Outpost24 webinar - Implications when migrating to a Zero Trust model

•

0 likes•218 views

The document discusses the implications of migrating to a Zero Trust security model. It compares the traditional "castle and moat" network model, where everything inside the network is implicitly trusted, to the Zero Trust model, which eliminates trust and focuses on least privilege access, microsegmentation, and risk analytics. While Zero Trust aims to restrict access, traditional security assessments still apply and can exploit obstacles to a true Zero Trust implementation, such as legacy systems. The document advocates for increased automation but also warns that APIs can introduce new attack vectors if access controls are not implemented properly. In conclusion, it emphasizes that Zero Trust does not replace existing security practices and that pure Zero Trust is difficult to achieve in reality.

Software

Outpost24 Template
2019
Security Assessment:
Implications when migrating to a Zero Trust model
John Stock
26th June 2019

Helping customers improve security posture since 2001
Full stack security assessment
Over 2,000 customers in all regions of the world
Really good at breaking technology

Outpost24 Template
2019
Today’s topic
3
• Networking models: Traditional vs Zero Trust
• Modern enterprise challenges
• Why Zero-Trust is nothing new
• …and why security assessment isn’t scared
• Automation: Better, Faster, Stronger?
• Takeaways

Outpost24 Template
2019
Today’s topic
4
Why risk is the new normal
Adapting to the threat landscape
Bringing in the business context
Business aligned remediation
Takeaways
View from a:
• business perspective
• security testing perspective

Outpost24 Template
2019Networking models: Traditional vs Zero Trust

Traditional Networks follow a ‘Castle & Moat’ model
• One Way in, One way out
• Everything inside is ‘trusted’
• …

Traditional Networks follow a ‘Castle & Moat’ model
• One Way in, One way out
• Everything inside is ‘trusted’
• …Not dragon proof!

Fundamentals of a Zero Trust model:
• Eliminate trust
• Least privileged access
• Micro Segmentation
• Risk Management analytics
Zero Trust Model was coined by Forrester Research in 2010
• Data Centric model
• Gartner calls it CARTA (Continuous Adaptive Risk and Trust Assessment)

Outpost24 Template
2019Modern Enterprise Challenges
9

10Modern Enterprise challenges
• Increased access
• Increased attack surface
• Gaps in visibility

Outpost24 Template
2019Why Zero Trust is nothing new…
11

12
Traditional Networks have an element of Zero Trust:
• Everything outside the network is bad
• Only ‘authorized’ interactions are allowed from external sources
• Only traffic within the segment is trusted
….. Its just a BIG segment!
• Network segmentation can be done via VLAN’s
PCI has embraced the basic concepts since its inception

Outpost24 Template
2019..and why security assessment isn’t scared
13

14
Obstacles for a true Zero Trust network
• Internally developed systems
• Legacy systems
• Technology Transformation
• Mesh Network Technology adoption
Security assessment is about exploiting these obstacles.

Typical security assessment killchain
15
Image reference: https://s3-eu-west-1.amazonaws.com/ssl247/1506076485_EN_Schemes_Application-penetration-test.png

Eliminate trust…
16
Image reference: https://s3-eu-west-1.amazonaws.com/ssl247/1506076485_EN_Schemes_Application-penetration-test.png

Least privileged access…
17
Image reference: https://s3-eu-west-1.amazonaws.com/ssl247/1506076485_EN_Schemes_Application-penetration-test.png

Micro segmentation…
18
Image reference: https://s3-eu-west-1.amazonaws.com/ssl247/1506076485_EN_Schemes_Application-penetration-test.png

Total restriction?
19
Image reference: https://s3-eu-west-1.amazonaws.com/ssl247/1506076485_EN_Schemes_Application-penetration-test.png

Altogether…
20
Image reference: https://s3-eu-west-1.amazonaws.com/ssl247/1506076485_EN_Schemes_Application-penetration-test.png

Zero Trust focuses on user access, role-based access, lateral movement,
micro-segmentation and traffic analytics
It doesn’t take into account existing fundamental security practices
• Vulnerability Management

