lets secure!
OWASP Day - OWASP Day - Lets secure!
OWASP Day - OWASP Day - Lets secure!
Prathan Phongthiproek
What's hot
(20)
Cybersecurity Incident Response Strategies and Tactics - RIMS 2017 - Eric Van...
Cybersecurity Incident Response Strategies and Tactics - RIMS 2017 - Eric Van...
Tomorrow Starts Here - Security Everywhere
Tomorrow Starts Here - Security Everywhere
Ntxissacsc5 purple 3-cyber insurance essentials-shawn_tuma.pptx
Ntxissacsc5 purple 3-cyber insurance essentials-shawn_tuma.pptx
Slides to the online event "Creating an effective cybersecurity strategy" by ...
Slides to the online event "Creating an effective cybersecurity strategy" by ...
2017 March ISACA Security Challenges with the Internet of Things - Eric Vande...
2017 March ISACA Security Challenges with the Internet of Things - Eric Vande...
Cyber Resilency VANCOUVER, BC Nov 2017
Cyber Resilency VANCOUVER, BC Nov 2017
Good Guys vs Bad Guys: Using Big Data to Counteract Advanced Threats
Good Guys vs Bad Guys: Using Big Data to Counteract Advanced Threats
Mobile Security: 2016 Wrap-Up and 2017 Predictions
Mobile Security: 2016 Wrap-Up and 2017 Predictions
Webinar: Insights from CYREN's 2015-Q3 Cyber Threat Report
Webinar: Insights from CYREN's 2015-Q3 Cyber Threat Report
Webinar: Cloud-Based Web Security as First/Last Line of Defense
Webinar: Cloud-Based Web Security as First/Last Line of Defense
Slide Griffin - Practical Attacks and Mitigations
Slide Griffin - Practical Attacks and Mitigations
Steve Parker - The Internet of Everything: Cyber-defense in an Age of Ubiquit...
Steve Parker - The Internet of Everything: Cyber-defense in an Age of Ubiquit...
A Day in the Life of a GDPR Breach
A Day in the Life of a GDPR Breach
HOW TO PREPARE FOR AND RESPOND TO A RANDSOMWARE ATTACK [Webinar]
HOW TO PREPARE FOR AND RESPOND TO A RANDSOMWARE ATTACK [Webinar]
85% of App Store Apps Fail OWASP Mobile Top 10: Are you exposed?
85% of App Store Apps Fail OWASP Mobile Top 10: Are you exposed?
Dino Tsibouris & Mehmet Munur - Legal Perspective on Data Security for 2016
Dino Tsibouris & Mehmet Munur - Legal Perspective on Data Security for 2016
NUS-ISS Learning Day 2017 - Managing Cybersecurity Risk in the Digital Era fo...
NUS-ISS Learning Day 2017 - Managing Cybersecurity Risk in the Digital Era fo...
2015 ISA Calgary Show: IACS Cyber Incident Preparation
2015 ISA Calgary Show: IACS Cyber Incident Preparation
OFFENSIVE IDS
OFFENSIVE IDS
OWASP Day - OWASP Day - Lets secure!
OWASP Day - OWASP Day - Lets secure!
Viewers also liked
Industrial Cybersecurity & SCADA hacks presentation
Industrial Cybersecurity & SCADA hacks presentation
Gavin Davey
There are new threats to cybersecurity for HMI/SCADA applications every week, and it can be difficult to stay on top of current threats and concerns. InduSoft is here to help, with an analysis of recent cybersecurity threats and how to take steps to protect SCADA/HMI systems from the vulnerabilities they seek to exploit. We will also be discussing the security features available in InduSoft Web Studio and how to take advantage of them to create the most stable, secure HMI or SCADA application possible.
Recent Cybersecurity Concerns and How to Protect SCADA/HMI Applications Prese...
Recent Cybersecurity Concerns and How to Protect SCADA/HMI Applications Prese...
AVEVA
This presentation focused on cybersecurity protections for law firms and attorneys' ethical obligation to protect client information. Cybersecurity and data privacy attorney Shawn Tuma presented this continuing legal education session on March 10, 2017. It was delivered live at the TexasBarCLE presents the 8th Annual Course Essentials of Business Law:Four Modules for a Robust Practice Cosponsored by the Business Law Section of the State Bar of Texas.
Cybersecurity for Your Law Firm: Data Security and Data Encryption
Cybersecurity for Your Law Firm: Data Security and Data Encryption
Shawn Tuma
One of InduSoft's Cybersecurity Engineers, Richard Clark, along with Professor Stephen Miller of Eastern New Mexico University – Ruidoso spoke at the February meeting of the Houston Infragard on the subject of "Cybersecurity Guidance for Industrial Automation in Oil and Gas Applications". InduSoft and ENMU-Ruidoso have collaborated to produce a Security Guidance eBook and an eTextbook that will be used in the Cybersecurity Certificate curriculum at ENMU.
InduSoft Speaks at Houston Infragard on February 17, 2015
InduSoft Speaks at Houston Infragard on February 17, 2015
AVEVA
chile-2015 (2)
chile-2015 (2)
Massimiliano Falcinelli
These slides present a new universal economic model for valuing any network. This newer model is in effect a transactions, value added based model for network valuation. Please note that Slideshare has distorted the economic green lines so they are no longer tangent to the optimal solutions lines. To be fixed.. Subthemes: Economics of Networks Risk management for Security Risk management for Cybersecurity (cyber security) Metcalfe's Law Reed's Law Beckstrom's Law of Networks
Economics Of Networks - Rod Beckstrom, National Cybersecurity Center, Departm...
Economics Of Networks - Rod Beckstrom, National Cybersecurity Center, Departm...
RodBeckstrom
Presentation to (ISC)2 Omaha-Lincoln Chapter meeting on March 15th, 2017. This presentation looks at managing compliance with multiple cybersecurity laws and regulations across different industries using the NIST Risk Management Framework.
Cybersecurity Law and Risk Management
Cybersecurity Law and Risk Management
Keelan Stewart
Presented at ISACA's EuroCACS 2015 (Copenhaguen). Understand the impact of Industrial Control Systems (ICS) on the security ecosystem. Expand the knowledge on SCADA systems and how cyberattacks can have physical consequences, bridging the cyber and physical worlds.
Cybersecurity in Industrial Control Systems (ICS)
Cybersecurity in Industrial Control Systems (ICS)
Joan Figueras Tugas
A Briefing Guide for C-Level Executives to Threats, Tactics, and Strategies.
