ExpoQA19 slides security awareness Steven Nienhuis

•Download as PPTX, PDF•

0 likes•68 views

steavy

The Hackers Eyes

Presentations & Public Speaking

#expoQA19
Security Awareness “The Hackers Eyes”
Steven Nienhuis
https://www.slideshare.net/steavy

#expoQA19
Agenda
1. Goal of this presentation
2. Steps for a succesful hack (part 1)
3. Nowadays security threats by WiFi connections
4. Steps for a succesful hack (part 2)
5. Security inside Agile Teams
6. Questions

#expoQA19Steps for a succesful hack
1. Reconnaissance
Reconnaissance

#expoQA19Steps for a succesful hack
1. Reconnaissance
2. Scanning Reconnaissance
Scanning

#expoQA19Steps for a succesful hack
1. Reconnaissance
2. Scanning
3. Gaining Access
Reconnaissance
Scanning
Gaining Access

#expoQA19Steps for a succesful hack
1. Reconnaissance
2. Scanning
3. Gaining Access
4. Maintaining Access
Reconnaissance
Scanning
Gaining Access
Maintaining Access

#expoQA19Steps for a succesful hack
1. Reconnaissance
2. Scanning
3. Gaining Access
4. Maintaining Access
5. Clearing Tracks
Reconnaissance
Scanning
Gaining Access
Maintaining Access
Clearing Tracks

#expoQA19Security threats by WiFi connections
Open WiFi network to join:
FreeWifiExpoQA19

#expoQA19Security threats by WiFi connections

#expoQA19Security priority inside Agile Teams
1. Focus on non-functional requirements during refinement sessions

#expoQA19Security priority inside Agile Teams
1. Focus on non-functional requirements during refinement sessions
2. Knowledge of security aspects inside Agile Teams

#expoQA19
Top tip
• OWASP checklist - https://www.owasp.org/index.php/Top_10-2017_Top_10
Advanced
• Burpsuite - https://portswigger.net/burp
• OWASP Zed Attack Proxy - https://www.zaproxy.org/

Similar to ExpoQA19 slides security awareness Steven Nienhuis

#ATAGTR2018 Presentation "Decoding Security in DevSecOps" by Meghashyam Varan...

Agile Testing Alliance

Security Champions - Introduce them in your Organisation

Ives Laaf

How can you squeeze Security into DevOps? Security is often an understaffed function, so how can you leverage what you have in DevOps to improve your security posture? Often the culture clash between Security and Development is even more prominent than between Development and Operations. Understanding the differences in how these functions work, and leveraging their similarities, will reveal processes already in place that can be used to improve security. This fine tuning of tools and processes can give you DevSecOps on a shoestring.

DevSecOps for Developers, How To Start (ETC 2020)

Patricia Aas

How to make the agile team work with security requirements? To get secure coding practices into agile development is often hard work. A security functional requirement might be included in the sprint, but to get secure testing, secure architecture and feedback of security incidents working is not an easy talk for many agile teams. In my role as Scrum Master and security consultant I have developed a recipe of 7 steps that I will present to you. Where we will talk about agile secure development, agile threat modelling, agile security testing and agile workflows with security. Many of the steps can be made without costly tools, and I will present open source alternatives for all steps. This to make a test easier and to get a lower startup of your teams security process.

Agile Secure Development

Bosnia Agile

The traditional approach for security management fails in agile development projects. We summarize the cause of this failure and propose a new Agile Security Engagement Model (ASEM) to solve the issues. This model is risk-driven, supportive and robust. It embraces important innovations, such as a security services catalogue and continuous monitoring. This way of working helps organizations to properly address information security in agile environments. Main points that have been covered are: • Four false assumptions that make the traditional security approach fail • ‘Feet in the mud’ with the Agile Security Engagement Model (ASEM) • Explanation of the innovations in this Agile Security approach Presenter: Pascal de Koning is qualified as Information Security professional. He has the wide experience as a consultant and fills in the role of the security officer at various companies. Pascal is an active member of the Security Forum of The Open Group. Link of the recorded session published on YouTube: https://youtu.be/08Se5Ta65v8

A New Security Management Approach for Agile Environments

PECB

Security process should be integrated with SDLC well to be successful. While many companies have already moved from Waterfall to Agile methodologies security remains behind more often than not. We have demonstrated in our presentation how security can move to agile by utilizing open source tools, customizing them to meet our needs and to implement a continuos security testing using dynamic scanners as well as manual testing. It’s very important also to assure that false positives are not fed to the developers bug tracking systems and to assign a severity for each finding correctly. To make it happen we import all our findings to a security dashboard and review them before exporting to a bug tracking system.