This leaves us 2 common attack vectors:
• Vulnerability exploitation
• Privileged account escalation

Which leads us back to square one
23
Image reference: https://s3-eu-west-1.amazonaws.com/ssl247/1506076485_EN_Schemes_Application-penetration-test.png

Outpost24 Template
2019Automation: Better, Faster, Stronger?
24

One of the Five Steps to Zero trust is:
• Embrace Security Automation and Orchestration
One of the fundamentals of security assessment is:
• If you can spend 3 hours writing a script to save you 5 minutes, write the
script!

Outpost24 Template
2019
Everything is only an API away
from being a network entry point

API’s can provide us alternative attack methods:
• Bad implementation
• Weak access controls
• Overcomplicated controls

• Zero trust is just internalizing existing
security measures.
• Pure Zero Trust is almost impossible
for real business.
• Security assessment has already
adapted
• Automation will save time, but..
• API’s can lead to greater risk.
• Trust. No. One.
Takeaways

Outpost24 Template
2019
John Stock
Product Manager - Netsec
js@outpost24.com
Questions?

The document discusses the importance of a full stack cyber security approach from an information security professional's perspective. It recommends scanning both external and internal networks as the first and second lines of defense, similar to an airbag and seatbelt in a car. The document also provides an overview of a product demo for a network security workflow automation tool that allows for discovery scanning, dynamic asset management, risk prioritization, and flexible reporting.

Outpost24 Webinar - Creating a sustainable application security program to dr...

Outpost24

Join Alert Logic Chief Strategy Officer and Co-Founder Misha Govshteyn as he presents his predictions for the state of cloud security in 2016, including: -The rise of cloud adoption and how businesses will approach the cloud -What the threat landscape for cloud environments will look like -How data and analytics will evolve to meet cloud adoption ...and more. You’ll get a clear view of what expert security researchers are expecting in the coming year for organizations like yours who are leveraging the power of cloud infrastructure. See the accompanying webinar here: https://www.alertlogic.com/resources/webinars/top-5-cloud-security-predictions-for-2016/

Outpost24 webinar - Enhance user security to stop the cyber-attack cycle

Outpost24

When to Implement a Vulnerability Assessment or Pen Test | IT Security & Risk...

Cam Fulton

Cybersecurity roadmap : Global healthcare security architecture

Priyanka Aash

Cybersecurity Training for Nonprofits

Community IT Innovators

This document summarizes a cybersecurity training webinar for nonprofits. The webinar covered the current cybersecurity landscape including persistent brute force attacks and sophisticated spearphishing targeting organizations. It discussed new security tools available and common contemporary attack examples like phishing, malware, and social engineering. The presentation emphasized the importance of the human firewall through cybersecurity awareness training and individual steps like enabling multi-factor authentication and using a password manager. It provided resources for moving forward with both individual cybersecurity practices and formalizing organizational controls.

Cybersecurity on Business Resilience

PECB

This topic will cover the most significant points of Cybersecurity trends and future perspective. We as retail or business should be more informed about this Global Issue. Linkage of Cybersecurity and Business Continuity will be discussed as well. Additionally, the topic incorporates how the Cybersecurity is perceived in the mind of people. The main parts of the presentation are: • Cyber resilience trends • The Link between cyber risk and business continuity • What ARE and what SHOULD companies doing about the threat • Lessons learned / case studies from recent attacks Presenter: Mr. Bevan Lane is a PECB partner and trainer. He has more than 16 years of experience as a consultant in information security, firstly with PwC and then as an independent consultant. Mr. Lane has also an extensive experience in information security risk assessment training and has implemented solutions for major organization across the globe. Link of the recorded session published on YouTube: https://youtu.be/WQ-HYqCrRDQ

Leveraging Vulnerability Management Beyond DPR (Discovery - Prioritization - ...

DevOps Indonesia

Network security, seriously?