Cybersecurity in the Boardroom
Cybersecurity in the Boardroom
Marko Suswanto
A high-level discussion in NIST Cybersecurity Framework presented to ISC2 Quantico Chapter
Introduction to NIST Cybersecurity Framework
Introduction to NIST Cybersecurity Framework
Tuan Phan
Ben Liu
Cybersecurity
Cybersecurity
Ben Liu
Guia de las actividades extraescolares que ofertamos para el curso 2017-2018 desde Educo, lideres en innovación educativa. Para más info contacta con nostros en www.educo.es o 961 588 184
Guia extraescolares 17-18
Guia extraescolares 17-18
Educo Servicios y Proyectos Educativos
mẫu ghế nail 2017, ghế làm làm Nail đẹp giá rẻ, cung cấp toàn quốc, bảo hành 5 năm
Mau ghe nail 2017 dep gia re bao hanh 5 nam
Mau ghe nail 2017 dep gia re bao hanh 5 nam
Noithat_hcm
elementos de los ecosistemas
Ecosistemas eii
Ecosistemas eii
26844369
Presentation at Accounting Business Expo. When you play sport you have 1 objective. To Win. Why should business be any different?
Business is a game & the best team wins
Business is a game & the best team wins
Growthwise
4 giornate di formazione dedicate all'international business per orientare al meglio lo sviluppo sui mercati esteri
Laboratorio di Internazionalizzazione d’Impresa
Laboratorio di Internazionalizzazione d’Impresa
Octagona Srl
3Com 10/100BASE-TX
3Com 10/100BASE-TX
3Com 10/100BASE-TX
savomir
Tabela da Temporada 2017
Boletim 2017
Boletim 2017
Jorge Efrahim Magalhaes Berto
un trabajo fértil para la entrega se entiende bien y habla sobre la tecnologia de nuestra generación
La evolución
La evolución
nicolas triviño velandia
Step by step guide to recruit a programmer for your project
Tech talent hunting
Tech talent hunting
Thibault Genaitay
Viewers also liked
(20)
Industrial Cybersecurity & SCADA hacks presentation
Industrial Cybersecurity & SCADA hacks presentation
Recent Cybersecurity Concerns and How to Protect SCADA/HMI Applications Prese...
Recent Cybersecurity Concerns and How to Protect SCADA/HMI Applications Prese...
Cybersecurity for Your Law Firm: Data Security and Data Encryption
Cybersecurity for Your Law Firm: Data Security and Data Encryption
InduSoft Speaks at Houston Infragard on February 17, 2015
InduSoft Speaks at Houston Infragard on February 17, 2015
chile-2015 (2)
chile-2015 (2)
Economics Of Networks - Rod Beckstrom, National Cybersecurity Center, Departm...
Economics Of Networks - Rod Beckstrom, National Cybersecurity Center, Departm...
Cybersecurity Law and Risk Management
Cybersecurity Law and Risk Management
Cybersecurity in Industrial Control Systems (ICS)
Cybersecurity in Industrial Control Systems (ICS)
Cybersecurity in the Boardroom
Cybersecurity in the Boardroom
Introduction to NIST Cybersecurity Framework
Introduction to NIST Cybersecurity Framework
Cybersecurity
Cybersecurity
Guia extraescolares 17-18
Guia extraescolares 17-18
Mau ghe nail 2017 dep gia re bao hanh 5 nam
Mau ghe nail 2017 dep gia re bao hanh 5 nam
Ecosistemas eii
Ecosistemas eii
Business is a game & the best team wins
Business is a game & the best team wins
Laboratorio di Internazionalizzazione d’Impresa
Laboratorio di Internazionalizzazione d’Impresa
3Com 10/100BASE-TX
3Com 10/100BASE-TX
Boletim 2017
Boletim 2017
La evolución
La evolución
Tech talent hunting
Tech talent hunting
Similar to Cybersecurity Fundamentals for Bar Associations
Learn about the OWASP Top 10 Mobile Risks and best practices to avoid mobile application security pitfalls such as insecure data storage, insecure communication, reverse engineering, and more. These slides were originally presented on a webinar November 2016. Watch the presentation here: https://youtu.be/LuDe3u0cSVs
OWASP Mobile Top 10
OWASP Mobile Top 10
NowSecure
Looking for a high-intensity bootcamp covering the basics of secure mobile development? This slideshare was originally presented by mobile security expert and NowSecure CEO Andrew Hoog for a 60-minute workshop at Security by Design covering the following topics: + Introduction to identifying security flaws in mobile apps (and how to avoid them) + Examples of secure and insecure mobile apps and how to secure them + Overview of secure mobile development based on the NowSecure Secure Mobile Development Best Practices
The fundamentals of Android and iOS app security
The fundamentals of Android and iOS app security
NowSecure
Mobile devices have permeated our personal lives, and increasingly impact all types of enterprise. The information security industry is just beginning to catch up to the dramatic impact of mobile. Since inception, NowSecure has focused entirely on mobile. Content Marketing Manager Sam Bakken shares insights into 5 key challenges facing mobile enterprise.
Five mobile security challenges facing the enterprise
Five mobile security challenges facing the enterprise
NowSecure
Mobile workforces and apps have revolutionized a number of highly regulated industries. State and federal regulations, such as the Health Information Portability and Accountability Act (HIPAA) and Sarbanes-Oxley (SOX), and industry standards, such as the PCI Data Security Standard (PCI DSS) and OWASP Top 10, have evolved as a result. So how do you achieve compliance outcomes for mobile apps? *These slides accompany the webinar: https://youtu.be/mqIU5dDyHwM
Compliance in the mobile enterprise: 5 tips to prepare for your next audit
Compliance in the mobile enterprise: 5 tips to prepare for your next audit
NowSecure
Learn from the mobile app security fails of others and understand how to get Android app security right the first time around. A quarter of mobile apps include flaws that expose sensitive personal or corporate data that can be used for illicit purposes. And the security of a mobile app has a lot to do with a user’s impression of its quality. Fixing vulnerabilities in the late stages of your build-and-deploy cycle is a hassle, and more expensive. You’ve got to switch contexts, dig through code you haven’t thought about in weeks (or didn’t develop in the first place), and delay progress on your latest sprint. So, what can you, the savvy Android developer, do to get security right the first time around and save yourself work later? Or, if you’re a security practitioner, how can you give security guidance up front to help your colleagues on the development team work more efficiently?
How to make Android apps secure: dos and don’ts
How to make Android apps secure: dos and don’ts
NowSecure
A mobile app that’s vulnerable to man-in-the-middle (MITM) attacks can allow an attacker to capture, view, and modify sensitive traffic sent and received between the app and backend servers. At NowSecure, Michael Krueger and Tony Ramirez spend their days performing penetration tests on Android and iOS apps, which include exploiting MITM vulnerabilities and helping developers fix them. These slides are from a 30-minute webinar with Michael & Tony about MITM attacks on mobile apps and how to prevent them that will cover: -- Identifying man-in-the-middle vulnerabilities in mobile apps -- How to execute a mobile man-in-the-middle attack -- Right and wrong ways to implement certificate validation and certificate pinning
Cutting out the middleman: Man-in-the-middle attacks and prevention for mobil...
Cutting out the middleman: Man-in-the-middle attacks and prevention for mobil...
