SlideShare a Scribd company logo
1 1 1 0 0 1 0 1 0 0 0 0 1 1 0 1 1 0 0 0 0 1 1 1 1 0
0 1 0 1 1 1 0 1 0 1 1 0 1 1 1 0 1 0
1 1 0 0 1 0 1
1 0 0 1 0 1
1 0 1 1 1 1
0 1 0 1 0 1
0 0 1 0 1 0
1 1 0 1 0 1
0 1 1 1 1 1
1 0 0 1 0
0 1 0 1 0 0
1 1 1 0 0 0
1 0 1 0 1 0
0 1 1 1 1 1
1 1 0 1 1 0
1 0 1 1 1 1
1 1 1 0 1 0 0
0 1 1 0 0 1 1 1
0 0 1 1 0 0 1 0 1 1 0 1
1 1 0 0 0 1 0 1 0 1 1 0 1 0 1 1
1 1 0 1 0 1 1 1 0 0 1 0 1 0 0 1 1 1 0 1 0
PROGRAMMING AND CYBERSECURITY
PYTHON MAURITIUS USER GROUP
VERSION: 1.0.1
DATE: 30/09/2021
AUTHOR: SYLVAIN MARTINEZ
REFERENCE: ES-CP-PACS
REPORT ENGINE: 2.1.0
CLASSIFICATION: PUBLIC
{elysiumsecurity}
cyber protection & response
DISCLAIMER
This presentation and the Services methodology, frameworks and templates used in
this document will remain the property of ES and must not be used or re-used
without explicit consent from ES unless it is already available, or becomes available,
in the public domain.
{elysiumsecurity}
cyber protection & response
2
PUBLIC
CONCLUSION
CASE STUDY
WHAT LANGUAGES
WHY PROGRAMMING
CONTEXT
{elysiumsecurity}
cyber protection & response CONTENTS
3
PUBLIC
GOAL
WHO AM I?
COMPANY
BACKGROUND
CYBER SECURITY RISK
CONCEPT
CYBER SECURITY
JOB’S RELEVANCE
AUTOMATION
TOOLING
REVERSE
ENGINEERING
EXPLOITS
MANY LANGUAGES
TO CHOOSE FROM
MOST USEFUL
LANGUAGES
POPULAR SECURITY
PROJECTS
SECURED ANDROID
APP
O365 LOGS IP SOURCE
BEWARE
TAKE AWAY
Icons: from The Noun Project unless stated otherwise
GOAL
4
TO AVOID SOME COMMON
MISTAKES
3
TO KNOW WHERE TO START
2
TO KNOW HOW
PROGRAMMING CAN BE USED
1
TO UNDERSTAND THE IMPORTANCE OF PROGRAMMING IN
CYBER SECURITY
{elysiumsecurity}
cyber protection & response
PUBLIC
CONCLUSION
CASE STUDY
WHAT
LANGUAGES
WHY
PROGRAMMING
CONTEXT
WHO AM I?
5
{elysiumsecurity}
cyber protection & response
PUBLIC
CONCLUSION
CASE STUDY
WHAT
LANGUAGES
WHY
PROGRAMMING
CONTEXT
https://www.elysiumsecurity.com
COMPANY BACKGROUND
6
{elysiumsecurity}
cyber protection & response
PUBLIC
CONCLUSION
CASE STUDY
WHAT
LANGUAGES
WHY
PROGRAMMING
CONTEXT
FOUNDED IN 2015 BY SYLVAIN MARTINEZ
INCORPORATED IN MAURITUS/UK AND OPERATING
WORLDWIDE
PROVIDING INDEPENDENT EXPERTISE IN CYBER
SECURITY
COMPREHENSIVE CYBER SECURITY SERVICE
PORTFOLIO: FROM CISO ADVISORY TO PENETRATION
TESTING AND INCIDENT RESPONSE
EXPOSURE TO A VARIETY OF BUSINESS SECTORS:
FINANCE, TELECOMS, HEALTHCARE, HOTELS,
MANUFACTORING, NAVAL, RETAIL, ETC.
BOUTIQUE STYLE APPROACH WITH A DISCREET,
TAILORED AND SPECIALIZED CYBER SECURITY
SERVICE THAT FITS YOUR WORKING ENVIRONMENT
CYBER SECURITY RISK CONTEXT
{elysiumsecurity}
cyber protection & response
7
PUBLIC
CONCLUSION
CASE STUDY
WHAT
LANGUAGES
WHY
PROGRAMMING
CONTEXT
PAST FUTURE
100%
0%
TIME
GROWTH
PAST FUTURE
100%
0%
TIME
GROWTH
PAST FUTURE
100%
0%
TIME
GROWTH
CYBER SECURITY RISKS’ PROBABILITY AND IMPACT ARE INCREASING.
THEIR ABILITY TO DISRUPT COMPANIES BUSINESS OPERATION HAVE GROWING
FINANCIAL, REPUTATIONAL AND LEGAL NEGATIVE CONSEQUENCES
+ =
CYBER SECURITY JOB’S RELEVANCE
{elysiumsecurity}
cyber protection & response
8
PUBLIC
CONCLUSION
CASE STUDY
WHAT
LANGUAGES
WHY
PROGRAMMING
CONTEXT
PROGRAMMING
KNOWLEDGE
BENEFITS
MOST MANAGEMENT
ROLE
MOST ADVISORY
ROLE
ALL TECHNICAL
ROLE
How much could knowledge of programming help you be better at your job?
ALL MANAGEMENT
ROLE
ALL ADVISORY
ROLE
ALL TECHNICAL
ROLE
PERCEPTION REALITY
AUTOMATION
{elysiumsecurity}
cyber protection & response
9
PUBLIC
CONCLUSION
CASE STUDY
WHAT
LANGUAGES
WHY
PROGRAMMING
CONTEXT
REPETITIVE TASKS
EFFICIENCY
SAVE TIME
REGEX SEARCH
FILTERING
PROCESS LARGE
VOLUME OF DATA
EXTRACT PATTERNS
FIND NEEDLE
TOOLING
{elysiumsecurity}
cyber protection & response
10
PUBLIC
CONCLUSION
CASE STUDY
WHAT
LANGUAGES
WHY
PROGRAMMING
CONTEXT
TOOLS CREATION
EFFICIENCY
CAPABILITY
TOOLS CUSTOMISATION
ADAPT AND REUSE
REVERSE ENGINEERING
{elysiumsecurity}
cyber protection & response
11
PUBLIC
CONCLUSION
CASE STUDY
WHAT
LANGUAGES
WHY
PROGRAMMING
CONTEXT
MALWARE
KNOWLEDGE
UNDERSTANDING
APP ASSESSMENT
SUSPICIOUS APP
CONTROLS BYPASS
EXPLOITS
{elysiumsecurity}
cyber protection & response
12
PUBLIC
CONCLUSION
CASE STUDY
WHAT
LANGUAGES
WHY
PROGRAMMING
CONTEXT
VULNERABILITY ASSESSMENT
ACCURACY
PENETRATION TESTING
INCREASED ATTACK
SURFACE
MANY LANGUAGES TO CHOOSE FROM
{elysiumsecurity}
cyber protection & response
13
PUBLIC
CONCLUSION
CASE STUDY
WHAT
LANGUAGES
WHY
PROGRAMMING
CONTEXT
images from exploring-data.com and graphext.com
LANGUAGES RELATIONSHIPS
MOST USED LANGUAGES
MOST USEFUL LANGUAGES
{elysiumsecurity}
cyber protection & response
14
PUBLIC
CONCLUSION
CASE STUDY
WHAT
LANGUAGES
WHY
PROGRAMMING
CONTEXT
ANY LANGUAGE IS
GOOD!
MOST COMMONLY USED LANGUAGES
IN CYBER SECURITY
PYTHON
C/C++ PHP
JAVA
PERL
SHELL
SCRIPTS
ONCE YOU UNDERSTAND THE CORE PROGRAMMING CONCEPTS YOU CAN
UNDERSTAND AND CHANGE ALMOST ANY CODE
HTML
ASM?
RUBY
POPULAR CYBER SECURITY PROJECTS EXAMPLES
{elysiumsecurity}
cyber protection & response
15
PUBLIC
CONCLUSION
CASE STUDY
WHAT
LANGUAGES
WHY
PROGRAMMING
CONTEXT
POPULAR SECURITY TOOL PURPOSE LANGUAGE
BANDIT Python code analyser PYTHON
BURP SUITE Web traffic manipulation JAVA
HAWKEYE VA Scanner PYTHON
MALTEGO Data Visualisation JAVA
METASPLOIT VAPT Framework RUBY
NIKTO Web scanner PERL
NMAP Network scanner C/PYTHON/LUA
OPENVAS VA Scanner C
RECON-NG OSINT Search PYTHON
SATAN (very) old linux scanner PERL
SCAPY Network manipulation PYTHON
SQLMAP DB Scanner PYTHON
WIRESHARK Network analyser C
SECURED ANDROID APP NEEDS TO BE TESTED
{elysiumsecurity}
cyber protection & response
16
PUBLIC
CONCLUSION
CASE STUDY
WHAT
LANGUAGES
WHY
PROGRAMMING
CONTEXT
CHALLENGE
• Need to audit an Android APK app
• App does not allow “Routing” and has “Cert pinning”
PROGRAMMING SOLUTION
• Decompile the code to Java (i.e.: d2j-dex2jar)
• Analyse the Java code for security hooks (i.e.: jd-gui)
• Decompile the code to SMALI (i.e.: apktool)
• Edit the SMALI code to remove the protection (assembly)
• Recompile and sign the code
• Execute the non-secured code and manually check for issues
NON-PROGRAMMING SOLUTION
• Use the great MobSF framework to get some automated analysis
• Give up / ask for a non-secure version
SECURED ANDROID APP NEEDS TO BE TESTED
{elysiumsecurity}
cyber protection & response
17
PUBLIC
CONCLUSION
CASE STUDY
WHAT
LANGUAGES
WHY
PROGRAMMING
CONTEXT
JAVA
SHELL SCRIPTS
ASSEMBLY/SMALI + SHELL SCRIPTS
O365 LOGS IP SOURCE IDENTIFICATION
{elysiumsecurity}
cyber protection & response
18
PUBLIC
CONCLUSION
CASE STUDY
WHAT
LANGUAGES
WHY
PROGRAMMING
CONTEXT
CHALLENGE
• O365 Audit logs list of IP
• Identify suspicious IP
PROGRAMMING SOLUTION
• Export logs as csv
• Format csv to extract list of IP
• Use IP country mapping API
• add countries against each IP
• Easily filter with countries of interest
NON-PROGRAMMING SOLUTION
• Manual IP extraction and resolution
• or Pay for extra security add-ons: Risky-sign on, conditional logins, etc
O365 LOGS IP SOURCE IDENTIFICATION
{elysiumsecurity}
cyber protection & response
19
PUBLIC
CONCLUSION
CASE STUDY
WHAT
LANGUAGES
WHY
PROGRAMMING
CONTEXT
(POWER) SHELL SCRIPT
BEWARE
{elysiumsecurity}
cyber protection & response
20
PUBLIC
CONCLUSION
CASE STUDY
WHAT
LANGUAGES
WHY
PROGRAMMING
CONTEXT
Wasting time on non
essential activities
Reinventing a “broken” and
less “efficient” wheel
i.e.: crypto
answer: ”Hello”
Customization may lead to
medium/long terms
support issues
TAKE AWAY
{elysiumsecurity}
cyber protection & response
21
PUBLIC
CONCLUSION
CASE STUDY
WHAT
LANGUAGES
WHY
PROGRAMMING
CONTEXT
GOING FURTHER
{elysiumsecurity}
cyber protection & response
22
PUBLIC
CONCLUSION
CASE STUDY
WHAT
LANGUAGES
WHY
PROGRAMMING
CONTEXT
• https://flatironschool.com/blog/best-programming-languages-cyber-
security
• https://www.sans.org/cyber-security-courses/automating-
information-security-with-python/
• A lot of free resources online, google “free python hacking course”
© 2015-2021 ELYSIUMSECURITY LTD
ALL RIGHTS RESERVED
HTTPS://WWW.ELYSIUMSECURITY.COM
CONSULTING@ELYSIUMSECURITY.COM
ABOUT ELYSIUMSECURITY LTD.
{elysiumsecurity}
cyber protection & response
ELYSIUMSECURITY PROVIDES A PORTFOLIO OF STRATEGIC
AND TACTICAL SERVICES TO HELP COMPANIES PROTECT AND
RESPOND AGAINST CYBER SECURITY THREATS. WE DIFFERENTIATE
OURSELVES BY OFFERING DISCREET, TAILORED AND SPECIALIZED
ENGAGEMENTS.
ELYSIUMSECURITY OPERATES IN MAURITIUS AND IN EUROPE,
A BOUTIQUE STYLE APPROACH MEANS WE CAN EASILY ADAPT TO
YOUR BUSINESS OPERATIONAL MODEL AND REQUIREMENTS TO PROVIDE
A PERSONALIZED SERVICE THAT FITS YOUR WORKING ENVIRONMENT.
ELYSIUMSECURITY PROVIDES PRACTICAL EXPERTISE TO IDENTIFY
VULNERABILITIES, ASSESS THEIR RISKS AND IMPACT, REMEDIATE
THOSE RISKS, PREPARE AND RESPOND TO INCIDENTS AS WELL AS
RAISE SECURITY AWARENESS THROUGH AN ORGANIZATION.
ELYSIUMSECURITY PROVIDES HIGH LEVEL EXPERTISE GATHERED
THROUGH YEARS OF BEST PRACTICES EXPERIENCE IN LARGE
INTERNATIONAL COMPANIES ALLOWING US TO PROVIDE ADVICE BEST
SUITED TO YOUR BUSINESS OPERATIONAL MODEL AND PRIORITIES.