Peter Wood

This document summarizes the results of 376 penetration tests conducted over the past year across various sectors. It finds that common external vulnerabilities included the absence of two-factor authentication (68%), file upload facilities (33%), and cross-site scripting (23%). Common internal network vulnerabilities included weak passwords (66%), missing patches (56%), default credentials (47%), and default SNMP strings (44%). The document provides details on the impact and fixes for each vulnerability.

Why Zero Trust Yields Maximum Security

Priyanka Aash

In this provocative and sometimes irreverent presentation, retired Brigadier General Greg Touhill, the United States government's first federal Chief Information Security Officer, will discuss why the legacy perimeter defense model has been overwhelmed and made obsolete by the advent of modern mobility and cloud computing. He'll demonstrate how to make the business case that the shift to the Zero Trust security strategy is now essential for businesses to survive and thrive in today's highly contested global digital economy.

Cyber Security for Digital-Era

JK Tech

The Current ICS Threat Landscape

Dragos, Inc.

Presentation from Cyber Security for Critical Assets conference (CS4CA ) in Houston, March 26-28 2019 presented by Sergio Caltagirone, Vice President of Threat Intelligence. Covers: - overview of the OT threat landscape - new OT threats Dragos has uncovered through its industrial cybersecurity technology platform, array of services, and industrial threat intelligence. - details on major industrial threat activity groups and root causes of many recent OT compromises Learn more here: https://dragos.com/year-in-review/ More info: www.dragos.com Follow us on LinkedIn: https://www.linkedin.com/company/dragos-inc./ Follow us on Twitter: https://twitter.com/dragosinc

IBM Security QRadar

Virginia Fernandez

This document discusses IBM's acquisition of Resilient Systems and how it will advance IBM's security strategy. It notes that the acquisition will unite security operations and incident response, deliver a single hub for response management, and allow seamless integration with IBM and third-party solutions. This will help organizations of all sizes successfully prevent, detect, and respond to cyberattacks.

PRESENTATION▶ Cyber Security Services (CSS): Security Simulation

Symantec

This document discusses a cyber security simulation tool developed by Symantec Corporation to help organizations strengthen their cyber readiness. The simulation provides a cloud-based, virtual training experience that simulates multi-staged attack scenarios. It allows users to assume the identity of attackers to learn their tactics. The simulation has been tested worldwide over 4 years with over 80 events. It assesses user skills and identifies gaps to guide development programs. The tool and its scenarios are continuously updated based on the latest global threat intelligence and real world attacks.

Get Your Head in the Cloud: A Practical Model for Enterprise Cloud Security

Symantec

Nico Popp, Vice President, Information Protection, Symantec explains. As users, infrastructure and applications move to the cloud at a record-breaking pace, the cloud has become a paradox: both a dream and a nightmare. Accessibility, scale, price and elasticity drive high adoption while security is a source of constant concern. This session will focus on a practical four pillar model for enterprise cloud security, all supported by real-world implementation.

Vulnerability management - beyond scanning

Vladimir Jirasek

Shared Security Responsibility in the AWS Public Cloud

Alert Logic

The document discusses security in the AWS public cloud and Alert Logic solutions that are engineered for AWS. It summarizes that in AWS, security is shared between AWS and the customer. Alert Logic provides web security, log management, and threat detection solutions that integrate with AWS and are designed to scale automatically with AWS resources. The solutions provide security monitoring, compliance coverage, and are managed by Alert Logic security analysts.

Compete To Win: Don’t Just Be Compliant – Be Secure!

IBM Security

view on-demand webinar: https://event.on24.com/wcc/r/1241904/E7C5BDA81308626F69D20F843B229534 An alarming number of organizations today are doing the bare minimum to meet compliance regulations. They are completely unaware of the “data security race” taking place against malicious insiders and criminal hackers creating risk, flying past them in a to win over sensitive data. These organizations are spending their time doing just enough to check the compliance ‘checkbox’ and pass their audits. While being compliance-ready is absolutely important and represents a great first step along the road to data security, it won't win you the gold. View this on-demand webcast to learn more about how to shift your thinking and compete to win by using your compliance efforts to springboard you into a successful data security program - one that can safeguard data from internal and external threats, allowing you to be the champion and protector of your customers, your brand, and the sensitive data the fuels your business.