NowSecure
Free ebook! Discussions around cybersecurity can be complex, but everyone must know that you should stay safe online, regardless of your technical expertise. This ebook gives you some essential tips for keeping yourself and your data secure on the internet. ebook download link: https://zcu.io/nsTr What else does it cover? If you have been considering what steps you can take to protect yourself from threats, you’ll get great insights about what types of common risks exist and how you can prepare for them. - Security Measures for General Public - Security Measures for Remote Employees - Common Cybersecurity Risks For Business By Employees - Cybersecurity Career Opportunities for Tech Enthusiasts Stay Safe in the Cyberspace! #freeebook #ebook #cybersecurity #cybersecurityawareness #security #cybersecurity #cloudsecurity #infosec #privacy #datasecurity #cyberattack #databreach #dataprotection #digital #security #phishing #informationsecurityawareness #informationsecurity
Cybersecurity Awareness E-Book - WeSecureApp
Cybersecurity Awareness E-Book - WeSecureApp
WeSecureApp
In this, the second, episode of our mobile penetration testing trilogy, NowSecure Solutions Engineer Michael Krueger takes you beyond the device. Michael will explain how to perform network and web services/API testing to capture data exposed in transit between apps and backend services -- some of the highest risk security flaws around. This high intensity 30-minute crash course covers: + Man-in-the-middle (MITM) attacks + Taking advantage of improper certificate validation + Demonstration of a privilege escalation exploit of a web back-end vulnerability Watch it here: https://youtu.be/bT1-7ZkSdNY
Mobile Penetration Testing: Episode II - Attack of the Code
Mobile Penetration Testing: Episode II - Attack of the Code
NowSecure
Cyber Risk Overview
Ri cyber-security-for-your-small-business
Ri cyber-security-for-your-small-business
Meg Weber
Verimatrix SVP of Marketing Steve Christian examines the security vulnerabilities that device and systems vendors become susceptible to as they aggregate and analyze sensitive customer data. His presentation underscores the importance of determining whether or not the expertise, data capture capabilities and computing infrastructures they have available in-house are agile and scalable enough to not only uncover and use detailed customer behavior, but also keep abreast of regulatory and legal data privacy regulations, which vary county-by-country.
"IoT Security - Make vs Buy?" - IoT Data Analytics & Visualization Summit 2016
"IoT Security - Make vs Buy?" - IoT Data Analytics & Visualization Summit 2016
Verimatrix
Cyberattacks against small and midsize organizations have increased from 11 percent to 15 percent in 2020, according to an Avast survey. Nonprofits are no exception to this alarming trend, which results in lost productivity, damaged reputations, and serious financial implications. Whether you’re a one-person IT team or a nontechnical concerned stakeholder, this webinar will help you - Protect your organization from common malware attacks - Set up a strong cybersecurity strategy for your organization - Identify solutions to help minimize cyberattack risks
Cyberattacks on the Rise: Is Your Nonprofit Prepared?
Cyberattacks on the Rise: Is Your Nonprofit Prepared?
TechSoup
Originally Presenter October 18, 2018 Enterprise-grade ephemeral messaging provider Vaporstream knows firsthand that security needs to be built into the software development lifecycle rather than bolted on. Serving highly regulated industries such as federal government, energy, financial services and healthcare, Vaporstream’s leakproof communication platform provides the highest level of assurance that compliance professionals require. Vaporstream partners with NowSecure to test and certify its Android and iOS mobile messaging apps. This case study webinar covers how Vaporstream adheres to a rigorous secure app lifecycle in order to meet customer expectations for secure communications: + Designing a secure app architecture & development process + Incorporating security testing into the release cycle + Comprehensive penetration testing
CASE STUDY - Ironclad Messaging & Secure App Dev for Regulated Industries
CASE STUDY - Ironclad Messaging & Secure App Dev for Regulated Industries
NowSecure
NowSecure Director of Research David Weistein recently spoke at the Security by Design Meetup in Washington, DC. This presentation offers information about risks impacting mobile and the differences between iOS and Android security. Recap here: https://www.nowsecure.com/blog/2016/08/24/android-buckles-down-and-ios-opens-up-trends-in-platform-security-affecting-developers/
iOS and Android security: Differences you need to know
iOS and Android security: Differences you need to know
NowSecure
An in-depth look at: 1. Disruptive Technology and its impact on organizations. 2. Need for a Security Operations Center (SOC) for the 21st century businesses 3. Designing and operating an effective SOC - what it takes to run a successful SOC starting from how we should prepare our minds in terms of approach to the actual implementation and operation. 4. Qualities any SOC Analyst should possess 5. Measuring the success of a SOC - We discuss critical factors to consider when determining the success of a SOC.
Governance of security operation centers
Governance of security operation centers
Brencil Kaimba
Cyber Security for Financial Institutions Suggestions and recommendations
Cyber Security for Financial Institutions
Cyber Security for Financial Institutions
Khawar Nehal khawar.nehal@atrc.net.pk
Secure Your Business 2009
Secure Your Business 2009
RCioffi
Learn why IT security solutions are failing in this slide deck. To view the on-demand webinar in its entirety, click here: http://bit.ly/2jBqLsS
Webinar: Is your web security broken? - 10 things you need to know
Webinar: Is your web security broken? - 10 things you need to know
Cyren, Inc
Why do you need a network security checklist? Your business faces threats on many fronts, and the more users, devices, and applications you add, the more vulnerable your network becomes. Whether your business is small or large, consider your network security requirements. Then follow our five-step network security checklist to create a holistic security solution to prevent breaches and address issues quickly.
SMB Network Security Checklist
SMB Network Security Checklist
Mobeen Khan
You won’t want to miss this security review and trend analysis from two of the industry’s leading professionals.
Beyond the Phish with GTRI and Wombat Security Technologies
Beyond the Phish with GTRI and Wombat Security Technologies
Zivaro Inc
When Edward Snowden leaked classified information to the mainstream media, it brought the dangers posed by insider threats to the forefront of public consciousness, and not without reason. Today’s agencies are drowning in fears surrounding sophisticated cyber-attacks but perhaps the most concerning type of attack out there – the insider threat. According to Forrester, abuse by malicious insiders makes up 25% of data breaches. Learn about the best practices and technologies you should be implementing now to avoid becoming the next victim of a high-profile attack. - Become aware of the different types of insider threats, including their motives and methods of attack - Understand why conventional security tools like firewalls, antivirus and IDS/IPS are powerless in the face of the insider threat - Gain clarity on the various technologies, policies and best practices that should be put in place to help detect and thwart insider threats - Discover how network logs, particularly NetFlow, can be used to cost-effectively monitor for suspicious insider behaviors that could indicate an attack - Know about emerging attack methods such as muleware that could further escalate insider threats in the coming years
Combating Insider Threats – Protecting Your Agency from the Inside Out
Combating Insider Threats – Protecting Your Agency from the Inside Out
Lancope, Inc.
Similar to Cybersecurity Fundamentals for Bar Associations
(20)
OWASP Mobile Top 10
OWASP Mobile Top 10
The fundamentals of Android and iOS app security
The fundamentals of Android and iOS app security
Five mobile security challenges facing the enterprise
Five mobile security challenges facing the enterprise
Compliance in the mobile enterprise: 5 tips to prepare for your next audit
Compliance in the mobile enterprise: 5 tips to prepare for your next audit
How to make Android apps secure: dos and don’ts
How to make Android apps secure: dos and don’ts
Cutting out the middleman: Man-in-the-middle attacks and prevention for mobil...