More Related Content

What's hot

Talk1 esc3 muscl-standards and regulation_v1_1
Talk1 esc3 muscl-standards and regulation_v1_1Talk1 esc3 muscl-standards and regulation_v1_1
Talk1 esc3 muscl-standards and regulation_v1_1
Sylvain Martinez
 
2019 CYBER SECURITY TRENDS REPORT REVIEW
2019 CYBER SECURITY TRENDS REPORT REVIEW2019 CYBER SECURITY TRENDS REPORT REVIEW
2019 CYBER SECURITY TRENDS REPORT REVIEW
Sylvain Martinez
 
INCIDENT RESPONSE CONCEPTS
INCIDENT RESPONSE CONCEPTSINCIDENT RESPONSE CONCEPTS
INCIDENT RESPONSE CONCEPTS
Sylvain Martinez
 
Talk2 esc4 muscl-ids_v1_2
Talk2 esc4 muscl-ids_v1_2Talk2 esc4 muscl-ids_v1_2
Talk2 esc4 muscl-ids_v1_2
Sylvain Martinez
 
INCIDENT RESPONSE OVERVIEW
INCIDENT RESPONSE OVERVIEWINCIDENT RESPONSE OVERVIEW
INCIDENT RESPONSE OVERVIEW
Sylvain Martinez
 
The Internal Signs of Compromise
The Internal Signs of CompromiseThe Internal Signs of Compromise
The Internal Signs of Compromise
FireEye, Inc.
 
