В чому різниця між тестами на проникнення, аудитами, та іншими послугами з кібербезпеки

Berezha Security

Berezha Security was founded in 2014 and provides penetration testing services. Penetration test (pentest) - is a controlled simulation of a real hacker attack which reveals the real state of organization's information security and its ability to withstand an attack with minimal losses. Berezha Security was established by the most experienced Ukrainian experts in the field of information security. In our work we use only reliable, proven methodologies and tools, some of which we created ourselves. Due to our own developments and vast experience we were able to significantly reduce the cost of our work and offer our customers high quality services for a perfectly balanced price, which is easy to calculate using the price calculator that is publicly available on the Berezha Security website.

Application Security Webcast

How to transform developers into security people

Developers should be the first line of security defense. Security teams purchase secure coding classes and claim success. Hours of training does not change the developer mindset. When developers hear security, they respond as either unlearned, overworked, apathetic or gung ho. This session will explore why developers reject security and will provide a programmatic approach to answer the challenges. (Source : RSA Conference USA 2017)

Securing 100 products - How hard can it be?

Many companies establish their Secure Development Lifecycle. The adoption of it crucial especially for corporations with dozens of applications. The main challenges they face are the diversity of architecture, dev languages, methodologies, compliance, regulations, etc. This talk will shed light on scaling up and out the application security capabilities and maximizing the software security maturity. (Source : RSA Conference USA 2017)

Collaborative security : Securing open source software

There’s no guarantee that software will ever be free from vulnerabilities, whether it is open source or proprietary, but there is still plenty we can do. The Linux Foundation CTO Nicko van Someren will discuss new tools and techniques that help improve the security and quality of open source projects, presenting data from various open source projects including pre- and post-Heartbleed OpenSSL. (Source : RSA Conference USA 2017)

[Webinar] Building a Product Security Incident Response Team: Learnings from ...

Presented on January 17, 2019 at Raleigh/Durham/RTP - Cloud Security Alliance Chapter (https://www.meetup.com/Raleigh-Durham-RTP-Cloud-Security-Alliance-Chapter/). Over the last several years there has been a steady and increasing march towards shifting applications to the cloud. To keep pace with this cloud adoption, in some cases multi-cloud adoption, security teams need consistent real-time threat visibility over their web applications production. In this talk, we'll discuss some of the foundational concepts that comprise a practical approach to threat visibility and securing applications in the cloud. In addition, extending visibility to breaches in progress, deception can be a valuable layer in your defense in depth strategy. We'll discuss the concept of deception and how it can be deployed in the cloud. Overall, the audience will gain a greater insight into application security and deception for the cloud. As we head into 2019, we need to prepare for a year that will prove these concepts are critical for defending deployments in the cloud.

A worldwide journey to build a secure development environment

We know we need to identify and protect critical assets. But how? If your company develops a multitude of hardware and software products in a global environment it is very challenging. This session will describe how we approached the design and building of a Secure Development Environment (SDE), giving you a jump start your own SDE using our lessons learned to help balance security and productivity. (Source : RSA Conference USA 2017)

The left is not wrong, just not right; It's time to shift right!

In the last few years of AppSec and DevOps, we've heard the calls to shift left. But how far left can we go, and is it really going to help eliminate exploitable bugs or scale your AppSec program? What if we consider a different direction, shifting right! Can a focus on shifting to the right be more effective in mitigating real-world threats and prioritization? In this presentation, I'll explore these questions and propose concepts that show why shifting right is right! 

Shift Left. Wait, what? No, Shift Right!!!

