Digital Security Webinars
Digital Security company conducts a series of technical webinars on the security of business applications. We will cover the topics of security of remote banking and mobile banking, protection of SAP systems, security of automated process control systems, as well as virtualization systems such as VMware and Citrix XenApp. You will learn about security flaws that developers will not tell you about.
Everyone is invited to participate in the webinars. Useful information for themselves can be obtained by specialists in IT, in information security, everyone who is related to the management of enterprise resources, to the industrial and financial sector.
Presenter - Alexey d00kie Sintsov, Nokia Security Engineer
')
The webinar will cover online banking issues from a security point of view. The real problems of legal entities will be revealed, ensuring information security of the workplace of an employee working with a bank client, as well as the vulnerability of the infrastructure of domestic banks to possible threats. In addition, the report will show a lot of 0-day vulnerabilities of real online banking systems (all information is impersonal), as well as common errors of all developers of domestic popular products. And, of course, it will be told what all this leads to in terms of the likelihood of theft of money ...
Moderator - Dmitry d1g1 Evdokimov, Lead Auditor
There is an active development of mobile technologies, modern business requirements are such that access to information should be carried out quickly, reliably and from anywhere in the world. Payment applications are no exception, and they gradually appear on our mobile devices (smartphones, tablets, etc.). Due to the fact that mobile devices are still poorly studied, and each mobile OS (Android, iOS, WP7, Symbian, BlackBerry ...) has its own specifics, we get a large number of both new vulnerabilities and well-known ones. The presentation will examine the security of mobile applications and present examples of real threats.
Moderator - Alexey GrrrnDog Tyurin, Head of Information Security Audit Department
The industrial system today is the most complex complex consisting of servers, personal and panel computers, PLC, network and industrial equipment. As with any software and hardware products, these systems have multiple security problems. And as in systems other than industrial ones, standard protocols (TCP / IP), common software and technologies are also used, the risks associated with hacking into an automated process control system increase sharply.
The webinar will talk about process control systems and general safety issues associated with such systems. The specific difficulties associated with the construction of safe systems will be considered, examples of attacks and vulnerabilities inherent to the components of the process control system will be given.
Moderator - Alexander AlexandrPolyakov Polyakov, Technical Director
Over the past 5 years, interest in SAP security has grown exponentially. A lot of SAP security reports were made at top international security conferences. A lot of topics were touched on, ranging from attacks on SAP Router and SAP WEB applications, to low-level vulnerabilities in the SAP core and ABAP code. At the moment, SAP has released more than 2,000 notifications about the closure of vulnerabilities in its products, which, on the one hand, is extremely numerous, and on the other, only the beginning, since vast areas have not yet been studied.
So, what kind of vulnerabilities are there in SAP systems besides those already boring?
XSS, SQL injection, and buffer overflows? Webinar will be dedicated
The top ten most interesting vulnerabilities and attack vectors on SAP systems range from encryption problems to authentication bypass and from funny bugs to complex attack vectors.
Moderator - Alexey GrrrnDog Tyurin, Head of the Audit Department, Digital Security Security
Citrix XenApp is a common tool for virtualizing and delivering applications for Windows-based systems. Along with all the advantages and advantages of technology for the delivery of the application, this gives rise to a number of specific problems. In the webinar we will look at these problems, see how intruders can bypass the security system and what prospects will open up for them after that. We will also discuss common configuration errors and recommendations for improving XenApp security during the webinar.
Moderator - Alexander jug Minozhenko, Lead Auditor of Digital Security
Virtualization has already become an integral part of most information systems. Now many corporate networks are built on centralized virtualization. But it significantly increases the criticality of its fundamental elements.
This webinar will explain what security problems arise when building systems on centralized virtualization. Using the example of VMware, it will be shown how minor vulnerabilities can lead to the compromise of all systems in an organization. Recommendations for building secure systems will be provided.
Registration by reference
Everything that happens in the scoop should be recorded, noted in the logs, contain all the information ... be available when necessary for those who investigate incidents, and be inaccessible to those who may disrupt the system.
How to set up event logs correctly? How to store them? Who needs access?
In cases where it is necessary to store card numbers entirely, there is almost no alternative to encryption as a protection method. But what kind of encryption is effective? What goals does it have? How to determine whether it is safe enough to use certain encryption methods?
And most importantly: what to do in cases where it is impossible to encrypt data?
Setting password policies is not so difficult, although tricks are often hidden in fairly simple places.
But what to do if the equipment is specific and not all password policies are easily implemented by technical means? And if there are a number of systems in which the settings are not so obvious? Is it possible to do without applying compensatory measures?
Everyone is invited to participate in the webinars. Useful information for themselves can be obtained by specialists in IT, in information security, everyone who is related to the management of enterprise resources, to the industrial and financial sector.