Últimos retos en el ámbito de la Ciberseguridad: Análisis de amenazas Ciberné...
Últimos retos en el ámbito de la Ciberseguridad: Análisis de amenazas Ciberné...Últimos retos en el ámbito de la Ciberseguridad: Análisis de amenazas Ciberné...
Últimos retos en el ámbito de la Ciberseguridad: Análisis de amenazas Ciberné...
Cristian Garcia G.
 
Ivan dragas get ahead of cybercrime
Ivan dragas   get ahead of cybercrimeIvan dragas   get ahead of cybercrime
Ivan dragas get ahead of cybercrime
Dejan Jeremic
 
Ict 2015 saga - cisco cybersecurity rešenja- Viktor Varga
Ict 2015   saga - cisco cybersecurity rešenja- Viktor VargaIct 2015   saga - cisco cybersecurity rešenja- Viktor Varga
Ict 2015 saga - cisco cybersecurity rešenja- Viktor Varga
Dejan Jeremic
 
How to assign a CVE to yourself?
How to assign a CVE to yourself?How to assign a CVE to yourself?
How to assign a CVE to yourself?
Ramin Farajpour Cami
 
Detection and Response with Splunk+FireEye
Detection and Response with Splunk+FireEyeDetection and Response with Splunk+FireEye
Detection and Response with Splunk+FireEye
Splunk
 
Ict conf td-evs_pcidss-final
Ict conf td-evs_pcidss-finalIct conf td-evs_pcidss-final
Ict conf td-evs_pcidss-final
Dejan Jeremic
 
Tomorrow Starts Here - Security Everywhere
Tomorrow Starts Here - Security Everywhere Tomorrow Starts Here - Security Everywhere
Tomorrow Starts Here - Security Everywhere
Cisco Canada
 
FireEye Advanced Threat Protection - What You Need to Know
FireEye Advanced Threat Protection - What You Need to KnowFireEye Advanced Threat Protection - What You Need to Know
FireEye Advanced Threat Protection - What You Need to Know
FireEye, Inc.
 
The Best Just Got Better, Intercept X Now With EDR
The Best Just Got Better, Intercept X Now With EDRThe Best Just Got Better, Intercept X Now With EDR
The Best Just Got Better, Intercept X Now With EDR
Netpluz Asia Pte Ltd
 
PHISHING PROTECTION
PHISHING PROTECTIONPHISHING PROTECTION
PHISHING PROTECTION
Sylvain Martinez
 
Understanding Cyber Kill Chain and OODA loop
Understanding Cyber Kill Chain and OODA loopUnderstanding Cyber Kill Chain and OODA loop
Understanding Cyber Kill Chain and OODA loop
David Sweigert
 
Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]
David Sweigert
 
Cyber Kill Chain vs. Cyber Criminals
Cyber Kill Chain vs. Cyber CriminalsCyber Kill Chain vs. Cyber Criminals
Cyber Kill Chain vs. Cyber Criminals
David Sweigert
 
Scalar Security Roadshow - Toronto Presentation
Scalar Security Roadshow - Toronto PresentationScalar Security Roadshow - Toronto Presentation
Scalar Security Roadshow - Toronto Presentation
Scalar Decisions
 

What's hot (20)

Talk1 esc3 muscl-standards and regulation_v1_1
Talk1 esc3 muscl-standards and regulation_v1_1Talk1 esc3 muscl-standards and regulation_v1_1
Talk1 esc3 muscl-standards and regulation_v1_1
 
2019 CYBER SECURITY TRENDS REPORT REVIEW
2019 CYBER SECURITY TRENDS REPORT REVIEW2019 CYBER SECURITY TRENDS REPORT REVIEW
2019 CYBER SECURITY TRENDS REPORT REVIEW
 
INCIDENT RESPONSE CONCEPTS
INCIDENT RESPONSE CONCEPTSINCIDENT RESPONSE CONCEPTS
INCIDENT RESPONSE CONCEPTS
 
Talk2 esc4 muscl-ids_v1_2
Talk2 esc4 muscl-ids_v1_2Talk2 esc4 muscl-ids_v1_2
Talk2 esc4 muscl-ids_v1_2
 
INCIDENT RESPONSE OVERVIEW
INCIDENT RESPONSE OVERVIEWINCIDENT RESPONSE OVERVIEW
INCIDENT RESPONSE OVERVIEW
 
The Internal Signs of Compromise
The Internal Signs of CompromiseThe Internal Signs of Compromise
The Internal Signs of Compromise
 
Últimos retos en el ámbito de la Ciberseguridad: Análisis de amenazas Ciberné...
Últimos retos en el ámbito de la Ciberseguridad: Análisis de amenazas Ciberné...Últimos retos en el ámbito de la Ciberseguridad: Análisis de amenazas Ciberné...
Últimos retos en el ámbito de la Ciberseguridad: Análisis de amenazas Ciberné...
 
Ivan dragas get ahead of cybercrime
Ivan dragas   get ahead of cybercrimeIvan dragas   get ahead of cybercrime
Ivan dragas get ahead of cybercrime
 
Ict 2015 saga - cisco cybersecurity rešenja- Viktor Varga
Ict 2015   saga - cisco cybersecurity rešenja- Viktor VargaIct 2015   saga - cisco cybersecurity rešenja- Viktor Varga
Ict 2015 saga - cisco cybersecurity rešenja- Viktor Varga
 
How to assign a CVE to yourself?
How to assign a CVE to yourself?How to assign a CVE to yourself?
How to assign a CVE to yourself?
 
Detection and Response with Splunk+FireEye
Detection and Response with Splunk+FireEyeDetection and Response with Splunk+FireEye
Detection and Response with Splunk+FireEye
 
Ict conf td-evs_pcidss-final
Ict conf td-evs_pcidss-finalIct conf td-evs_pcidss-final
Ict conf td-evs_pcidss-final
 
Tomorrow Starts Here - Security Everywhere
Tomorrow Starts Here - Security Everywhere Tomorrow Starts Here - Security Everywhere
Tomorrow Starts Here - Security Everywhere
 
FireEye Advanced Threat Protection - What You Need to Know
FireEye Advanced Threat Protection - What You Need to KnowFireEye Advanced Threat Protection - What You Need to Know
FireEye Advanced Threat Protection - What You Need to Know
 
The Best Just Got Better, Intercept X Now With EDR
The Best Just Got Better, Intercept X Now With EDRThe Best Just Got Better, Intercept X Now With EDR
The Best Just Got Better, Intercept X Now With EDR
 
PHISHING PROTECTION
PHISHING PROTECTIONPHISHING PROTECTION
PHISHING PROTECTION
 
Understanding Cyber Kill Chain and OODA loop
Understanding Cyber Kill Chain and OODA loopUnderstanding Cyber Kill Chain and OODA loop
Understanding Cyber Kill Chain and OODA loop
 
Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]
 
Cyber Kill Chain vs. Cyber Criminals
Cyber Kill Chain vs. Cyber CriminalsCyber Kill Chain vs. Cyber Criminals
Cyber Kill Chain vs. Cyber Criminals
 
Scalar Security Roadshow - Toronto Presentation
Scalar Security Roadshow - Toronto PresentationScalar Security Roadshow - Toronto Presentation
Scalar Security Roadshow - Toronto Presentation
 

Similar to PROGRAMMING AND CYBER SECURITY

8 Ocak 2015 SOME Etkinligi - Cisco Next Generation Security
8 Ocak 2015 SOME Etkinligi - Cisco Next Generation Security8 Ocak 2015 SOME Etkinligi - Cisco Next Generation Security
8 Ocak 2015 SOME Etkinligi - Cisco Next Generation Security
BGA Cyber Security
 
