CSF18 - Guarding Against the Unknown - Rafael Narezzi
Le téléchargement de votre SlideShare est en cours.
×
Consultez-les par la suite
Suggestions
Plus De Contenu Connexe
Similaire à Best & Worst of Cybersecurity (20)
Plus récents (20)
Best & Worst of Cybersecurity
- 1. BEST & WORST OF CYBERSECURITY DAVID AMRANI HERNANDEZ | @davidmoremad
- 2. TOPICS 1. Basics 2. Fun 3. Agile
- 3. 1. Basics
- 4. F.A.Q. What is cybersecurity? Why cybersecurity matters? Most important thing about Cybersecurity? How to learn about Cybersecurity?
- 5. HOMES HAVE INTERNET ACCESS …in Europe on 2019. Any guess about 2021? 90 % USEFUL STATISTICS The average cost of a malware attack on a company is $2.6 million. The average cost in time of a malware attack is 50 days 80% of data breaches can be prevented with basic actions Hackers attack every 39 seconds, on average 2,244 times a day COMPANIES NEED INTERNET ACCESS …to continue their core business 84 %
- 6. TYPES OF HACKERS TEAMS OF HACKERS Black Hat Criminals. Attacks corps for personal purposes Grey Hat Hack corps to get hired or mentioned. White Hat Find vulns. and let the corps know about that. Red Team Run attacks against you to find your weakness. AS INDIVIDUALS AS WORKERS Purple Team Procedures and controls. Work between red and blue team Blue Team Defense role mitigating risks. Analysis, hardening & monitoring
- 7. 2. Fun
- 8. HACKING IS A GAME HACKING A CORP. TO GET YOUR MONEY BACK WEB HACKING HACKING ALL TRANSPORT NETWORKS IN SPAIN RED TEAM DENIAL OF WALLET: MAKE A CORPORATION LOSE MONEY CLOUD SECURITY HOW I GOT 65K FOLLOWERS IN ONE DAY SOCIAL NETWORKS WHEN MALWARE MEETS THE INTERNET RANSOMWARE
- 9. HOW I GOT 65K FOLLOWERS IN ONE DAY
- 10. HACKING IS A GAME HACKING A CORP. TO GET YOUR MONEY BACK WEB HACKING HACKING ALL TRANSPORT NETWORKS IN SPAIN RED TEAM DENIAL OF WALLET: MAKE A CORPORATION LOSE MONEY CLOUD SECURITY HOW I GOT 65K FOLLOWERS IN ONE DAY SOCIAL NETWORKS WHEN MALWARE MEETS THE INTERNET RANSOMWARE
- 11. DENIAL OF WALLET: MAKE A CORPORATION LOSE MONEY
- 12. HACKING IS A GAME HACKING A CORP. TO GET YOUR MONEY BACK WEB HACKING HACKING ALL TRANSPORT NETWORKS IN SPAIN RED TEAM DENIAL OF WALLET: MAKE A CORPORATION LOSE MONEY CLOUD SECURITY HOW I GOT 65K FOLLOWERS IN ONE DAY SOCIAL NETWORKS WHEN MALWARE MEETS THE INTERNET RANSOMWARE
- 13. WHEN MALWARE MEETS THE INTERNET + =
- 14. HACKING IS A GAME HACKING A CORP. TO GET YOUR MONEY BACK WEB HACKING HACKING ALL TRANSPORT NETWORKS IN SPAIN RED TEAM DENIAL OF WALLET: MAKE A CORPORATION LOSE MONEY CLOUD SECURITY HOW I GOT 65K FOLLOWERS IN ONE DAY SOCIAL NETWORKS WHEN MALWARE MEETS THE INTERNET RANSOMWARE
- 15. HACKING ALL TRANSPORT NETWORKS IN SPAIN
- 16. HACKING IS A GAME HACKING A CORP. TO GET YOUR MONEY BACK WEB HACKING HACKING ALL TRANSPORT NETWORKS IN SPAIN RED TEAM DENIAL OF WALLET: MAKE A CORPORATION LOSE MONEY CLOUD SECURITY HOW I GOT 65K FOLLOWERS IN ONE DAY SOCIAL NETWORKS WHEN MALWARE MEETS THE INTERNET RANSOMWARE
- 17. HACKING A CORP. TO GET YOUR MONEY BACK
- 18. 3. Approach
- 19. What’s SecDevOps? Philosophy that aims to improve productivity in the development of technological services and products. To this end, it involves the development, operations and security teams in a single process.
- 20. DEV QA OPS DEVOPS It’s good It’s scalable It’s automated OPS DEV SEC QA SECDEVOPS
- 21. 2 h 11 s 30 m
- 22. SEC TEST OPERATE SEC TEST DEPLOY SEC TEST BUILD SEC TEST CODE FEEDBACK FEEDBACK SECDEVOPS | AGILE CHALLENGE
- 23. Hardening ofoursystemsandinfra Anchore/IriusRisk/Bastille CODESEC INFRASEC Planification ofsecuritycontrolsbasedon new funciontalityonRoadmap Development ofacceptanceande2esecuritytests BDD Security/ Toolium Integration ofdifferentautomatedsecurity tests&services Kiuwan/Faast/RetireJS Security Audit ofthisfinalrelease Burp/Faast/Nessus Activemonitoring ofourinfraand services. Dome9/ Logs/Icinga/WAF Support tohavesafedeployments Vault/Terraform Checking abouthowsecureisourfinal infra Dome9/ Inspector/ Sentinel Verification aboutsecurityofourproducto onproduction Burp/Faast/Nessus
- 24. Análisis decalidad y seguridad decódigo Análisis dedependencias con vulnerabilidades conocidas Detección deamenazas y patrones sospechosos en aplicaciones móviles Frameworkdepruebas de seguridad medianteeluso de lenguaje natural Identificación deactivos y detección deamenazas Análisis deriesgos y definición de la postura deseguridad Controldeacceso asecretosy datos confidenciales Análisis delos estándaresde seguridad yvulnerabilidades en Docker Evaluación devulnerabilidades, activos expuestosydesviaciones de la postura adoptada Evaluación delcumplimiento delas reglas deseguridad definidas enla postura Detección continua deamenazas de seguridad
- 25. 😈 Bonus
- 26. Hackers, the worst tourists…
- 27. Thank you DAVID AMRANI HERNANDEZ | @davidmoremad
