SlideShare a Scribd company logo

How to not suck at an audit-2.pdf

Hacken
Hacken

Professional fundamental insights into a security audit concept. How to maximize its value?

Presentations & Public Speaking
1 of 34
How to not suck at an audit Corey Petty, PhD
Me
@ethstatus @corpetty (this is me)
Shameless plug https://hashingitout.stream https://thebitcoinpodcast.com
What the hell is “security”?
Put simply, security is the process of protecting “value”
Value
Value Access Controls
Value Process Access Controls Defines
Value Process Access Vulnerability Circumvents Provides undesired access or damage to Controls Defines
Value Process Threat Access Vulnerability Predicts, Monitors, and Responds to Exploits Circumvents Provides undesired access or damage to Controls Defines
Value Process Threat Access Vulnerability Predicts, Monitors, and Responds to Exploits Circumvents Provides undesired access or damage to Controls Defines
Value Process Threat Access Vulnerability Predicts, Monitors, and Responds to Exploits Circumvents Provides undesired access or damage to Controls Defines
Value Process Threat Access Vulnerability Predicts, Monitors, and Responds to Exploits Circumvents Provides undesired access or damage to Controls Defines
Value Process Threat Access Vulnerability Predicts, Monitors, and Responds to Exploits Circumvents Provides undesired access or damage to Controls Defines
Value Process Threat Access Vulnerability Predicts, Monitors, and Responds to Exploits Circumvents Provides undesired access or damage to Controls Defines
The current state of things
Long lines, high prices Development growth outpaces assessment talent Large knowledge gap between parties
Low barrier of entry for developers permissionless participation, innovation in all directions, tutorials everywhere Few quality on-boarding resources for security engineers What are the types of things only a human can find? Culture of BUIDL How many projects have dedicated security engineers? Slow traditional security adoption Over-hyped public narrative, new technology, rampant scams Development growth outpaces assessment talent
Developers don’t know what security firms want Scope definition, relative risk Rapid pace of innovation Keeping up with current innovation is a lot of work Poor internal security resources How many projects have dedicated security engineers? Large knowledge gap between parties
How to think about a security review
It’s not an audit, it’s an assessment Lack in-house expertise Increase community confidence Substantial risk (non-exhaustive)
What can you do?
Start early, write it down Documentation Define a process Open source tooling and standards
Specification NatSpec, user stories, TLA+, invariants, assumptions Threat modeling Identifying risk, their controls, and who has access to them User documentation Tutorials, run scripts, installation docs, faq Best practices Identify what you’re using w.r.t. Best practices, and how you deviate Documentation
Low effort Linter, static analyzers, call graph generation Medium effort Fuzzers, simulations, modeling Heavy effort Formal verification engines Tooling
Plan Plan out what you’re building, get a sanity check, evaluate risk Build Use tooling to constantly check for low hanging fruit, CI/CD, unit tests Check Evaluate cost vs risk, get internal reviews Define a process
How to think about a security review
The road to not sucking Write an RfP Track and disclose results Shop
Define Who you are, what is the project goals, all relevant resources Scope What is to be reviewed explicitly, relevant skills needed Set expectation How long, budget, deliverables Process How to contact, what to include in a bid, selection criteria, propose fee structure Write an RfP
Distribute the RfP to relevant parties Official communications, direct emails, social Negotiate Ask for justification of services if needed, query differentiating factors, ensure firm resources and timelines Choose one or more that fit appropriately Develop an audit plan based on submitted proposals Shop
Make sure you input key findings in your workflow The easiest way to track is to just incorporate findings into what you already do Keep track of their progress Make sure you actually utilize the wisdom learned from what you’ve paid for Broadcast fixes, write post-mortems Tell people what you’ve done, and what lessons you’ve learned along the way Track and disclose results
Time to wrap up?
- https://github.com/status-im/status-security - https://our.status.im search “audit” THANK YOU FOR LISTENING

Recommended

Penetration Testing; A customers perspective
Penetration Testing; A customers perspectivePenetration Testing; A customers perspective
Penetration Testing; A customers perspectivePhil Huggins FBCS CITP
 
Penetration Testing Guide
Penetration Testing GuidePenetration Testing Guide
Penetration Testing GuideBadawy Abd El-Aziz
 
Vulnerability Ass... Penetrate What?
Vulnerability Ass... Penetrate What?Vulnerability Ass... Penetrate What?
Vulnerability Ass... Penetrate What?Jorge Orchilles
 
Monetizing pentest process
Monetizing pentest process Monetizing pentest process
Monetizing pentest process Aldo Elam Majiah
 
How Did I Miss That Bug? Managing Cognitive Bias in Testing
How Did I Miss That Bug? Managing Cognitive Bias in TestingHow Did I Miss That Bug? Managing Cognitive Bias in Testing
How Did I Miss That Bug? Managing Cognitive Bias in TestingTechWell
 
Software Security Initiative Capabilities: Where Do I Begin?
Software Security Initiative Capabilities: Where Do I Begin? Software Security Initiative Capabilities: Where Do I Begin?
Software Security Initiative Capabilities: Where Do I Begin? Cigital
 
Delivering Secure Projects
Delivering Secure ProjectsDelivering Secure Projects
Delivering Secure ProjectsPhil Huggins FBCS CITP
 
