SlideShare ist ein Scribd-Unternehmen logo

Cyberlands Sales Deck

Cyberlands B.V.
Cyberlands B.V.

Cyberlands API Penetration Testing offering for Fintech and API-enabled businesses

Technologie
1 von 22
Downloaden Sie, um offline zu lesen
Cyberlands: API Penetration Testing Services Cyberlands B.V.
API Breaches Users and hackers exploit APIs to gain from companies assets Compliance Companies has to demonstrate proper effort in securing their APIs Lack of Talent 291 000 cybersecurity jobs are unfilled - ISC2 research (2019) API SECURITY RISK APIs are proliferating so are risks associated with them Cyberlands B.V.
Risk Case - API Data Breach - 2020 Cyberlands B.V. 400, 000 user records were stolen £20 000 000 fine from ICO
Cyberlands B.V. Risk Case - API Vulnerability - 2020 • Public method allows unathentificated enumeration of all user ID: gitlab.company.local/api/v4/users/{id} • https://gitlab.com/webpwn.keys method shows avatar_url • Part of avatar_url is md5 hash from email Headhunting Your Developers Phishing Your DevOps
Cyberlands B.V. Risk Case - API Abuse Fraud - 2016 if (datacash.response.reason == 'ACCEPTED' && datacash.response.status == 1) placeOrder(); Tech-savvy user managed to get free pizza Because payments status was checked on cliend side
Fixed Price Pentest Get required security expertise and off-load scope risks Hourly Rate Pay per use at maximum transparency Dedicated Pentest Resource A seasoned expert is reserved to solve your problems daily - dedicated, semi or quarter-dedicated Pentest as a Service Focus on risks that matter to your application and API Cyberlands B.V.
Fair and Flexible Value Our customers enjoy average 338% Return on Investment employing us: penetrating testing provider with deep and proven expertise Cyberlands B.V.
How it Works Cyberlands B.V. Scoping (1 week) Delivery (2 - 4 weeks) Remediation (up to 3 months) • Typeform • Google Meet • eSigning • Dedicated Chat • Hacking Tools • Executive Briefing • Customer Portal with findings • Customer Portal with findings • Dedicated Chat
Cyberlands B.V. Your Control Panel over Pentest Findings
Cyberlands B.V. Managed Remediation Roadmap
Cyberlands B.V. Integrations with Your Tools
Cyberlands B.V. Attack Chain With Business Impact on Your App
Selected Projects We helped customers from Fintech, SaaS, Cybersecurity, Finance and many other spaces to identify and close their security gaps Cyberlands B.V.
API Case Study: FCA-regulated British FinTech Objective: Support PCI DSS compliance Cyberlands B.V. • audit Managed Kubernetes (Google Cloud) • audit external API • bypass SSL Pinning (Android) Security goals https://clutch.co/profile/cyberlands-bv#reviews
IoT Case Study: Korean Smart camera producer Objective: Find IoT vulnerabilities Cyberlands B.V. • a backdoor discovered (third-party library) • breached traffic encryption between cameras and cloud back-end • took control over camera and cloud back-end Security findings • introduce third-party libraries risk management process • change design of encryption controls • implement cloud back-end controls Recommendations Tools used Hardware
Front-End Case Study: WebApp API Assessment Objective: Find front-end and API vulnerabilities • unrestricted file upload • API missing input validation • WebForm missing input validation • less-strength communication encryption Security findings • restrict uploading file types • validate and sanitise input data • implement input validation in webforms • implement modern communication encryption Recommendations Cyberlands B.V. Tools used
Mobile Case Study: Mobile Banking Application Objective: Find MobileApp vulnerabilities - iOSAndroid • insecure hashing algorithms • weak authentification • information exposure (debug log, cache) • no jailbreak/root detection Security findings • change hashing algorithms • add MFA • suppress sensitive information in debug log and cache • implement jailbreak/root detection Recommendations Cyberlands B.V. Tools used
Cloud Case Study: AWS Infrastructure Assessment Objective: Find out cloud infrastructure weaknesses • EBS volumes were not encrypted and CloudTrail was off • insecure rule were set for default security groups • all ports were allowed to accept connections • no MFA for critical functions Security findings • implement encryption process for volumes • enable logging on API and enable MFA for critical functions • setup zero trust for default security groups • restrict access to ports based on business needs Recommendations Cyberlands B.V. Tools used
What's Happening Next We're developing API monitoring service to ensure continuous security of customer's apps - Start date is July 1, 2021 Cyberlands B.V.
Alex Bodryk, CISA, ITIL Expert Director & Founder The Team Sergey Khariuk CTO & Founder Eduard Babych, eCPPT Gold Head of API Testing Cyberlands B.V. 10Y+ exp designing and implementing infosec programmes in GRC and SOC. Former Threat Intel analyst. Industry focus - oil&gas, fintech, MSSPSOC 10Y+ exp delivering penetration testing and red team engagements. Former Reverse Engineer. Industry focus - airlines, fintech, gambling 7+ years in vulnerability research for software and hardware products. Found major vulnerabilities in some most well- known devices over the world
Flexible Pricing for clients in UK and EU • 10k GBP for PCI DSS external API pentest (example) • 40 GBP hour for small projects - up to 80 hours • Dedicated penetration testing experts on request We offer money-back guarantee for each customer Cyberlands B.V. Start scoping today!
www.cyberlands.io +44 20 457 704 85 +31 30 890 34 33 welcome@cyberlands.io Contact Us Cyberlands B.V.