Topics and brief description of webinars on the security of business applications
1. Where is the money? - April 19, 2012
Presenter - Alexey d00kie Sintsov, Nokia Security Engineer
')
The webinar will cover online banking issues from a security point of view. The real problems of legal entities will be revealed, ensuring information security of the workplace of an employee working with a bank client, as well as the vulnerability of the infrastructure of domestic banks to possible threats. In addition, the report will show a lot of 0-day vulnerabilities of real online banking systems (all information is impersonal), as well as common errors of all developers of domestic popular products. And, of course, it will be told what all this leads to in terms of the likelihood of theft of money ...
2. Battleground: Mobile Banking - May 15, 2012
Moderator - Dmitry d1g1 Evdokimov, Lead Auditor
There is an active development of mobile technologies, modern business requirements are such that access to information should be carried out quickly, reliably and from anywhere in the world. Payment applications are no exception, and they gradually appear on our mobile devices (smartphones, tablets, etc.). Due to the fact that mobile devices are still poorly studied, and each mobile OS (Android, iOS, WP7, Symbian, BlackBerry ...) has its own specifics, we get a large number of both new vulnerabilities and well-known ones. The presentation will examine the security of mobile applications and present examples of real threats.
3. Naked process control system: how to de-energize the city in one click? - June 26, 2012
Moderator - Alexey GrrrnDog Tyurin, Head of Information Security Audit Department
The industrial system today is the most complex complex consisting of servers, personal and panel computers, PLC, network and industrial equipment. As with any software and hardware products, these systems have multiple security problems. And as in systems other than industrial ones, standard protocols (TCP / IP), common software and technologies are also used, the risks associated with hacking into an automated process control system increase sharply.
The webinar will talk about process control systems and general safety issues associated with such systems. The specific difficulties associated with the construction of safe systems will be considered, examples of attacks and vulnerabilities inherent to the components of the process control system will be given.
4. SAP insecurity: new and better - September 20, 2012
Moderator - Alexander AlexandrPolyakov Polyakov, Technical Director
Over the past 5 years, interest in SAP security has grown exponentially. A lot of SAP security reports were made at top international security conferences. A lot of topics were touched on, ranging from attacks on SAP Router and SAP WEB applications, to low-level vulnerabilities in the SAP core and ABAP code. At the moment, SAP has released more than 2,000 notifications about the closure of vulnerabilities in its products, which, on the one hand, is extremely numerous, and on the other, only the beginning, since vast areas have not yet been studied.
So, what kind of vulnerabilities are there in SAP systems besides those already boring?
XSS, SQL injection, and buffer overflows? Webinar will be dedicated
The top ten most interesting vulnerabilities and attack vectors on SAP systems range from encryption problems to authentication bypass and from funny bugs to complex attack vectors.
5. Attack on Citrix XenApp Users - October 24, 2012
Moderator - Alexey GrrrnDog Tyurin, Head of the Audit Department, Digital Security Security
Citrix XenApp is a common tool for virtualizing and delivering applications for Windows-based systems. Along with all the advantages and advantages of technology for the delivery of the application, this gives rise to a number of specific problems. In the webinar we will look at these problems, see how intruders can bypass the security system and what prospects will open up for them after that. We will also discuss common configuration errors and recommendations for improving XenApp security during the webinar.
6. Hacking VMware in one request - December 12, 2012 at 16:00 Moscow time
Moderator - Alexander jug Minozhenko, Lead Auditor of Digital Security
Virtualization has already become an integral part of most information systems. Now many corporate networks are built on centralized virtualization. But it significantly increases the criticality of its fundamental elements.
This webinar will explain what security problems arise when building systems on centralized virtualization. Using the example of VMware, it will be shown how minor vulnerabilities can lead to the compromise of all systems in an organization. Recommendations for building secure systems will be provided.
Registration by reference
1. Event logs - May 18, 2012
Everything that happens in the scoop should be recorded, noted in the logs, contain all the information ... be available when necessary for those who investigate incidents, and be inaccessible to those who may disrupt the system.
How to set up event logs correctly? How to store them? Who needs access?
2. Encryption - June 21, 2012
In cases where it is necessary to store card numbers entirely, there is almost no alternative to encryption as a protection method. But what kind of encryption is effective? What goals does it have? How to determine whether it is safe enough to use certain encryption methods?
And most importantly: what to do in cases where it is impossible to encrypt data?
4. Password policies - November 6, 2012
Setting password policies is not so difficult, although tricks are often hidden in fairly simple places.
But what to do if the equipment is specific and not all password policies are easily implemented by technical means? And if there are a number of systems in which the settings are not so obvious? Is it possible to do without applying compensatory measures?
Source: https://habr.com/ru/post/141239/
All Articles