The Highest-Risk Vulnerabilities: Pen Test Metrics from The Field
New research into the most prevalent technical vulnerabilities identified in the prior year by will be presented. Findings data is derived from penetration testing by advanced-skillset consultants on funded, fixed-objective engagements, simulating worst-case adversaries/scenarios. Research methodology, key findings, and implications for managing risk will be discussed. Data will be presented on most prevalent categories, risk levels, most-exploited technologies, the ‘top n’ specific vulnerabilities, and other trends. Comparisons with external datasets including the OWASP Top 10 will be analyzed. Finally, lessons learned will be reported, covering data analysis strategies, value of ‘top n’ lists, and future research directions. You’ll come away with strategies to prioritize the most important technical risks to your organization based on empirical data, demonstrate how vulnerability statistical analysis can improve overall security program performance, and how to build a data analytics program to leverage your own vulnerability data.
|Format of talk||Lecture|
|Select a track||Security & Business|
|If “Other”, please explain|
|Will you require funding for travel?||YES|
Joel Scambray is a Technical Director at NCC Group, a global expert in cyber security and risk mitigation formed in 1999. He has helped Fortune 500-class organizations address information security challenges for over twenty years as a consultant, author and speaker, executive, and entrepreneur. He is widely recognized as co-author of the Hacking Exposed book series, and has worked/consulted for companies including Microsoft, Foundstone, Cigital, Amazon, Costco, Softcard, and Ernst & Young.
Get promotions and special offers directly to your inbox.