May 26 @ 18:00 - 19:00 CEST
Cybersecurity is critical to protecting our infrastructures. With the convergence of enterprise IT and product, IT to multi-purpose systems vulnerabilities and risks are increasing. Current cybersecurity standards provide guidelines to mitigate security risks in products, projects, and organizations. This webinar introduces systematic security engineering following standards such as ISO 21434. To learn for your own security testing, we will provide hands-on examples from Vector global projects.
Security verification and validation (V&V) must combine a variety of techniques from static analysis to fuzzing and PenTest. While brute-force testing might sound appealing and easy to apply for detection of weakness at any place, it is expensive, inefficient, and time-consuming. Grey-box security testing starts with a mini-TARA and on this basis, we identify the attack vectors and focus our testing based on identified assets and risks. With such novel security testing, vulnerabilities can be detected more efficiently, effectively, and with foreseeable results in a shorter time range. The described cybersecurity testing provides several advantages, namely:
- Risk-based testing with a tailored and thus efficient grey-box methodology
- Easy to understand, asset-related results with a clear structure
- Prioritized list of findings based on the impact categories
In this industry practice presentation, we will show practical usage. An industry case study will illustrate hands-on how to tailor security V&V for new and legacy architecures.
ABOUT THE PRESENTER:
Christof Ebert is the managing director of Vector Consulting Services. A member of industry boards and professor at the University of Stuttgart and Sorbonne in Paris, he supports clients worldwide in strategy, product development, and agile transformation. Prior to that, he had senior management positions for twelve years with a global IT market leader. While studying in the USA he faced initial attacks, and ever since contributes to cybersecurity, most recently with advancing Pentest.
Follow Christof on LinkedIn and Twitter: @ChristofEbert.
Contact him at mailto:[email protected]