Cutting out the middleman: Man-in-the-middle attacks and prevention for mobil...
Cybersecurity Awareness E-Book - WeSecureApp
Cybersecurity Awareness E-Book - WeSecureApp
Mobile Penetration Testing: Episode II - Attack of the Code
Mobile Penetration Testing: Episode II - Attack of the Code
Ri cyber-security-for-your-small-business
Ri cyber-security-for-your-small-business
"IoT Security - Make vs Buy?" - IoT Data Analytics & Visualization Summit 2016
"IoT Security - Make vs Buy?" - IoT Data Analytics & Visualization Summit 2016
Cyberattacks on the Rise: Is Your Nonprofit Prepared?
Cyberattacks on the Rise: Is Your Nonprofit Prepared?
CASE STUDY - Ironclad Messaging & Secure App Dev for Regulated Industries
CASE STUDY - Ironclad Messaging & Secure App Dev for Regulated Industries
iOS and Android security: Differences you need to know
iOS and Android security: Differences you need to know
Governance of security operation centers
Governance of security operation centers
Cyber Security for Financial Institutions
Cyber Security for Financial Institutions
Secure Your Business 2009
Secure Your Business 2009
Webinar: Is your web security broken? - 10 things you need to know
Webinar: Is your web security broken? - 10 things you need to know
SMB Network Security Checklist
SMB Network Security Checklist
Beyond the Phish with GTRI and Wombat Security Technologies
Beyond the Phish with GTRI and Wombat Security Technologies
Combating Insider Threats – Protecting Your Agency from the Inside Out
Combating Insider Threats – Protecting Your Agency from the Inside Out
More from NowSecure
Originally presented April 4, 2020 @ VirSecCon2020
iOS recon with Radare2
iOS recon with Radare2
NowSecure
Originally Recorded March 18, 2020 DevSecOps enthusiast D.J. Schleen unveils the latest updates to the DevSecOps Reference Architecture, an extensive chart of open-source tools and third-party applications that now includes mobile app pipelines. Join us to score your own copy and learn: + The most popular tools and integrations to automate and scale your pipeline + How and where mobile DevSecOps differs from web + Where to apply dynamic and interactive application security testing to speed app delivery
From Tangled Mess to Organized Flow: A Mobile DevSecOps Reference Architecture
From Tangled Mess to Organized Flow: A Mobile DevSecOps Reference Architecture
NowSecure
Originally Recorded July 19, 2019 Apple and Google’s forthcoming mobile operating systems boast a bevy of privacy features that enable users to seize more control of their personal data. NowSecure Mobile Security Analyst Tony Ramirez will dives into Android and iOS application security and privacy enhancements and what they mean for mobile DevSecOps teams. Join us to learn about: + Increased transparency and granularity over location tracking + New protections for sensitive information + Safer data exchanges in Android Q through TLS 1.3 encryption
Android Q & iOS 13 Privacy Enhancements
Android Q & iOS 13 Privacy Enhancements
NowSecure
Originally presented June 24, 2019 https://www.nowsecure.com/resource/debunking-the-top-5-myths-about-mobile-appsec/ It’s hard to believe that mobile app stores are more than a decade old yet some crazy misconceptions about mobile application security still linger. Have you heard these before? - Testing mobile apps is the same as web apps - SAST is good enough for mobile, you don’t need DAST - Mobile apps are secure because Apple and Google security test them - Outsourcing a penetration test once per year is sufficient to mitigate risk Sort fact from fiction and learn how to ensure your mobile appsec program is on the right track. You may discover some surprising things about modern mobile application security.
Debunking the Top 5 Myths About Mobile AppSec
Debunking the Top 5 Myths About Mobile AppSec
NowSecure
Hear Radare creator Sergi (Pancake) Alvarez conduct a deep dive of r2frida, a framework that combines the best of Frida and Radare. Frida and Radare are leading open-source reverse engineering tools sponsored by NowSecure. Targeting intermediate to advanced users and security analysts, this overview will highlight the r2frida plug-in architecture. Watch the webinar: http://bit.ly/2DBHt7M Watch this webinar to learn: + What dynamic and static techniques the individual tools provide to assist security analysts with reverse engineering; + Why r2frida’s plugin architecture eases the task of performing reverse engineering workflows; + How to create your own new plug-in.
OSS Tools: Creating a Reverse Engineering Plug-in for r2frida
OSS Tools: Creating a Reverse Engineering Plug-in for r2frida
NowSecure
Mobile penetration testing helps uncover app exploits and vulnerabilities and is a crucial component of risk assessment. However, many people fear the complexity and don’t know where to get started. It all begins with a solid plan of attack. NowSecure veterans of hundreds of mobile app pen tests will walk you through the process of assembling a pen testing playbook to hack your app. This webinar covers: +Tips and tricks for targeting common issues +The best tools for the job +How to document findings to close the loop on vulnerabilities.
Building a Mobile App Pen Testing Blueprint
Building a Mobile App Pen Testing Blueprint
NowSecure
Originally presented January 23, 2019 -https://www.brighttalk.com/webcast/15139/344870?utm_source=Slideshare&utm_medium=referral&utm_campaign=344870 2019 is already shaping up to be a standout year for mobile appsec and secure DevOps. If we can say anything with certainty, it’s that cybersecurity is unpredictable and the wave of DevSecOps is unstoppable. But we foresee intensifying concerns about digital privacy amidst high-profile breaches. This deck lists our predictions about what’s in store for our customers and the community in the year ahead. Our veteran industry leaders will prognosticate about developments in these areas: + Mobile ecosystem: OSes, devices, apps and app stores + Evolving mobile security threats + The rise of DevSecOps and the automation of everything + The disruptive economics of automating manual pen testing
Mobile App Security Predictions 2019
Mobile App Security Predictions 2019
NowSecure
Originally Presented December 6, 2018 As DevOps teams seek to accelerate the mobile app dev pipeline, they rely on tools and best practices to gain speed. Because our engineering leader Jeff Fairman previously ran software development for a top online brokerage, he understands the challenges of scaling security testing to meet current demands. After discovering the NowSecure automated testing platform, Jeff Fairman was so impressed with the tech that he joined the company to help DevOps and security teams build and release safe mobile apps. Listen this webinar to learn: + Why you need dynamic application security (DAST) testing to flag vulnerabilities in the post-build phase + The unique requirements, toolchain options and best practices for secure mobile DevOps + How to combine continuous daily testing with outsourced pen testing.