Empfohlen

APIdays Paris 2019 - Adopting Service Mesh by Marco Palladino , Kong
APIdays Paris 2019 - Adopting Service Mesh by Marco Palladino , KongAPIdays Paris 2019 - Adopting Service Mesh by Marco Palladino , Kong
APIdays Paris 2019 - Adopting Service Mesh by Marco Palladino , Kongapidays
 
apidays LIVE London 2021 - API Security in Highly Volatile Threat Landscapes ...
apidays LIVE London 2021 - API Security in Highly Volatile Threat Landscapes ...apidays LIVE London 2021 - API Security in Highly Volatile Threat Landscapes ...
apidays LIVE London 2021 - API Security in Highly Volatile Threat Landscapes ...apidays
 
apidays LIVE Paris 2021 - API Attack Simulator - Find your API vulnerabilitie...
apidays LIVE Paris 2021 - API Attack Simulator - Find your API vulnerabilitie...apidays LIVE Paris 2021 - API Attack Simulator - Find your API vulnerabilitie...
apidays LIVE Paris 2021 - API Attack Simulator - Find your API vulnerabilitie...apidays
 
Mobile - Your API Security Blindspot by David Stewart, Approov
Mobile - Your API Security Blindspot by David Stewart, Approov Mobile - Your API Security Blindspot by David Stewart, Approov
Mobile - Your API Security Blindspot by David Stewart, Approovapidays
 
apidays LIVE Paris 2021 - Addressing OWASP API Security Top 10 by Isabelle Ma...
apidays LIVE Paris 2021 - Addressing OWASP API Security Top 10 by Isabelle Ma...apidays LIVE Paris 2021 - Addressing OWASP API Security Top 10 by Isabelle Ma...
apidays LIVE Paris 2021 - Addressing OWASP API Security Top 10 by Isabelle Ma...apidays
 
API Days, Paris, January 2018 - Sharing API Economy Observations: Business dr...
API Days, Paris, January 2018 - Sharing API Economy Observations: Business dr...API Days, Paris, January 2018 - Sharing API Economy Observations: Business dr...
API Days, Paris, January 2018 - Sharing API Economy Observations: Business dr...Veronique Wagon
 
Is Your API Being Abused – And Would You Even Notice If It Was?
Is Your API Being Abused – And Would You Even Notice If It Was?Is Your API Being Abused – And Would You Even Notice If It Was?
Is Your API Being Abused – And Would You Even Notice If It Was?Nordic APIs
 
apidays LIVE Paris 2021 - The Real World, API Security Edition by Michael Isb...
apidays LIVE Paris 2021 - The Real World, API Security Edition by Michael Isb...apidays LIVE Paris 2021 - The Real World, API Security Edition by Michael Isb...
apidays LIVE Paris 2021 - The Real World, API Security Edition by Michael Isb...apidays
 

Empfohlen

APIdays Paris 2019 - Adopting Service Mesh by Marco Palladino , Kong
APIdays Paris 2019 - Adopting Service Mesh by Marco Palladino , KongAPIdays Paris 2019 - Adopting Service Mesh by Marco Palladino , Kong
APIdays Paris 2019 - Adopting Service Mesh by Marco Palladino , Kongapidays
 
apidays LIVE London 2021 - API Security in Highly Volatile Threat Landscapes ...
apidays LIVE London 2021 - API Security in Highly Volatile Threat Landscapes ...apidays LIVE London 2021 - API Security in Highly Volatile Threat Landscapes ...
apidays LIVE London 2021 - API Security in Highly Volatile Threat Landscapes ...apidays
 
apidays LIVE Paris 2021 - API Attack Simulator - Find your API vulnerabilitie...
apidays LIVE Paris 2021 - API Attack Simulator - Find your API vulnerabilitie...apidays LIVE Paris 2021 - API Attack Simulator - Find your API vulnerabilitie...
apidays LIVE Paris 2021 - API Attack Simulator - Find your API vulnerabilitie...apidays
 
Mobile - Your API Security Blindspot by David Stewart, Approov
Mobile - Your API Security Blindspot by David Stewart, Approov Mobile - Your API Security Blindspot by David Stewart, Approov
Mobile - Your API Security Blindspot by David Stewart, Approovapidays
 
apidays LIVE Paris 2021 - Addressing OWASP API Security Top 10 by Isabelle Ma...
apidays LIVE Paris 2021 - Addressing OWASP API Security Top 10 by Isabelle Ma...apidays LIVE Paris 2021 - Addressing OWASP API Security Top 10 by Isabelle Ma...
apidays LIVE Paris 2021 - Addressing OWASP API Security Top 10 by Isabelle Ma...apidays
 
API Days, Paris, January 2018 - Sharing API Economy Observations: Business dr...
API Days, Paris, January 2018 - Sharing API Economy Observations: Business dr...API Days, Paris, January 2018 - Sharing API Economy Observations: Business dr...
API Days, Paris, January 2018 - Sharing API Economy Observations: Business dr...Veronique Wagon
 