Making Security Agile

Oleg Gryb

Demo 1: https://www.youtube.com/watch?v=cpnrCkj1308 Demo 2: https://www.youtube.com/watch?v=JmtjtiI3-fc Demo 2 1/2: https://www.youtube.com/watch?v=KRdNbYbJSiI Demo 3: https://www.youtube.com/watch?v=6gB-upKXTZ4 Automated adversary simulation is often perceived as a hard, dangerous and complicated program to implement and run. Fear no longer, our methodology and tooling will let you test and measure your defenses throughout your production environment to test not only your detection rule’s resilience but the whole event pipeline as well as your team’s response procedures. In this talk, we’ll share with the audience the open source tools we built and the methodology we use that will allow them to hit the ground running at nearly no cost.

Defcon Blue Team Village 2020: Purple On My Mind: Cost Effective Automated Ad...

Mauricio Velazco

Ethical Hacking Conference 2015- Building Secure Products -a perspective

Dr. Anish Cheriyan (PhD)

Delivering small and fast means we are more frequently introducing new vulnerabilities. We're facing new threats that come from cloud computing and the internet of things.Traditional cycles of pentests and code reviews are not keeping up. DevSecOps focuses on integrating security in our processes and teams. Automate first and fail fast will help build security in, and will also support the growth of awareness in the teams. Kim will show the practical lessons learned from her journey. Get an overview of the current continuous security landscape and the practical insights and pitfalls.

Kim van Wilgen - Continuous security - Codemotion Amsterdam 2019

Codemotion

2020 FRSecure CISSP Mentor Program - Class 10

FRSecure

Title: Why Script Kiddies Succeed Event: 12th Annual Central Ohio InfoSec Summit Date: May 23, 2019 Speaker: Matt Scheurer Abstract: Some offensive security tools have become so user friendly and simple that the barrier to compromising vulnerable systems has become trivial. We will use Kali Linux, SPARTA, OWASP ZAP, and Armitage to demonstrate just how easy exploiting some vulnerabilities has become. The takeaways will be on vulnerability scanning systems in your environment and Proof-of-Concept those findings to help improve your overall security posture. Eliminating the low hanging fruit of vulnerabilities in an environment will help harden those systems against low-skill attackers and receive more mature and meaningful findings from penetration tests. Bio: Some offensive security tools have become so user friendly and simple that the barrier to compromising vulnerable systems has become trivial. We will use Kali Linux, SPARTA, OWASP ZAP, and Armitage to demonstrate just how easy exploiting some vulnerabilities has become. The takeaways will be on vulnerability scanning systems in your environment and Proof-of-Concept those findings to help improve your overall security posture. Eliminating the low hanging fruit of vulnerabilities in an environment will help harden those systems against low-skill attackers and receive more mature and meaningful findings from penetration tests.

Central Ohio InfoSec Summit: Why Script Kiddies Succeed

ThreatReel Podcast

Agile security

Arthur Donkers

Continuous deployment and the DevOps philosophy have forever changed the ways in which businesses operate. This talk with discuss how security adapts effectively to these changes, specifically covering: - Practical advice for building and scaling modern AppSec and NetSec programs - Lessons learned for organizations seeking to launch a bug bounty program - How to run realistic attack simulations and learn the signals of compromise in your environment

Building a Modern Security Engineering Organization

Zane Lackey

Seacon Continuous Delivery Pipeline Tools Track

Mark Rendell

How GitLab and HackerOne help organizations innovate faster without compromis...

HackerOne

Sandboxing in .NET CLR

Mikhail Shcherbakov

Agile development methodologies have brought with them a myriad of challenges for security engineers. Old school application security testing no longer keeps pace with the rapid deployment of code, fast moving projects and change of requirements. This presentation aims to introduce how we security engineers are adapting to integrate application security testing and tools into the software development process and discuss the new role of QA engineer in taking ownership too of security of the product.

Application security testing in the age of Agile development - by Julio Cesar...