Jeff's Journey: Best Practices for Securing Mobile App DevOps
Jeff's Journey: Best Practices for Securing Mobile App DevOps
NowSecure
Originally presented on September 19, 2018 Given the volume and velocity of mobile apps, there simply aren’t enough resources to test them all in the same manner. There has to be a better way. NowSecure introduces a new framework to help organizations craft a Risk-Based Mobile App Security Testing strategy. Watch the presentation here: https://www.nowsecure.com/webinars/a-risk-based-mobile-app-security-testing-strategy/
A Risk-Based Mobile App Security Testing Strategy
A Risk-Based Mobile App Security Testing Strategy
NowSecure
Originally presented August 23, 2018 2018 seems to be the year of privacy updates for both iOS and Android. In this webinar, Mobile Security Analyst Tony Ramirez takes a deeper look at security updates for Android including learnings from Android 8, what to expect for Android 9, and the implications for mobile app security.
Android P Security Updates: What You Need to Know
Android P Security Updates: What You Need to Know
NowSecure
Originally presented on June 12, 2018 Much of the improvements for iOS 12 focused on privacy and reliability. What prompted these changes and how will it affect the path forward? In this discussion, Tony Ramirez, Mobile Security Analyst, shares about the following: + Learnings & remediations from iOS 11 + Predictions coming out of WWDC + How we see the newest software update, iOS 12, affecting mobile app security testing
iOS 12 Preview - What You Need To Know
iOS 12 Preview - What You Need To Know
NowSecure
Originally Presented March 21, 2018 Most mobile app penetration tests or vulnerability assessments take anywhere from a couple of days to two weeks to deliver because of the manual approaches, brittle open source stacks in homegrown testing rigs and legacy application security testing (AST) tools. The shift to agile development common in mobile app development teams has left appsec testing behind. New mobile app builds are pushed daily, weekly or monthly, and appsec testing teams struggle to keep up. Each new build brings new code, including 3rd-party libraries, and with that code comes new potential vulnerabilities. Application security & testing teams - this one’s for you. If you’re looking for ways to join the agile approach and keep pace with the speed of your development team’s CI/CD pipeline, take stock of these 5 tips for mobile appsec testing and integrate them into your company’s workflow.
5 Tips for Agile Mobile App Security Testing
5 Tips for Agile Mobile App Security Testing
NowSecure
From the creators behind top mobile tools R2 and FRIDA, get the inside scoop on the R2 and FRIDA OSS projects. Led by NowSecure Research Team including David Weinstein, Ole André and Pancake (Sergi Àlvarez), this webinar speaks to our favorite mobile AST OSS projects. Peek behind the curtain on these tools, check out on their latest updates, and learn about potential future enhancements.
Top OSS for Mobile AppSec Testing: The Latest on R2 and FRIDA
Top OSS for Mobile AppSec Testing: The Latest on R2 and FRIDA
NowSecure
Originally presented on 11/30/2017 at the 2017 NH-ISAC Third Party Risk Governance Summit
Mobile Apps & Connected Healthcare: Managing 3rd-Party Mobile App Risk
Mobile Apps & Connected Healthcare: Managing 3rd-Party Mobile App Risk
NowSecure
Our threat research team spends every waking moment reverse-engineering and cracking mobile apps and devices to help organizations reduce mobile risk. Originally presented on October 24, 2017, mobile security expert and NowSecure founder Andrew Hoog explains the attacker’s point-of-view, what attackers are looking for in mobile banking or financial services apps, and what makes your mobile app an appetizing target. He then provides tips for deploying a mobile app security testing program to ensure you proactively plug security holes, squash privacy leaks, and fill compliance gaps in your mobile apps.
What attackers know about your mobile apps that you don’t: Banking & FinTech
What attackers know about your mobile apps that you don’t: Banking & FinTech
NowSecure
Mobile apps fall in scope for a number of regulatory requirements that govern the banking and financial services industries, such as: guidelines from the Federal Financial Institutions Examination Council (FFIEC), the Gramm–Leach–Bliley Act (GLBA), New York State cybersecurity requirements for financial services companies, the Payment Card Industry Data Security Standard (PCI DSS), the Sarbanes-Oxley Act, and more. Luckily, a repeatable mobile app security assessment program and standardized reporting go a long way in both achieving compliance objectives and securing mobile apps and data. Originally presented on August 22, 2017, NowSecure Security Solutions Engineer Brian Lawrence explains: -- How and where exactly mobile apps fall in scope for various compliance regimes -- Mobile app security issues financial institutions must identify and fix for compliance purposes -- How assessment reports can be used to demonstrate due diligence
Solving for Compliance: Mobile app security for banking and financial services
Solving for Compliance: Mobile app security for banking and financial services
NowSecure
The amount of data collected by mobile devices and apps is shocking, and vulnerable mobile apps expose that data to compromise. In our static and dynamic analysis of hundreds-of-thousands of mobile apps, we found that 25 percent of them harbor at least one high-risk vulnerability such as collecting/transmitting location data, credentials, and more in cleartext. Mobile data may only be as secure as the weakest app on someone’s device. Mobile app developers need to protect the users of their apps by building high quality, secure apps. This presentation covers the most common mobile app vulnerabilities (including a real-world demonstration), how to identify those vulnerabilities, and what to do to remediate them. Slides from NowSecure Senior Solutions Engineer Jon Porter's talk at the OWASP Denver Chapter's July 2017 meeting.
Leaky Mobile Apps: What You Need to Know
Leaky Mobile Apps: What You Need to Know
NowSecure
What does a sensible approach to approving and denying Android and iOS apps for use by staff look like? It starts with accurate, up-to-date security assessment data. NowSecure VP of Customer Success and Services Katie Strzempka covers how to take a data-driven approach to evaluating mobile apps for use at your organization.
Vetting Mobile Apps for Corporate Use: Security Essentials
Vetting Mobile Apps for Corporate Use: Security Essentials
NowSecure
How do you balance UX and security for mobile banking apps? Check out the slides originally presented on May 2 sharing FFIEC guidance and a study of vulnerabilities 30 mobile banking apps (15 iOS and 15 Android) from 15 financial institutions.