Is Your API Being Abused – And Would You Even Notice If It Was?
Is Your API Being Abused – And Would You Even Notice If It Was?Is Your API Being Abused – And Would You Even Notice If It Was?
Is Your API Being Abused – And Would You Even Notice If It Was?Nordic APIs
 
apidays LIVE Paris 2021 - The Real World, API Security Edition by Michael Isb...
apidays LIVE Paris 2021 - The Real World, API Security Edition by Michael Isb...apidays LIVE Paris 2021 - The Real World, API Security Edition by Michael Isb...
apidays LIVE Paris 2021 - The Real World, API Security Edition by Michael Isb...apidays
 
apidays LIVE Paris 2021 - Advanced Authentication patterns at the Edge by Den...
apidays LIVE Paris 2021 - Advanced Authentication patterns at the Edge by Den...apidays LIVE Paris 2021 - Advanced Authentication patterns at the Edge by Den...
apidays LIVE Paris 2021 - Advanced Authentication patterns at the Edge by Den...apidays
 
Crossing the low-code and pro-code chasm: a platform approach
Crossing the low-code and pro-code chasm: a platform approachCrossing the low-code and pro-code chasm: a platform approach
Crossing the low-code and pro-code chasm: a platform approachAsanka Abeysinghe
 
Testing IoT Apps with the Cloud
Testing IoT Apps with the CloudTesting IoT Apps with the Cloud
Testing IoT Apps with the CloudJosiah Renaudin
 
apidays LIVE Paris 2021 - Synchronous Communication Patterns by Sébastien Ber...
apidays LIVE Paris 2021 - Synchronous Communication Patterns by Sébastien Ber...apidays LIVE Paris 2021 - Synchronous Communication Patterns by Sébastien Ber...
apidays LIVE Paris 2021 - Synchronous Communication Patterns by Sébastien Ber...apidays
 
End-to-end Testing for IoT Integrity
End-to-end Testing for IoT IntegrityEnd-to-end Testing for IoT Integrity
End-to-end Testing for IoT IntegrityParasoft
 
apidays LIVE India - 10 steps to secure your API by Pabitra Kumar Sahoo, Qual...
apidays LIVE India - 10 steps to secure your API by Pabitra Kumar Sahoo, Qual...apidays LIVE India - 10 steps to secure your API by Pabitra Kumar Sahoo, Qual...
apidays LIVE India - 10 steps to secure your API by Pabitra Kumar Sahoo, Qual...apidays
 
José Vila - ¿Otro parche más? No, por favor. [rooted2018]
José Vila - ¿Otro parche más? No, por favor. [rooted2018]José Vila - ¿Otro parche más? No, por favor. [rooted2018]
José Vila - ¿Otro parche más? No, por favor. [rooted2018]RootedCON
 
apidays LIVE New York 2021 - Playing with FHIR without getting burned by Dav...
apidays LIVE New York 2021 - Playing with FHIR without getting burned by Dav...apidays LIVE New York 2021 - Playing with FHIR without getting burned by Dav...
apidays LIVE New York 2021 - Playing with FHIR without getting burned by Dav...apidays
 
Tips to Reduce the Attack Surface When Using Third-Party Libraries
Tips to Reduce the Attack Surface When Using Third-Party LibrariesTips to Reduce the Attack Surface When Using Third-Party Libraries
Tips to Reduce the Attack Surface When Using Third-Party LibrariesKaty Anton
 
apidays LIVE London 2021 - Quantum Duality of “API as a business” and “API as...
apidays LIVE London 2021 - Quantum Duality of “API as a business” and “API as...apidays LIVE London 2021 - Quantum Duality of “API as a business” and “API as...
apidays LIVE London 2021 - Quantum Duality of “API as a business” and “API as...apidays
 
apidays LIVE Paris - Principles for API security by Alan Glickenhouse
apidays LIVE Paris - Principles for API security by Alan Glickenhouseapidays LIVE Paris - Principles for API security by Alan Glickenhouse
apidays LIVE Paris - Principles for API security by Alan Glickenhouseapidays
 
APImetrics Product Introduction
APImetrics Product IntroductionAPImetrics Product Introduction
APImetrics Product Introductionapimetrics
 
Hacker vs AI
Hacker vs AI Hacker vs AI
Hacker vs AI Nordic APIs
 
apidays LIVE Paris 2021 - Taming the beast by Markus Mueller, Apiida
apidays LIVE Paris 2021 - Taming the beast by Markus Mueller, Apiidaapidays LIVE Paris 2021 - Taming the beast by Markus Mueller, Apiida
apidays LIVE Paris 2021 - Taming the beast by Markus Mueller, Apiidaapidays
 
OpenID Certification Program Update - 2018-04-02
OpenID Certification Program Update - 2018-04-02OpenID Certification Program Update - 2018-04-02
OpenID Certification Program Update - 2018-04-02MikeLeszcz
 
apidays LIVE Paris 2021 - Detecting and Protecting PII by Rob Dickinson, Resu...
apidays LIVE Paris 2021 - Detecting and Protecting PII by Rob Dickinson, Resu...apidays LIVE Paris 2021 - Detecting and Protecting PII by Rob Dickinson, Resu...
apidays LIVE Paris 2021 - Detecting and Protecting PII by Rob Dickinson, Resu...apidays
 
Guide to an API-first Strategy
Guide to an API-first StrategyGuide to an API-first Strategy
Guide to an API-first StrategyKellton Tech Solutions Ltd
 