Blaze Information Security

In this webinar, we focus specifically on how Apache SHIRO can help developers in providing better security architecture. You will also learn the following Application security is gaining critical attention due to increase in cyber-attacks and risks of business and financial losses. In the context of J2EE development and Java web application development, security concerns are addressed through multiple means. This informative 45 min session to understand approaches and strategies for building secure web applications. - Planning for Security: Authentication, Authorization, Session Management and Cryptography - Comparing Different Approaches for Security: JAAS, Spring, Grails - How to use the simplified universal approach of Apache SHIRO - A LIVE DEMO on using SHIRO to secure web applications If you have any query please write to us at inquiry@cygnet-infotech.com

J2EE Security with Apache SHIRO

Cygnet Infotech

Kim van Wilgen - Continuous security - Codemotion Rome 2019

Codemotion

Year Zero

leifdreizler

Recently uploaded

BEAUTIFUL PLACES TO VISIT IN LESOTHO.pptx

thusosetemere

I had the honour of presenting my reflections on the autobiography of Professor Isaac Folorunso Adewole, titled "Uncommon Grace." As someone deeply invested in documentation and history, I found Professor Adewole's decision to narrate his journey from humble beginnings to occupying one of the highest offices in the land both inspiring and invaluable. In this eloquently written memoir, Professor Adewole provides a comprehensive account of his life, from his ancestral roots to his time as Minister of Health in Nigeria. The unique aspect of this autobiography is that he portrayed himself authentically without taking the help of third-party narratives, which is often seen in accounts of high-ranking officials. His upbringing was greatly influenced by his father's commitment to education. He became a prominent figure in advocating for the rights of the underprivileged through trade unionism. His story is one of unwavering determination, resilience, and faith. His experiences, including both successes and struggles, provide priceless lessons on leadership, perseverance, and the alignment of personal values with public service. While reading "Uncommon Grace," I was struck by the deep leadership lessons that are embedded within its chapters. Professor Adewole stresses the importance of inclusivity, servant leadership, and planning, which are all highly relevant in today's complex world. His commitment to accountability, as well as his primary responsibility as a researcher, serves as a guiding light for aspiring leaders across various disciplines. During his tenure as the Vice Chancellor of the University of Ibadan, he led with visionary leadership and transformative impact. His accomplishments have been meticulously documented in the book, which can serve as a blueprint for rejuvenating institutions and promoting academic excellence. In the latter part of his autobiography, Professor Adewole shares his experiences as a Minister, detailing the challenges he faced while serving the public with integrity and courage. His reflections on the complexities of public service, coupled with his commitment to the well-being of the nation, offer practical insights for policymakers and citizens alike. I have carefully read "Uncommon Grace" and it is more than just a memoir. It is a timeless book that is hard to put down once you start reading. While intellectuals may continue to debate whether uncommon grace was made possible by uncommon preparation or the other way around, I applaud Professor Adewole for sharing his ideas, knowledge, and experience with the public. I highly recommend this book to everyone.

Uncommon Grace The Autobiography of Isaac Folorunso

Kayode Fayemi

Introduction to Artificial intelligence.

thamaeteboho94

call Now VIP Female Most Attractive Independent Call Girls Service In All Mumbai That Can Make Every Moment You Spend With Me Full Of Pleasure ★ SAFE AND SECURE HIGH CLASS SERVICE AFFORDABLE RATE SATISFACTION,UNLIMITED ENJOYMENT. ★ All Meetings are confidential and no information is provided to any one at any cost. ★ EXCLUSIVE PROFILes Are Safe and Consensual with Most Limits Respected ★ Service Available In: - HOME & HOTEL Star Hotel Service .In Call & Out call SeRvIcEs : ★ A-Level (star escort) ★ Strip-tease ★ BBBJ (Bareback Blowjob)Receive advanced sexual techniques in different mode make their life more pleasurable. ★ Spending time in hotel rooms ★ BJ (Blowjob Without a Condom) ★ Completion (Oral to completion) ★ Covered (Covered blowjob Without condom SAFE AND SECURE WhatsApp Call Number

Call Girls Near The Byke Suraj Plaza Mumbai »¡¡ 07506202331¡¡« R.K. Mumbai

Priya Reddy

User research literature widely assumes that researchers should build empathy for their users, and that this will enable companies to design better experiences. Businesses point to UX research as the empathy in their company ethos. But when we talk about empathy in a business context, what do we really mean? Is it reasonable to expect researchers to empathize with every person they interview? Is it even productive? In this presentation, I will discuss why empathy is not what drives business and makes researchers good advocates for our users. We will first look at the literal and theoretical definitions of empathy in user experience research, then draw from that definition what businesses are ultimately in search of—rightly or wrongly—when they bring UX research into the process. We will talk about how it may not only be impossible to achieve true empathy, but also that “being empathetic” may not make researchers better advocates for the user. I will argue that we should reframe our goal as compassion, an action-driven, thoughtful, and achievable north star that leverages core researcher talents and better communicates user needs.