Delivering secure mobile financial services (MFS) - "Frictionless" vs diligence
Delivering secure mobile financial services (MFS) - "Frictionless" vs diligence
NowSecure
Katie Stzempka, VP of Customer Success & Services, shares some helpful guidance on how to launch and improve an internal mobile app security program. You'll learn: -- How to unite a disarray of tasks into a mobile app security testing process -- How to choose the right mobile app security testing tools for your maturity -- How to establish buy-in and collaborate with developers and your DevOps team
Next-level mobile app security: A programmatic approach
Next-level mobile app security: A programmatic approach
NowSecure
More from NowSecure
(20)
iOS recon with Radare2
iOS recon with Radare2
From Tangled Mess to Organized Flow: A Mobile DevSecOps Reference Architecture
From Tangled Mess to Organized Flow: A Mobile DevSecOps Reference Architecture
Android Q & iOS 13 Privacy Enhancements
Android Q & iOS 13 Privacy Enhancements
Debunking the Top 5 Myths About Mobile AppSec
Debunking the Top 5 Myths About Mobile AppSec
OSS Tools: Creating a Reverse Engineering Plug-in for r2frida
OSS Tools: Creating a Reverse Engineering Plug-in for r2frida
Building a Mobile App Pen Testing Blueprint
Building a Mobile App Pen Testing Blueprint
Mobile App Security Predictions 2019
Mobile App Security Predictions 2019
Jeff's Journey: Best Practices for Securing Mobile App DevOps
Jeff's Journey: Best Practices for Securing Mobile App DevOps
A Risk-Based Mobile App Security Testing Strategy
A Risk-Based Mobile App Security Testing Strategy
Android P Security Updates: What You Need to Know
Android P Security Updates: What You Need to Know
iOS 12 Preview - What You Need To Know
iOS 12 Preview - What You Need To Know
5 Tips for Agile Mobile App Security Testing
5 Tips for Agile Mobile App Security Testing
Top OSS for Mobile AppSec Testing: The Latest on R2 and FRIDA
Top OSS for Mobile AppSec Testing: The Latest on R2 and FRIDA
Mobile Apps & Connected Healthcare: Managing 3rd-Party Mobile App Risk
Mobile Apps & Connected Healthcare: Managing 3rd-Party Mobile App Risk
What attackers know about your mobile apps that you don’t: Banking & FinTech
What attackers know about your mobile apps that you don’t: Banking & FinTech
Solving for Compliance: Mobile app security for banking and financial services
Solving for Compliance: Mobile app security for banking and financial services
Leaky Mobile Apps: What You Need to Know
Leaky Mobile Apps: What You Need to Know
Vetting Mobile Apps for Corporate Use: Security Essentials
Vetting Mobile Apps for Corporate Use: Security Essentials
Delivering secure mobile financial services (MFS) - "Frictionless" vs diligence
Delivering secure mobile financial services (MFS) - "Frictionless" vs diligence
Next-level mobile app security: A programmatic approach
Next-level mobile app security: A programmatic approach
Recently uploaded
AS
Notes-on-Prescription-Obligations-and-Contracts.doc
Notes-on-Prescription-Obligations-and-Contracts.doc
BRELGOSIMAT
debt mapping to know your debt
Debt Mapping Camp bebas riba to know how much our debt
Debt Mapping Camp bebas riba to know how much our debt
ssuser0576e4
Military Commissions Trial Judiciary, Guantanamo Bay, Cuba. Notice of the Chief Defense Counsel's detailing of LtCol Thomas F. Jasper, Jr. USMC, as Detailed Defense Counsel for Abd Al Hadi Al-Iraqi on 6 August 2014 in the case of United States v. Hadi al Iraqi (10026)
Military Commissions details LtCol Thomas Jasper as Detailed Defense Counsel
Military Commissions details LtCol Thomas Jasper as Detailed Defense Counsel
Thomas (Tom) Jasper
Employment Law
EMPLOYMENT LAW AN OVERVIEW in Malawi.pptx
EMPLOYMENT LAW AN OVERVIEW in Malawi.pptx
MwaiMapemba
Get insights into DNA testing and its application in civil and criminal matters. Find out how it contributes to fair and accurate legal proceedings. For more information: https://www.patronslegal.com/criminal-litigation.html
DNA Testing in Civil and Criminal Matters.pptx
DNA Testing in Civil and Criminal Matters.pptx
patrons legal
Precedent, or stare decisis, is a cornerstone of common law systems where past judicial decisions guide future cases, ensuring consistency and predictability in the legal system. Binding precedents from higher courts must be followed by lower courts, while persuasive precedents may influence but are not obligatory. This principle promotes fairness and efficiency, allowing for the evolution of the law as higher courts can overrule outdated decisions. Despite criticisms of rigidity and complexity, precedent ensures similar cases are treated alike, balancing stability with flexibility in judicial decision-making.
PRECEDENT AS A SOURCE OF LAW (SAIF JAVED).pptx
PRECEDENT AS A SOURCE OF LAW (SAIF JAVED).pptx
OmGod1
VIETNAM - DIRECT POWER PURCHASE AGREEMENTS (DPPA) - Latest development - What you must know:
VIETNAM - DIRECT POWER PURCHASE AGREEMENTS (DPPA) - Latest development - What...
VIETNAM - DIRECT POWER PURCHASE AGREEMENTS (DPPA) - Latest development - What...
Dr. Oliver Massmann
This is the presentation prepared fior the 24 may 2024 conference (online) at Tilburg University on the UN role in shaping International taxation in the years to come.
Solidarity and Taxation: the Ubuntu approach in South Africa
Solidarity and Taxation: the Ubuntu approach in South Africa
University of Ferrara
ΝΤΟΝΑΛΝΤ ΤΡΑΜΠ
Donald_J_Trump_katigoritirio_stormi_daniels.pdf
Donald_J_Trump_katigoritirio_stormi_daniels.pdf
ssuser5750e1
All eyes on Rafah: But why?. The Rafah border crossing, a crucial point between Egypt and the Gaza Strip, often finds itself at the center of global attention. As we explore the significance of Rafah, we’ll uncover why all eyes are on Rafah and the complexities surrounding this pivotal region. INTRODUCTION What makes Rafah so significant that it captures global attention? The phrase ‘All eyes are on Rafah’ resonates not just with those in the region but with people worldwide who recognize its strategic, humanitarian, and political importance. In this guide, we will delve into the factors that make Rafah a focal point for international interest, examining its historical context, humanitarian challenges, and political dimensions.
ALL EYES ON RAFAH BUT WHY Explain more.pdf
ALL EYES ON RAFAH BUT WHY Explain more.pdf
46adnanshahzad
Law Commission Report
Law Commission Report. Commercial Court Act.
Law Commission Report. Commercial Court Act.
Purushottam Jha
Doctrine of Renvoi is one of the main principle under the application of Private International Law. When conflict of law arises before the foreign courts, the court will resolve the issues by applying the doctrine of renvoi.
Application of Doctrine of Renvoi by foreign courts under conflict of laws
Application of Doctrine of Renvoi by foreign courts under conflict of laws
anvithaav
Case involving survey evidence over dispute involving tequila
Casa Tradicion v. Casa Azul Spirits (S.D. Tex. 2024)
Casa Tradicion v. Casa Azul Spirits (S.D. Tex. 2024)
Mike Keyes
helpful for law student
indian evidence act.pdf.......very helpful for law student
indian evidence act.pdf.......very helpful for law student
AaruKhanduri
A quiz
Agrarian Reform Policies in the Philippines: a quiz
Agrarian Reform Policies in the Philippines: a quiz
gaelcabigunda
Goodman Estate Law is a boutique law firm primarily focused on Estate Planning, Probate, and Trust Administration in Laguna Hills Southern California.
7 Basic Steps of Trust Administration.pdf
7 Basic Steps of Trust Administration.pdf
Goodman Estate Law
Victims of crime have a range of rights designed to ensure their protection, support, and participation in the justice system. These rights include the right to be treated with dignity and respect, the right to be informed about the progress of their case, and the right to be heard during legal proceedings. Victims are entitled to protection from intimidation and harm, access to support services such as counseling and medical care, and the right to restitution from the offender. Additionally, many jurisdictions provide victims with the right to participate in parole hearings and the right to privacy to protect their personal information from public disclosure. These rights aim to acknowledge the impact of crime on victims and to provide them with the necessary resources and involvement in the judicial process.