Rekard Edgren - Curing Our Binary Disease - EuroSTAR 2012
Rekard Edgren - Curing Our Binary Disease - EuroSTAR 2012Rekard Edgren - Curing Our Binary Disease - EuroSTAR 2012
Rekard Edgren - Curing Our Binary Disease - EuroSTAR 2012TEST Huddle
 

Recommended

Penetration Testing; A customers perspective
Penetration Testing; A customers perspectivePenetration Testing; A customers perspective
Penetration Testing; A customers perspectivePhil Huggins FBCS CITP
 
Penetration Testing Guide
Penetration Testing GuidePenetration Testing Guide
Penetration Testing GuideBadawy Abd El-Aziz
 
Vulnerability Ass... Penetrate What?
Vulnerability Ass... Penetrate What?Vulnerability Ass... Penetrate What?
Vulnerability Ass... Penetrate What?Jorge Orchilles
 
Monetizing pentest process
Monetizing pentest process Monetizing pentest process
Monetizing pentest process Aldo Elam Majiah
 
How Did I Miss That Bug? Managing Cognitive Bias in Testing
How Did I Miss That Bug? Managing Cognitive Bias in TestingHow Did I Miss That Bug? Managing Cognitive Bias in Testing
How Did I Miss That Bug? Managing Cognitive Bias in TestingTechWell
 
Software Security Initiative Capabilities: Where Do I Begin?
Software Security Initiative Capabilities: Where Do I Begin? Software Security Initiative Capabilities: Where Do I Begin?
Software Security Initiative Capabilities: Where Do I Begin? Cigital
 
Delivering Secure Projects
Delivering Secure ProjectsDelivering Secure Projects
Delivering Secure ProjectsPhil Huggins FBCS CITP
 
Rekard Edgren - Curing Our Binary Disease - EuroSTAR 2012
Rekard Edgren - Curing Our Binary Disease - EuroSTAR 2012Rekard Edgren - Curing Our Binary Disease - EuroSTAR 2012
Rekard Edgren - Curing Our Binary Disease - EuroSTAR 2012TEST Huddle
 
Increasing Value Of Security Assessment Services
Increasing Value Of Security Assessment ServicesIncreasing Value Of Security Assessment Services
Increasing Value Of Security Assessment ServicesChris Nickerson
 
Enterprise security management II
Enterprise security management IIEnterprise security management II
Enterprise security management IIzapp0
 
Vulnerability Assessment and Penetration Testing Framework by Falgun Rathod
Vulnerability Assessment and Penetration Testing Framework by Falgun RathodVulnerability Assessment and Penetration Testing Framework by Falgun Rathod
Vulnerability Assessment and Penetration Testing Framework by Falgun RathodFalgun Rathod
 
Enterprise incident response 2017
Enterprise incident response 2017Enterprise incident response 2017
Enterprise incident response 2017zapp0
 
Security Consulting Methodology
Security Consulting MethodologySecurity Consulting Methodology
Security Consulting Methodologyciso_insights
 
Penetration Testing for Cybersecurity Professionals
Penetration Testing for Cybersecurity ProfessionalsPenetration Testing for Cybersecurity Professionals
Penetration Testing for Cybersecurity Professionals211 Check
 
Security architecture frameworks
Security architecture frameworksSecurity architecture frameworks
Security architecture frameworksJohn Arnold
 
Backtrack manual Part1
Backtrack manual Part1Backtrack manual Part1
Backtrack manual Part1Nutan Kumar Panda
 
Assess all the things
Assess all the thingsAssess all the things
Assess all the thingsJerod Brennen
 
Penetration Testing Service in India Senselearner .pdf
Penetration Testing Service in India Senselearner .pdfPenetration Testing Service in India Senselearner .pdf
Penetration Testing Service in India Senselearner .pdfSense Learner Technologies Pvt Ltd
 
Free Guide to Master in Ethical Hacking (CEH v12).pdf
Free Guide to Master in Ethical Hacking (CEH v12).pdfFree Guide to Master in Ethical Hacking (CEH v12).pdf
Free Guide to Master in Ethical Hacking (CEH v12).pdfinfosecTrain
 
𝐘𝐨𝐮𝐫 𝐅𝐑𝐄𝐄 𝐆𝐮𝐢𝐝𝐞 𝐓𝐨 𝐌𝐚𝐬𝐭𝐞𝐫 𝐄𝐭𝐡𝐢𝐜𝐚𝐥 𝐇𝐚𝐜𝐤𝐢𝐧𝐠 👇
𝐘𝐨𝐮𝐫 𝐅𝐑𝐄𝐄 𝐆𝐮𝐢𝐝𝐞 𝐓𝐨 𝐌𝐚𝐬𝐭𝐞𝐫 𝐄𝐭𝐡𝐢𝐜𝐚𝐥 𝐇𝐚𝐜𝐤𝐢𝐧𝐠 👇𝐘𝐨𝐮𝐫 𝐅𝐑𝐄𝐄 𝐆𝐮𝐢𝐝𝐞 𝐓𝐨 𝐌𝐚𝐬𝐭𝐞𝐫 𝐄𝐭𝐡𝐢𝐜𝐚𝐥 𝐇𝐚𝐜𝐤𝐢𝐧𝐠 👇
𝐘𝐨𝐮𝐫 𝐅𝐑𝐄𝐄 𝐆𝐮𝐢𝐝𝐞 𝐓𝐨 𝐌𝐚𝐬𝐭𝐞𝐫 𝐄𝐭𝐡𝐢𝐜𝐚𝐥 𝐇𝐚𝐜𝐤𝐢𝐧𝐠 👇Infosec train
 
