Vulnerability Insight Tips & Tricks - Magno Gomes SE Manager, Core Security

•

0 likes•47 views

Everyone loves a good tip, like using a stick of spaghetti to light a hard to reach candle wick or using Doritos to start a fire. In this session VI users will learn the top tips and tricks for both the GUI and configurations. Along with ingesting router data and using it for attack path identification, users will learn how to quickly use the existing Attack Strategy to first prioritize any immediate critical vulnerabilities, how to setup campaigns for critical assets and tips for report usage and customization. There will also be time for users to share their favorite tips with other attendees. The more we all share, the more value everyone can get from the tool.

Software

CONNECT
2017

Tips
and
Tricks

Vulnerability
Insight
Track

L E A R N M O R E
Magno Gomes
SE
Manager,
Core
Security
• 15+
Years
as
a
SE
in
Network
&
Security
• 7+
Years
@
Core
Security
• Came
from
the
Core
Security
Acquisition
• IMPACT,
VI
&
NI
Specialist

Vulnerability
Insight
Tips
&
Tricks
During
this
Session:
• Live
Walkthrough
of
some
configuration
considerations
• 5-‐10
Minutes
in
each
section
• Q
&
A
after
each
Section
• Final
Q&A
on
general
configuration
or
the
product
in
general
• If
need
we
can
review
particular
areas

AGENDA
• Using
the
Analytics
Tab
• Campaign
Tips
• Attack
Path
Review
• Fine
Tuning
Attack
Strategies
• Live
vs.
Manual
Pen
Test

Using
the
Analytics
Tab
Subtitle
left
• Creating/Saving
Filters
• Tracking
<daily,
weekly,
monthly

scans>
• How
to
omit
older
data
using
filters

and
apply
to
campaigns
• Attack
Path
viewing
(where
to
begin)
• ***
Adding/changing
the
asset

schema
to
adjust
to
more
fields
to

filter
by
and/or
use
for
dynamic

targets

Campaign
Tips
• Review
of
Tagging
and
how
to
use
it
to
properly
show
on

Dashboards
• Rule
of
Thumb
on
when
a
campaign
should
run
after
scan
data

updated

Attack
Path
Review
Subtitle
left
• How
to
pinpoint/isolate
the

attack
paths
on
large

network
diagrams
• Where
to
find
info
on
Attack

Path
campaigns
without

generating
a
report

Fine
Tuning
Attack
Strategies
Subtitle
left
• Which
options
should
be
used?
• How
many
should
be
created?
• Most
Frequent
settings
used:
• How
to
track/find
a
specific
CVE(s)
• Low
Hanging
Fruit

Live
vs
Manual
Pen
Test
Subtitle
left
• What
should
I
use
Live
or
manual
Pentest?
• Quickly
executing
a
PT

and
how
• Things
to
Know

The document summarizes a presentation about the Monitor Transaction Management System for implementing a cashless campus. The system includes a core transaction module, free meal tracking, point of sale (iPOS), online ordering, vending, and reporting capabilities. It allows for a single accounting database, centralized transactional data, and multiple applications from a single source to reduce cash handling, increase spending, provide detailed reports, improve transaction speed, and enhance the student experience. Questions from attendees are invited throughout the presentation.

1 page consulting for security

Tomorrow Growth-for

The document discusses the need for companies to regularly consult security experts and undergo penetration testing, as no single solution can provide perfect security. It recommends starting with firewalls and intrusion prevention systems for basic protection, then adding web application firewalls and SMTP filtering at an intermediate stage. The most advanced approach involves regularly checking systems with penetration tests and analyzing vulnerabilities with security specialists to maximize protection given a company's resources.

Simplifying Analytics - by Novoniel Deb

Novoniel Deb

Transforming CI/CD at ABN AMRO to Accelerate Software Delivery and Improve Se...