RIGHTS OF VICTIM EDITED PRESENTATION(SAIF JAVED).pptx
RIGHTS OF VICTIM EDITED PRESENTATION(SAIF JAVED).pptx
OmGod1
In an era dominated by digital innovation, the rise of cybercrime poses significant challenges to individuals, businesses, and governments worldwide. As cyber threats become more sophisticated and pervasive, the demand for specialized legal expertise in combating cybercrime has surged. A cyber crime law firm plays a pivotal role in navigating the complex legal landscape of cybersecurity.
What Are the Strategies Offered by Cybercrime Law Firms?
What Are the Strategies Offered by Cybercrime Law Firms?
Finlaw Associates
Charge simply means 'accusation'. A charge is a formal recognition of concrete accusations by a magistrate or a court based upon a complaint or information against the accused. A charge is drawn up by a court only when the court is satisfied by the prima facie evidence against the accused. The basic idea behind a charge is to make the accused understand what exactly he is accused of so that he can defend himself.
Charge and its essentials rules Under the CRPC, 1898
Charge and its essentials rules Under the CRPC, 1898
Daffodil International University
This is Abdul Hakim Shabazz deposition hearing in the Marion County Fairground Boards, money misappropriating scandal.
Abdul Hakim Shabazz Deposition Hearing in Federal Court
Abdul Hakim Shabazz Deposition Hearing in Federal Court
Gabe Whitley
Recently uploaded
(20)
Notes-on-Prescription-Obligations-and-Contracts.doc
Notes-on-Prescription-Obligations-and-Contracts.doc
Debt Mapping Camp bebas riba to know how much our debt
Debt Mapping Camp bebas riba to know how much our debt
Military Commissions details LtCol Thomas Jasper as Detailed Defense Counsel
Military Commissions details LtCol Thomas Jasper as Detailed Defense Counsel
EMPLOYMENT LAW AN OVERVIEW in Malawi.pptx
EMPLOYMENT LAW AN OVERVIEW in Malawi.pptx
DNA Testing in Civil and Criminal Matters.pptx
DNA Testing in Civil and Criminal Matters.pptx
PRECEDENT AS A SOURCE OF LAW (SAIF JAVED).pptx
PRECEDENT AS A SOURCE OF LAW (SAIF JAVED).pptx
VIETNAM - DIRECT POWER PURCHASE AGREEMENTS (DPPA) - Latest development - What...
VIETNAM - DIRECT POWER PURCHASE AGREEMENTS (DPPA) - Latest development - What...
Solidarity and Taxation: the Ubuntu approach in South Africa
Solidarity and Taxation: the Ubuntu approach in South Africa
Donald_J_Trump_katigoritirio_stormi_daniels.pdf
Donald_J_Trump_katigoritirio_stormi_daniels.pdf
ALL EYES ON RAFAH BUT WHY Explain more.pdf
ALL EYES ON RAFAH BUT WHY Explain more.pdf
Law Commission Report. Commercial Court Act.
Law Commission Report. Commercial Court Act.
Application of Doctrine of Renvoi by foreign courts under conflict of laws
Application of Doctrine of Renvoi by foreign courts under conflict of laws
Casa Tradicion v. Casa Azul Spirits (S.D. Tex. 2024)
Casa Tradicion v. Casa Azul Spirits (S.D. Tex. 2024)
indian evidence act.pdf.......very helpful for law student
indian evidence act.pdf.......very helpful for law student
Agrarian Reform Policies in the Philippines: a quiz
Agrarian Reform Policies in the Philippines: a quiz
7 Basic Steps of Trust Administration.pdf
7 Basic Steps of Trust Administration.pdf
RIGHTS OF VICTIM EDITED PRESENTATION(SAIF JAVED).pptx
RIGHTS OF VICTIM EDITED PRESENTATION(SAIF JAVED).pptx
What Are the Strategies Offered by Cybercrime Law Firms?
What Are the Strategies Offered by Cybercrime Law Firms?
Charge and its essentials rules Under the CRPC, 1898
Charge and its essentials rules Under the CRPC, 1898
Abdul Hakim Shabazz Deposition Hearing in Federal Court
Abdul Hakim Shabazz Deposition Hearing in Federal Court
Cybersecurity Fundamentals for Bar Associations
1.
© Copyright 2016
NowSecure, Inc. All Rights Reserved. Proprietary information. Do not distribute. Cybersecurity Fundamentals for Bar Associations
2.
Andrew Hoog CEO and
Co-founder of NowSecure © Copyright 2015 NowSecure, Inc. All Rights Reserved. Proprietary information. ● Computer scientist & mobile security researcher ● Author of three mobile security books ● Enjoyer of science fiction, running and red wine © Copyright NowSecure 2016, Inc. All Rights Reserved. Proprietary Information.
3.
© Copyright 2016
NowSecure, Inc. All Rights Reserved. Proprietary information. Contents ● Why invest in cybersecurity? ● Assets-based risk assessment ● Common attacks vectors ● Frameworks / Best Practices
4.
© Copyright 2016
NowSecure, Inc. All Rights Reserved. Proprietary information. Do not distribute. Why invest in cybersecurity?
5.
© Copyright 2016
NowSecure, Inc. All Rights Reserved. Proprietary information. Model Rules of Professional Conduct 1.6: Confidentiality of Information (c) A lawyer shall make reasonable efforts to prevent the inadvertent or unauthorized disclosure of, or unauthorized access to, information relating to the representation of a client.
6.
© Copyright 2016
NowSecure, Inc. All Rights Reserved. Proprietary information. Your job? Your bonus?
7.
© Copyright 2016
NowSecure, Inc. All Rights Reserved. Proprietary information. Anyone heard of the Panama papers? The Panama Papers are: 11.5 million leaked documents that detail financial and attorney–client information for more than 214,488 offshore entities.
8.
© Copyright 2016
NowSecure, Inc. All Rights Reserved. Proprietary information. Regulation
9.
© Copyright 2016
NowSecure, Inc. All Rights Reserved. Proprietary information. FTC v. Wyndham “A company does not act equitably when it publishes a privacy policy to attract customers who are concerned about data privacy, fails to make good on that promise by investing inadequate resources in cybersecurity, exposes its unsuspecting customers to substantial financial injury, and retains the profits of their business.” Circuit Judge Thomas Ambro, United States Court of Appeals for the Third District
10.
© Copyright 2016
NowSecure, Inc. All Rights Reserved. Proprietary information. FTC v. Wyndhan FTC has authority to bring data security cases Apple App Store and Google Play store require privacy policies Failure to invest in security of those apps (i.e., “do what you say”) puts you at risk
11.
© Copyright 2016
NowSecure, Inc. All Rights Reserved. Proprietary information. Information Security - It’s a process, yo! Information Security Management System (ISMS) is not a computer system but an organizational policy and program to implement and manage information security. A major component of this is executive accountability for information security, making clear the responsibility overall and also "ownership" of specific systems/data.