Mobile Penetration Testing: Episode III - Attack of the Code
Mobile Penetration Testing: Episode III - Attack of the CodeMobile Penetration Testing: Episode III - Attack of the Code
Mobile Penetration Testing: Episode III - Attack of the Code
NowSecure
 
Next Generation Security
Next Generation SecurityNext Generation Security
Next Generation Security
Cisco Canada
 
Reveal the Security Risks in the software Development Lifecycle Meetup 060320...
Reveal the Security Risks in the software Development Lifecycle Meetup 060320...Reveal the Security Risks in the software Development Lifecycle Meetup 060320...
Reveal the Security Risks in the software Development Lifecycle Meetup 060320...
lior mazor
 
Demystify Information Security & Threats for Data-Driven Platforms With Cheta...
Demystify Information Security & Threats for Data-Driven Platforms With Cheta...Demystify Information Security & Threats for Data-Driven Platforms With Cheta...
Demystify Information Security & Threats for Data-Driven Platforms With Cheta...
Chetan Khatri
 
Behind the Curtain: Exposing Advanced Threats
Behind the Curtain: Exposing Advanced ThreatsBehind the Curtain: Exposing Advanced Threats
Behind the Curtain: Exposing Advanced Threats
Cisco Canada
 
[Webinar] Why Security Certification is Crucial for IoT Success
[Webinar] Why Security Certification is Crucial for IoT Success[Webinar] Why Security Certification is Crucial for IoT Success
[Webinar] Why Security Certification is Crucial for IoT Success
Electric Imp
 
Splunk for Enterprise Security Featuring UBA
Splunk for Enterprise Security Featuring UBASplunk for Enterprise Security Featuring UBA
Splunk for Enterprise Security Featuring UBA
Splunk
 
New Era of Software with modern Application Security v1.0
New Era of Software with modern Application Security v1.0New Era of Software with modern Application Security v1.0
New Era of Software with modern Application Security v1.0
Dinis Cruz
 
Web Application Testing for Today’s Biggest and Emerging Threats
Web Application Testing for Today’s Biggest and Emerging ThreatsWeb Application Testing for Today’s Biggest and Emerging Threats
Web Application Testing for Today’s Biggest and Emerging Threats
Alan Kan
 
Cisco Security Architecture
Cisco Security ArchitectureCisco Security Architecture
Cisco Security Architecture
Cisco Canada
 
Secure Application Development InfoShare 2022
Secure Application Development InfoShare 2022Secure Application Development InfoShare 2022
Secure Application Development InfoShare 2022
Radu Vunvulea
 
Security as a top of mind issue for mobile application development
Security as a top of mind issue for mobile application developmentSecurity as a top of mind issue for mobile application development
Security as a top of mind issue for mobile application development
Ștefan Popa
 
Security in the age of open source - Myths and misperceptions
Security in the age of open source - Myths and misperceptionsSecurity in the age of open source - Myths and misperceptions
Security in the age of open source - Myths and misperceptions
Tim Mackey
 
BGA SOME/SOC Etkinliği - Tehdit Odaklı Güvenlik Mimarisinde Sourcefire Yakla...
BGA SOME/SOC Etkinliği - Tehdit  Odaklı Güvenlik Mimarisinde Sourcefire Yakla...BGA SOME/SOC Etkinliği - Tehdit  Odaklı Güvenlik Mimarisinde Sourcefire Yakla...
BGA SOME/SOC Etkinliği - Tehdit Odaklı Güvenlik Mimarisinde Sourcefire Yakla...
BGA Cyber Security
 
Securing a Cloud Migration
Securing a Cloud MigrationSecuring a Cloud Migration
Securing a Cloud Migration
Carlos Andrés García
 
Securing a Cloud Migration
Securing a Cloud MigrationSecuring a Cloud Migration
Securing a Cloud Migration
VMware Tanzu
 
2014 09-04-pj
2014 09-04-pj2014 09-04-pj
2014 09-04-pj
Sébastien GIORIA
 
Making Network Security Relevant
Making Network Security RelevantMaking Network Security Relevant
Making Network Security Relevant
HP Enterprise Italia
 
Scalar Security Roadshow - Vancouver Presentation
Scalar Security Roadshow - Vancouver PresentationScalar Security Roadshow - Vancouver Presentation
Scalar Security Roadshow - Vancouver Presentation
Scalar Decisions
 

Similar to PROGRAMMING AND CYBER SECURITY (20)

8 Ocak 2015 SOME Etkinligi - Cisco Next Generation Security
8 Ocak 2015 SOME Etkinligi - Cisco Next Generation Security8 Ocak 2015 SOME Etkinligi - Cisco Next Generation Security
8 Ocak 2015 SOME Etkinligi - Cisco Next Generation Security
 
Mobile Penetration Testing: Episode III - Attack of the Code
Mobile Penetration Testing: Episode III - Attack of the CodeMobile Penetration Testing: Episode III - Attack of the Code
Mobile Penetration Testing: Episode III - Attack of the Code
 
Next Generation Security
Next Generation SecurityNext Generation Security
Next Generation Security
 
Reveal the Security Risks in the software Development Lifecycle Meetup 060320...
Reveal the Security Risks in the software Development Lifecycle Meetup 060320...Reveal the Security Risks in the software Development Lifecycle Meetup 060320...
Reveal the Security Risks in the software Development Lifecycle Meetup 060320...
 
Demystify Information Security & Threats for Data-Driven Platforms With Cheta...
Demystify Information Security & Threats for Data-Driven Platforms With Cheta...Demystify Information Security & Threats for Data-Driven Platforms With Cheta...
Demystify Information Security & Threats for Data-Driven Platforms With Cheta...
 
Behind the Curtain: Exposing Advanced Threats
Behind the Curtain: Exposing Advanced ThreatsBehind the Curtain: Exposing Advanced Threats
Behind the Curtain: Exposing Advanced Threats
 
[Webinar] Why Security Certification is Crucial for IoT Success
[Webinar] Why Security Certification is Crucial for IoT Success[Webinar] Why Security Certification is Crucial for IoT Success
[Webinar] Why Security Certification is Crucial for IoT Success
 
Splunk for Enterprise Security Featuring UBA
Splunk for Enterprise Security Featuring UBASplunk for Enterprise Security Featuring UBA
Splunk for Enterprise Security Featuring UBA
 
New Era of Software with modern Application Security v1.0
New Era of Software with modern Application Security v1.0New Era of Software with modern Application Security v1.0
New Era of Software with modern Application Security v1.0
 
Web Application Testing for Today’s Biggest and Emerging Threats
Web Application Testing for Today’s Biggest and Emerging ThreatsWeb Application Testing for Today’s Biggest and Emerging Threats
Web Application Testing for Today’s Biggest and Emerging Threats
 
Cisco Security Architecture
Cisco Security ArchitectureCisco Security Architecture
Cisco Security Architecture
 
Secure Application Development InfoShare 2022
Secure Application Development InfoShare 2022Secure Application Development InfoShare 2022
Secure Application Development InfoShare 2022
 
Security as a top of mind issue for mobile application development
Security as a top of mind issue for mobile application developmentSecurity as a top of mind issue for mobile application development
Security as a top of mind issue for mobile application development
 
Security in the age of open source - Myths and misperceptions
Security in the age of open source - Myths and misperceptionsSecurity in the age of open source - Myths and misperceptions
Security in the age of open source - Myths and misperceptions
 
BGA SOME/SOC Etkinliği - Tehdit Odaklı Güvenlik Mimarisinde Sourcefire Yakla...
BGA SOME/SOC Etkinliği - Tehdit  Odaklı Güvenlik Mimarisinde Sourcefire Yakla...BGA SOME/SOC Etkinliği - Tehdit  Odaklı Güvenlik Mimarisinde Sourcefire Yakla...
BGA SOME/SOC Etkinliği - Tehdit Odaklı Güvenlik Mimarisinde Sourcefire Yakla...
 