"I hear you": Moving beyond empathy in UXR

Megan Campos

ECOLOGY OF FISHES.pptx full presentation

FahadFazal7

History of Morena Moshoeshoe birth death

phntsoaki

SOLID WASTE MANAGEMENT SYSTEM OF FENI PAURASHAVA, BANGLADESH.pdf

Mahamudul Hasan

Klinik_ Apotek Onlin 085657271886 Solusi Menggugurkan Masalah Kehamilan Anda Jual Obat Aborsi Di Jakarta. KLINIK ABORSI TERPEECAYA _ Jual Obat Aborsi Cytotec Misoprostol Asli 100% Ampuh Hanya 3 Jam Langsung Gugur || OBAT PENGGUGUR KANDUNGAN AMPUH MANJUR OBAT ABORSI OLINE" APOTIK Jual Obat Cytotec, Gastrul, Gynecoside Asli Ampuh. JUAL ” Obat Aborsi Tuntas | Obat Aborsi Manjur | Obat Aborsi Ampuh | Obat Penggugur Janin | Obat Pencegah Kehamilan | Obat Pelancar Haid | Obat terlambat Bulan | Ciri Obat Aborsi Asli | Obat Telat Bulan | Pil Aborsi Asli | Cara Menggugurkan Konten | Cara Aborsi Tuntas | Harga Obat Aborsi Asli | Pil Aborsi | Jual Obat Aborsi Cytotec | Cara Aborsi Sendiri | Cara Aborsi Usia 1 Bulan | Cara Aborsi Usia 2 Tahun | Cara Aborsi Usia 3 Bulan | Obat Aborsi Usia 4 Bulan | Cara Abrasi Usia 5 Bulan | Cara Menggugurkan Konten | Kandungan Obat Penggugur | Cara Menghitung Usia Konten | Cara Mengatasi Terlambat Bulan | Penjual Obat Aborsi Asli | Obat Aborsi Garansi | Kandungan Obat Peluntur | Obat Telat Datang Bulan | Obat Telat Haid | Obat Aborsi Paling Murah | Klinik Jual Obat Aborsi | Jual Pil Cytotec | Apotik Jual Obat Aborsi | Kandungan Dokter Abrasi | Cara Aborsi Cepat | Jual Obat Aborsi Bergaransi | Jual Obat Cytotec Asli | Obat Aborsi Aman Manjur | Obat Misoprostol Cytotec Asli. "APA ITU ABORSI" “Aborsi Adalah dengan membendung hormon yang di perlukan untuk mempertahankan kehamilan yaitu hormon progesteron, karena hormon ini dibendung, maka jalur kehamilan mulai membuka dan leher rahim menjadi melunak,sehingga mengeluarkan darah yang merupakan tanda bahwa obat telah bekerja || maksimal 1 jam obat diminum || PENJELASAN OBAT ABORSI USIA 1 _7 BULAN Pada usia kandungan ini, pasien akan merasakan sakit yang sedikit tidak berlebihan || sekitar 1 jam ||. namun hanya akan terjadi pada saatdarah keluar merupakan pertanda menstruasi. Hal ini dikarenakan pada usiakandungan 3 bulan,janin sudah terbentuk sebesar kepalan tangan orang dewasa. Cara kerja obat aborsi : JUAL OBAT ABORSI AMPUH dosis 3 bulan secara umum sama dengan cara kerja || DOSIS OBAT ABORSI 2 bulan”, hanya berbedanya selain mengisolasijanin juga menghancurkan janin dengan formula methotrexate dikandungdidalamnya. Formula methotrexate ini sangat ampuh untuk menghancurkan janinmenjadi serpihan-serpihan kecil akan sangat berguna pada saat dikeluarkan nanti. APA ALASAN WANITA MELAKUKAN ABORSI? Aborsi di lakukan wanita hamil baik yang sudah menikah maupun belum menikah dengan berbagai alasan , akan tetapi alasan yang utama adalah alasan-alasan non medis (termasuk aborsi sendiri / di sengaja/ buatan] MELAYANI PEMESANAN OBAT ABORSI SETIAP HARI, SIAP KIRIM KESELURUH KOTA BESAR DI INDONESIA DAN LUAR NEGERI. HUBUNGI PEMESANAN LEBIH NYAMAN VIA WA/: 085657271886

Jual obat aborsi Jakarta 085657271886 Cytote pil telat bulan penggugur kandun...