DevOps.com

This document summarizes a presentation given by Wiebe de Roos and Stefan Simenon of ABN AMRO bank on their transformation to CI/CD practices to accelerate software delivery. It discusses the challenges ABN AMRO previously faced with long lead times, quality issues, and inefficient processes. It outlines their approach to establish prerequisites like tooling and infrastructure, implement CI/CD pipelines, and change management efforts to shift mindsets. Results included improved code quality, deployment frequency, collaboration, and time to market. It advocates for management support, reducing technical debt, creating a safe environment, and focusing on small, continuous improvements over long-term planning.

Keeping Product Success Metrics in Check by Microsoft Product Lead

Product School

Questions for successful test automation projects

Daniel Ionita

How Healthy is Your Marketo Instance?

Digital Pi - A Merkle Company

Got leads? Know how they came in? Know where they are in your nurture process? Know how to score them? If you answered yes, then bravo! But, it’s most likely that you aren’t quite clear on these answers and lead processes. We find, more times than not, that when it comes to lead management marketers face more questions than answers. So, how do you get clarity on your process and determine where you can improve? Top Tips include: - Why lead management stumps marketers and is one of the most complex processes every business faces - Tricks to uncovering your process based on lessons learned from Digital Pi Client projects - How an assessment works and why, even if you did answer yes to the above, it’s always a good idea to direct, learn, and improve

Setting the Customer's Journey: Make an Impact With Analytics and Journey Maps

BrittanyShear

If you want to offer a better user experience, it can be tempting to track each and every data point in your product. However, this can quickly get complicated and overwhelming as you collect more and more data. How do you know which metrics will help you improve? Kirui K. K., Co-founder & CEO Tanasuk Africa, wants you to know that analytics don't have to be complicated to make an impact - no matter the size of your company. Join him as he explains how to create a customer journey map, then use that map to figure out the metrics you need to know - and how to use them.

This document discusses how adopting Agile practices can help IT projects fail early and with lower costs. It focuses on establishing clear requirements through iterative deliveries. Early demos give customers a chance to provide feedback. The document outlines processes for developing a product vision, roadmap, minimum viable product, and feature set. It emphasizes automating testing to reduce technical debt and costs of supporting the product. Engaging global teams can help establish failures early at lower costs through testing, defect fixing, and support activities.

SCRIMPS-STD: Test Automation Design Principles - and asking the right questions!

Richard Robinson

Experimentation Platform at Netflix

Steve Urban

Governance is Not An Option

spsnyc

Stacy L. Deere-Strole discusses the importance of governance for organizations using Office 365 and SharePoint. Governance involves establishing policies, roles, and processes to guide how an organization works together to achieve its goals using these tools. It is important to get management onboard by explaining examples of issues that can arise without governance and potential returns on investment from implementing it. Key areas that typically need governance are discussed, such as site creation, groups, permissions, and development processes. An effective governance team should include representatives from various roles across the organization.

How to Master your Marketing Data - Cody Crumrine, Data Aptitude

DigiMarCon - Digital Marketing, Media and Advertising Conferences & Exhibitions

The Digital Marketing tech stack is expending every day. With so many tools at our fingertips we have the potential to accomplish more than ever before. But hidden issues with the people, processes, and technology in your dept can lead too lost time, lost opportunity, and invalid decisions. Using real world examples from leading companies around the globe, we'll teach you how to identify gaps in your data landscape, find solutions, and turn them into opportunities using resources you already have.

Fiksu presentation a User Acquisition for Mobile Games: Strategies to Test an...

Fiksu

The document discusses strategies for soft launching a mobile game. A soft launch involves testing a game in specific countries before full global release to improve quality, user experience, and user acquisition. It recommends tracking user behavior and analytics carefully during the soft launch to learn how to optimize the game. Services like Fiksu Soft Launch and Benchmark are introduced that provide advertising and analytics for controlled soft launches to help ensure games are ready before a wide release.

Conferences i/o Features to implement NASBA CPE Standards

John Pytel

DevSecCon London 2017: Shift happens ... by Colin Domoney

DevSecCon

This document discusses how security practices need to shift left to keep up with faster development processes. It suggests that security teams should establish a baseline of their processes, continuously assess findings and provide feedback, and automate testing as much as possible. This will help integrate security earlier in development cycles. It also addresses how security tools need to change to support faster development by making scans nearly instantaneous and improving the user experience. Automating security policies and configurations is important as applications move to microservices architectures. Overall it argues for more collaboration between security and development teams.