Securing a Cloud Migration
Securing a Cloud MigrationSecuring a Cloud Migration
Securing a Cloud Migration
 
Securing a Cloud Migration
Securing a Cloud MigrationSecuring a Cloud Migration
Securing a Cloud Migration
 
2014 09-04-pj
2014 09-04-pj2014 09-04-pj
2014 09-04-pj
 
Making Network Security Relevant
Making Network Security RelevantMaking Network Security Relevant
Making Network Security Relevant
 
Scalar Security Roadshow - Vancouver Presentation
Scalar Security Roadshow - Vancouver PresentationScalar Security Roadshow - Vancouver Presentation
Scalar Security Roadshow - Vancouver Presentation
 

More from Sylvain Martinez

INTRODUCTION TO CRYPTOGRAPHY
INTRODUCTION TO CRYPTOGRAPHYINTRODUCTION TO CRYPTOGRAPHY
INTRODUCTION TO CRYPTOGRAPHY
Sylvain Martinez
 
INCIDENT RESPONSE NIST IMPLEMENTATION
INCIDENT RESPONSE NIST IMPLEMENTATIONINCIDENT RESPONSE NIST IMPLEMENTATION
INCIDENT RESPONSE NIST IMPLEMENTATION
Sylvain Martinez
 
IOT Security
IOT SecurityIOT Security
IOT Security
Sylvain Martinez
 
ARE YOU RED TEAM READY?
ARE YOU RED TEAM READY?ARE YOU RED TEAM READY?
ARE YOU RED TEAM READY?
Sylvain Martinez
 
GDPR SECURITY ISSUES
GDPR SECURITY ISSUESGDPR SECURITY ISSUES
GDPR SECURITY ISSUES
Sylvain Martinez
 
Risk on Crypto Currencies
Risk on Crypto CurrenciesRisk on Crypto Currencies
Risk on Crypto Currencies
Sylvain Martinez
 
Talk1 esc7 muscl-gdpr_debate_v1_2
Talk1 esc7 muscl-gdpr_debate_v1_2Talk1 esc7 muscl-gdpr_debate_v1_2
Talk1 esc7 muscl-gdpr_debate_v1_2
Sylvain Martinez
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
Sylvain Martinez
 
INCIDENT HANDLING IN ORGANISATIONS
INCIDENT HANDLING IN ORGANISATIONSINCIDENT HANDLING IN ORGANISATIONS
INCIDENT HANDLING IN ORGANISATIONS
Sylvain Martinez
 
SOCIAL MEDIA AS A CYBER WEAPON
SOCIAL MEDIA AS A CYBER WEAPONSOCIAL MEDIA AS A CYBER WEAPON
SOCIAL MEDIA AS A CYBER WEAPON
Sylvain Martinez
 
Talk2 esc2 muscl-wifi_v1_2b
Talk2 esc2 muscl-wifi_v1_2bTalk2 esc2 muscl-wifi_v1_2b
Talk2 esc2 muscl-wifi_v1_2b
Sylvain Martinez
 
Talk1 muscl club_v1_2
Talk1 muscl club_v1_2Talk1 muscl club_v1_2
Talk1 muscl club_v1_2
Sylvain Martinez
 
Open Source IDS - How to use them as a powerful fee Defensive and Offensive tool
Open Source IDS - How to use them as a powerful fee Defensive and Offensive toolOpen Source IDS - How to use them as a powerful fee Defensive and Offensive tool
Open Source IDS - How to use them as a powerful fee Defensive and Offensive tool
Sylvain Martinez
 

More from Sylvain Martinez (13)

INTRODUCTION TO CRYPTOGRAPHY
INTRODUCTION TO CRYPTOGRAPHYINTRODUCTION TO CRYPTOGRAPHY
INTRODUCTION TO CRYPTOGRAPHY
 
INCIDENT RESPONSE NIST IMPLEMENTATION
INCIDENT RESPONSE NIST IMPLEMENTATIONINCIDENT RESPONSE NIST IMPLEMENTATION
INCIDENT RESPONSE NIST IMPLEMENTATION
 
IOT Security
IOT SecurityIOT Security
IOT Security
 
ARE YOU RED TEAM READY?
ARE YOU RED TEAM READY?ARE YOU RED TEAM READY?
ARE YOU RED TEAM READY?
 
GDPR SECURITY ISSUES
GDPR SECURITY ISSUESGDPR SECURITY ISSUES
GDPR SECURITY ISSUES
 
Risk on Crypto Currencies
Risk on Crypto CurrenciesRisk on Crypto Currencies
Risk on Crypto Currencies
 
Talk1 esc7 muscl-gdpr_debate_v1_2
Talk1 esc7 muscl-gdpr_debate_v1_2Talk1 esc7 muscl-gdpr_debate_v1_2
Talk1 esc7 muscl-gdpr_debate_v1_2
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
 
INCIDENT HANDLING IN ORGANISATIONS
INCIDENT HANDLING IN ORGANISATIONSINCIDENT HANDLING IN ORGANISATIONS
INCIDENT HANDLING IN ORGANISATIONS
 
SOCIAL MEDIA AS A CYBER WEAPON
SOCIAL MEDIA AS A CYBER WEAPONSOCIAL MEDIA AS A CYBER WEAPON
SOCIAL MEDIA AS A CYBER WEAPON
 
Talk2 esc2 muscl-wifi_v1_2b
Talk2 esc2 muscl-wifi_v1_2bTalk2 esc2 muscl-wifi_v1_2b
Talk2 esc2 muscl-wifi_v1_2b
 
Talk1 muscl club_v1_2
Talk1 muscl club_v1_2Talk1 muscl club_v1_2
Talk1 muscl club_v1_2
 
Open Source IDS - How to use them as a powerful fee Defensive and Offensive tool
Open Source IDS - How to use them as a powerful fee Defensive and Offensive toolOpen Source IDS - How to use them as a powerful fee Defensive and Offensive tool
Open Source IDS - How to use them as a powerful fee Defensive and Offensive tool
 

Recently uploaded

Mastering Board Best Practices: Essential Skills for Effective Non-profit Lea...
Mastering Board Best Practices: Essential Skills for Effective Non-profit Lea...Mastering Board Best Practices: Essential Skills for Effective Non-profit Lea...
Mastering Board Best Practices: Essential Skills for Effective Non-profit Lea...
OnBoard
 
BLOCKCHAIN TECHNOLOGY - Advantages and Disadvantages
BLOCKCHAIN TECHNOLOGY - Advantages and DisadvantagesBLOCKCHAIN TECHNOLOGY - Advantages and Disadvantages
BLOCKCHAIN TECHNOLOGY - Advantages and Disadvantages
SAI KAILASH R
 
Premium Girls Call Mumbai 9920725232 Unlimited Short Providing Girls Service ...
Premium Girls Call Mumbai 9920725232 Unlimited Short Providing Girls Service ...Premium Girls Call Mumbai 9920725232 Unlimited Short Providing Girls Service ...
Premium Girls Call Mumbai 9920725232 Unlimited Short Providing Girls Service ...
shanihomely
 
UX Webinar Series: Drive Revenue and Decrease Costs with Passkeys for Consume...
UX Webinar Series: Drive Revenue and Decrease Costs with Passkeys for Consume...UX Webinar Series: Drive Revenue and Decrease Costs with Passkeys for Consume...
UX Webinar Series: Drive Revenue and Decrease Costs with Passkeys for Consume...
FIDO Alliance
 
Improving Learning Content Efficiency with Reusable Learning Content
Improving Learning Content Efficiency with Reusable Learning ContentImproving Learning Content Efficiency with Reusable Learning Content
Improving Learning Content Efficiency with Reusable Learning Content
Enterprise Knowledge
 