ZurliaSoop

Digital collaboration with Microsoft 365 as extension of Drupal

Fabian de Rijk

He said to them, “Go into all the world and preach the gospel to all creation. Whoever believes and is baptized will be saved, but whoever does not believe will be condemned. And these signs will accompany those who believe: In my name they will drive out demons; they will speak in new tongues; they will pick up snakes with their hands; and when they drink deadly poison, it will not hurt them at all; they will place their hands on sick people, and they will get well.” After the Lord Jesus had spoken to them, he was taken up into heaven and he sat at the right hand of God. Then the disciples went out and preached everywhere, and the Lord worked with them and confirmed his word by the signs that accompanied it. Mark 16:15-20

Ready Set Go Children Sermon about Mark 16:15-20

rejz122017

ChatGPT emerged as a conversational technology that should make you productive and increase your value. ChatGPT, as a trained model, can process our natural human language and generate a response. However, only some of the completion outputs are entirely correct. As a developer, you can use ChatGPT as one of your tools, just like you use Google as one of your search tools. Also, an important question everyone should consider is whether we should use these tools.

Using AI to boost productivity for developers

Teri Eyenike

Proofreading: Basics to Artificial Intelligence Integration. Become a Professional Proofreader and Editor Leveraging Human Expertise and Artificial Intelligence (AI) Technology and Tools. Table of Contents MODULE 1: INTRODUCTION TO PROOFREADING What is proofreading, and how is it different from editing? The importance of proofreading in publishing and communication Types of materials that require proofreading (books, articles, websites, legal documents, etc.) Proofreading marks and symbols MODULE 2: DEVELOPING PROOFREADING SKILLS MODULE 3: PROOFREADING TECHNIQUES Preparing for the proofreading process (setting up the workspace, tools, etc.) Reading techniques (line-by-line, word-by-word, backwards reading) Using proofreading checklists and guidelines Cross-checking against style guides and reference materials Marking up corrections and queries MODULE 4: PROOFREADING DIFFERENT TYPES OF CONTENT Proofreading fiction and non-fiction books Fiction Books: Non-Fiction Books: Proofreading academic and scientific papers Proofreading legal and business documents Proofreading websites and digital content Proofreading marketing and advertising materials MODULE 5: PROOFREADING TOOLS AND RESOURCES MODULE 6: PROOFREADING WORKFLOWS AND BEST PRACTICES MODULE 7: BUILDING A SUCCESSFUL PROOFREADING CAREER MODULE 8: AI TEXT EDITING AND PROOFREADING Benefits and limitations of AI in this field Benefits of AI in Proofreading: Limitations of AI in Proofreading: Examples of AI-powered text editing and proofreading tools Combining AI with Human Expertise AI Ethics and Bias in Text Editing Future Trends and Developments in AI Text Editing This cutting-edge course equips you with the essential skills and tools to become a proofreading pro in the age of AI technology. Designed for writers, editors, content creators, and anyone seeking to elevate their proofreading game, this masterclass combines time-tested proofreading techniques with the latest AI-powered text editing solutions. Through in-depth modules, you will master the art of proofreading, from developing razor-sharp attention to detail to mastering grammar, punctuation, and style guidelines. This masterclass also dives deep into the world of AI text editing. You’ll discover how AI-powered tools can aid in grammar and style checking, context-aware spell checking, consistency management, content optimization, and more. You will learn to seamlessly integrate AI tools into your proofreading workflows, combining the best of human expertise and AI technology for unparalleled results. Finally, this course will help you discover how to harness the power of AI to streamline your proofreading workflows, enhance accuracy, and deliver impeccable content every time, thanks to advanced proofreading techniques, such as line-by-line reading, backward reading, and cross-checking against reference materials, ensuring no error goes unnoticed.

Proofreading- Basics to Artificial Intelligence Integration - Presentation:Sl...

David Celestin

BIG DEVELOPMENTS IN LESOTHO(DAMS & MINES

futhumetsaneliswa

Abortion Pills Fahaheel ௹+918133066128💬@ Safe and Effective Mifepristion and ...