𝐅𝐑𝐄𝐄 𝐆𝐮𝐢𝐝𝐞 𝐓𝐨 𝐌𝐚𝐬𝐭𝐞𝐫 𝐄𝐭𝐡𝐢𝐜𝐚𝐥 𝐇𝐚𝐜𝐤𝐢𝐧𝐠
𝐅𝐑𝐄𝐄 𝐆𝐮𝐢𝐝𝐞 𝐓𝐨 𝐌𝐚𝐬𝐭𝐞𝐫 𝐄𝐭𝐡𝐢𝐜𝐚𝐥 𝐇𝐚𝐜𝐤𝐢𝐧𝐠𝐅𝐑𝐄𝐄 𝐆𝐮𝐢𝐝𝐞 𝐓𝐨 𝐌𝐚𝐬𝐭𝐞𝐫 𝐄𝐭𝐡𝐢𝐜𝐚𝐥 𝐇𝐚𝐜𝐤𝐢𝐧𝐠
𝐅𝐑𝐄𝐄 𝐆𝐮𝐢𝐝𝐞 𝐓𝐨 𝐌𝐚𝐬𝐭𝐞𝐫 𝐄𝐭𝐡𝐢𝐜𝐚𝐥 𝐇𝐚𝐜𝐤𝐢𝐧𝐠priyanshamadhwal2
 
CEH v12 Certification Training Guide.pdf
CEH v12 Certification Training Guide.pdfCEH v12 Certification Training Guide.pdf
CEH v12 Certification Training Guide.pdfinfosec train
 
The Ultimate Guide to Ethical Hacking Careers with C|EH
The Ultimate Guide to Ethical Hacking Careers with C|EHThe Ultimate Guide to Ethical Hacking Careers with C|EH
The Ultimate Guide to Ethical Hacking Careers with C|EHInfosecTrain Education
 
Information Security
Information SecurityInformation Security
Information Securitydivyeshkharade
 
Anton Chuvakin on Threat and Vulnerability Intelligence
Anton Chuvakin on Threat and Vulnerability IntelligenceAnton Chuvakin on Threat and Vulnerability Intelligence
Anton Chuvakin on Threat and Vulnerability IntelligenceAnton Chuvakin
 
Risk Assessment And Management
Risk Assessment And ManagementRisk Assessment And Management
Risk Assessment And Managementvikasraina
 
The QA Analyst's Hacker's Landmark Tour v3.0
The QA Analyst's Hacker's Landmark Tour v3.0The QA Analyst's Hacker's Landmark Tour v3.0
The QA Analyst's Hacker's Landmark Tour v3.0Rafal Los
 
Its Ok To Get Hacked
Its Ok To Get HackedIts Ok To Get Hacked
Its Ok To Get HackedSensePost
 
The Risks of YOLOing-2.pdf
The Risks of YOLOing-2.pdfThe Risks of YOLOing-2.pdf
The Risks of YOLOing-2.pdfHacken
 
Cryptoecosystem ranks_v05.pdf
Cryptoecosystem ranks_v05.pdfCryptoecosystem ranks_v05.pdf
Cryptoecosystem ranks_v05.pdfHacken
 

More Related Content

Similar to How to not suck at an audit-2.pdf

Increasing Value Of Security Assessment Services
Increasing Value Of Security Assessment ServicesIncreasing Value Of Security Assessment Services
Increasing Value Of Security Assessment ServicesChris Nickerson
 
Enterprise security management II
Enterprise security management IIEnterprise security management II
Enterprise security management IIzapp0
 
Vulnerability Assessment and Penetration Testing Framework by Falgun Rathod
Vulnerability Assessment and Penetration Testing Framework by Falgun RathodVulnerability Assessment and Penetration Testing Framework by Falgun Rathod
Vulnerability Assessment and Penetration Testing Framework by Falgun RathodFalgun Rathod
 
Enterprise incident response 2017
Enterprise incident response 2017Enterprise incident response 2017
Enterprise incident response 2017zapp0
 
Security Consulting Methodology
Security Consulting MethodologySecurity Consulting Methodology
Security Consulting Methodologyciso_insights
 
Penetration Testing for Cybersecurity Professionals
Penetration Testing for Cybersecurity ProfessionalsPenetration Testing for Cybersecurity Professionals
Penetration Testing for Cybersecurity Professionals211 Check
 
Security architecture frameworks
Security architecture frameworksSecurity architecture frameworks
Security architecture frameworksJohn Arnold
 
Assess all the things
Assess all the thingsAssess all the things
Assess all the thingsJerod Brennen
 
Free Guide to Master in Ethical Hacking (CEH v12).pdf
Free Guide to Master in Ethical Hacking (CEH v12).pdfFree Guide to Master in Ethical Hacking (CEH v12).pdf
Free Guide to Master in Ethical Hacking (CEH v12).pdfinfosecTrain
 