12.
© Copyright 2016
NowSecure, Inc. All Rights Reserved. Proprietary information. Do not distribute. Asset-based risk assessment
13.
© Copyright 2015
NowSecure, Inc. All Rights Reserved. Proprietary information. Assets of value Things I heard you value ● Member database ● Credit cards ● PII ● Anything related to cases ● … Things attackers may also value
14.
© Copyright 2015
NowSecure, Inc. All Rights Reserved. Proprietary information. Assets of value Things I heard you value ● Member database ● Credit cards ● PII ● Anything related to cases ● … Things attackers may also value ● Network (DDoS) ● CPU (bitcoin mining, wheeee!) ● Your identity ● Making a point (political / philosophical agendas) ● Bragging rights
15.
© Copyright 2016
NowSecure, Inc. All Rights Reserved. Proprietary information. I think of vulnerabilities in three buckets Unknown / No fix Best practices Very little anyone can do here See router example (vulnerable cable modem) Tactics: implement best practices and try to limit what attackers can access This is the area to focus most energy 80/20 rule in play here, meaning a reasonable amount of effort will address 80% of your risk. The remaining 20% is precipitously expensive and difficult to address. Targeted attacks Can’t defend against Attacker will ultimately succeed Tactics: implement best practices and try to limit what attackers can access
16.
© Copyright 2016
NowSecure, Inc. All Rights Reserved. Proprietary information. Do not distribute. Compromised router
17.
© Copyright 2016
NowSecure, Inc. All Rights Reserved. Proprietary information. It all began on Saturday, February 13 ● Certificate error ● Examined the details ● Determined there was an issue Documented the issue Contacted corporate security team ● Attempted to re-create on iPad, other iOS devices, laptop, desktop © Copyright NowSecure 2016, Inc. All Rights Reserved. Proprietary Information.
18.
© Copyright 2016
NowSecure, Inc. All Rights Reserved. Proprietary information. Info gathering and identification Symptoms ● Gmail app wouldn’t sync ● Wi-Fi certificate errors ● Analyzed certificate Hosted in shared environment ● Istanbul ● Both used self-signed HTTPS certificate ● Issued by: ssl@servers.carsimedya.com © Copyright NowSecure 2016, Inc. All Rights Reserved. Proprietary Information.
19.
© Copyright 2016
NowSecure, Inc. All Rights Reserved. Proprietary information. Continuing investigation Suspicious DNS entries ● Queried IP address - resolved to a server in Germany ● Same DNS as carsimedya.com ● Social media and SEO related ● Investigated router configuration Theories ● Targeted attack ● Mass router compromise (using known or zero-day vulnerability) © Copyright NowSecure 2016, Inc. All Rights Reserved. Proprietary Information.
20.
© Copyright 2016
NowSecure, Inc. All Rights Reserved. Proprietary information. Do not distribute. Common attack vectors
21.
© Copyright 2016
NowSecure, Inc. All Rights Reserved. Proprietary information. Do not distribute. Common Attacks 1. Vulnerable software (and firmware) 2. Phishing attacks, email most common but can also be SMS 3. Ransomware - (typically phishing + vulnerable software) 4. Webserver 5. Social engineering 6. Physical With scary cyber criminal image
22.
© Copyright 2016
NowSecure, Inc. All Rights Reserved. Proprietary information. Do not distribute. Local ABA Webserver
23.
© Copyright 2016
NowSecure, Inc. All Rights Reserved. Proprietary information. Do not distribute. Web Server Info Scan took 1.5 seconds - IIS 7.5 was released in 2009!
24.
© Copyright 2016
NowSecure, Inc. All Rights Reserved. Proprietary information. Do not distribute. IIS 7.5 Known Vulnerabilities
25.
© Copyright 2016
NowSecure, Inc. All Rights Reserved. Proprietary information. Do not distribute. .NET Framework 4.0 Know Vulnerabilities
26.
© Copyright 2016
NowSecure, Inc. All Rights Reserved. Proprietary information. Ideas on how the Panama papers leaked? Does anyone want to conjecture on how the Panama papers were leaked? The Panama Papers are: 11.5 million leaked documents that detail financial and attorney–client information for more than 214,488 offshore entities.
27.
© Copyright 2016
NowSecure, Inc. All Rights Reserved. Proprietary information. Do not distribute. Frameworks / Best Practices
28.
NIST Cybersecurity Framework Check
it out: https://www.nist.gov/cyberframework
29.
© Copyright 2016
NowSecure, Inc. All Rights Reserved. Proprietary information. Five practical info sec tips for non-security firms
30.
© Copyright 2015
NowSecure, Inc. All Rights Reserved. Proprietary information. 1 2 3 4 5 Patch Routers Firewalls Wi-Fi Access Points Servers Computer Laptops Mobile phones ....
31.
© Copyright 2015
NowSecure, Inc. All Rights Reserved. Proprietary information. 1 2 3 4 5 Patch Routers Firewalls Wi-Fi Access Points Servers Computer Laptops Mobile phones .... Auth Change default passwords! Use a password manager. Two Factor Auth
32.
© Copyright 2015
NowSecure, Inc. All Rights Reserved. Proprietary information. 1 2 3 4 5 Patch Routers Firewalls Wi-Fi Access Points Servers Computer Laptops Mobile phones .... Auth Change default passwords! Use a password manager. Two Factor Auth Segment Install a firewall Consider segmenting sensitive servers from computers, mobile and IoT devices and guest Wi-Fi
33.
© Copyright 2015
NowSecure, Inc. All Rights Reserved. Proprietary information. 1 2 3 4 5 Patch Auth Segment Install a firewall Consider segmenting sensitive servers from computers, mobile and IoT devices and guest Wi-Fi Encrypt Encrypt data at test Servers Laptops Mobile Devices This is only effective in some scenarios Routers Firewalls Wi-Fi Access Points Servers Computer Laptops Mobile phones .... Change default passwords! Use a password manager. Two Factor Auth
34.
© Copyright 2015
NowSecure, Inc. All Rights Reserved. Proprietary information. 1 2 3 4 5 Patch Auth Segment Encrypt Outsource Security is hard so outsourcing makes sense in many situations Primary upside is using large SaaS providers for key systems like email Audit your mobile apps against the framework Set internal requirements for mobile app security Teach developers how to code in compliance with the framework, and teach security auditors how to test apps against it Document framework, education materials, and assessments (i.e., reports), and make sure it’s all organized and accessible
35.
© Copyright 2016
NowSecure, Inc. All Rights Reserved. Proprietary information. Security needs to be user friendly or people will circumvent it Executives must lead by example and take responsibility for security Needs to become part of your DNS Assets are valuable, vulnerabilities are everywhere. Attackers have an asymmetric advantage Information Security is org policy and program
36.
Don’t Panic Andrew Hoog CEO
/ Co-founder, NowSecure ahoog@nowsecure.com 312-878-1100, x4242 Twitter: @ahoog42 nowsecure.com
Download now