Changing global scenario of Information Security and its effects on Security testing

1
Changing global scenario of Information Security
and its effects on Security testing

• By Anshul Abhang
• Founder Director, FLUXONIX
• CEH, CHFI, ECSA, LPT, DNV cVa, ECSP, EDRP, ECVP,
  ISO 27001 LA, SSCP, CISSP, DCL, PGDCL and some
  more ?

2
Evolution of cyber crime

• First crime registered was in 1820.
• Then came computers, then came smart computers,
  then came security.
• Today we have specialized departments handling
  cyber security.
• Software and security

3
Why now

• Are we at the brink of cyber war?
• Increased use of technology
• Upcoming standards
• Increased use of tools. (The google story)
• The Bubble

4
Security threats

• Financial crimes
• Classic case of finsider attack
• Online gambling
• Web defacement
• Email bombing
• Denial of service
• Trojans and key loggers
• TEMPEST

5
Threats to upcoming technology

• Cloud Computing
• Mobile Security
• The Blackberry threat
• The application security????

6
Impact on our daily life

• Financial loss and the accepted threat
• Loss of goodwill in the market
• CHAOS (The integrated networks)

7
SDLC
8
Typical Iterative development life cycle
9
Typical Iterative development life cycle
10
Standards

• ISO 27001
• PCI DSS
• Software Assurance standards

11
Security Testing
12
Tools

• Network Security testing tools
• nmap, nessus, foundstone tools, metasploit
  framework, Backtrack, Tsight, Core Impact, GFI
  LanGuard, your coding skills.
• Application Security testing tools
• Accunetix, webgoat, OWASP top 10, FBI top 20,
  SANS, IBM Rational Appscan, HP web Inspect
• Patch Management or remidiation

13
Magic wands of security

• Encryption (Tunneling)
• SSL for Appsec
• Automated patch management

14
The SECURE world

• How much security is enough
• The FGF

15
THANK YOU