Ops Happen: Improve Security Without Getting in the Way

Security at Scale - Lessons from Six Months at Yahoo

Alex Stamos

Deception in Cyber Security (League of Women in Cyber Security)

The R.O.A.D to DevOps

SecOps Armageddon: A look into the future of security & operations

DEVSECOPS: Coding DevSecOps journey

Jason Suttie

Silver Lining for Miles: DevOps for Building Security Solutions

Amy DeMartine - 7 Habits of Rugged DevOps

[1.1] Почему вам стоит поучаствовать в жизни OWASP Russia - Александр Антух

OWASP Russia

5 Tips to Successfully Running a Bug Bounty Program

Secure Software Development Lifecycle - Devoxx MA 2018

Imola Informatica

Mobile Application Security Threats through the Eyes of the Attacker

7 Bug Bounty Myths, BUSTED

View this ondemand webinar here: https://pages.bugcrowd.com/7-bug-bounty-myths-busted-ondemand-webinar About the content: Despite thousands of large and small organizations running bug bounty programs, there is still a lot of fear and uncertainty about these in the cybersecurity community. In this recorded webinar we will explore 7 myths about Bug Bounty programs, the hackers who are involved, and the impact they are having on the security posture of organizations around the world. After viewing this presentation and ondemand webinar you will: 1. Learn if a bug bounty program is right for your organization 2. Understand if a bug bounty encourages hackers to attack your systems 3. Explore the real benefits of bug bounty programs – and find out if they actually work 4. Get insight on whether these programs are too hard and costly to manage

Pivotal APJ Security Chaos Engineering

Aaron Rinehart

Modern systems pose a number of thorny challenges and securing the transformation from legacy monolithic systems to distributed systems demands a change in mindset and engineering toolkit. The security engineering toolkit is unfortunately out-of-style and outdated with today's approach to building, security and operating distributed systems. Distributed systems at scale have unpredictable and complex outcomes that are costly when security incidents occur. The speed, scale, and complex operations within microservice architectures make them tremendously difficult for humans to mentally model their behavior. If the latter is even remotely true how is it possible to adequately secure services that are not even fully comprehended by the engineering teams that built them. How do we realign the actual state of operational security measures to maintain an acceptable level of confidence that our security actually works.

New Era of Software with modern Application Security (v0.6)

Dinis Cruz

Description: This presentation will start with an overview of the current state of Application Insecurity (with practical examples). This will make the attendees think twice about what is about to happen to their applications. The solution is to leverage a new generation of application security thinking such as: TDD, Docker, Test Automation, Static Analysis, cleaver Fuzzing, JIRA Risk workflows, Kanban, micro web services visualization, and ELK. These practices will not only make applications/software more secure/resilient, but it allow them to be developed in a much more efficient, cheaper and productive way. The v.06 was presented at London Software Craftsmanship Community on 18/Feb/2016 - http://www.meetup.com/london-software-craftsmanship/members/184071944/ The v.0.6 was presented at the OWASP London Chapter meeting on 25t/Feb/2016

Getting to Know Security and Devs: Keys to Successful DevSecOps

Franklin Mosley

Integration into the Secure SDLC Process.ppt

Imam Halim Mursyidin

Secure Application Development Trainingpivotalsecurity

What's hot

CSA Raleigh application security and deception in the cloud

A worldwide journey to build a secure development environment

The left is not wrong, just not right; It's time to shift right!

Shift Left. Wait, what? No, Shift Right!!!

Ops Happen: Improve Security Without Getting in the Way

Security at Scale - Lessons from Six Months at Yahoo

Alex Stamos

Deception in Cyber Security (League of Women in Cyber Security)

The R.O.A.D to DevOps

SecOps Armageddon: A look into the future of security & operations

DEVSECOPS: Coding DevSecOps journey

Jason Suttie

Silver Lining for Miles: DevOps for Building Security Solutions

Amy DeMartine - 7 Habits of Rugged DevOps

[1.1] Почему вам стоит поучаствовать в жизни OWASP Russia - Александр Антух

OWASP Russia

5 Tips to Successfully Running a Bug Bounty Program

Secure Software Development Lifecycle - Devoxx MA 2018

Imola Informatica

Mobile Application Security Threats through the Eyes of the Attacker

7 Bug Bounty Myths, BUSTED

Pivotal APJ Security Chaos Engineering

Aaron Rinehart

New Era of Software with modern Application Security (v0.6)

Dinis Cruz

Getting to Know Security and Devs: Keys to Successful DevSecOps

Franklin Mosley

What's hot (20)

CSA Raleigh application security and deception in the cloud

A worldwide journey to build a secure development environment

The left is not wrong, just not right; It's time to shift right!

