What we're about
Upcoming events (4)
Every day we hear more and more about computers being compromised by malicious actors or malware. Ransomware is on the rise, WordPress and other CMS sites are constantly being hit as this or that plug-in is exploited. What can we as individuals or small businesses do to protect our computers, web sites and data?
In this talk we will discuss patching and backing-up shown from both the perspective of the individual / small business owner and that of a malicious actor.
From the perspective of the individual or small business we will suggest best practices around patching and backing-up. Covering both open-source and commercial solutions we will show you ways to improve your security position by keeping your software fully patched employing techniques taken from OS hardening and the splitting of backing-up into data back-ups and system imaging.
From the perspective of the malicious actor we will show you how your computers can be scanned for weaknesses and then exploited with little effort using tools such as nmap, Nikto, WPscan, MetaSploit and SearchSploit covering the ExploitDB and the lifecycle of a CVE.
This talk will cover the following:
- Patching and backing-up strategies for the individual and small business owner
- Employing OS hardening techniques to reduce attack vectors and to speed-up backing-up
- Open-source and Commerical backup solutions for Windows, Linux, Mac and popular website CMS such as WordPress, Drupal and Joomla!
- Demonstration of how malicious actors can scan your computers for known vulnerabilities and easily exploit unpatched software that you are running
- The lifecycle of a CVE
- Limiting the risks of Ransomware
- OWASP updates
- Patching and Backing-up
Disclaimer: As always our events are designed to educate. Any tools and techniques demonstrated are for informative purposes only. We do not endorse their use for malicious purposes.
This talk will not be recorded.
The OWASP Nettacker project was created to automate information gathering, vulnerability scanning, and in general to aid the penetration testing engagements. Nettacker is able to run various scans using a variety of methods and generate scan reports for applications and networks, including services, bugs, vulnerabilities, misconfigurations, default credentials and many other cool features - for example the ability to chain different scan methods. This relatively new (Summer 2017) and a lesser-known OWASP project has generated a huge amount of interest at BlackHat Europe 2018/2019 Arsenal live demo gathering massive crowds of seasoned hackers and penetration testers eager to see this new tool in action. This talk will showcase the OWASP Nettacker project giving an overview of its features and including a live demo of the tool.
About the speaker:
Sam Stepanyan is an OWASP London Chapter Leader and an Independent Application Security Consultant with over 20 years of experience in the IT industry with a background in software engineering and web application development. Sam has worked for various financial services institutions in the City of London specialising in Application Security consulting, Secure Software Development Lifecycle (SDLC), developer training, source code reviews and vulnerability management. He is also a Subject Matter Expert in Web Application Firewalls (WAF) and SIEM systems. Sam holds a Master’s degree in Software Engineering and a CISSP certification.
- Welcome and OWASP updates
- Talk: Using OWASP Nettacker for Recon and Vulnerability Scanning