One of the hottest topics at RSA San Francisco 2019 was the Mitre ATT&CK framework. Along with the Lockheed-Martin Kill Chain, it has become a standard reference model for cybersecurity professionals. Specifically, it is used to describe each stage of an attack. Pen testers, security analysts and Security Operations Center (SOC) professionals must learn how to mature their operations, as well as hone the skills of red team and blue team workers.
Bank information security
The application programming interface (API) has become the basic building block of business allowing applications and software to talk and share data. APIs are the critical component for exchanging data between all types of entities. In this Webinar we'll break down how APIs are used and unlock the secrets to securing them. Highlights include: API Gateways are API Management tools not security; Providing audits & ensuring proper inspection on each transaction; Equipping every transaction for proper authentication and authorization.
Workforce mobility, rapidly changing business models and business partnerships contribute to a trend where businesses must be able to seamlessly enable access for everyone, to every digital service. These services might be public cloud, they might be web applications with or without support for federation standards, they might be solely backend services accessed via APIs, or even legacy applications exposed only via some sort of middleware. However, agility in the digital journey mandates that IT can provide seamless access to all these services while keeping in control and enforcing security. Identity as a Service offering, whether deployed from a public or hybrid cloud, can take a central role, by acting as the common fabric connecting all the users and all the services. Such services include support for adaptive authentication, auditing features, broad federation services, authorization capabilities, and various capabilities.
Penetration testers can only assess the attack surface they can see. Attack Surface Detector is a set of open source tools that can identify web application attack surface through static code analysis, making the data easy to leverage in dynamic testing. Penetration testers can also highlight differences in attack surface between two different versions of an application.