Home page logo

basics logo Security Basics mailing list archives

Replicating the Gonzalez Cyber Attacks through Penetration Testing
From: "Core Security" <sfa () securityfocus com>
Date: 21 Nov 2009 00:07:11 -0000

"Replicating the Gonzalez Cyber Attacks through Penetration Testing"
Register: http://www.coresecurity.com/Form/generic/campaign/SecurityFocusGonzalez
Recently, we saw the indictment of cybercrime kingpin Albert Gonzalez, one of the accused masterminds behind 
high-profile data breaches at Heartland Payment Systems, Hannaford Bros. Supermarkets, 7-Eleven, and TJX. Next week, 
Core Security Technologies will present a hands-on look at the attacks Gonzalez and his co-conspirators are believed to 
have used in breaching these organizations.
Leveraging the actual indictment document as a guide, Core Security senior product manager Alex Horan will use CORE 
IMPACT Pro penetration testing software to demonstrate the techniques by which Gonzales allegedly stole millions of 
credit card numbers* - showing you how to identify IT exposures in your own environment before cybercriminals do.
Register here: http://www.coresecurity.com/Form/generic/campaign/SecurityFocusGonzalez
During the webcast, you'll see a step-by-step depiction of an attack similar to that described in the Gonzalez 
indictment, including the following critical stages:
*  the initial web application compromise via SQL Injection
*  the use of a well-known backend database command to make the attacks even
*  more invasive
*  the planting of malware on the backend database server
*  the collection and transmission of credit card transactions to the
*  attackers
Through the demonstration, you'll also learn how commercial-grade penetration testing software enables you to see your 
IT systems as an attacker would -- not only by determining if the kinds of issues that Gonzalez reportedly leveraged 
are present in your environment, but also by ...
*  assessing how deployed defenses react to specific threats
*  revealing what systems and data would be exposed by a breach
*  depicting how chains of vulnerabilities open paths to mission-critical
*  systems and information
*  providing actionable data for immediately mitigating critical exposures
*  repeating tests to ensure the effectiveness of remediation efforts
This webcast is ideal for anyone interested in proactively assessing their security posture against real-world cyber 
Register here: http://www.coresecurity.com/Form/generic/campaign/SecurityFocusGonzalez

Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.


  By Date           By Thread  

Current thread:
  • Replicating the Gonzalez Cyber Attacks through Penetration Testing Core Security (Nov 21)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]