Integration strategies best practices- Mulesoft meetup April 2018

Rohan Rasane

The document discusses best practices for integration strategies including using an integration platform, designing integrations, and implementing resiliency patterns. It recommends having an integration platform to provide features like batch processing, loose coupling, reuse, governance, and security. When designing integrations, questions about data, users, transactions, orchestrations, and future needs should be considered. Common resiliency patterns discussed are timeouts, circuit breakers, bulkheads, retries, and idempotency.

FLIGHT WEST 2018 Presentation - Open Source License Management in Black Duck Hub

Black Duck by Synopsys

This document provides an overview of open source license management best practices that have evolved over 16 years, from 2002 to 2018. It discusses how the risks have changed from lawsuits prompting code inspections to security vulnerabilities coming to the forefront. It also outlines the key functionality of Black Duck Hub for managing open source licenses, including predefined license groups, component usage settings, license risk modeling, policy management, license review workflows, and integrations. Finally, it proposes a suggested license management workflow involving license planning, policy creation, component reviews, attribution statements, and more.

Production and Beyond: Deploying and Managing Machine Learning Models

Turi, Inc.

1) Deploying machine learning models into production involves evaluating, monitoring, deploying, and managing models over their lifecycle. 2) Evaluation involves continuously tracking metrics on both historical and live data to determine when models need to be updated. Monitoring involves choosing between existing models, such as by using A/B testing or multi-armed bandits. 3) Dato provides tools to simplify each stage of the machine learning lifecycle from batch training to real-time predictions to continuous evaluation and management of models in production.

How to Use Data to Drive Product Decisions by PayPal PM

Product School

The document summarizes a presentation by a PayPal product manager on using data to drive product decisions. The presentation covers how PayPal's product managers use various data sources and analysis techniques like funnel analysis, cohort analysis, segmentation analysis, and A/B testing to minimize fraud losses while ensuring a good user experience. It provides examples of the types of insights and questions that can be answered through different data analysis approaches to help identify issues, prioritize opportunities, and measure the success and impact of product changes.

Is Test Planning a lost art in Agile? by Michelle Williams

QA or the Highway

This document provides an overview of a presentation on agile test planning. It discusses the challenges of agile requirements and how test strategies serve a purpose beyond a single sprint. It also examines how the agile manifesto relates to planning and the value of test plans in agile. The presentation outlines four testing phases in agile - requirements and design, story/feature verification, system verification, and acceptance. It provides examples of what should be included in a test plan for each phase such as scenarios, automation approach, dependencies, and acceptance criteria.

Maximize the Power of Your ERP Data

Global Creative Group, Inc

The document discusses how to maximize the power of ERP data using G2 software. It describes how G2 interfaces with ERP data and provides dashboards, filters, and management by exception (MBE) tools to analyze large volumes of ERP data. The presentation provides examples of using filters, dashboards, and MBEs to identify issues like decreasing sales. It explains that MBEs automate monitoring of key metrics and only notify users of exceptions, allowing them to focus on business issues rather than reviewing extensive reports. The document argues that G2 tools can help users more effectively monitor business challenges and resource limitations in an evolving marketplace.

Continuous Performance Testing: The New Standard

TechWell

In the past several years the software development lifecycle has changed significantly with high-speed software releases, shared application services, and platform virtualization. The traditional performance assurance approach of pre-release testing does not address these innovations. To maintain confidence in acceptable performance in production, pre-release testing must be augmented with in-production performance monitoring. Obbie Pet describes three types of monitors—performance, resource, and VM platform—and three critical metrics fundamental to isolating performance problems—response time, transaction rate, and error rate. Obbie reviews techniques to acquire and interpret these metrics, and describes how to develop a continuous performance monitoring process. In conjunction with pre-release testing, this monitoring can be woven into a single integrated process, offering a best bet in assuring performance in today’s development world. Take away this integrated process for consideration in your own shop.