Microsoft Defender and Azure Sentinel

David J Rosenthal

Security Operations Center

MDS CS

MDS CS provides security operations center (SOC) services to help enterprises protect their critical information and reduce risks. Through continuous monitoring, MDS CS's SOC team provides threat detection and response services in real time. The SOC services improve security incident detection, ensure timely response to incidents, and help businesses comply with regulations by analyzing network, endpoint, server and database activity around the clock.

Outpost24 Webinar - To agent or not to agent

Outpost24

Outpost24 webinar - Why asset discovery is the missing link to enterprise vul...

Outpost24

What's hot

Outpost24 webinar - Improve your organizations security with red teaming

Outpost24

Top 5 Cloud Security Predictions for 2016

Alert Logic

Outpost24 webinar - Enhance user security to stop the cyber-attack cycle

Outpost24

When to Implement a Vulnerability Assessment or Pen Test | IT Security & Risk...

Cam Fulton

Cybersecurity roadmap : Global healthcare security architecture

Priyanka Aash

Cybersecurity Training for Nonprofits

Community IT Innovators

Cybersecurity on Business Resilience

PECB

Leveraging Vulnerability Management Beyond DPR (Discovery - Prioritization - ...

DevOps Indonesia

Network security, seriously?

Peter Wood

Why Zero Trust Yields Maximum Security

Priyanka Aash

Cyber Security for Digital-Era

JK Tech

The Current ICS Threat Landscape

Dragos, Inc.

IBM Security QRadar

Virginia Fernandez

PRESENTATION▶ Cyber Security Services (CSS): Security Simulation

Symantec

Get Your Head in the Cloud: A Practical Model for Enterprise Cloud Security

Symantec

Vulnerability management - beyond scanning

Vladimir Jirasek

Shared Security Responsibility in the AWS Public Cloud

Alert Logic

Compete To Win: Don’t Just Be Compliant – Be Secure!

IBM Security

Microsoft Defender and Azure Sentinel

David J Rosenthal

Security Operations Center

MDS CS

What's hot (20)

Outpost24 webinar - Improve your organizations security with red teaming

Top 5 Cloud Security Predictions for 2016

Outpost24 webinar - Enhance user security to stop the cyber-attack cycle

When to Implement a Vulnerability Assessment or Pen Test | IT Security & Risk...

Cybersecurity roadmap : Global healthcare security architecture

Cybersecurity Training for Nonprofits

Cybersecurity on Business Resilience

Leveraging Vulnerability Management Beyond DPR (Discovery - Prioritization - ...

Network security, seriously?

Why Zero Trust Yields Maximum Security

Cyber Security for Digital-Era

The Current ICS Threat Landscape

IBM Security QRadar

PRESENTATION▶ Cyber Security Services (CSS): Security Simulation

Get Your Head in the Cloud: A Practical Model for Enterprise Cloud Security

Vulnerability management - beyond scanning

Shared Security Responsibility in the AWS Public Cloud

Compete To Win: Don’t Just Be Compliant – Be Secure!

Microsoft Defender and Azure Sentinel

Security Operations Center

Similar to Outpost24 webinar - Implications when migrating to a Zero Trust model

Outpost24 Webinar - To agent or not to agent

Outpost24

Outpost24 webinar - Why asset discovery is the missing link to enterprise vul...

Outpost24

2018 11-19 improving business agility with security policy automation final

AlgoSec

297727851 getting-to-the-cloud-event-2015

Inbalraanan

The document discusses cloud security and risk management. It begins with an introduction to cloud security concepts, including the relationship between cloud service providers and customers and how responsibilities are shared. Key areas of cloud security covered include data classification tools to help classify data stored in the cloud, risk management dashboards to monitor risk levels, and Cloud Access Security Brokers (CASBs) that can enforce security policies for cloud applications and data. The presentation concludes with a discussion of topics like defining core data, demonstrating effective risk management and compliance for cloud environments, and the potential benefits of CASBs for the Israeli market.

