NetSPI Webinars

Enterprise Vulnerability Management: Trends and Guidance

Dec 8, 2011 - Seth Peter & Ryan Wakeham

Defending organizations against Internet borne malware, advanced persistent threats and application exposures is a complex and increasingly important job within corporate IT environments. In this webinar, NetSPI reviews current vulnerability identification and management issues, and updates the audience on programs and approaches to enhance your information security program.

In particular, the following topics will be addressed:

• Why vulnerability management is important

• A formal approach to vulnerability management

• Tips on how to ensure your approach to vulnerability management is successful

Security and IT leaders who are responsible for providing the business with a stable and secure IT environment will benefit from this session.

When Databases Attack

Oct 20, 2011 - Scott Sutherland

All enterprise applications have a database that stores and manages data on the backend. It doesn’t matter if it’s a web, a mobile, or a thick application - they all need to manage data. The only problem with that is those databases rarely get secure configuration reviews. As result, internal and external attackers are able to leverage weak database configurations to gain unauthorized access to enterprise data and systems.

This webinar’s goal is to generate more awareness around the common weak configurations leveraged by penetration testers and attackers in the wild.

During this webinar the following topics are discussed:

• SQL Server database entry points

• Finding sensitive data quickly

• Getting data out of the environment

• Escalating privileges

• Using databases to propagate botnets

Anyone involved with enterprise application implementations, SQL Server database administration, or penetration testing will benefit from viewing this webinar.

There's An App For That - Pen Testing Mobile Devices

Sep 1, 2011 - Michael Anderson

As smartphones become ubiquitous, the potential for compromise from a mobile vector looms. The security industry knows that mobile phones are vulnerable, but very few tools for preventing cyber attacks exist on the mobile platform.

This webinar begins with a discussion of the resources that a mobile phone provides to a hacker. These include persistent internet connections which provide an entry point to nearby networks and a low profile which assists in evading physical security. Next, it covers the construction of a proof of concept model. Using the model, the presentation will then illustrate practical threats posed by smartphones, including a targeted cyber attack/penetration test.

Anyone involved with the use of mobile devices in their environments or in pen testing work will benefit from this webinar.

DEA EPCS - What you need to know to certify

Jul 28, 2011 - Yan Kravchenko

The DEA is revising its regulations to establish the criteria to allow electronically signing and transmitting controlled substances prescriptions. The regulation 21 CFR Part 1311 – Electronic Prescriptions for Controlled Substances (DEA EPCS) is currently scheduled for Final Action in November of 2011; however, the Interim Final Rule published in March, 2010 provides sufficient guidance for software developers to begin implementing the required functionality and certifying under the existing regulation.

This webinar is intended to assist software vendors with preparing for a certification process by:

• Explaining the certification and re-certification processes

• Going through any documentation requirements as required for certification

• Discussing specific tests / test-scripts that will be used to determine compliance

While prescriptive, the regulation does not present or describe requirements in a format that makes understanding certification requirements easy to understand. NetSPI will help bridge that gap by sharing some of the work that went into developing our DEA EPCS Certification service offering, and making the process of preparing for a certification easier.

Anyone involved with software product development or the process of gaining DEA EPCS certification would benefit from participation in this webinar.

An Introduction to NetSPI's CorrelatedVM™

Jun 30, 2011 - Seth Peter

Using NetSPI's CorrelatedVM™ to manage disparate vulnerability findings for effective reporting and remediation

Security assessment professionals are facing the increasingly difficult task of consolidating inputs from a variety of automated testing tools and manual testing, and making sense of those findings to prepare meaningful reports to assist in remediation programs. While there are a number of tools available for security assessment testing in the application, system, and network layers of a given IT environment, there is no easy way to consolidate the results of multiple tools and present a correlated view of the vulnerabilities that exist in an organization's environment and how to manage them. Also, some tools do not allow manual input or customization. NetSPI has developed a comprehensive testing and asset-based reporting solution called CorrelatedVM that solves these problems. CorrelatedVM can be rapidly deployed to classify and assign asset ownership and aggregate, correlate, and manage vulnerability data from multiple testing tools and from multiple layers of an organization's environment-code reviews and application assessments; database and operating system assessments; and penetration tests and network assessments.

In this interactive webinar, NetSPI's CTO Seth Peter provides an overview of CorrelatedVM's functionality, gives a demo of it correlating hundreds of findings, and shows how it integrates with an enterprise's ticketing and remediation efforts.

Review of upcoming changes in PCI DSS and PA-DSS version 2.0

Oct 7, 2010 - Seth Peter & Lee Buttke

The PCI Security Standards Council (SSC) North American Community Meeting was held in Orlando, FL, Sept 21-23, 2010. The main topic of discussion was the planned updates to the PCI Data Security Standard (DSS) and Payment Application DSS (PA-DSS). While the changes are primarily clarifications, it is important to understand how they will affect your business and its PCI compliance. NetSPI had a full team of representatives at the conference attending the formal conference sessions and participating in the informal discussions. In this webinar, Seth Peter, NetSPI CTO, and Lee Buttke, NetSPI Director of Consulting, summarize the important take-aways from the 2010 SSC Community Meeting.

Application Security - without metrics it doesn't exist

Aug 26, 2010 - Seth Peter & Cassio Goldschmidt, Symantec

This session provides practical and actionable steps organizations can follow to kick-start their securitApply metrics program. This is not another session for theories or complicated concepts. It will cover an intuitive approach to designing and publishing security metrics in a way that makes them easy to understand, easy to explain, and easy to use as input for strategic decision making from both internal and outside perspectives.