Visual studio 2015 - Application Insights

Delta-N

Nadat je, na veel bloed, zweet en tranen, je nieuwste applicatie hebt uitgerold, vraag je misschien af welke functionaliteit gebruikt wordt en of gebruikers tegen bugs aan lopen. Om hier inzicht in te krijgen is het belangrijk om telemetrische code toe te voegen tijdens de ontwikkeling. Wat je precies wil bijhouden over de applicatie hangt sterk af van de applicatie zelf. Of je nu een iOS, Android, of Windows apps hebt, of een J2EE of ASP.NET web applicatie, met behulp van Application Insights kan je deze informatie verzamelen en analyseren. In deze sessie kom je te weten welke mogelijkheden er zijn en hoe snel inzicht krijgt in het gebruik van je applicatie.

2015 02 24 lmtv baselining

Tony Fortunato

The document discusses the importance of baselining network performance and applications. It provides examples of why baselining is useful, such as for educational purposes, understanding typical application behavior, and measuring the impact of changes. The document then describes different methods for capturing baseline data, including using protocol analyzers, SNMP, bandwidth tests, and synthetic transactions. It emphasizes documenting the testing methodology to allow for consistent replication. Overall, the document aims to explain best practices for establishing performance baselines of networks and applications.

Setting Yourself up for Success: Building an Analytics Schema and Data Dictio...

Kissmetrics on SlideShare

If you're considering making the switch to identity based analytics so you can track not only what is happing on your site/app but also who is doing it, then you need to make sure that you set up your data collection correctly. We'll show you some tips for building an analytics schema and data dictionary so that you can manage your implementation with less trouble. We will discuss: Surfacing key business questions to inform your metrics Creating an analytics schema to describe all your events and properties Adding a data dictionary so that the entire organization will be on the same page Best practices for adding properties to the user identity to track events for easy report generation

Usage Trend Reporting

Gainsight

This document discusses analyzing customer usage data trends using Gainsight. It provides an overview of the types of analyses that can be done with Gainsight data, including cause and effect, correlation, and metrics analyses. Examples of questions that can be answered include determining which features successful customers adopt and how implementation methods impact usage. The document reviews steps for building an effective analysis, including starting with an actionable question, determining required data, and choosing a reporting format. Report Builder and dashboards are demonstrated as tools for visualizing analyses in Gainsight.

Advancing Testing Program Maturity in your organization

Ramkumar Ravichandran

This will be presented at the Optimizely's San Francisco User Group session on Oct 4th. As with any program, an A/B Testing Practice also follows a specific maturity curve. Since it is much more complex and spans across various domains and business units, it begins with a "Sell" phase focused on getting buy-in from various stakeholders but with a specific focus on Engineering & QA, followed by "Scale" phase with focus on building team, efficiency and program and then on to "Expand" phase focused on wider scope/complex tests and strengthen the platform, over to the "Deepen" phase where the focus is to ingrain testing within the company's DNA, i.e., within the backend/algorithms, cross pollinate learning and testing across various business units. The final phase is the "Sustain" phase where Algorithmic Test Management takes over Testing, and Testing is productized as a Value Add service for monetization and brand captial creation. We will walk the audience through our own journey so far along the maturity curve, the lessons learnt along the way, the challenges and what worked for us. The session will be rounded up with a working session with the audience on their own journey, lessons and advice for others.

How to Solve the Top 3 Struggles with Identity Governance and Administration ...

Vulnerability Insight Tips & Tricks - Magno Gomes SE Manager, Core Security

Recommended

Recommended

More Related Content

Similar to Vulnerability Insight Tips & Tricks - Magno Gomes SE Manager, Core Security

Similar to Vulnerability Insight Tips & Tricks - Magno Gomes SE Manager, Core Security (20)

More from Core Security

More from Core Security (20)

Recently uploaded

Recently uploaded (20)

Vulnerability Insight Tips & Tricks - Magno Gomes SE Manager, Core Security