Perth MuleSoft Meetup July 2024
Perth MuleSoft Meetup July 2024Perth MuleSoft Meetup July 2024
Perth MuleSoft Meetup July 2024
Michael Price
 
leewayhertz.com-AI agents for healthcare Applications benefits and implementa...
leewayhertz.com-AI agents for healthcare Applications benefits and implementa...leewayhertz.com-AI agents for healthcare Applications benefits and implementa...
leewayhertz.com-AI agents for healthcare Applications benefits and implementa...
alexjohnson7307
 
Camunda Chapter NY Meetup July 2024.pptx
Camunda Chapter NY Meetup July 2024.pptxCamunda Chapter NY Meetup July 2024.pptx
Camunda Chapter NY Meetup July 2024.pptx
ZachWylie3
 
Tailored CRM Software Development for Enhanced Customer Insights
Tailored CRM Software Development for Enhanced Customer InsightsTailored CRM Software Development for Enhanced Customer Insights
Tailored CRM Software Development for Enhanced Customer Insights
SynapseIndia
 
kk vathada _digital transformation frameworks_2024.pdf
kk vathada _digital transformation frameworks_2024.pdfkk vathada _digital transformation frameworks_2024.pdf
kk vathada _digital transformation frameworks_2024.pdf
KIRAN KV
 
Retrieval Augmented Generation Evaluation with Ragas
Retrieval Augmented Generation Evaluation with RagasRetrieval Augmented Generation Evaluation with Ragas
Retrieval Augmented Generation Evaluation with Ragas
Zilliz
 
Sonkoloniya documentation - ONEprojukti.pdf
Sonkoloniya documentation - ONEprojukti.pdfSonkoloniya documentation - ONEprojukti.pdf
Sonkoloniya documentation - ONEprojukti.pdf
SubhamMandal40
 
COVID-19 and the Level of Cloud Computing Adoption: A Study of Sri Lankan Inf...
COVID-19 and the Level of Cloud Computing Adoption: A Study of Sri Lankan Inf...COVID-19 and the Level of Cloud Computing Adoption: A Study of Sri Lankan Inf...
COVID-19 and the Level of Cloud Computing Adoption: A Study of Sri Lankan Inf...
AimanAthambawa1
 
Opencast Summit 2024 — Opencast @ University of Münster
Opencast Summit 2024 — Opencast @ University of MünsterOpencast Summit 2024 — Opencast @ University of Münster
Opencast Summit 2024 — Opencast @ University of Münster
Matthias Neugebauer
 
Vertex AI Agent Builder - GDG Alicante - Julio 2024
Vertex AI Agent Builder - GDG Alicante - Julio 2024Vertex AI Agent Builder - GDG Alicante - Julio 2024
Vertex AI Agent Builder - GDG Alicante - Julio 2024
Nicolás Lopéz
 
UX Webinar Series: Aligning Authentication Experiences with Business Goals
UX Webinar Series: Aligning Authentication Experiences with Business GoalsUX Webinar Series: Aligning Authentication Experiences with Business Goals
UX Webinar Series: Aligning Authentication Experiences with Business Goals
FIDO Alliance
 
What's New in Teams Calling, Meetings, Devices June 2024
What's New in Teams Calling, Meetings, Devices June 2024What's New in Teams Calling, Meetings, Devices June 2024
What's New in Teams Calling, Meetings, Devices June 2024
Stephanie Beckett
 
Integrating Kafka with MuleSoft 4 and usecase
Integrating Kafka with MuleSoft 4 and usecaseIntegrating Kafka with MuleSoft 4 and usecase
Integrating Kafka with MuleSoft 4 and usecase
shyamraj55
 
How UiPath Discovery Suite supports identification of Agentic Process Automat...
How UiPath Discovery Suite supports identification of Agentic Process Automat...How UiPath Discovery Suite supports identification of Agentic Process Automat...
How UiPath Discovery Suite supports identification of Agentic Process Automat...
DianaGray10
 
Semantic-Aware Code Model: Elevating the Future of Software Development
Semantic-Aware Code Model: Elevating the Future of Software DevelopmentSemantic-Aware Code Model: Elevating the Future of Software Development
Semantic-Aware Code Model: Elevating the Future of Software Development
Baishakhi Ray
 

Recently uploaded (20)

Mastering Board Best Practices: Essential Skills for Effective Non-profit Lea...
Mastering Board Best Practices: Essential Skills for Effective Non-profit Lea...Mastering Board Best Practices: Essential Skills for Effective Non-profit Lea...
Mastering Board Best Practices: Essential Skills for Effective Non-profit Lea...
 
BLOCKCHAIN TECHNOLOGY - Advantages and Disadvantages
BLOCKCHAIN TECHNOLOGY - Advantages and DisadvantagesBLOCKCHAIN TECHNOLOGY - Advantages and Disadvantages
BLOCKCHAIN TECHNOLOGY - Advantages and Disadvantages
 
Premium Girls Call Mumbai 9920725232 Unlimited Short Providing Girls Service ...
Premium Girls Call Mumbai 9920725232 Unlimited Short Providing Girls Service ...Premium Girls Call Mumbai 9920725232 Unlimited Short Providing Girls Service ...
Premium Girls Call Mumbai 9920725232 Unlimited Short Providing Girls Service ...
 
UX Webinar Series: Drive Revenue and Decrease Costs with Passkeys for Consume...
UX Webinar Series: Drive Revenue and Decrease Costs with Passkeys for Consume...UX Webinar Series: Drive Revenue and Decrease Costs with Passkeys for Consume...
UX Webinar Series: Drive Revenue and Decrease Costs with Passkeys for Consume...
 
Improving Learning Content Efficiency with Reusable Learning Content
Improving Learning Content Efficiency with Reusable Learning ContentImproving Learning Content Efficiency with Reusable Learning Content
Improving Learning Content Efficiency with Reusable Learning Content
 
Perth MuleSoft Meetup July 2024
Perth MuleSoft Meetup July 2024Perth MuleSoft Meetup July 2024
Perth MuleSoft Meetup July 2024
 
leewayhertz.com-AI agents for healthcare Applications benefits and implementa...
leewayhertz.com-AI agents for healthcare Applications benefits and implementa...leewayhertz.com-AI agents for healthcare Applications benefits and implementa...
leewayhertz.com-AI agents for healthcare Applications benefits and implementa...
 
Camunda Chapter NY Meetup July 2024.pptx
Camunda Chapter NY Meetup July 2024.pptxCamunda Chapter NY Meetup July 2024.pptx
Camunda Chapter NY Meetup July 2024.pptx
 
Tailored CRM Software Development for Enhanced Customer Insights
Tailored CRM Software Development for Enhanced Customer InsightsTailored CRM Software Development for Enhanced Customer Insights
Tailored CRM Software Development for Enhanced Customer Insights
 
kk vathada _digital transformation frameworks_2024.pdf
kk vathada _digital transformation frameworks_2024.pdfkk vathada _digital transformation frameworks_2024.pdf
kk vathada _digital transformation frameworks_2024.pdf
 
Retrieval Augmented Generation Evaluation with Ragas
Retrieval Augmented Generation Evaluation with RagasRetrieval Augmented Generation Evaluation with Ragas
Retrieval Augmented Generation Evaluation with Ragas
 
Sonkoloniya documentation - ONEprojukti.pdf
Sonkoloniya documentation - ONEprojukti.pdfSonkoloniya documentation - ONEprojukti.pdf
Sonkoloniya documentation - ONEprojukti.pdf
 
COVID-19 and the Level of Cloud Computing Adoption: A Study of Sri Lankan Inf...
COVID-19 and the Level of Cloud Computing Adoption: A Study of Sri Lankan Inf...COVID-19 and the Level of Cloud Computing Adoption: A Study of Sri Lankan Inf...
COVID-19 and the Level of Cloud Computing Adoption: A Study of Sri Lankan Inf...
 