2018 06 Presentation Cloudguard IaaS de Checkpoint
2018 06 Presentation Cloudguard IaaS de Checkpoint2018 06 Presentation Cloudguard IaaS de Checkpoint
2018 06 Presentation Cloudguard IaaS de Checkpointe-Xpert Solutions SA
 
apidays LIVE New York 2021 - APIOps: automating API operations for speed and ...
apidays LIVE New York 2021 - APIOps: automating API operations for speed and ...apidays LIVE New York 2021 - APIOps: automating API operations for speed and ...
apidays LIVE New York 2021 - APIOps: automating API operations for speed and ...apidays
 
apidays LIVE Singapore 2021 - Protecting the API ecosystem by Omaru Maruatona...
apidays LIVE Singapore 2021 - Protecting the API ecosystem by Omaru Maruatona...apidays LIVE Singapore 2021 - Protecting the API ecosystem by Omaru Maruatona...
apidays LIVE Singapore 2021 - Protecting the API ecosystem by Omaru Maruatona...apidays
 
apidays LIVE London 2021 - Application to API Security, drivers to the Shift ...
apidays LIVE London 2021 - Application to API Security, drivers to the Shift ...apidays LIVE London 2021 - Application to API Security, drivers to the Shift ...
apidays LIVE London 2021 - Application to API Security, drivers to the Shift ...apidays
 
GDPR Compliance Countdown - Is your Application environment ready?
GDPR Compliance Countdown - Is your Application environment ready?GDPR Compliance Countdown - Is your Application environment ready?
GDPR Compliance Countdown - Is your Application environment ready?QualiQuali
 

Weitere ähnliche Inhalte

Was ist angesagt?

apidays LIVE Paris 2021 - Advanced Authentication patterns at the Edge by Den...
apidays LIVE Paris 2021 - Advanced Authentication patterns at the Edge by Den...apidays LIVE Paris 2021 - Advanced Authentication patterns at the Edge by Den...
apidays LIVE Paris 2021 - Advanced Authentication patterns at the Edge by Den...apidays
 
Crossing the low-code and pro-code chasm: a platform approach
Crossing the low-code and pro-code chasm: a platform approachCrossing the low-code and pro-code chasm: a platform approach
Crossing the low-code and pro-code chasm: a platform approachAsanka Abeysinghe
 
Testing IoT Apps with the Cloud
Testing IoT Apps with the CloudTesting IoT Apps with the Cloud
Testing IoT Apps with the CloudJosiah Renaudin
 
apidays LIVE Paris 2021 - Synchronous Communication Patterns by Sébastien Ber...
apidays LIVE Paris 2021 - Synchronous Communication Patterns by Sébastien Ber...apidays LIVE Paris 2021 - Synchronous Communication Patterns by Sébastien Ber...
apidays LIVE Paris 2021 - Synchronous Communication Patterns by Sébastien Ber...apidays
 
End-to-end Testing for IoT Integrity
End-to-end Testing for IoT IntegrityEnd-to-end Testing for IoT Integrity
End-to-end Testing for IoT IntegrityParasoft
 
apidays LIVE India - 10 steps to secure your API by Pabitra Kumar Sahoo, Qual...
apidays LIVE India - 10 steps to secure your API by Pabitra Kumar Sahoo, Qual...apidays LIVE India - 10 steps to secure your API by Pabitra Kumar Sahoo, Qual...
apidays LIVE India - 10 steps to secure your API by Pabitra Kumar Sahoo, Qual...apidays
 
José Vila - ¿Otro parche más? No, por favor. [rooted2018]
José Vila - ¿Otro parche más? No, por favor. [rooted2018]José Vila - ¿Otro parche más? No, por favor. [rooted2018]
José Vila - ¿Otro parche más? No, por favor. [rooted2018]RootedCON
 
apidays LIVE New York 2021 - Playing with FHIR without getting burned by Dav...
apidays LIVE New York 2021 - Playing with FHIR without getting burned by Dav...apidays LIVE New York 2021 - Playing with FHIR without getting burned by Dav...
apidays LIVE New York 2021 - Playing with FHIR without getting burned by Dav...apidays
 
Tips to Reduce the Attack Surface When Using Third-Party Libraries
Tips to Reduce the Attack Surface When Using Third-Party LibrariesTips to Reduce the Attack Surface When Using Third-Party Libraries
Tips to Reduce the Attack Surface When Using Third-Party LibrariesKaty Anton
 
apidays LIVE London 2021 - Quantum Duality of “API as a business” and “API as...
apidays LIVE London 2021 - Quantum Duality of “API as a business” and “API as...apidays LIVE London 2021 - Quantum Duality of “API as a business” and “API as...
apidays LIVE London 2021 - Quantum Duality of “API as a business” and “API as...apidays
 
apidays LIVE Paris - Principles for API security by Alan Glickenhouse
apidays LIVE Paris - Principles for API security by Alan Glickenhouseapidays LIVE Paris - Principles for API security by Alan Glickenhouse
apidays LIVE Paris - Principles for API security by Alan Glickenhouseapidays
 
APImetrics Product Introduction
APImetrics Product IntroductionAPImetrics Product Introduction
APImetrics Product Introductionapimetrics
 
apidays LIVE Paris 2021 - Taming the beast by Markus Mueller, Apiida
apidays LIVE Paris 2021 - Taming the beast by Markus Mueller, Apiidaapidays LIVE Paris 2021 - Taming the beast by Markus Mueller, Apiida
apidays LIVE Paris 2021 - Taming the beast by Markus Mueller, Apiidaapidays
 
