Vulnerability In The Real World: Lessons From Both Sides Of The Fence

No ratings

Presented at SOURCE Boston 2008 by

Ryan Permeh

There is a distinct rift between software vendors and security researchers. Common ground between these camps is sometimes difficult to find. From experience, both sides have much to offer the other. By utilizing researcher techniques, software vendors can build safer software. By understanding software vendors, researchers can better work to make the Internet a safer place. Building a better bridge between these two distinct groups can help advance the state of current software security. Information Operations This presentation will discuss techniques to attack secure networks and successfully conduct long term penetrations into them. New Immunity technologies for large scale client-side attacks, application based backdoors will be demonstrated as will a methodology for high-value target attack. Design decisions for specialized trojans, attack techniques, and temporary access tools will be discussed and evaluated. Sinan Eren Establishing a Security Metrics Program This presentation will cover the process used and critical lessons learned in the design and implementation of successful security metrics programs, including addressing what should be measured, how it should be measured, and how to communicate with the organization beyond the IT & security departments. Examples from current implementations of security metrics programs will be used throughout. Andy Sudbury