Outpost24 webinar - preventing wireless attacks with device visibility and t...

Outpost24

Ccie security 01

Peter Cheong

The document discusses Cisco security solutions and presents fundamental questions for network security. It covers topics such as security policies, models, and the importance of a multilayer perimeter security approach using firewalls, intrusion prevention systems, and other technologies. Effective security requires identifying business objectives and risks before implementing appropriate solutions across all layers of the network.

Outpost24 webinar - Cybersecurity readiness in the post Covid-19 world

Outpost24

Cyber Brochure_2015

Christopher Rieser

Beecher Carlson provides various cyber risk management and cyber insurance services including: - Developing cyber risk assessment tools and placing some of the largest cyber insurance policies to date. - Conducting cyber risk assessments to evaluate a company's IT security processes and vulnerabilities. - Offering a customized cyber insurance policy called CyberSelect that provides comprehensive coverage enhancements. - Developing a cyber loss model called CyberSelect Model to help companies understand potential costs of privacy breaches at different data breach scales.

Helping SME’S to face cybersecurity threats

Agence du Numérique (AdN)

This document discusses cybersecurity challenges facing small and medium enterprises (SMEs) and potential solutions. It notes that SMEs are increasingly targets but often lack dedicated security resources. Existing standards are too complex and costly for SMEs. The document proposes a new cybersecurity label for SMEs in Wallonia based on the NIST framework and CIC top 20 controls, tailored to the unique needs and contexts of SMEs.

CSA Atlanta Q1'2016 Chapter Meeting

Phil Agcaoili

The New Security Practitioner

Adrian Sanabria

Accelerating OT - A Case Study

Digital Bond

This document summarizes a presentation given by Craig Heilmann of IBM Security Services at the S4 ICS Security Conference in January 2015. The presentation discussed accelerating cyber security for operational technology (OT) using a case study. The case study involved a large manufacturer that wanted to transform its security operations over 5 years but faced constraints. The solution was to focus first on operations using an "elastic and agile" model with processes, operations, and technology improvements to quickly detect, respond, and disrupt attacks. This included enterprise-wide password changes and a security program framework to continuously adapt and mature capabilities over time. Cost modeling was also introduced to better plan and rationalize security spending.

The cyber house of horrors - securing the expanding attack surface

Jason Bloomberg

The enterprise attack surface has exploded in recent years. More users on more devices in more locations are able to access ever more sensitive enterprise applications. The result is that the number of targets for attackers has gone up dramatically. The expanding attack surface has been dubbed a “Cyber House of Horrors,” as insider risks, aggressive social engineering, exploitation of outdated access controls, and a range of other security issues have come to the fore. Join Certes Networks and Intellyx for a webinar to explore: What factors are driving the expansion of the attack surface? What types of attacks and exploits are taking advantage of these changes? How are segmentation techniques and access controls evolving in response?

Si InfoSecMiddleEastLR0516

Saad Khan

The document describes information security and compliance services offered by Si including managed security services like monitoring firewalls and security information and event management, professional security services such as vulnerability assessments and penetration testing, and compliance consulting services. Si aims to enhance their clients' information security posture and demonstrate compliance through these managed and professional services delivered from their security operations centers globally.

Information Systems Security: Security Management, Metrics, Frameworks and Be...

Wiley India Private Limited

Information and communication systems can be exposed to intrusion and risks, within the overall architecture and design of these systems. These areas of risks can span the entire gamut of information systems including databases, networks, applications, internet-based communication, web services, mobile technologies and people issues associated with all of them. It is vital for businesses to be fully aware of security risks associated with their systems as well as the regulatory body pressures; and develop and implement an effective strategy to handle those risks. This book covers all of the aforementioned issues in depth. It covers all significant aspects of security, as it deals with ICT, and provides practicing ICT security professionals explanations to various aspects of information systems, their corresponding security risks and how to embark on strategic approaches to reduce and, preferably, eliminate those risks. Written by an experienced industry professional working in the domain, with extensive experience in teaching at various levels as well as research, this book is truly a treatise on the subject of Information Security.