OpenID Certification Program Update - 2018-04-02
OpenID Certification Program Update - 2018-04-02OpenID Certification Program Update - 2018-04-02
OpenID Certification Program Update - 2018-04-02MikeLeszcz
 
apidays LIVE Paris 2021 - Detecting and Protecting PII by Rob Dickinson, Resu...
apidays LIVE Paris 2021 - Detecting and Protecting PII by Rob Dickinson, Resu...apidays LIVE Paris 2021 - Detecting and Protecting PII by Rob Dickinson, Resu...
apidays LIVE Paris 2021 - Detecting and Protecting PII by Rob Dickinson, Resu...apidays
 
2018 06 Presentation Cloudguard IaaS de Checkpoint
2018 06 Presentation Cloudguard IaaS de Checkpoint2018 06 Presentation Cloudguard IaaS de Checkpoint
2018 06 Presentation Cloudguard IaaS de Checkpointe-Xpert Solutions SA
 
apidays LIVE New York 2021 - APIOps: automating API operations for speed and ...
apidays LIVE New York 2021 - APIOps: automating API operations for speed and ...apidays LIVE New York 2021 - APIOps: automating API operations for speed and ...
apidays LIVE New York 2021 - APIOps: automating API operations for speed and ...apidays
 
apidays LIVE Singapore 2021 - Protecting the API ecosystem by Omaru Maruatona...
apidays LIVE Singapore 2021 - Protecting the API ecosystem by Omaru Maruatona...apidays LIVE Singapore 2021 - Protecting the API ecosystem by Omaru Maruatona...
apidays LIVE Singapore 2021 - Protecting the API ecosystem by Omaru Maruatona...apidays
 

Was ist angesagt? (20)

apidays LIVE Paris 2021 - Advanced Authentication patterns at the Edge by Den...
apidays LIVE Paris 2021 - Advanced Authentication patterns at the Edge by Den...apidays LIVE Paris 2021 - Advanced Authentication patterns at the Edge by Den...
apidays LIVE Paris 2021 - Advanced Authentication patterns at the Edge by Den...
 
Crossing the low-code and pro-code chasm: a platform approach
Crossing the low-code and pro-code chasm: a platform approachCrossing the low-code and pro-code chasm: a platform approach
Crossing the low-code and pro-code chasm: a platform approach
 
Testing IoT Apps with the Cloud
Testing IoT Apps with the CloudTesting IoT Apps with the Cloud
Testing IoT Apps with the Cloud
 
apidays LIVE Paris 2021 - Synchronous Communication Patterns by Sébastien Ber...
apidays LIVE Paris 2021 - Synchronous Communication Patterns by Sébastien Ber...apidays LIVE Paris 2021 - Synchronous Communication Patterns by Sébastien Ber...
apidays LIVE Paris 2021 - Synchronous Communication Patterns by Sébastien Ber...
 
End-to-end Testing for IoT Integrity
End-to-end Testing for IoT IntegrityEnd-to-end Testing for IoT Integrity
End-to-end Testing for IoT Integrity
 
apidays LIVE India - 10 steps to secure your API by Pabitra Kumar Sahoo, Qual...
apidays LIVE India - 10 steps to secure your API by Pabitra Kumar Sahoo, Qual...apidays LIVE India - 10 steps to secure your API by Pabitra Kumar Sahoo, Qual...
apidays LIVE India - 10 steps to secure your API by Pabitra Kumar Sahoo, Qual...
 
José Vila - ¿Otro parche más? No, por favor. [rooted2018]
José Vila - ¿Otro parche más? No, por favor. [rooted2018]José Vila - ¿Otro parche más? No, por favor. [rooted2018]
José Vila - ¿Otro parche más? No, por favor. [rooted2018]
 
apidays LIVE New York 2021 - Playing with FHIR without getting burned by Dav...
apidays LIVE New York 2021 - Playing with FHIR without getting burned by Dav...apidays LIVE New York 2021 - Playing with FHIR without getting burned by Dav...
apidays LIVE New York 2021 - Playing with FHIR without getting burned by Dav...
 
Tips to Reduce the Attack Surface When Using Third-Party Libraries
Tips to Reduce the Attack Surface When Using Third-Party LibrariesTips to Reduce the Attack Surface When Using Third-Party Libraries
Tips to Reduce the Attack Surface When Using Third-Party Libraries
 
apidays LIVE London 2021 - Quantum Duality of “API as a business” and “API as...
apidays LIVE London 2021 - Quantum Duality of “API as a business” and “API as...apidays LIVE London 2021 - Quantum Duality of “API as a business” and “API as...
apidays LIVE London 2021 - Quantum Duality of “API as a business” and “API as...
 
apidays LIVE Paris - Principles for API security by Alan Glickenhouse
apidays LIVE Paris - Principles for API security by Alan Glickenhouseapidays LIVE Paris - Principles for API security by Alan Glickenhouse
apidays LIVE Paris - Principles for API security by Alan Glickenhouse
 
APImetrics Product Introduction
APImetrics Product IntroductionAPImetrics Product Introduction
APImetrics Product Introduction
 
Hacker vs AI
Hacker vs AI Hacker vs AI
Hacker vs AI
 
apidays LIVE Paris 2021 - Taming the beast by Markus Mueller, Apiida
apidays LIVE Paris 2021 - Taming the beast by Markus Mueller, Apiidaapidays LIVE Paris 2021 - Taming the beast by Markus Mueller, Apiida
apidays LIVE Paris 2021 - Taming the beast by Markus Mueller, Apiida
 
OpenID Certification Program Update - 2018-04-02
OpenID Certification Program Update - 2018-04-02OpenID Certification Program Update - 2018-04-02
OpenID Certification Program Update - 2018-04-02
 
apidays LIVE Paris 2021 - Detecting and Protecting PII by Rob Dickinson, Resu...
apidays LIVE Paris 2021 - Detecting and Protecting PII by Rob Dickinson, Resu...apidays LIVE Paris 2021 - Detecting and Protecting PII by Rob Dickinson, Resu...
apidays LIVE Paris 2021 - Detecting and Protecting PII by Rob Dickinson, Resu...
 
