This is my first article in an international arena. Basically, from my web...
|Pentest OPEN: trends in 2017|
Dear PenTest Readers,
We would like to proudly present you the newest issue of PenTest Open, which is free to download for everyone interested in the topic. We hope that you will find many interesting articles inside the magazine and that you will have time to read all of them.
We’re approaching the end of the year so it’s time to sum up past year and think about the future.
During 2016 we could read about dozens, of data breaches. The biggest companies in the world suffered from them: Snapchat, Linkedin, Oracle, Dropbox, Yahoo or Cisco. What’s even more alarming is that the number of attacks on public institutions is rising. In 2016 we could observe attacks on University of Central Florida, U.S. Department of Justice, Philippine Commission on Elections, and couple of hospitals and power stations. Furthermore cybercriminals are using more advanced and complicated methods. We were overwhelmed by amount of information about malware, phishing attacks, ransomware, and data leaks.
The good thing is that companies can deal better and better with attack and data breaches, but still it’s more about incident response than regular pentesting and constantly upgrading company’s security posture.
So what can we expect next year? Are there going be more or less attacks and data breaches? And who is going to be a target?
In this OPEN issue you will read different opinions about future of cybersecurity and penetration testing given by specialists from all around the world. You can read about MicroEncryption methodology and its features. We’ll cover topics like: business disruption, threat intelligence & management, IoT landscape, and cybersecurity market. There is also an article about Zoomeye - search engine for Cyberspace, and how to use it. We’ll dive into topics like MiTB and SSL/TLS protocol attacks and deception techniques. We’ll show you a threat modeling template for beginners, where features and components of this process will be broadly explained to you.
We would also want to thank you for all your support. We appreciate it a lot. If you like this publication you can share it and tell your friends about it! Every comment means a lot to us.
As always, special thanks to the Beta testers and Proofreaders who helped with this issue. Without your assistance there would be no PenTest Magazine.
Also we want to take this opportunity to wish you a Happy New Year!
Enjoy your reading,
Table of contents:
Zoomeye- search engine for cyberspace.
by Jorge González Milla
ISP’s should take their routers’ security seriously, whereas companies should do the same with their devices’ safety. Otherwise, everyday consumers will be unprotected. These days, any user with an average knowledge in the field could take control of devices to carry out unconstrained attacks. Many people already know Shodan, that engine for devices connected to the Internet, but today may I present to you…Zoomeye.
SAP Security. Today’s state, future trends and predictions.
by Darya Maenkova
The article describes the state of SAP cybersecurity with a special focus on SAP Product Security (statistics according to released patches) and SAP Implementation Security. In light of all the facts, we forecast which topics will attract researchers’ attention in the near future.
Present and future of cyber security- What’s in store to become a cyber warrior?
by Samrat Das
Cyber security in itself is a broad and diverse field. Its growing importance due to the increasing need on computer systems and the Internet in today’s society coupled with the “Internet of Things” is unparalleled.
An IoT landscape for 2017.
by Jason Bernier
2016 was quite a year for cyber security. We saw a lot of new vulnerabilities and exploits published. It seems to be a never ending cycle of a researcher finding a vulnerability, and then the software developer publishes a patch, for the most part. One of the predictions for 2017 is more security incidents involving Internet of Things (IoT) devices.
The Evolution of MicroEncryption® Type Technology.
by Steven Russo
A new data security paradigm is required to secure sensitive data in the event of a perimeter defense breach. This new paradigm must ensure that only the right people get access to the right information at the right time. The MicroEncrypted Digital Vault capabilities ensure that data at rest and data in motion remain unavailable to exploitation even in the event of traditional network defense breach.
Threat Modeling Template for Beginners
by Dr.Narendiran Chandrasekaran
The scope & objective of this paper is to regulate the threat modeling processand provide needed guidance for the developers, testers, and beginners to understand how to create a Threat Model for any embedded systems softwarebefore beginning to design implementation phases in the Secure Software Development Life Cycle (S-SDLC).
Watching the Watchers using Deception Techniques.
We need to ensure we maintain both the attacker’s interest as well as their acceptance that they are attacking real targets. Honeypots have often been criticized for their lack of believability, causing many attackers to recognize the system as fake and avoid interaction. If we allow this to happen, the Security Analyst could provide no additional intelligence on the attackers, or on their tactics and techniques, and wouldn't allow for any additional timesaving afforded to the security team.
Trends in cybersecurity and penetration testing:
- Almeida Jr. Washington
- Ali Tabish
- Ahmed Atef Selim
- Mihai Raneti
- Celal Cagri Akgunduz
- Amar Wakharka
|Pentest OPEN: trends in 2017|