Beruflich Dokumente
Kultur Dokumente
Agenda
2011 KPMG Romania SRL, a Romanian limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative("KPMG International"), a Swiss entity. All rights reserved. PDC no.8229.
2011 KPMG Romania SRL, a Romanian limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative("KPMG International"), a Swiss entity. All rights reserved. PDC no.8229.
2011 KPMG Romania SRL, a Romanian limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative("KPMG International"), a Swiss entity. All rights reserved. PDC no.8229.
Gain access to company assets (sensitive files, project plans, intellectual property)
2011 KPMG Romania SRL, a Romanian limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative("KPMG International"), a Swiss entity. All rights reserved. PDC no.8229.
Assets
Risks
Vulnerable? Exploitable? SQL injection H H
OS command execution
L
6
2011 KPMG Romania SRL, a Romanian limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative("KPMG International"), a Swiss entity. All rights reserved. PDC no.8229.
Test type
Simulated threats
Hackers, corporate espionage, terrorists, organized crime Malicious employee, collaborator, consultant, visitor
External pentest
Internal pentest
Hackers, organized crime, terrorists, visitors Consultants, corporate espionage, business partner, regular employees Malicious system administrators, developers, consultants
- denial of service
2011 KPMG Romania SRL, a Romanian limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative("KPMG International"), a Swiss entity. All rights reserved. PDC no.8229.
How?
Information gathering
2011 KPMG Romania SRL, a Romanian limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative("KPMG International"), a Swiss entity. All rights reserved. PDC no.8229.
2011 KPMG Romania SRL, a Romanian limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative("KPMG International"), a Swiss entity. All rights reserved. PDC no.8229.
Resources
Dedicated machines Dedicated network Software tools: In-house developed Open source
Commercial
Dedicated workspace (IT Security Laboratory)
2011 KPMG Romania SRL, a Romanian limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative("KPMG International"), a Swiss entity. All rights reserved. PDC no.8229.
10
Limitations
Timeframe Budget Resources Personnel awareness Things change
Known Vulnerabilities
Does not discover all vulnerabilities but reduces the number of vulnerabilities that could be found by high skilled attackers having similar resources and knowledge
2011 KPMG Romania SRL, a Romanian limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative("KPMG International"), a Swiss entity. All rights reserved. PDC no.8229.
11
Reporting
Executive summary Overview Key findings High-level observations Risk matrix
Technical report
Findings
Risks
Recommendations
2011 KPMG Romania SRL, a Romanian limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative("KPMG International"), a Swiss entity. All rights reserved. PDC no.8229.
12
Knowledge:
System administration
Network administration
Software development Quality assurance / software testing
2011 KPMG Romania SRL, a Romanian limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative("KPMG International"), a Swiss entity. All rights reserved. PDC no.8229.
13
2011 KPMG Romania SRL, a Romanian limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative("KPMG International"), a Swiss entity. All rights reserved. PDC no.8229.
14
2011 KPMG Romania SRL, a Romanian limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative("KPMG International"), a Swiss entity. All rights reserved. PDC no.8229.
15
2011 KPMG Romania SRL, a Romanian limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative("KPMG International"), a Swiss entity. All rights reserved. PDC no.8229.
16
2011 KPMG Romania SRL, a Romanian limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative("KPMG International"), a Swiss entity. All rights reserved. PDC no.8229.
17
2011 KPMG Romania SRL, a Romanian limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative("KPMG International"), a Swiss entity. All rights reserved. PDC no.8229.
18
2011 KPMG Romania SRL, a Romanian limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative("KPMG International"), a Swiss entity. All rights reserved. PDC no.8229.
19