Tenable is again returning to the SOURCE Boston conference, held at the Seaport Hotel from April 21-23. This year Tenable will be delivering three presentations: Tenable CEO Ron Gula will be presenting a talk titled “How to Detect Penetration Testers” on Wednesday from 10:00am to 10:50 am; Carole Fennelly and Kelly Todd will be participating in the Vulnerability Management panel on Thursday from 10:00 to 10:50; and Paul Asadoorian will be presenting a talk titled “Embedded System Hacking and My Plot to Take Over the World” from 2:00 to 2:50 on Thursday. This blog provides a brief overview of these presentations.
Ron Gula’s talk, “How to Detect Penetration Testers” describes methods of detecting authorized penetration testers from a variety of technical and political aspects. Very often audit organizations feel the need to run a “surprise” audit on one of their divisions. This is intended to see how the target organization reacts to an unannounced penetration attempt, but very often results in disrupted production services and a lot of political finger pointing. This presentation provides tips and insights to make better use of firewall logs, netflow data and systems logs both to protect from situations that will embarrass the security program as well as protect resources from the real intruders.
Carole Fennelly will be moderating a panel discussion on vulnerability management that covers various aspects of the vulnerability management cycle: initial detection of anomalies and vulnerabilities; the assignment of common names for easy identification, using available information to gather appropriate remediation measures, pros and cons of patch testing, and how vulnerability management can be improved as an overall process. Panelists include HD Moore of Metasploit; Chris Wysopal of Veracode, Steven Christey and Bob Martin of MITRE Corporation, Jonathan Klein of Broadridge Financial Solutions and Kelly Todd of OSVDB. The goal of this panel is to determine what works, what doesn't work and what can be done to help improve processes, procedures and remediation techniques.
Paul Asadoorian’s presentation, “Embedded System Hacking and My Plot to Take Over the World” analyzes common vulnerabilities in popular embedded systems that carry sensitive data every day. Embedded systems simplify tasks for the end user but typically implement very little security. This presentation will demonstrate the abundance of these systems and vulnerabilities by using public source and new scanning methods. Solving the problem is more difficult but starts with changing both the developers and user's perception of embedded systems technology. This presentation will cover:
- Finding embedded system vulnerabilities on a large scale
- Ways to exploit embedded vulnerabilities and hide from the end user
- Why controlling embedded systems is so powerful (and how they could be used to take over the world)
- Ways to mitigate the potential threat
- Explore some longer term solutions for embedded systems security
If you are attending SOURCE Boston, we hope you can stop by one of our presentation or visit the Tenable booth on the Mezzanine level (booth #5) to pick up some of the latest information about upcoming Tenable products!