WebApp Sec mailing list archives
Replicating the Gonzalez Cyber Attacks through Penetration Testing
From: "Core Security" <sfa () securityfocus com>
Date: 21 Nov 2009 00:07:11 -0000
-------------------------------------------------------------------------------- YOU'RE INVITED: IT SECURITY ON DEMAND WEBCAST "Replicating the Gonzalez Cyber Attacks through Penetration Testing" Register: http://www.coresecurity.com/Form/generic/campaign/SecurityFocusGonzalez --------------------------------------------------------------------------------- Recently, we saw the indictment of cybercrime kingpin Albert Gonzalez, one of the accused masterminds behind high-profile data breaches at Heartland Payment Systems, Hannaford Bros. Supermarkets, 7-Eleven, and TJX. Next week, Core Security Technologies will present a hands-on look at the attacks Gonzalez and his co-conspirators are believed to have used in breaching these organizations. Leveraging the actual indictment document as a guide, Core Security senior product manager Alex Horan will use CORE IMPACT Pro penetration testing software to demonstrate the techniques by which Gonzales allegedly stole millions of credit card numbers* - showing you how to identify IT exposures in your own environment before cybercriminals do.
Register here: http://www.coresecurity.com/Form/generic/campaign/SecurityFocusGonzalez
During the webcast, you'll see a step-by-step depiction of an attack similar to that described in the Gonzalez indictment, including the following critical stages: * the initial web application compromise via SQL Injection * the use of a well-known backend database command to make the attacks even * more invasive * the planting of malware on the backend database server * the collection and transmission of credit card transactions to the * attackers Through the demonstration, you'll also learn how commercial-grade penetration testing software enables you to see your IT systems as an attacker would -- not only by determining if the kinds of issues that Gonzalez reportedly leveraged are present in your environment, but also by ... * assessing how deployed defenses react to specific threats * revealing what systems and data would be exposed by a breach * depicting how chains of vulnerabilities open paths to mission-critical * systems and information * providing actionable data for immediately mitigating critical exposures * repeating tests to ensure the effectiveness of remediation efforts This webcast is ideal for anyone interested in proactively assessing their security posture against real-world cyber threats.
Register here: http://www.coresecurity.com/Form/generic/campaign/SecurityFocusGonzalez
This list is sponsored by Cenzic -------------------------------------- Let Us Hack You. Before Hackers Do! It's Finally Here - The Cenzic Website HealthCheck. FREE. Request Yours Now! http://www.cenzic.com/2009HClaunch_Securityfocus --------------------------------------
Current thread:
- Replicating the Gonzalez Cyber Attacks through Penetration Testing Core Security (Nov 20)