𝐘𝐨𝐮𝐫 𝐅𝐑𝐄𝐄 𝐆𝐮𝐢𝐝𝐞 𝐓𝐨 𝐌𝐚𝐬𝐭𝐞𝐫 𝐄𝐭𝐡𝐢𝐜𝐚𝐥 𝐇𝐚𝐜𝐤𝐢𝐧𝐠 👇
𝐘𝐨𝐮𝐫 𝐅𝐑𝐄𝐄 𝐆𝐮𝐢𝐝𝐞 𝐓𝐨 𝐌𝐚𝐬𝐭𝐞𝐫 𝐄𝐭𝐡𝐢𝐜𝐚𝐥 𝐇𝐚𝐜𝐤𝐢𝐧𝐠 👇𝐘𝐨𝐮𝐫 𝐅𝐑𝐄𝐄 𝐆𝐮𝐢𝐝𝐞 𝐓𝐨 𝐌𝐚𝐬𝐭𝐞𝐫 𝐄𝐭𝐡𝐢𝐜𝐚𝐥 𝐇𝐚𝐜𝐤𝐢𝐧𝐠 👇
𝐘𝐨𝐮𝐫 𝐅𝐑𝐄𝐄 𝐆𝐮𝐢𝐝𝐞 𝐓𝐨 𝐌𝐚𝐬𝐭𝐞𝐫 𝐄𝐭𝐡𝐢𝐜𝐚𝐥 𝐇𝐚𝐜𝐤𝐢𝐧𝐠 👇Infosec train
 
𝐅𝐑𝐄𝐄 𝐆𝐮𝐢𝐝𝐞 𝐓𝐨 𝐌𝐚𝐬𝐭𝐞𝐫 𝐄𝐭𝐡𝐢𝐜𝐚𝐥 𝐇𝐚𝐜𝐤𝐢𝐧𝐠
𝐅𝐑𝐄𝐄 𝐆𝐮𝐢𝐝𝐞 𝐓𝐨 𝐌𝐚𝐬𝐭𝐞𝐫 𝐄𝐭𝐡𝐢𝐜𝐚𝐥 𝐇𝐚𝐜𝐤𝐢𝐧𝐠𝐅𝐑𝐄𝐄 𝐆𝐮𝐢𝐝𝐞 𝐓𝐨 𝐌𝐚𝐬𝐭𝐞𝐫 𝐄𝐭𝐡𝐢𝐜𝐚𝐥 𝐇𝐚𝐜𝐤𝐢𝐧𝐠
𝐅𝐑𝐄𝐄 𝐆𝐮𝐢𝐝𝐞 𝐓𝐨 𝐌𝐚𝐬𝐭𝐞𝐫 𝐄𝐭𝐡𝐢𝐜𝐚𝐥 𝐇𝐚𝐜𝐤𝐢𝐧𝐠priyanshamadhwal2
 
CEH v12 Certification Training Guide.pdf
CEH v12 Certification Training Guide.pdfCEH v12 Certification Training Guide.pdf
CEH v12 Certification Training Guide.pdfinfosec train
 
The Ultimate Guide to Ethical Hacking Careers with C|EH
The Ultimate Guide to Ethical Hacking Careers with C|EHThe Ultimate Guide to Ethical Hacking Careers with C|EH
The Ultimate Guide to Ethical Hacking Careers with C|EHInfosecTrain Education
 
Anton Chuvakin on Threat and Vulnerability Intelligence
Anton Chuvakin on Threat and Vulnerability IntelligenceAnton Chuvakin on Threat and Vulnerability Intelligence
Anton Chuvakin on Threat and Vulnerability IntelligenceAnton Chuvakin
 
Risk Assessment And Management
Risk Assessment And ManagementRisk Assessment And Management
Risk Assessment And Managementvikasraina
 
The QA Analyst's Hacker's Landmark Tour v3.0
The QA Analyst's Hacker's Landmark Tour v3.0The QA Analyst's Hacker's Landmark Tour v3.0
The QA Analyst's Hacker's Landmark Tour v3.0Rafal Los
 
Its Ok To Get Hacked
Its Ok To Get HackedIts Ok To Get Hacked
Its Ok To Get HackedSensePost
 

Similar to How to not suck at an audit-2.pdf (20)

Increasing Value Of Security Assessment Services
Increasing Value Of Security Assessment ServicesIncreasing Value Of Security Assessment Services
Increasing Value Of Security Assessment Services
 
Enterprise security management II
Enterprise security management IIEnterprise security management II
Enterprise security management II
 
Vulnerability Assessment and Penetration Testing Framework by Falgun Rathod
Vulnerability Assessment and Penetration Testing Framework by Falgun RathodVulnerability Assessment and Penetration Testing Framework by Falgun Rathod
Vulnerability Assessment and Penetration Testing Framework by Falgun Rathod
 
Enterprise incident response 2017
Enterprise incident response 2017Enterprise incident response 2017
Enterprise incident response 2017
 
Security Consulting Methodology
Security Consulting MethodologySecurity Consulting Methodology
Security Consulting Methodology
 
Penetration Testing for Cybersecurity Professionals
Penetration Testing for Cybersecurity ProfessionalsPenetration Testing for Cybersecurity Professionals
Penetration Testing for Cybersecurity Professionals
 
Security architecture frameworks
Security architecture frameworksSecurity architecture frameworks
Security architecture frameworks
 
Backtrack manual Part1
Backtrack manual Part1Backtrack manual Part1
Backtrack manual Part1
 
Assess all the things
Assess all the thingsAssess all the things
Assess all the things
 