Shift Left. Wait, what? No, Shift Right!!!

Ops Happen: Improve Security Without Getting in the Way

Security at Scale - Lessons from Six Months at Yahoo

Deception in Cyber Security (League of Women in Cyber Security)

The R.O.A.D to DevOps

SecOps Armageddon: A look into the future of security & operations

DEVSECOPS: Coding DevSecOps journey

Silver Lining for Miles: DevOps for Building Security Solutions

Amy DeMartine - 7 Habits of Rugged DevOps

[1.1] Почему вам стоит поучаствовать в жизни OWASP Russia - Александр Антух

5 Tips to Successfully Running a Bug Bounty Program

Secure Software Development Lifecycle - Devoxx MA 2018

Mobile Application Security Threats through the Eyes of the Attacker

7 Bug Bounty Myths, BUSTED

Pivotal APJ Security Chaos Engineering

New Era of Software with modern Application Security (v0.6)

Getting to Know Security and Devs: Keys to Successful DevSecOps

Similar to В чому різниця між тестами на проникнення, аудитами, та іншими послугами з кібербезпеки

Integration into the Secure SDLC Process.ppt

Imam Halim Mursyidin

Secure Application Development Trainingpivotalsecurity

O'Reilly SACon 2019 - (Continuous) Threat Modeling - What works?

Izar Tarandach

Agnitio: its static analysis, but not as we know it

Security BSides London

BSidesLondon 20th April 2011 - David Rook (@securityninja) ----------------------- This demonstration filled talk will start by discussing the problems with the security code review approaches most people follow and the reasons why I created Agnitio. This will include a look at existing manual and automated static analysis procedures and tools. The talk will move onto exploring the Principles of Secure Development and how the principles have been mapped to over 60 different checklist items in Agnitio. ---- for more about David go to http://www.securityninja.co.uk/ ---- for more about Agnito go to http://sourceforge.net/projects/agnitiotool/

CyberSecurity Portfolio Management

Eturnti Consulting Pvt Ltd

Problems: - What Security Products Do We Really Need & Don’t? - How do we Identify Gaps & Overlaps in Portfolio? - How do we define our Security Products Strategy? - What security products can be replaced or dropped? - How do we understand & categorize security vendors using a standardized approach? - How do we make the optimal use of my existing cybersecurity products portfolio?

Shift Left Security – Guidance on embedding security for a Digital Transforma...

Yazad Khandhadia

Vulnerability Ass... Penetrate What?

Jorge Orchilles

What Every Developer And Tester Should Know About Software Security

Anne Oikarinen

Software security is best built in. This presentation introduces three essential things to help you design more secure software. In order to have a secure foundation, you can create and select security requirements for your applications using evil user stories and utilizing existing material for example from OWASP. Another useful skill is threat modeling which helps you to assess security already in the design phase. Threat modeling helps you deliver better software, prioritize your preventive security measures, and focus penetration testing to the most risky parts of the system. The presentation covers various methods, such as the STRIDE model, for finding security and privacy threats. You will also learn what kind of security related testing you can do without having any infosec background.

OWASP: Building Secure Web Apps

mlogvinov

Application Security on a Dime: A Practical Guide to Using Functional Open So...

POSSCON

Security Code ReviewAung Khant

Charting a Career in Information Security - August 2020

JayTymchuk

Agile Relevance in the age of Continuous Everything ....