Guide to an API-first Strategy
Guide to an API-first StrategyGuide to an API-first Strategy
Guide to an API-first Strategy
 
2018 06 Presentation Cloudguard IaaS de Checkpoint
2018 06 Presentation Cloudguard IaaS de Checkpoint2018 06 Presentation Cloudguard IaaS de Checkpoint
2018 06 Presentation Cloudguard IaaS de Checkpoint
 
apidays LIVE New York 2021 - APIOps: automating API operations for speed and ...
apidays LIVE New York 2021 - APIOps: automating API operations for speed and ...apidays LIVE New York 2021 - APIOps: automating API operations for speed and ...
apidays LIVE New York 2021 - APIOps: automating API operations for speed and ...
 
apidays LIVE Singapore 2021 - Protecting the API ecosystem by Omaru Maruatona...
apidays LIVE Singapore 2021 - Protecting the API ecosystem by Omaru Maruatona...apidays LIVE Singapore 2021 - Protecting the API ecosystem by Omaru Maruatona...
apidays LIVE Singapore 2021 - Protecting the API ecosystem by Omaru Maruatona...
 

Ähnlich wie Cyberlands Sales Deck

apidays LIVE London 2021 - Application to API Security, drivers to the Shift ...
apidays LIVE London 2021 - Application to API Security, drivers to the Shift ...apidays LIVE London 2021 - Application to API Security, drivers to the Shift ...
apidays LIVE London 2021 - Application to API Security, drivers to the Shift ...apidays
 
GDPR Compliance Countdown - Is your Application environment ready?
GDPR Compliance Countdown - Is your Application environment ready?GDPR Compliance Countdown - Is your Application environment ready?
GDPR Compliance Countdown - Is your Application environment ready?QualiQuali
 
2022 APIsecure_From Shift Left to Full Circle - A Pragmatic Approach to Catch...
2022 APIsecure_From Shift Left to Full Circle - A Pragmatic Approach to Catch...2022 APIsecure_From Shift Left to Full Circle - A Pragmatic Approach to Catch...
2022 APIsecure_From Shift Left to Full Circle - A Pragmatic Approach to Catch...APIsecure_ Official
 
TechTalk: Accelerate Mobile Development using SDKs and Open APIs With CA API ...
TechTalk: Accelerate Mobile Development using SDKs and Open APIs With CA API ...TechTalk: Accelerate Mobile Development using SDKs and Open APIs With CA API ...
TechTalk: Accelerate Mobile Development using SDKs and Open APIs With CA API ...CA Technologies
 
Pactera Cybersecurity - Application Security Penetration Testing - Mobile, We...
Pactera Cybersecurity - Application Security Penetration Testing - Mobile, We...Pactera Cybersecurity - Application Security Penetration Testing - Mobile, We...
Pactera Cybersecurity - Application Security Penetration Testing - Mobile, We...Kyle Lai
 
Pactera - App Security Assessment - Mobile, Web App, IoT - v2
Pactera - App Security Assessment - Mobile, Web App, IoT - v2Pactera - App Security Assessment - Mobile, Web App, IoT - v2
Pactera - App Security Assessment - Mobile, Web App, IoT - v2Kyle Lai
 
Design - Start Your API Journey Today
Design - Start Your API Journey TodayDesign - Start Your API Journey Today
Design - Start Your API Journey TodayLaurenWendler
 
Building an API Security Strategy
Building an API Security StrategyBuilding an API Security Strategy
Building an API Security StrategySmartBear
 
Outpost24 webinar Why API security matters and how to get it right.pdf
Outpost24 webinar Why API security matters and how to get it right.pdfOutpost24 webinar Why API security matters and how to get it right.pdf
Outpost24 webinar Why API security matters and how to get it right.pdfOutpost24
 
Api management customer
Api management customerApi management customer
Api management customernick_garrod
 
Security as an Enabler for the Digital World - CISO Perspective
Security as an Enabler for the Digital World - CISO PerspectiveSecurity as an Enabler for the Digital World - CISO Perspective
Security as an Enabler for the Digital World - CISO PerspectiveApigee | Google Cloud
 
Integrating network and API security into your application lifecycle - DEM07 ...
Integrating network and API security into your application lifecycle - DEM07 ...Integrating network and API security into your application lifecycle - DEM07 ...
Integrating network and API security into your application lifecycle - DEM07 ...Amazon Web Services
 
AWS November meetup Slides
AWS November meetup SlidesAWS November meetup Slides
AWS November meetup SlidesJacksonMorgan9
 
AWS Summit Auckland- Developing Applications for IoT
AWS Summit Auckland- Developing Applications for IoTAWS Summit Auckland- Developing Applications for IoT
AWS Summit Auckland- Developing Applications for IoTAmazon Web Services
 
Design - Start Your API Journey Today
Design - Start Your API Journey TodayDesign - Start Your API Journey Today
Design - Start Your API Journey TodayLaurenWendler
 