Certes webinar securing the frictionless enterprise

Jason Bloomberg

Join Jason Bloomberg, President of Intellyx and contributor to Forbes and Satyam Tyagi, CTO for Certes Networks as they explore securing the frictionless enterprise. - The Dark Side of the Frictionless Enterprise - The Limitations of Network Segmentation - Borderless Enterprises Require Borderless Security - Crypto-Segmentation: Security in a Post-Trust World - Certes Networks CryptoFlows - Crypto-Segmentation with CryptoFlows

How to Raise Cyber Risk Awareness and Management to the C-Suite

SurfWatch Labs

How to Build a Winning Cybersecurity Team

Global Knowledge Training

For every organization, effective cybersecurity is reliant on a careful deployment of technology, processes and people. The Global Knowledge cybersecurity perspective features a three-tiered organizational matrix, ranging from foundational to expert skills, coupled with eight functional specializations that encompass the features of a successful cybersecurity organization. Cybersecurity isn’t a one-person job—it’s dependent on several different factors within an organization. This webinar will show you how to build a strong cyber defense by focusing on: • The characteristics of winning cybersecurity teams • The Crown – Organizational map and career progression • The Castle – The eight functional specializations • Architecture and data policy • Data loss prevention • Governance, risk and compliance • Identity and access management • Incident response and forensic analysis • Penetration testing • Secure DevOps • Secure software development • Building a winning cybersecurity organization

The evolution of IT in a cloud world

Zscaler

The document discusses how IT is evolving in a cloud world. Key points include: - Business is driving digital transformation and IT must change from technology-first to business-first to remain relevant. - There is only one global network that businesses don't control, so the focus must shift from security controls to managing risk. - Transformation starts with changing organizational mindsets to embrace new business models. - Zscaler's cloud security platform can help organizations securely adopt the cloud by providing a consistent security policy for all users on any network or device.

Dwight Koop's Chicago ECFT talk "The Chicago School of Cybersecurity Thinking...

Cohesive Networks

Slides from Cohesive Networks' COO Dwight Koop at the April 2015 meeting of the Chicago Electronic Crimes Task Force, sponsored by Cohesive Networks and the United States Secret Service. On April 30, 2015 Dwight Koop presented “The Chicago School of Cybersecurity Thinking: A Pragmatic Mid-Western Look at Cybersecurity Risk and Regulation” About the ECTF: CECTF represents a diverse membership of over 600 public and private security professionals, academia representatives and law enforcement officials throughout Illinois, Wisconsin, and Northern Indiana. The United States Secret Service contributes to the CECTF by bringing together experts in an interactive environment. These professionals bring experience, knowledge, and resources to support electronic and financial crimes investigations, computer forensic examinations, and judicial testimony. Many members are investigators trained as responders to IT-related incidents, including network intrusion. The CECTF is dedicated to sharing knowledge of cutting-edge technologies, identifying cyber-based vulnerabilities, developing strategies to combat cyber and financial crimes, and the protection of our nation's critical financial infrastructure.

Similar to Outpost24 webinar - Implications when migrating to a Zero Trust model (20)

Outpost24 Webinar - To agent or not to agent

Outpost24 webinar - Why asset discovery is the missing link to enterprise vul...

2018 11-19 improving business agility with security policy automation final

297727851 getting-to-the-cloud-event-2015

Outpost24 webinar - preventing wireless attacks with device visibility and t...

Ccie security 01

Outpost24 webinar - Cybersecurity readiness in the post Covid-19 world

Cyber Brochure_2015

Helping SME’S to face cybersecurity threats

CSA Atlanta Q1'2016 Chapter Meeting

The New Security Practitioner

Accelerating OT - A Case Study

The cyber house of horrors - securing the expanding attack surface

Si InfoSecMiddleEastLR0516

Information Systems Security: Security Management, Metrics, Frameworks and Be...

