Description: Dan Kottman & Chris Patten
Traditional vulnerability scanners and pentests, although useful and valuable in an overall security program, generally lack the context and comprehensiveness to fully evaluate risk of identified vulnerabilities. Breach assessments (i.e. blended assessments commonly referred to as Red Team testing in the military) identify risk from a multi-faceted, opportunistic manner that closely simulates the style and approach of an actual attacker. This style exposes valuable information within a context, demonstrating typically unidentified weaknesses, chained attack opportunities, and actual severity.
Using anecdotes based on the presenters' experience, the presentation will highlight the following:
- Critical vulnerabilities not commonly identified
- Effective and ineffective defensive measures commonly encountered
An emphasis will be placed on understanding potential attackers while not underestimating their creativity. The intended message will be twofold. First, organizations can take specific actionable measures to greatly increase their security posture (these measures will be common themes of the anecdotes discussed and will be highlighted as killchain disruptions). Lastly, organizations should be doing more than relying on traditional vulnerability scanners and penetration tests to better capture context, opportunity, and attacker creativity.
For More Information Please Visit: - http://www.bsidesiowa.com
Tags:
Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.