changing global scenario of information security and its effects on security testing by anshul...
TRANSCRIPT
Changing global Changing global scenario of scenario of
Information Security Information Security and its effects on and its effects on Security testingSecurity testing
By Anshul AbhangFounder Director, FLUXONIX
CEH, CHFI, ECSA, LPT, DNV cVa, ECSP, EDRP, ECVP, ISO 27001 LA, SSCP, CISSP, DCL, PGDCL and some
more
Evolution of cyber Evolution of cyber crimecrime
• First crime registered was in 1820.
• Then came computers, then came smart computers, then came security.
• Today we have specialized departments handling cyber security.
• Software and security
Why nowWhy now• Are we at the brink of cyber war?
• Increased use of technology
• Upcoming standards
• Increased use of tools. (The google story)
• The Bubble
Security threatsSecurity threats• Financial crimes
o Classic case of finsider attack
• Online gambling• Web defacement• Email bombing• Denial of service• Trojans and key loggers• TEMPEST
Threats to upcoming Threats to upcoming technologytechnology
• Cloud Computing
• Mobile Security
• The Blackberry threat
• The application security????
Impact on our daily Impact on our daily lifelife
• Financial loss and the accepted threat
• Loss of goodwill in the market
• CHAOS (The integrated networks)
SDLCSDLC
Typical Iterative Typical Iterative development life cycledevelopment life cycle
9
Typical Iterative Typical Iterative development life cycledevelopment life cycle
StandardsStandards
• ISO 27001
• PCI – DSS
• Software Assurance standards
Security TestingSecurity Testing
ToolsTools• Network Security testing tools
nmap, nessus, foundstone tools, metasploit framework, Backtrack, Tsight, Core Impact, GFI LanGuard, your coding skills.
• Application Security testing toolsAccunetix, webgoat, OWASP top 10, FBI top 20, SANS, IBM Rational Appscan, HP web Inspect
Patch Management or remidiation
Magic wands of Magic wands of securitysecurity
• Encryption (Tunneling)
• SSL for Appsec
• Automated patch management
The “SECURE” worldThe “SECURE” world
• How much security is enough
• The FGF
THANK YOUTHANK YOU