PENETRATION TESTING
PENETRATION TESTING DAY
To be held on Thursday, 16th July, 2009, at the BCS London Offices, Southampton Street, London.
Please note that this event is now fully booked.
This event will take a close look at Penetration Testing. The objective of the event is to ensure that all attendees understand the basics of penetration testing. You will not be taught how to conduct Pen Tests but rather you will find out about all the essential components that go to make up a successful Penetration Test.
A number of experienced Pen Test practitioners will give presentations at the seminar. There will be a heavy emphasis on the technical side but the management of Pen Tests will also be covered. Perhaps just as importantly, there will be ample opportunity for questions to the speakers and for networking with other delegates. Indeed, as a result of feedback from other recent ISSG events, much more time is being set aside for formal questions and answers as well as informal networking
Any enquiries should be sent by email to our administrator.
Please note: directions to the venue are available from the BCS Web Site and will also be sent out with the Joining Instructions
THE PROGRAMME
| 0930 – 1000 | Registration and Tea/Coffee and networking opportunity |
| 1000 – 1005 | Welcome and Introduction |
| Mike Westmacott – BCS-ISSG Committee and Event Chair | |
| 1005 – 1100 | Getting the Most from your Security Consultancy |
| John Yeo - Verizon Business | |
| John will talk about the complete security assessment lifecycle from the consultants' perspective. He will discuss where security consultants can and can’t help and how to leverage the most value from them. The talk will include where the security assessment and pen testing market is presently, what developments are taking place, and where we actually want to be in the future, sprinkled together with a few anecdotes and war stories from the field. | |
| 1100 – 1130 | Coffee/Tea |
| 1130 – 1230 | Top Five Security Vulnerabilities |
| Peter Wood, First Base | |
| Over the past 12 years, Peter Wood has taken part in a hundreds of penetration tests, from both inside and outside organisations. Over this period several themes have emerged - repeating problems which continue to undermine network security in the majority of organisations. Peter will discuss how to find the most common vulnerabilities in corporate networks, using real-world case studies to illustrate his talk. He will cover Windows domains, infrastructure devices and end points, sharing his experience of the configuration errors and misunderstandings that populate organisations’ networks everywhere. Peter is renowned for his pragmatism, so expect a down-to-earth, no-frills presentation with plenty of practical examples and plain speaking. Leave your prejudices at home! | |
| 1230 – 1315 | Lunch |
| A buffet lunch will be served. Vegetarian options will be available. | |
| 1315 – 1415 | The Limitations of Web Application Vulnerability Scanners |
| Matthias Muhlert, Verizon Business | |
| This presentation will discuss the risks that are associated with companies relying on vulnerability scanners. The business cases for utilizing an automated vulnerability scanner are tempting but to what extend should they be used? | |
| The presentation will aim to answer the following questions that should be of interest to network managers, security managers and application leads: Are there unforeseen risks to business by over reliance on vulnerability scanners? What will a scanner miss? What risks are associated with false positives and false negatives? What are the limitations of a vulnerability scanner? | |
| 1415 – 1515 | Social Engineering: Hacking the Human |
| Ian Mann, Senior Systems Consultant - ECSC | |
| History shows that breaches in information security are often much more than technical IT security failures. You will see fascinating examples of how extensive IT security infrastructure can be easily bypassed with even the most basic Social Engineering techniques. Learn about advanced psychological techniques, used by malicious attackers to manipulate your staff into aiding and abetting security breaches. | |
| When you leave this presentation you will begin to see gaping holes in your own security and how easily someone can bypass your security countermeasures. You will understand the human limitations of an information security approach based on IT security technology. Finally, you will probably begin to think like a criminal; a good idea if you really want to improve your security. In addition, Ian will outline how you can include social engineering within a penetration testing programme to ensure that you get a full picture of your security vulnerabilities. | |
| 1515 – 1545 | Coffee/Tea |
| 1545 – 1600 | Panel Discussion chaired by Mike Westmacott |
| A Q&A session for delegates to raise any queries, problems or issues with the speakers. | |
| Note : Subject to demand and the availability of speakers, the Q&A session may be extended but will conclude no later than 16.30. | |
| 1600 – 1605 | Closing Remarks |
| Mike Westmacott (chair) |
The above is the planned program for the event but may be subject to change. Prospective delegates should check this web page for any changes. These will also be notified to delegates via the joining instructions or on the day.
Please note that this event is now fully booked.
If you wish to be wait listed for this event, please contact BCS Specialist Groups Administration on 01793 417416, to express your interest. If you are booked but cannot attend, please contact BCS Specialist Groups Administration so that your place can be released for use by someone else.
Membership of the ISSG is open to all BCS members regardless of membership grade. To register for ISSG membership, BCS members should log into the BCS members area on the BCS Web Site and add the ISSG to their specialist group membership details. Those who are not BCS members may attend open seminars for one year at a higher fee but will be requested to join the BCS after a year.
If you have not heard from us within two weeks of submitting your application, please contact BCS Specialist Groups Administration on the telephone number given above.
Data Protection Act 1998 : Both the BCS and the ISSG operate strictly within the rules of this legislation and personal data relating to all delegates will only be disclosed according to law. Delegates should note that their essential personal data will be shared between authorised staff in the BCS and the ISSG and may also be shared with authorised staff at the seminar venue for the purposes of security.
 |
Web maintained by Gamma Secure Systems Limited | Page last updated 18 June 2009 |