Penetration Testing Service in India Senselearner .pdf
Penetration Testing Service in India Senselearner .pdfPenetration Testing Service in India Senselearner .pdf
Penetration Testing Service in India Senselearner .pdf
 
Free Guide to Master in Ethical Hacking (CEH v12).pdf
Free Guide to Master in Ethical Hacking (CEH v12).pdfFree Guide to Master in Ethical Hacking (CEH v12).pdf
Free Guide to Master in Ethical Hacking (CEH v12).pdf
 
𝐘𝐨𝐮𝐫 𝐅𝐑𝐄𝐄 𝐆𝐮𝐢𝐝𝐞 𝐓𝐨 𝐌𝐚𝐬𝐭𝐞𝐫 𝐄𝐭𝐡𝐢𝐜𝐚𝐥 𝐇𝐚𝐜𝐤𝐢𝐧𝐠 👇
𝐘𝐨𝐮𝐫 𝐅𝐑𝐄𝐄 𝐆𝐮𝐢𝐝𝐞 𝐓𝐨 𝐌𝐚𝐬𝐭𝐞𝐫 𝐄𝐭𝐡𝐢𝐜𝐚𝐥 𝐇𝐚𝐜𝐤𝐢𝐧𝐠 👇𝐘𝐨𝐮𝐫 𝐅𝐑𝐄𝐄 𝐆𝐮𝐢𝐝𝐞 𝐓𝐨 𝐌𝐚𝐬𝐭𝐞𝐫 𝐄𝐭𝐡𝐢𝐜𝐚𝐥 𝐇𝐚𝐜𝐤𝐢𝐧𝐠 👇
𝐘𝐨𝐮𝐫 𝐅𝐑𝐄𝐄 𝐆𝐮𝐢𝐝𝐞 𝐓𝐨 𝐌𝐚𝐬𝐭𝐞𝐫 𝐄𝐭𝐡𝐢𝐜𝐚𝐥 𝐇𝐚𝐜𝐤𝐢𝐧𝐠 👇
 
𝐅𝐑𝐄𝐄 𝐆𝐮𝐢𝐝𝐞 𝐓𝐨 𝐌𝐚𝐬𝐭𝐞𝐫 𝐄𝐭𝐡𝐢𝐜𝐚𝐥 𝐇𝐚𝐜𝐤𝐢𝐧𝐠
𝐅𝐑𝐄𝐄 𝐆𝐮𝐢𝐝𝐞 𝐓𝐨 𝐌𝐚𝐬𝐭𝐞𝐫 𝐄𝐭𝐡𝐢𝐜𝐚𝐥 𝐇𝐚𝐜𝐤𝐢𝐧𝐠𝐅𝐑𝐄𝐄 𝐆𝐮𝐢𝐝𝐞 𝐓𝐨 𝐌𝐚𝐬𝐭𝐞𝐫 𝐄𝐭𝐡𝐢𝐜𝐚𝐥 𝐇𝐚𝐜𝐤𝐢𝐧𝐠
𝐅𝐑𝐄𝐄 𝐆𝐮𝐢𝐝𝐞 𝐓𝐨 𝐌𝐚𝐬𝐭𝐞𝐫 𝐄𝐭𝐡𝐢𝐜𝐚𝐥 𝐇𝐚𝐜𝐤𝐢𝐧𝐠
 
CEH v12 Certification Training Guide.pdf
CEH v12 Certification Training Guide.pdfCEH v12 Certification Training Guide.pdf
CEH v12 Certification Training Guide.pdf
 
The Ultimate Guide to Ethical Hacking Careers with C|EH
The Ultimate Guide to Ethical Hacking Careers with C|EHThe Ultimate Guide to Ethical Hacking Careers with C|EH
The Ultimate Guide to Ethical Hacking Careers with C|EH
 
Information Security
Information SecurityInformation Security
Information Security
 
Anton Chuvakin on Threat and Vulnerability Intelligence
Anton Chuvakin on Threat and Vulnerability IntelligenceAnton Chuvakin on Threat and Vulnerability Intelligence
Anton Chuvakin on Threat and Vulnerability Intelligence
 
Risk Assessment And Management
Risk Assessment And ManagementRisk Assessment And Management
Risk Assessment And Management
 
The QA Analyst's Hacker's Landmark Tour v3.0
The QA Analyst's Hacker's Landmark Tour v3.0The QA Analyst's Hacker's Landmark Tour v3.0
The QA Analyst's Hacker's Landmark Tour v3.0
 
Its Ok To Get Hacked
Its Ok To Get HackedIts Ok To Get Hacked
Its Ok To Get Hacked
 

More from Hacken

The Risks of YOLOing-2.pdf
The Risks of YOLOing-2.pdfThe Risks of YOLOing-2.pdf
The Risks of YOLOing-2.pdfHacken
 
Cryptoecosystem ranks_v05.pdf
Cryptoecosystem ranks_v05.pdfCryptoecosystem ranks_v05.pdf
Cryptoecosystem ranks_v05.pdfHacken
 
Smart Contracts Audits. New methodology
Smart Contracts Audits. New methodologySmart Contracts Audits. New methodology
Smart Contracts Audits. New methodologyHacken
 
Solana lessons learned
Solana lessons learnedSolana lessons learned
Solana lessons learnedHacken
 