Lacework slides from AWS Meetups
Lacework slides from AWS MeetupsLacework slides from AWS Meetups
Lacework slides from AWS MeetupsJohn Varghese
 
apidays Australia 2023 - API Security Breach Analysis & Empowering Devs to M...
apidays Australia 2023 - API Security Breach Analysis & Empowering Devs to M...apidays Australia 2023 - API Security Breach Analysis & Empowering Devs to M...
apidays Australia 2023 - API Security Breach Analysis & Empowering Devs to M...apidays
 
apidays London 2023 - API Metrics matters in APIOps, Ludovic Pourrat, Lombar...
apidays London 2023 - API Metrics matters in APIOps, Ludovic Pourrat, Lombar...apidays London 2023 - API Metrics matters in APIOps, Ludovic Pourrat, Lombar...
apidays London 2023 - API Metrics matters in APIOps, Ludovic Pourrat, Lombar...apidays
 

Ähnlich wie Cyberlands Sales Deck (20)

apidays LIVE London 2021 - Application to API Security, drivers to the Shift ...
apidays LIVE London 2021 - Application to API Security, drivers to the Shift ...apidays LIVE London 2021 - Application to API Security, drivers to the Shift ...
apidays LIVE London 2021 - Application to API Security, drivers to the Shift ...
 
GDPR Compliance Countdown - Is your Application environment ready?
GDPR Compliance Countdown - Is your Application environment ready?GDPR Compliance Countdown - Is your Application environment ready?
GDPR Compliance Countdown - Is your Application environment ready?
 
2022 APIsecure_From Shift Left to Full Circle - A Pragmatic Approach to Catch...
2022 APIsecure_From Shift Left to Full Circle - A Pragmatic Approach to Catch...2022 APIsecure_From Shift Left to Full Circle - A Pragmatic Approach to Catch...
2022 APIsecure_From Shift Left to Full Circle - A Pragmatic Approach to Catch...
 
TechTalk: Accelerate Mobile Development using SDKs and Open APIs With CA API ...
TechTalk: Accelerate Mobile Development using SDKs and Open APIs With CA API ...TechTalk: Accelerate Mobile Development using SDKs and Open APIs With CA API ...
TechTalk: Accelerate Mobile Development using SDKs and Open APIs With CA API ...
 
Pactera Cybersecurity - Application Security Penetration Testing - Mobile, We...
Pactera Cybersecurity - Application Security Penetration Testing - Mobile, We...Pactera Cybersecurity - Application Security Penetration Testing - Mobile, We...
Pactera Cybersecurity - Application Security Penetration Testing - Mobile, We...
 
Pactera - App Security Assessment - Mobile, Web App, IoT - v2
Pactera - App Security Assessment - Mobile, Web App, IoT - v2Pactera - App Security Assessment - Mobile, Web App, IoT - v2
Pactera - App Security Assessment - Mobile, Web App, IoT - v2
 
Design - Start Your API Journey Today
Design - Start Your API Journey TodayDesign - Start Your API Journey Today
Design - Start Your API Journey Today
 
Building an API Security Strategy
Building an API Security StrategyBuilding an API Security Strategy
Building an API Security Strategy
 
Outpost24 webinar Why API security matters and how to get it right.pdf
Outpost24 webinar Why API security matters and how to get it right.pdfOutpost24 webinar Why API security matters and how to get it right.pdf
Outpost24 webinar Why API security matters and how to get it right.pdf
 
Api management customer
Api management customerApi management customer
Api management customer
 
Security as an Enabler for the Digital World - CISO Perspective
Security as an Enabler for the Digital World - CISO PerspectiveSecurity as an Enabler for the Digital World - CISO Perspective
Security as an Enabler for the Digital World - CISO Perspective
 
Integrating network and API security into your application lifecycle - DEM07 ...
Integrating network and API security into your application lifecycle - DEM07 ...Integrating network and API security into your application lifecycle - DEM07 ...
Integrating network and API security into your application lifecycle - DEM07 ...
 
AWS November meetup Slides
AWS November meetup SlidesAWS November meetup Slides
AWS November meetup Slides
 
AWS User Group November
AWS User Group NovemberAWS User Group November
AWS User Group November
 
AWS Summit Auckland- Developing Applications for IoT
AWS Summit Auckland- Developing Applications for IoTAWS Summit Auckland- Developing Applications for IoT
AWS Summit Auckland- Developing Applications for IoT
 
Design - Start Your API Journey Today
Design - Start Your API Journey TodayDesign - Start Your API Journey Today
Design - Start Your API Journey Today
 
Lacework slides from AWS Meetups
Lacework slides from AWS MeetupsLacework slides from AWS Meetups
Lacework slides from AWS Meetups
 
apidays Australia 2023 - API Security Breach Analysis & Empowering Devs to M...
apidays Australia 2023 - API Security Breach Analysis & Empowering Devs to M...apidays Australia 2023 - API Security Breach Analysis & Empowering Devs to M...
apidays Australia 2023 - API Security Breach Analysis & Empowering Devs to M...
 
F5 Cloud Story
F5 Cloud StoryF5 Cloud Story
F5 Cloud Story
 
apidays London 2023 - API Metrics matters in APIOps, Ludovic Pourrat, Lombar...
apidays London 2023 - API Metrics matters in APIOps, Ludovic Pourrat, Lombar...apidays London 2023 - API Metrics matters in APIOps, Ludovic Pourrat, Lombar...
apidays London 2023 - API Metrics matters in APIOps, Ludovic Pourrat, Lombar...
 

