Description: What can you do to step up your game as a security analyst? Vulnerability scanners and other security assessment tools can be extremely useful for collecting information quickly and efficiently- but what are some good next steps for analyzing and using that information? How much value does a raw vulnerability scan report provide (hint: don’t just hand this to a client or supervisor)- and how much more value can we get out of our tools with a little bit of effort? What do you do when you need data that an existing tool can’t provide? John will discuss some areas in the security asssessment process that are ripe for easy wins through custom scripting- including data aggregation- diffing- false-positive identification- and visualization. As an example- John will release a tool for slicing and dicing the results from assessment tools in interesting ways- based on various techniques used in previous consulting engagements.
For More Information Please visit : - https://www.derbycon.com/
http://www.irongeek.com/i.php?page=videos/derbycon4/mainlist
Tags:
Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.