Bridges gabi
Bridges gabiBridges gabi
Bridges gabiHacken
 
Dubai. Global Crypto Hub
Dubai. Global Crypto HubDubai. Global Crypto Hub
Dubai. Global Crypto HubHacken
 
Securing a crypto exchange platform
Securing a crypto exchange platformSecuring a crypto exchange platform
Securing a crypto exchange platformHacken
 
Secure protocol design for decentralized world
Secure protocol design for decentralized worldSecure protocol design for decentralized world
Secure protocol design for decentralized worldHacken
 

More from Hacken (8)

The Risks of YOLOing-2.pdf
The Risks of YOLOing-2.pdfThe Risks of YOLOing-2.pdf
The Risks of YOLOing-2.pdf
 
Cryptoecosystem ranks_v05.pdf
Cryptoecosystem ranks_v05.pdfCryptoecosystem ranks_v05.pdf
Cryptoecosystem ranks_v05.pdf
 
Smart Contracts Audits. New methodology
Smart Contracts Audits. New methodologySmart Contracts Audits. New methodology
Smart Contracts Audits. New methodology
 
Solana lessons learned
Solana lessons learnedSolana lessons learned
Solana lessons learned
 
Bridges gabi
Bridges gabiBridges gabi
Bridges gabi
 
Dubai. Global Crypto Hub
Dubai. Global Crypto HubDubai. Global Crypto Hub
Dubai. Global Crypto Hub
 
Securing a crypto exchange platform
Securing a crypto exchange platformSecuring a crypto exchange platform
Securing a crypto exchange platform
 
Secure protocol design for decentralized world
Secure protocol design for decentralized worldSecure protocol design for decentralized world
Secure protocol design for decentralized world
 

Recently uploaded

Exploring protein-protein interactions by Weak Affinity Chromatography (WAC) ...
Exploring protein-protein interactions by Weak Affinity Chromatography (WAC) ...Exploring protein-protein interactions by Weak Affinity Chromatography (WAC) ...
Exploring protein-protein interactions by Weak Affinity Chromatography (WAC) ...Salam Al-Karadaghi
 
Open Source Strategy in Logistics 2015_Henrik Hankedvz-d-nl-log-conference.pdf
Open Source Strategy in Logistics 2015_Henrik Hankedvz-d-nl-log-conference.pdfOpen Source Strategy in Logistics 2015_Henrik Hankedvz-d-nl-log-conference.pdf
Open Source Strategy in Logistics 2015_Henrik Hankedvz-d-nl-log-conference.pdfhenrik385807
 
OSCamp Kubernetes 2024 | A Tester's Guide to CI_CD as an Automated Quality Co...
OSCamp Kubernetes 2024 | A Tester's Guide to CI_CD as an Automated Quality Co...OSCamp Kubernetes 2024 | A Tester's Guide to CI_CD as an Automated Quality Co...
OSCamp Kubernetes 2024 | A Tester's Guide to CI_CD as an Automated Quality Co...NETWAYS
 
Navi Mumbai Call Girls Service Pooja 9892124323 Real Russian Girls Looking Mo...
Navi Mumbai Call Girls Service Pooja 9892124323 Real Russian Girls Looking Mo...Navi Mumbai Call Girls Service Pooja 9892124323 Real Russian Girls Looking Mo...
Navi Mumbai Call Girls Service Pooja 9892124323 Real Russian Girls Looking Mo...Pooja Nehwal
 
CTAC 2024 Valencia - Sven Zoelle - Most Crucial Invest to Digitalisation_slid...
CTAC 2024 Valencia - Sven Zoelle - Most Crucial Invest to Digitalisation_slid...CTAC 2024 Valencia - Sven Zoelle - Most Crucial Invest to Digitalisation_slid...
CTAC 2024 Valencia - Sven Zoelle - Most Crucial Invest to Digitalisation_slid...henrik385807
 
VVIP Call Girls Nalasopara : 9892124323, Call Girls in Nalasopara Services
VVIP Call Girls Nalasopara : 9892124323, Call Girls in Nalasopara ServicesVVIP Call Girls Nalasopara : 9892124323, Call Girls in Nalasopara Services
VVIP Call Girls Nalasopara : 9892124323, Call Girls in Nalasopara ServicesPooja Nehwal
 
Presentation for the Strategic Dialogue on the Future of Agriculture, Brussel...
Presentation for the Strategic Dialogue on the Future of Agriculture, Brussel...Presentation for the Strategic Dialogue on the Future of Agriculture, Brussel...
Presentation for the Strategic Dialogue on the Future of Agriculture, Brussel...Krijn Poppe
 
Open Source Camp Kubernetes 2024 | Running WebAssembly on Kubernetes by Alex ...
Open Source Camp Kubernetes 2024 | Running WebAssembly on Kubernetes by Alex ...Open Source Camp Kubernetes 2024 | Running WebAssembly on Kubernetes by Alex ...
Open Source Camp Kubernetes 2024 | Running WebAssembly on Kubernetes by Alex ...NETWAYS
 
SaaStr Workshop Wednesday w: Jason Lemkin, SaaStr
SaaStr Workshop Wednesday w: Jason Lemkin, SaaStrSaaStr Workshop Wednesday w: Jason Lemkin, SaaStr
SaaStr Workshop Wednesday w: Jason Lemkin, SaaStrsaastr
 