Kürzlich hochgeladen

Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessPixlogix Infotech
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024The Digital Insurer
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesBoston Institute of Analytics
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 

Kürzlich hochgeladen (20)

Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation Strategies
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 

Cyberlands Sales Deck

  • 2. API Breaches Users and hackers exploit APIs to gain from companies assets Compliance Companies has to demonstrate proper effort in securing their APIs Lack of Talent 291 000 cybersecurity jobs are unfilled - ISC2 research (2019) API SECURITY RISK APIs are proliferating so are risks associated with them Cyberlands B.V.
  • 3. Risk Case - API Data Breach - 2020 Cyberlands B.V. 400, 000 user records were stolen £20 000 000 fine from ICO
  • 4. Cyberlands B.V. Risk Case - API Vulnerability - 2020 • Public method allows unathentificated enumeration of all user ID: gitlab.company.local/api/v4/users/{id} • https://gitlab.com/webpwn.keys method shows avatar_url • Part of avatar_url is md5 hash from email Headhunting Your Developers Phishing Your DevOps
  • 5. Cyberlands B.V. Risk Case - API Abuse Fraud - 2016 if (datacash.response.reason == 'ACCEPTED' && datacash.response.status == 1) placeOrder(); Tech-savvy user managed to get free pizza Because payments status was checked on cliend side
  • 6. Fixed Price Pentest Get required security expertise and off-load scope risks Hourly Rate Pay per use at maximum transparency Dedicated Pentest Resource A seasoned expert is reserved to solve your problems daily - dedicated, semi or quarter-dedicated Pentest as a Service Focus on risks that matter to your application and API Cyberlands B.V.
  • 7. Fair and Flexible Value Our customers enjoy average 338% Return on Investment employing us: penetrating testing provider with deep and proven expertise Cyberlands B.V.
  • 8. How it Works Cyberlands B.V. Scoping (1 week) Delivery (2 - 4 weeks) Remediation (up to 3 months) • Typeform • Google Meet • eSigning • Dedicated Chat • Hacking Tools • Executive Briefing • Customer Portal with findings • Customer Portal with findings • Dedicated Chat
  • 9. Cyberlands B.V. Your Control Panel over Pentest Findings
  • 12. Cyberlands B.V. Attack Chain With Business Impact on Your App
  • 13. Selected Projects We helped customers from Fintech, SaaS, Cybersecurity, Finance and many other spaces to identify and close their security gaps Cyberlands B.V.
  • 14. API Case Study: FCA-regulated British FinTech Objective: Support PCI DSS compliance Cyberlands B.V. • audit Managed Kubernetes (Google Cloud) • audit external API • bypass SSL Pinning (Android) Security goals https://clutch.co/profile/cyberlands-bv#reviews
  • 15. IoT Case Study: Korean Smart camera producer Objective: Find IoT vulnerabilities Cyberlands B.V. • a backdoor discovered (third-party library) • breached traffic encryption between cameras and cloud back-end • took control over camera and cloud back-end Security findings • introduce third-party libraries risk management process • change design of encryption controls • implement cloud back-end controls Recommendations Tools used Hardware
  • 16. Front-End Case Study: WebApp API Assessment Objective: Find front-end and API vulnerabilities • unrestricted file upload • API missing input validation • WebForm missing input validation • less-strength communication encryption Security findings • restrict uploading file types • validate and sanitise input data • implement input validation in webforms • implement modern communication encryption Recommendations Cyberlands B.V. Tools used
  • 17. Mobile Case Study: Mobile Banking Application Objective: Find MobileApp vulnerabilities - iOSAndroid • insecure hashing algorithms • weak authentification • information exposure (debug log, cache) • no jailbreak/root detection Security findings • change hashing algorithms • add MFA • suppress sensitive information in debug log and cache • implement jailbreak/root detection Recommendations Cyberlands B.V. Tools used
  • 18. Cloud Case Study: AWS Infrastructure Assessment Objective: Find out cloud infrastructure weaknesses • EBS volumes were not encrypted and CloudTrail was off • insecure rule were set for default security groups • all ports were allowed to accept connections • no MFA for critical functions Security findings • implement encryption process for volumes • enable logging on API and enable MFA for critical functions • setup zero trust for default security groups • restrict access to ports based on business needs Recommendations Cyberlands B.V. Tools used
  • 19. What's Happening Next We're developing API monitoring service to ensure continuous security of customer's apps - Start date is July 1, 2021 Cyberlands B.V.
  • 20. Alex Bodryk, CISA, ITIL Expert Director & Founder The Team Sergey Khariuk CTO & Founder Eduard Babych, eCPPT Gold Head of API Testing Cyberlands B.V. 10Y+ exp designing and implementing infosec programmes in GRC and SOC. Former Threat Intel analyst. Industry focus - oil&gas, fintech, MSSPSOC 10Y+ exp delivering penetration testing and red team engagements. Former Reverse Engineer. Industry focus - airlines, fintech, gambling 7+ years in vulnerability research for software and hardware products. Found major vulnerabilities in some most well- known devices over the world
  • 21. Flexible Pricing for clients in UK and EU • 10k GBP for PCI DSS external API pentest (example) • 40 GBP hour for small projects - up to 80 hours • Dedicated penetration testing experts on request We offer money-back guarantee for each customer Cyberlands B.V. Start scoping today!
  • 22. www.cyberlands.io +44 20 457 704 85 +31 30 890 34 33 welcome@cyberlands.io Contact Us Cyberlands B.V.