Opencast Summit 2024 — Opencast @ University of Münster
Opencast Summit 2024 — Opencast @ University of MünsterOpencast Summit 2024 — Opencast @ University of Münster
Opencast Summit 2024 — Opencast @ University of Münster
 
Vertex AI Agent Builder - GDG Alicante - Julio 2024
Vertex AI Agent Builder - GDG Alicante - Julio 2024Vertex AI Agent Builder - GDG Alicante - Julio 2024
Vertex AI Agent Builder - GDG Alicante - Julio 2024
 
UX Webinar Series: Aligning Authentication Experiences with Business Goals
UX Webinar Series: Aligning Authentication Experiences with Business GoalsUX Webinar Series: Aligning Authentication Experiences with Business Goals
UX Webinar Series: Aligning Authentication Experiences with Business Goals
 
What's New in Teams Calling, Meetings, Devices June 2024
What's New in Teams Calling, Meetings, Devices June 2024What's New in Teams Calling, Meetings, Devices June 2024
What's New in Teams Calling, Meetings, Devices June 2024
 
Integrating Kafka with MuleSoft 4 and usecase
Integrating Kafka with MuleSoft 4 and usecaseIntegrating Kafka with MuleSoft 4 and usecase
Integrating Kafka with MuleSoft 4 and usecase
 
How UiPath Discovery Suite supports identification of Agentic Process Automat...
How UiPath Discovery Suite supports identification of Agentic Process Automat...How UiPath Discovery Suite supports identification of Agentic Process Automat...
How UiPath Discovery Suite supports identification of Agentic Process Automat...
 
Semantic-Aware Code Model: Elevating the Future of Software Development
Semantic-Aware Code Model: Elevating the Future of Software DevelopmentSemantic-Aware Code Model: Elevating the Future of Software Development
Semantic-Aware Code Model: Elevating the Future of Software Development
 