Agile has made it possible to deliver a lot product lines and service lines almost like instant coffee , tea and instant everything. It has created a lot of diverse needs especially the need to keep pace with Dev and Operations and everything is expected to continuous along the pipeline without breaking anything along the way. This would mean features , security , builds , releases and the whole nine yards that go with putting your app or product out there. We shall look at DEVSECOPS along with why everything else associated with this initiative that needs to be continuous . Without this mindset agile shall be a term that shall not have much of relevance let alone deliver a product or feature in the best quality and time frame.

NTXISSACSC2 - Software Assurance (SwA) by John Whited

North Texas Chapter of the ISSA

John Whited, Principal Engineer, Raytheon Software Assurance Software Assurance (SwA) is also known by many other names -- application security, software security, secure application development, and others. The numbers vary from study to study, but a vast majority of cyber-attacks at least involve an element of attack on one or more software applications. Fundamentally, SwA provides a level of confidence that software is free from vulnerabilities, either intentionally designed into the software or accidentally inserted at any time during its lifecycle, and that the software functions in the intended manner. SwA is a development lifecycle endeavor requiring the participation of many disciplines. This presentation will explore some of the best practices in secure software development across its lifecycle.

OWASP

Pen Testeronyguy

Cost Effective Web Application Testing

Hari Pudipeddi

Cost effective web application testing

Harinath Pudipeddi

Cost effective web application testingHarinath Pudipeddi

Succeeding-Marriage-Cybersecurity-DevOps finalrkadayam

OISF - AppSec Presentation

ThreatReel Podcast

Similar to В чому різниця між тестами на проникнення, аудитами, та іншими послугами з кібербезпеки (20)

Integration into the Secure SDLC Process.ppt

Secure Application Development Training

O'Reilly SACon 2019 - (Continuous) Threat Modeling - What works?

Agnitio: its static analysis, but not as we know it

CyberSecurity Portfolio Management

Shift Left Security – Guidance on embedding security for a Digital Transforma...

Vulnerability Ass... Penetrate What?

What Every Developer And Tester Should Know About Software Security

OWASP: Building Secure Web Apps

Application Security on a Dime: A Practical Guide to Using Functional Open So...

Security Code Review

Charting a Career in Information Security - August 2020

Agile Relevance in the age of Continuous Everything ....

NTXISSACSC2 - Software Assurance (SwA) by John Whited

OWASP

Cost Effective Web Application Testing

Cost effective web application testing

Succeeding-Marriage-Cybersecurity-DevOps final

OISF - AppSec Presentation

More from Vlad Styran

Human is an amateur; the monkey is an expert. How to stop trying to secure yo...

Threat Modeling 101

BSides Kharkiv 2018: Social-engineering your quality of work, personal, and s...

Sigma Open Tech Week: Bitter Truth About Software Security

NoNameCon partnership opportunities

Exhibit your support to the Cyber Security community Grow your employer brand at a high demand job market Increase user base of your professional products and services Extend your professional social network Meet new partners and old friends Find new business opportunities Increase your brand visibility Showcase your expertise Share your experience Help Ukraine’s Cyber Security industry grow and prosper! Contact us to know more: sponsors@nonamecon.org

BruCON 0x09 Building Security Awareness Programs That Don't Suck

Организация, культура, и управление кибер-безопасностью

Cybersecurity Framework 021214 Final UA

Fantastic Beasts and where to hide from them

Кібер-Шмібер

Recon-Fu @BsidesKyiv 2016

#root это только начало

Путевые заметки социального инженера

Наступательная безопасность: шпаргалка заказчика тестов на проникновение

Построение Secure Development Lifecycle

Использование приватных, публичных и гибридных облаков для обеспечения информ...

Центр оперативного управления информационной безопасностьюVlad Styran

Прелюдия к атаке: практика и автоматизация OSINTVlad Styran

Next generation pentest your company cannot buyVlad Styran

правда про ложь