Joel Scambray

NCC Group

The Highest-Risk Vulnerabilities: Pen Test Metrics from The Field

New research into the most prevalent technical vulnerabilities identified in the prior year by will be presented. Findings data is derived from penetration testing by advanced-skillset consultants on funded, fixed-objective engagements, simulating worst-case adversaries/scenarios. Research methodology, key findings, and implications for managing risk will be discussed. Data will be presented on most prevalent categories, risk levels, most-exploited technologies, the ‘top n’ specific vulnerabilities, and other trends. Comparisons with external datasets including the OWASP Top 10 will be analyzed. Finally, lessons learned will be reported, covering data analysis strategies, value of ‘top n’ lists, and future research directions. You’ll come away with strategies to prioritize the most important technical risks to your organization based on empirical data, demonstrate how vulnerability statistical analysis can improve overall security program performance, and how to build a data analytics program to leverage your own vulnerability data.

Format of talk Lecture
Select a track Security & Business
If “Other”, please explain
Session Level Intermediate
Will you require funding for travel? YES

Joel Scambray is a Technical Director at NCC Group, a global expert in cyber security and risk mitigation formed in 1999. He has helped Fortune 500-class organizations address information security challenges for over twenty years as a consultant, author and speaker, executive, and entrepreneur. He is widely recognized as co-author of the Hacking Exposed book series, and has worked/consulted for companies including Microsoft, Foundstone, Cigital, Amazon, Costco, Softcard, and Ernst & Young.

« back

Become a Source Insider

Get promotions and special offers directly to your inbox.