OSCamp Kubernetes 2024 | Zero-Touch OS-Infrastruktur für Container und Kubern...
OSCamp Kubernetes 2024 | Zero-Touch OS-Infrastruktur für Container und Kubern...OSCamp Kubernetes 2024 | Zero-Touch OS-Infrastruktur für Container und Kubern...
OSCamp Kubernetes 2024 | Zero-Touch OS-Infrastruktur für Container und Kubern...NETWAYS
 
Philippine History cavite Mutiny Report.ppt
Philippine History cavite Mutiny Report.pptPhilippine History cavite Mutiny Report.ppt
Philippine History cavite Mutiny Report.pptssuser319dad
 
Genesis part 2 Isaiah Scudder 04-24-2024.pptx
Genesis part 2 Isaiah Scudder 04-24-2024.pptxGenesis part 2 Isaiah Scudder 04-24-2024.pptx
Genesis part 2 Isaiah Scudder 04-24-2024.pptxFamilyWorshipCenterD
 
CTAC 2024 Valencia - Henrik Hanke - Reduce to the max - slideshare.pdf
CTAC 2024 Valencia - Henrik Hanke - Reduce to the max - slideshare.pdfCTAC 2024 Valencia - Henrik Hanke - Reduce to the max - slideshare.pdf
CTAC 2024 Valencia - Henrik Hanke - Reduce to the max - slideshare.pdfhenrik385807
 
Governance and Nation-Building in Nigeria: Some Reflections on Options for Po...
Governance and Nation-Building in Nigeria: Some Reflections on Options for Po...Governance and Nation-Building in Nigeria: Some Reflections on Options for Po...
Governance and Nation-Building in Nigeria: Some Reflections on Options for Po...Kayode Fayemi
 
LANDMARKS AND MONUMENTS IN NIGERIA.pptx
LANDMARKS AND MONUMENTS IN NIGERIA.pptxLANDMARKS AND MONUMENTS IN NIGERIA.pptx
LANDMARKS AND MONUMENTS IN NIGERIA.pptxBasil Achie
 
Andrés Ramírez Gossler, Facundo Schinnea - eCommerce Day Chile 2024
Andrés Ramírez Gossler, Facundo Schinnea - eCommerce Day Chile 2024Andrés Ramírez Gossler, Facundo Schinnea - eCommerce Day Chile 2024
Andrés Ramírez Gossler, Facundo Schinnea - eCommerce Day Chile 2024eCommerce Institute
 
Call Girls in Sarojini Nagar Market Delhi 💯 Call Us 🔝8264348440🔝
Call Girls in Sarojini Nagar Market Delhi 💯 Call Us 🔝8264348440🔝Call Girls in Sarojini Nagar Market Delhi 💯 Call Us 🔝8264348440🔝
Call Girls in Sarojini Nagar Market Delhi 💯 Call Us 🔝8264348440🔝soniya singh
 
George Lever - eCommerce Day Chile 2024
George Lever - eCommerce Day Chile 2024George Lever - eCommerce Day Chile 2024
George Lever - eCommerce Day Chile 2024eCommerce Institute
 
Russian Call Girls in Kolkata Vaishnavi 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Vaishnavi 🤌 8250192130 🚀 Vip Call Girls KolkataRussian Call Girls in Kolkata Vaishnavi 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Vaishnavi 🤌 8250192130 🚀 Vip Call Girls Kolkataanamikaraghav4
 
Night 7k Call Girls Noida Sector 128 Call Me: 8448380779
Night 7k Call Girls Noida Sector 128 Call Me: 8448380779Night 7k Call Girls Noida Sector 128 Call Me: 8448380779
Night 7k Call Girls Noida Sector 128 Call Me: 8448380779Delhi Call girls
 

Recently uploaded (20)

Exploring protein-protein interactions by Weak Affinity Chromatography (WAC) ...
Exploring protein-protein interactions by Weak Affinity Chromatography (WAC) ...Exploring protein-protein interactions by Weak Affinity Chromatography (WAC) ...
Exploring protein-protein interactions by Weak Affinity Chromatography (WAC) ...
 
Open Source Strategy in Logistics 2015_Henrik Hankedvz-d-nl-log-conference.pdf
Open Source Strategy in Logistics 2015_Henrik Hankedvz-d-nl-log-conference.pdfOpen Source Strategy in Logistics 2015_Henrik Hankedvz-d-nl-log-conference.pdf
Open Source Strategy in Logistics 2015_Henrik Hankedvz-d-nl-log-conference.pdf
 
OSCamp Kubernetes 2024 | A Tester's Guide to CI_CD as an Automated Quality Co...
OSCamp Kubernetes 2024 | A Tester's Guide to CI_CD as an Automated Quality Co...OSCamp Kubernetes 2024 | A Tester's Guide to CI_CD as an Automated Quality Co...
OSCamp Kubernetes 2024 | A Tester's Guide to CI_CD as an Automated Quality Co...
 
Navi Mumbai Call Girls Service Pooja 9892124323 Real Russian Girls Looking Mo...
Navi Mumbai Call Girls Service Pooja 9892124323 Real Russian Girls Looking Mo...Navi Mumbai Call Girls Service Pooja 9892124323 Real Russian Girls Looking Mo...
Navi Mumbai Call Girls Service Pooja 9892124323 Real Russian Girls Looking Mo...
 