Abortion pills in Kuwait Cytotec pills in Kuwait

ICT role in 21st century education and it's challenges.pdf

Islamia university of Rahim Yar khan campus

in kuwait௹+918133066128....) @abortion pills for sale in Kuwait City

Abortion pills in Kuwait Cytotec pills in Kuwait

• For a full set of 390+ questions. Go to https://skillcertpro.com/product/aws-data-engineer-associate-dea-c01-exam-questions/ • SkillCertPro offers detailed explanations to each question which helps to understand the concepts better. • It is recommended to score above 85% in SkillCertPro exams before attempting a real exam. • SkillCertPro updates exam questions every 2 weeks. • You will get life time access and life time free updates • SkillCertPro assures 100% pass guarantee in first attempt.

AWS Data Engineer Associate (DEA-C01) Exam Dumps 2024.pdf

SkillCertProExams

lONG QUESTION ANSWER PAKISTAN STUDIES10.

lodhisaajjda

LITTLE ABOUT LESOTHO FROM THE TIME MOSHOESHOE THE FIRST WAS BORN

tntlai16

Recently uploaded (20)

BEAUTIFUL PLACES TO VISIT IN LESOTHO.pptx

Uncommon Grace The Autobiography of Isaac Folorunso

Introduction to Artificial intelligence.

Call Girls Near The Byke Suraj Plaza Mumbai »¡¡ 07506202331¡¡« R.K. Mumbai

"I hear you": Moving beyond empathy in UXR

ECOLOGY OF FISHES.pptx full presentation

History of Morena Moshoeshoe birth death

SOLID WASTE MANAGEMENT SYSTEM OF FENI PAURASHAVA, BANGLADESH.pdf

Jual obat aborsi Jakarta 085657271886 Cytote pil telat bulan penggugur kandun...

Digital collaboration with Microsoft 365 as extension of Drupal

Ready Set Go Children Sermon about Mark 16:15-20

Using AI to boost productivity for developers

Proofreading- Basics to Artificial Intelligence Integration - Presentation:Sl...

BIG DEVELOPMENTS IN LESOTHO(DAMS & MINES

Abortion Pills Fahaheel ௹+918133066128💬@ Safe and Effective Mifepristion and ...

ICT role in 21st century education and it's challenges.pdf

in kuwait௹+918133066128....) @abortion pills for sale in Kuwait City

AWS Data Engineer Associate (DEA-C01) Exam Dumps 2024.pdf

lONG QUESTION ANSWER PAKISTAN STUDIES10.

LITTLE ABOUT LESOTHO FROM THE TIME MOSHOESHOE THE FIRST WAS BORN

ExpoQA19 slides security awareness Steven Nienhuis

1. #expoQA19

2. #expoQA19 Security Awareness “The Hackers Eyes” Steven Nienhuis https://www.slideshare.net/steavy

3. #expoQA19 Agenda 1. Goal of this presentation 2. Steps for a succesful hack (part 1) 3. Nowadays security threats by WiFi connections 4. Steps for a succesful hack (part 2) 5. Security inside Agile Teams 6. Questions

4. #expoQA19Steps for a succesful hack 1. Reconnaissance Reconnaissance

5. #expoQA19Steps for a succesful hack 1. Reconnaissance 2. Scanning Reconnaissance Scanning

6. #expoQA19Steps for a succesful hack 1. Reconnaissance 2. Scanning 3. Gaining Access Reconnaissance Scanning Gaining Access

7. #expoQA19Steps for a succesful hack 1. Reconnaissance 2. Scanning 3. Gaining Access 4. Maintaining Access Reconnaissance Scanning Gaining Access Maintaining Access

8. #expoQA19Steps for a succesful hack 1. Reconnaissance 2. Scanning 3. Gaining Access 4. Maintaining Access 5. Clearing Tracks Reconnaissance Scanning Gaining Access Maintaining Access Clearing Tracks

9. #expoQA19Security threats by WiFi connections Open WiFi network to join: FreeWifiExpoQA19

10. #expoQA19

11. #expoQA19Security threats by WiFi connections

12. #expoQA19Steps for a succesful hack

13. #expoQA19Steps for a succesful hack

14. #expoQA19Steps for a succesful hack

15. #expoQA19Security priority inside Agile Teams 1. Focus on non-functional requirements during refinement sessions

