As companies have shifted to a cloud-first architecture and adopted continuous deployment and DevOps practices the exposed attack surfaces of these organisations have become more fluid and evolve rapidly.
This pace has exposed new types of vulnerabilities and security issues including those that are ephemeral in nature but often have critical security impact and static, point in time security assessment is failing to keep up.
This presentation will explore our research into ephemeral security vulnerabilities in the modern attack surface and our experience applying this to real world environments through bug bounties. Specifically, we will detail how ephemeral application security vulnerabilities are introduced and explore methods and techniques to find these issues with detailed examples of critical ephemeral issues found when applying our research to bug bounty programs.
We will also present the case for continuous security assessment as well as strategies and techniques that organisations can apply to prevent these issues.
Michael is the co-founder and CEO of Assetnote, an Australian cybersecurity start-up focussed on solving the attack surface visibility problem for companies. Prior to founding Assetnote he ran the SpiderLabs team in Asia Pacific for Trustwave. Michael has over 13 years’ experience in the security industry and has presented his research around the world including at DEF CON, Black Hat Asia, BSides, Las Vegas, Hack in the Box, AusCert, Thotcon, 44Con and OWASP. Michael is actively involved in the local security community in Australia where he is one of organizers of the monthly SecTalks meetup in Brisbane as well as the hacker conference TuskCon.
Date: Wednesday, 27 January 2021
Time: 12:30pm to 1.30pm
CPE Hours: 1 Hour
Cost: This webinar is FREE
Participate in the webinar:
- Once you have registered you will receive a confirmation email with the webinar registration link. Use this link and ensure you logon to the webinar at least 10 minutes prior to the start time.
- You will require a strong and stable internet
- It is recommended you use a headset or headphonesso you can hear the presentation.
- You will need to say in the Webinar for at least 50mins to quality for the 1 CPE.
- Please enter your full Name, Surname and ISACA Membership Number as you are known and registered with ISACA such that the CPE data upload is successful in registering the CPE in your account automatically.