PROGRAMMING AND CYBER SECURITY

  • 1. 1 1 1 0 0 1 0 1 0 0 0 0 1 1 0 1 1 0 0 0 0 1 1 1 1 0 0 1 0 1 1 1 0 1 0 1 1 0 1 1 1 0 1 0 1 1 0 0 1 0 1 1 0 0 1 0 1 1 0 1 1 1 1 0 1 0 1 0 1 0 0 1 0 1 0 1 1 0 1 0 1 0 1 1 1 1 1 1 0 0 1 0 0 1 0 1 0 0 1 1 1 0 0 0 1 0 1 0 1 0 0 1 1 1 1 1 1 1 0 1 1 0 1 0 1 1 1 1 1 1 1 0 1 0 0 0 1 1 0 0 1 1 1 0 0 1 1 0 0 1 0 1 1 0 1 1 1 0 0 0 1 0 1 0 1 1 0 1 0 1 1 1 1 0 1 0 1 1 1 0 0 1 0 1 0 0 1 1 1 0 1 0 PROGRAMMING AND CYBERSECURITY PYTHON MAURITIUS USER GROUP VERSION: 1.0.1 DATE: 30/09/2021 AUTHOR: SYLVAIN MARTINEZ REFERENCE: ES-CP-PACS REPORT ENGINE: 2.1.0 CLASSIFICATION: PUBLIC {elysiumsecurity} cyber protection & response
  • 2. DISCLAIMER This presentation and the Services methodology, frameworks and templates used in this document will remain the property of ES and must not be used or re-used without explicit consent from ES unless it is already available, or becomes available, in the public domain. {elysiumsecurity} cyber protection & response 2 PUBLIC
  • 3. CONCLUSION CASE STUDY WHAT LANGUAGES WHY PROGRAMMING CONTEXT {elysiumsecurity} cyber protection & response CONTENTS 3 PUBLIC GOAL WHO AM I? COMPANY BACKGROUND CYBER SECURITY RISK CONCEPT CYBER SECURITY JOB’S RELEVANCE AUTOMATION TOOLING REVERSE ENGINEERING EXPLOITS MANY LANGUAGES TO CHOOSE FROM MOST USEFUL LANGUAGES POPULAR SECURITY PROJECTS SECURED ANDROID APP O365 LOGS IP SOURCE BEWARE TAKE AWAY
  • 4. Icons: from The Noun Project unless stated otherwise GOAL 4 TO AVOID SOME COMMON MISTAKES 3 TO KNOW WHERE TO START 2 TO KNOW HOW PROGRAMMING CAN BE USED 1 TO UNDERSTAND THE IMPORTANCE OF PROGRAMMING IN CYBER SECURITY {elysiumsecurity} cyber protection & response PUBLIC CONCLUSION CASE STUDY WHAT LANGUAGES WHY PROGRAMMING CONTEXT
  • 5. WHO AM I? 5 {elysiumsecurity} cyber protection & response PUBLIC CONCLUSION CASE STUDY WHAT LANGUAGES WHY PROGRAMMING CONTEXT https://www.elysiumsecurity.com
  • 6. COMPANY BACKGROUND 6 {elysiumsecurity} cyber protection & response PUBLIC CONCLUSION CASE STUDY WHAT LANGUAGES WHY PROGRAMMING CONTEXT FOUNDED IN 2015 BY SYLVAIN MARTINEZ INCORPORATED IN MAURITUS/UK AND OPERATING WORLDWIDE PROVIDING INDEPENDENT EXPERTISE IN CYBER SECURITY COMPREHENSIVE CYBER SECURITY SERVICE PORTFOLIO: FROM CISO ADVISORY TO PENETRATION TESTING AND INCIDENT RESPONSE EXPOSURE TO A VARIETY OF BUSINESS SECTORS: FINANCE, TELECOMS, HEALTHCARE, HOTELS, MANUFACTORING, NAVAL, RETAIL, ETC. BOUTIQUE STYLE APPROACH WITH A DISCREET, TAILORED AND SPECIALIZED CYBER SECURITY SERVICE THAT FITS YOUR WORKING ENVIRONMENT
  • 7. CYBER SECURITY RISK CONTEXT {elysiumsecurity} cyber protection & response 7 PUBLIC CONCLUSION CASE STUDY WHAT LANGUAGES WHY PROGRAMMING CONTEXT PAST FUTURE 100% 0% TIME GROWTH PAST FUTURE 100% 0% TIME GROWTH PAST FUTURE 100% 0% TIME GROWTH CYBER SECURITY RISKS’ PROBABILITY AND IMPACT ARE INCREASING. THEIR ABILITY TO DISRUPT COMPANIES BUSINESS OPERATION HAVE GROWING FINANCIAL, REPUTATIONAL AND LEGAL NEGATIVE CONSEQUENCES + =
  • 8. CYBER SECURITY JOB’S RELEVANCE {elysiumsecurity} cyber protection & response 8 PUBLIC CONCLUSION CASE STUDY WHAT LANGUAGES WHY PROGRAMMING CONTEXT PROGRAMMING KNOWLEDGE BENEFITS MOST MANAGEMENT ROLE MOST ADVISORY ROLE ALL TECHNICAL ROLE How much could knowledge of programming help you be better at your job? ALL MANAGEMENT ROLE ALL ADVISORY ROLE ALL TECHNICAL ROLE PERCEPTION REALITY
  • 9. AUTOMATION {elysiumsecurity} cyber protection & response 9 PUBLIC CONCLUSION CASE STUDY WHAT LANGUAGES WHY PROGRAMMING CONTEXT REPETITIVE TASKS EFFICIENCY SAVE TIME REGEX SEARCH FILTERING PROCESS LARGE VOLUME OF DATA EXTRACT PATTERNS FIND NEEDLE
  • 10. TOOLING {elysiumsecurity} cyber protection & response 10 PUBLIC CONCLUSION CASE STUDY WHAT LANGUAGES WHY PROGRAMMING CONTEXT TOOLS CREATION EFFICIENCY CAPABILITY TOOLS CUSTOMISATION ADAPT AND REUSE
  • 11. REVERSE ENGINEERING {elysiumsecurity} cyber protection & response 11 PUBLIC CONCLUSION CASE STUDY WHAT LANGUAGES WHY PROGRAMMING CONTEXT MALWARE KNOWLEDGE UNDERSTANDING APP ASSESSMENT SUSPICIOUS APP CONTROLS BYPASS
  • 12. EXPLOITS {elysiumsecurity} cyber protection & response 12 PUBLIC CONCLUSION CASE STUDY WHAT LANGUAGES WHY PROGRAMMING CONTEXT VULNERABILITY ASSESSMENT ACCURACY PENETRATION TESTING INCREASED ATTACK SURFACE
  • 13. MANY LANGUAGES TO CHOOSE FROM {elysiumsecurity} cyber protection & response 13 PUBLIC CONCLUSION CASE STUDY WHAT LANGUAGES WHY PROGRAMMING CONTEXT images from exploring-data.com and graphext.com LANGUAGES RELATIONSHIPS MOST USED LANGUAGES
  • 14. MOST USEFUL LANGUAGES {elysiumsecurity} cyber protection & response 14 PUBLIC CONCLUSION CASE STUDY WHAT LANGUAGES WHY PROGRAMMING CONTEXT ANY LANGUAGE IS GOOD! MOST COMMONLY USED LANGUAGES IN CYBER SECURITY PYTHON C/C++ PHP JAVA PERL SHELL SCRIPTS ONCE YOU UNDERSTAND THE CORE PROGRAMMING CONCEPTS YOU CAN UNDERSTAND AND CHANGE ALMOST ANY CODE HTML ASM? RUBY
  • 15. POPULAR CYBER SECURITY PROJECTS EXAMPLES {elysiumsecurity} cyber protection & response 15 PUBLIC CONCLUSION CASE STUDY WHAT LANGUAGES WHY PROGRAMMING CONTEXT POPULAR SECURITY TOOL PURPOSE LANGUAGE BANDIT Python code analyser PYTHON BURP SUITE Web traffic manipulation JAVA HAWKEYE VA Scanner PYTHON MALTEGO Data Visualisation JAVA METASPLOIT VAPT Framework RUBY NIKTO Web scanner PERL NMAP Network scanner C/PYTHON/LUA OPENVAS VA Scanner C RECON-NG OSINT Search PYTHON SATAN (very) old linux scanner PERL SCAPY Network manipulation PYTHON SQLMAP DB Scanner PYTHON WIRESHARK Network analyser C
  • 16. SECURED ANDROID APP NEEDS TO BE TESTED {elysiumsecurity} cyber protection & response 16 PUBLIC CONCLUSION CASE STUDY WHAT LANGUAGES WHY PROGRAMMING CONTEXT CHALLENGE • Need to audit an Android APK app • App does not allow “Routing” and has “Cert pinning” PROGRAMMING SOLUTION • Decompile the code to Java (i.e.: d2j-dex2jar) • Analyse the Java code for security hooks (i.e.: jd-gui) • Decompile the code to SMALI (i.e.: apktool) • Edit the SMALI code to remove the protection (assembly) • Recompile and sign the code • Execute the non-secured code and manually check for issues NON-PROGRAMMING SOLUTION • Use the great MobSF framework to get some automated analysis • Give up / ask for a non-secure version
  • 17. SECURED ANDROID APP NEEDS TO BE TESTED {elysiumsecurity} cyber protection & response 17 PUBLIC CONCLUSION CASE STUDY WHAT LANGUAGES WHY PROGRAMMING CONTEXT JAVA SHELL SCRIPTS ASSEMBLY/SMALI + SHELL SCRIPTS
  • 18. O365 LOGS IP SOURCE IDENTIFICATION {elysiumsecurity} cyber protection & response 18 PUBLIC CONCLUSION CASE STUDY WHAT LANGUAGES WHY PROGRAMMING CONTEXT CHALLENGE • O365 Audit logs list of IP • Identify suspicious IP PROGRAMMING SOLUTION • Export logs as csv • Format csv to extract list of IP • Use IP country mapping API • add countries against each IP • Easily filter with countries of interest NON-PROGRAMMING SOLUTION • Manual IP extraction and resolution • or Pay for extra security add-ons: Risky-sign on, conditional logins, etc
  • 19. O365 LOGS IP SOURCE IDENTIFICATION {elysiumsecurity} cyber protection & response 19 PUBLIC CONCLUSION CASE STUDY WHAT LANGUAGES WHY PROGRAMMING CONTEXT (POWER) SHELL SCRIPT
  • 20. BEWARE {elysiumsecurity} cyber protection & response 20 PUBLIC CONCLUSION CASE STUDY WHAT LANGUAGES WHY PROGRAMMING CONTEXT Wasting time on non essential activities Reinventing a “broken” and less “efficient” wheel i.e.: crypto answer: ”Hello” Customization may lead to medium/long terms support issues
  • 21. TAKE AWAY {elysiumsecurity} cyber protection & response 21 PUBLIC CONCLUSION CASE STUDY WHAT LANGUAGES WHY PROGRAMMING CONTEXT
  • 22. GOING FURTHER {elysiumsecurity} cyber protection & response 22 PUBLIC CONCLUSION CASE STUDY WHAT LANGUAGES WHY PROGRAMMING CONTEXT • https://flatironschool.com/blog/best-programming-languages-cyber- security • https://www.sans.org/cyber-security-courses/automating- information-security-with-python/ • A lot of free resources online, google “free python hacking course”
  • 23. © 2015-2021 ELYSIUMSECURITY LTD ALL RIGHTS RESERVED HTTPS://WWW.ELYSIUMSECURITY.COM CONSULTING@ELYSIUMSECURITY.COM ABOUT ELYSIUMSECURITY LTD. {elysiumsecurity} cyber protection & response ELYSIUMSECURITY PROVIDES A PORTFOLIO OF STRATEGIC AND TACTICAL SERVICES TO HELP COMPANIES PROTECT AND RESPOND AGAINST CYBER SECURITY THREATS. WE DIFFERENTIATE OURSELVES BY OFFERING DISCREET, TAILORED AND SPECIALIZED ENGAGEMENTS. ELYSIUMSECURITY OPERATES IN MAURITIUS AND IN EUROPE, A BOUTIQUE STYLE APPROACH MEANS WE CAN EASILY ADAPT TO YOUR BUSINESS OPERATIONAL MODEL AND REQUIREMENTS TO PROVIDE A PERSONALIZED SERVICE THAT FITS YOUR WORKING ENVIRONMENT. ELYSIUMSECURITY PROVIDES PRACTICAL EXPERTISE TO IDENTIFY VULNERABILITIES, ASSESS THEIR RISKS AND IMPACT, REMEDIATE THOSE RISKS, PREPARE AND RESPOND TO INCIDENTS AS WELL AS RAISE SECURITY AWARENESS THROUGH AN ORGANIZATION. ELYSIUMSECURITY PROVIDES HIGH LEVEL EXPERTISE GATHERED THROUGH YEARS OF BEST PRACTICES EXPERIENCE IN LARGE INTERNATIONAL COMPANIES ALLOWING US TO PROVIDE ADVICE BEST SUITED TO YOUR BUSINESS OPERATIONAL MODEL AND PRIORITIES.