16. #expoQA19Security priority inside Agile Teams 1. Focus on non-functional requirements during refinement sessions

17. #expoQA19Security priority inside Agile Teams 1. Focus on non-functional requirements during refinement sessions

18. #expoQA19Security priority inside Agile Teams 1. Focus on non-functional requirements during refinement sessions 2. Knowledge of security aspects inside Agile Teams

19. #expoQA19Security priority inside Agile Teams 1. Focus on non-functional requirements during refinement sessions 2. Knowledge of security aspects inside Agile Teams 3. The extra role for a Tester inside Agile Teams

20. #expoQA19Security priority inside Agile Teams 1. Focus on non-functional requirements during refinement sessions 2. Knowledge of security aspects inside Agile Teams 3. The extra role for a Tester inside Agile Teams

21. #expoQA19Security priority inside Agile Teams 1. Focus on non-functional requirements during refinement sessions 2. Knowledge of security aspects inside Agile Teams 3. The extra role for a Tester inside Agile Teams 4. Tooling and heuristics to use

22. #expoQA19Security priority inside Agile Teams 1. Focus on non-functional requirements during refinement sessions 2. Knowledge of security aspects inside Agile Teams 3. The extra role for a Tester inside Agile Teams 4. Tooling and heuristics to use

23. #expoQA19Security priority inside Agile Teams 1. Focus on non-functional requirements during refinement sessions 2. Knowledge of security aspects inside Agile Teams 3. The extra role for a Tester inside Agile Teams 4. Tooling and heuristics to use *https://github.com/danielbilling/security-test-learning

24. #expoQA19Security priority inside Agile Teams 1. Focus on non-functional requirements during refinement sessions 2. Knowledge of security aspects inside Agile Teams 3. The extra role for a Tester inside Agile Teams 4. Tooling and heuristics to use 5. Security as a Acceptance Criteria or by Design

25. #expoQA19Security priority inside Agile Teams 1. Focus on non-functional requirements during refinement sessions 2. Knowledge of security aspects inside Agile Teams 3. The extra role for a Tester inside Agile Teams 4. Tooling and heuristics to use 5. Security as a Acceptance Criteria or by Design 6. Security trainings

26. #expoQA19

27. #expoQA19 Top tip • OWASP checklist - https://www.owasp.org/index.php/Top_10-2017_Top_10 Advanced • Burpsuite - https://portswigger.net/burp • OWASP Zed Attack Proxy - https://www.zaproxy.org/

28. #expoQA19

Editor's Notes

This is the first step of Hacking. It is also called as Footprinting and information gathering Phase. This is the preparatory phase where we collect as much information as possible about the target. We usually collect information about three groups, Network Host People involved There are two types of Footprinting: Active: Directly interacting with the target to gather information about the target. Eg Using Nmap tool to scan the target Passive: Trying to collect the information about the target without directly accessing the target. This involves collecting information from social media, public websites etc.
Three types of scanning are involved: Port scanning: This phase involves scanning the target for the information like open ports, Live systems, various services running on the host. Vulnerability Scanning: Checking the target for weaknesses or vulnerabilities which can be exploited. Usually done with help of automated tools Network Mapping: Finding the topology of network, routers, firewalls servers if any, and host information and drawing a network diagram with the available information. This map may serve as a valuable piece of information throughout the haking process.
This phase is where an attacker breaks into the system/network using various tools or methods. After entering into a system, he has to increase his privilege to administrator level so he can install an application he needs or modify data or hide data.
Hacker may just hack the system to show it was vulnerable or he can be so mischievous that he wants to maintain or persist the connection in the background without the knowledge of the user. This can be done using Trojans, Rootkits or other malicious files. The aim is to maintain the access to the target until he finishes the tasks he planned to accomplish in that target.
No thief wants to get caught. An intelligent hacker always clears all evidence so that in the later point of time, no one will find any traces leading to him. This involves modifying/corrupting/deleting the values of Logs, modifying registry values and uninstalling all applications he used and deleting all folders he created.

ExpoQA19 slides security awareness Steven Nienhuis

Recommended

Recommended

More Related Content

Similar to ExpoQA19 slides security awareness Steven Nienhuis

Similar to ExpoQA19 slides security awareness Steven Nienhuis (20)

Recently uploaded

Recently uploaded (20)

ExpoQA19 slides security awareness Steven Nienhuis

Editor's Notes