CTAC 2024 Valencia - Sven Zoelle - Most Crucial Invest to Digitalisation_slid...
CTAC 2024 Valencia - Sven Zoelle - Most Crucial Invest to Digitalisation_slid...CTAC 2024 Valencia - Sven Zoelle - Most Crucial Invest to Digitalisation_slid...
CTAC 2024 Valencia - Sven Zoelle - Most Crucial Invest to Digitalisation_slid...
 
VVIP Call Girls Nalasopara : 9892124323, Call Girls in Nalasopara Services
VVIP Call Girls Nalasopara : 9892124323, Call Girls in Nalasopara ServicesVVIP Call Girls Nalasopara : 9892124323, Call Girls in Nalasopara Services
VVIP Call Girls Nalasopara : 9892124323, Call Girls in Nalasopara Services
 
Presentation for the Strategic Dialogue on the Future of Agriculture, Brussel...
Presentation for the Strategic Dialogue on the Future of Agriculture, Brussel...Presentation for the Strategic Dialogue on the Future of Agriculture, Brussel...
Presentation for the Strategic Dialogue on the Future of Agriculture, Brussel...
 
Open Source Camp Kubernetes 2024 | Running WebAssembly on Kubernetes by Alex ...
Open Source Camp Kubernetes 2024 | Running WebAssembly on Kubernetes by Alex ...Open Source Camp Kubernetes 2024 | Running WebAssembly on Kubernetes by Alex ...
Open Source Camp Kubernetes 2024 | Running WebAssembly on Kubernetes by Alex ...
 
SaaStr Workshop Wednesday w: Jason Lemkin, SaaStr
SaaStr Workshop Wednesday w: Jason Lemkin, SaaStrSaaStr Workshop Wednesday w: Jason Lemkin, SaaStr
SaaStr Workshop Wednesday w: Jason Lemkin, SaaStr
 
OSCamp Kubernetes 2024 | Zero-Touch OS-Infrastruktur für Container und Kubern...
OSCamp Kubernetes 2024 | Zero-Touch OS-Infrastruktur für Container und Kubern...OSCamp Kubernetes 2024 | Zero-Touch OS-Infrastruktur für Container und Kubern...
OSCamp Kubernetes 2024 | Zero-Touch OS-Infrastruktur für Container und Kubern...
 
Philippine History cavite Mutiny Report.ppt
Philippine History cavite Mutiny Report.pptPhilippine History cavite Mutiny Report.ppt
Philippine History cavite Mutiny Report.ppt
 
Genesis part 2 Isaiah Scudder 04-24-2024.pptx
Genesis part 2 Isaiah Scudder 04-24-2024.pptxGenesis part 2 Isaiah Scudder 04-24-2024.pptx
Genesis part 2 Isaiah Scudder 04-24-2024.pptx
 
CTAC 2024 Valencia - Henrik Hanke - Reduce to the max - slideshare.pdf
CTAC 2024 Valencia - Henrik Hanke - Reduce to the max - slideshare.pdfCTAC 2024 Valencia - Henrik Hanke - Reduce to the max - slideshare.pdf
CTAC 2024 Valencia - Henrik Hanke - Reduce to the max - slideshare.pdf
 
Governance and Nation-Building in Nigeria: Some Reflections on Options for Po...
Governance and Nation-Building in Nigeria: Some Reflections on Options for Po...Governance and Nation-Building in Nigeria: Some Reflections on Options for Po...
Governance and Nation-Building in Nigeria: Some Reflections on Options for Po...
 
LANDMARKS AND MONUMENTS IN NIGERIA.pptx
LANDMARKS AND MONUMENTS IN NIGERIA.pptxLANDMARKS AND MONUMENTS IN NIGERIA.pptx
LANDMARKS AND MONUMENTS IN NIGERIA.pptx
 
Andrés Ramírez Gossler, Facundo Schinnea - eCommerce Day Chile 2024
Andrés Ramírez Gossler, Facundo Schinnea - eCommerce Day Chile 2024Andrés Ramírez Gossler, Facundo Schinnea - eCommerce Day Chile 2024
Andrés Ramírez Gossler, Facundo Schinnea - eCommerce Day Chile 2024
 
Call Girls in Sarojini Nagar Market Delhi 💯 Call Us 🔝8264348440🔝
Call Girls in Sarojini Nagar Market Delhi 💯 Call Us 🔝8264348440🔝Call Girls in Sarojini Nagar Market Delhi 💯 Call Us 🔝8264348440🔝
Call Girls in Sarojini Nagar Market Delhi 💯 Call Us 🔝8264348440🔝
 
George Lever - eCommerce Day Chile 2024
George Lever - eCommerce Day Chile 2024George Lever - eCommerce Day Chile 2024
George Lever - eCommerce Day Chile 2024
 
Russian Call Girls in Kolkata Vaishnavi 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Vaishnavi 🤌 8250192130 🚀 Vip Call Girls KolkataRussian Call Girls in Kolkata Vaishnavi 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Vaishnavi 🤌 8250192130 🚀 Vip Call Girls Kolkata
 
Night 7k Call Girls Noida Sector 128 Call Me: 8448380779
Night 7k Call Girls Noida Sector 128 Call Me: 8448380779Night 7k Call Girls Noida Sector 128 Call Me: 8448380779
Night 7k Call Girls Noida Sector 128 Call Me: 8448380779
 

How to not suck at an audit-2.pdf