Top Patch delivers information security products to reduce risk, increase data security and ensure compliance. TopPatch's Remediation Vault™ is the industry’s first peer-to-peer patch distribution product. Even with existing patch management solutions, Remediation Vault ensures completeness, coverage and speed so that vulnerabilities are patched before hackers can exploit them. With Remediation Vault, the vulnerabilities in the software installed on Unix, Linux, BSD, OSX and Window’s operating systems are up to date with the newest security patches.
TopPatch services include HIPAA/HITECH compliance management, PCI compliance management, intrusion detection/prevention systems, forensics, end-to-end data privacy compliance management, vulnerability assessment and management, log monitoring and management, FFIEC, GLBA, NCUA, NERC, and SOX compliance.
3. 10 Sophisticated Hacker
Techniques
Overview
• Locate digital doorways to partially or fully take
over a system.
• No system is safe
• Regular cyber assessments to identify doorways.
• Remediation and patch management software
• Patch management is first line of defense.
• Software solutions for vulnerability assessment
and patch management.
4. 10 Sophisticated Hacker
Techniques
1) DNS poisoning via port Exhaustion
(Roee Hay and Yair Amit)
2) BEAST (Thai Duong and Juliano Rizzo)
3) CAPTCHA Hax with TessertCap (Gursev Kaira)
5. 10 Sophisticated Hacker
Techniques
4) Abusing flash-proxies for client-side cross-
domain HTTP request (Martin Johns and Sebastian
Lekies)
5) DOMinator. Finding DOMXSS with dynamic taint
propagation (Stefano di Paola)
6) CSRF: Flash + 307 re-direct = Game Over (Phillip
Purviance)
6. 10 Sophisticated Hacker
Techniques
7) Multiple vulnerabilities in Apache Struts2 and
properly oriented programming with Java (Johannes
Dahse)
8) Java Applet Same Origin Bypass via HTTP Redirect
(Neal Poole)
9) Bypassing Chrome’s Anti-XSS filter (Nick
Nikiforakis)
10) Expression Language Injection (Stefano di Paola
and Arshan Dabirsiagh)
7. 10 Sophisticated Hacker
Techniques
5) Conduct detailed testing of controls
• Three levels of reliance:
• Lowest reliance: self-testing by IT
• Medium reliance: Internal audit, tests
to
prove compliance of each key control.
• Highest reliance: external auditors
• Focus areas:
• Change management
• Security and data integrity
8. Top Patch delivers
information security
products that reduce risk,
increase data security and
ensure compliance
Request a free trial of
the Remediation Vault
for
Best-In-Class Patch
Management
Alex
Email: alex@toppatch.com
(646) 664-4265
349 Fifth Avenue, New York, NY 10016
www.toppatch.com
Twitter: @toppatch