Certes webinar securing the frictionless enterprise

How to Raise Cyber Risk Awareness and Management to the C-Suite

How to Build a Winning Cybersecurity Team

The evolution of IT in a cloud world

Dwight Koop's Chicago ECFT talk "The Chicago School of Cybersecurity Thinking...

More from Outpost24

Outpost24 webinar - A fresh look into the underground card shop ecosystem

Outpost24

Outpost24 webinar Why API security matters and how to get it right.pdf

Outpost24

Outpost24 webinar - The new CISO imperative: connecting technical vulnerabili...

Outpost24

Outpost24 Webinar - Five steps to build a killer Application Security Program

Outpost24

Outpost24 webinar - How to protect your organization from credential theft

Outpost24

This document discusses how to protect organizations from credential theft. It provides an overview of the credential theft landscape and lifecycle. It explains how credential thieves gather credentials through various means like exploiting vulnerabilities, using compromised credentials from initial access brokers or ransomware-as-a-service groups, and monitoring for leaked credentials. The document recommends organizations implement account lockouts, anti-automation measures, strong password policies, and support for multi-factor authentication to help prevent credential theft. It promotes the services of Outpost24 and Blueliv to help customers assess security posture and discover threats.

Outpost24 webinar : Beating hackers at their own game 2022 predictions

Outpost24

Outpost24 webinar - Mapping Vulnerabilities with the MITRE ATT&CK Framework

Outpost24

Outpost24 webinar: best practice for external attack surface management

Outpost24

This document discusses best practices for external attack surface management. It explains how digital acceleration has increased organizations' attack surfaces and defines external attack surface management. The document outlines how to categorize and assess risk for web applications and common attack vectors in retail, finance and healthcare. It concludes with recommended best practices, which include discovering all external assets, categorizing them, monitoring for changes, and implementing controls like patching, access management and security assessments.

Outpost24 webinar: The state of ransomware in 2021 and how to limit your expo...

Outpost24

Outpost24 Webinar - DevOps to DevSecOps: delivering quality and secure develo...

Outpost24

Outpost24 webinar - Api security

Outpost24

API 101 discusses how to secure web applications and APIs. APIs are used extensively in web and mobile applications to allow communication between services but this can introduce security weaknesses if not implemented properly. API attacks are a growing threat, with 90% of breaches targeting web applications and APIs projected to become the most common attack vector by 2022. The document outlines security best practices for securing APIs throughout the development lifecycle from design to testing to runtime, and how one company implemented API security testing to improve their compliance and privacy posture.

Outpost24 Webinar - CISO conversation behind the cyber security technology

Outpost24

Outpost24 webinar - Differentiating vulnerabilities from risks to reduce time...

Outpost24

Outpost24 webinar - How to secure cloud services in the DevOps fast lane

Outpost24

Outpost24 webinar - Demystifying Web Application Security with Attack Surface...

Outpost24

Outpost24 webinar - Winning the cybersecurity race with predictive vulnerabil...

Outpost24

Outpost24 webinar - Bridging your cyber hygiene gap to prevent enterprise hac...

Outpost24

Outpost24 webinar mastering container security in modern day dev ops

Outpost24

Outpost24 webinar - Protecting Cezanne HR’s cloud web application with contin...

Outpost24

Outpost24 webinar - Understanding the 7 deadly web application attack vectors

Outpost24

This document discusses understanding web application attack vectors by examining the 7 deadly vectors: security mechanisms, page creation methods, degree of distribution, authentication, input vectors, active content technologies, and cookies. It describes the risks associated with each vector, such as non-encrypted traffic, server-side vulnerabilities, cross-domain problems spanning applications, and vulnerabilities in scripting languages exploited via active content. The document also covers assessing an application's attack surface based on these vectors, assigning a risk score, and developing an application security program to pay attention to these risks.

More from Outpost24 (20)