HITB-Invoice-Logo

thank you for joining us!

MPT: Pentest In Action

Date

August 25, 2022

Time

17:30

Track

CommSec Track

Security penetration testing is more than necessary. If not all, most organisations either have their own penetration testing team in-house or they have third party pentesters. In any fast paced organisation with multiple product lines and development planning timelines, it becomes challenging for security teams to efficiently manage all these pentest activities and effectively produce security assessment reports and track them.

In order to solve above challenges I have developed a solution called ‘Managing Pentest (MPT: Pentest in Action)’

MPT helps us solve various problems:

  1. Asset DB to know all organisation assets that are in pentest process. You can’t secure what you are not aware of!
  2. Tracking each pentest
  3. Pentesting activity knowledge which comprises of what particular let say application does, or the purpose of hardware that we are testing
  4. When next pentester takes over the testing all they have to do is view the asset and associated information which is already there.
  5. Time taken for each pentest
  6. Real time tracking of activity
  7. Issue status
  8. Common issues that are observed

MPT also has security pentest analytics which helps us not only track and view everything in single pane of glass but also helps with:

  1. Finding improvement areas to boost pen tester productivity
  2. Understand the current risk posture
  3. Understand recurring issues
  4. Average amount of time taken for each pentest vs asset size
  5. Average high/medium/low fixing time
  6. Most number of vulnerabilities fixed in a year
  7. Class of new vulnerabilities discovered
  8. Developer trends
  9. Open findings
  10. Critical assessments
  11. Asset health
  12. Top pentester reported findings
  13. Average busy time for each pentester

NOTE: This is tool will be released at #HITB2022SIN

Speakers

Researcher

National University Singapore

Dr. Wang Kailong is currently a research fellow at National University of Singapore (NUS). He received his PhD degree from School of Computing NUS in 2022. He has worked as a Research Assistant in NUS while pursuing his PhD degree from 2016 to 2021. His research interests include mobile and web security and privacy, and protocol verification. His works have appeared in the top conferences such as WWW and MobiCom.

Co-Founder & CTO

Authomize

Mr. Gal Diskin is a cybersecurity and AI researcher. He was previously the VP & head of Palo Alto Networks’ Israeli site, and is a serial entrepreneur. Mr. Diskin’s research has been featured in HITB, Defcon, Black Hat, CCC, and other conferences, spanning fields from low level security research such as hardware vulnerabilities, binary instrumentation, and car hacking to high level research on AI detection methods, Enterprise security, and Identity security. Mr. Diskin was also the technical lead and co-founder of Intel’s software security organization, as well as the CTO of Cyvera and HeXponent (co-founder) before their acquisition.

Senior Security Researcher

Huajiang โ€œKevin2600โ€ Chen (Twitter: @kevin2600) is a senior security researcher. He mainly focuses on vulnerability research in wireless and Vehicle security. He is a winner of GeekPwn 2020 and also made to the Tesla hall of fame 2021. Kevin2600 has spoken at various conferences including KCON; DEFCON and CANSECWEST.

Security Researcher

Li Siwei is a security researcher. He specializes in Big data analysis and AI Security.

Founder, CEO

CloudSEK

Rahul Sasi is an Indian entrepreneur, Founder of CloudSEK, and a security expert. He was voted as the top influential Cyber Security person in 2015, he has made a significant open source contribution to the security landscape and is an invited speaker to over 20+ countries. He is part of the working committees of RBI and MeitY.
CloudSEK : https://cloudsek.com/
LinkedIn: https://www.linkedin.com/in/fb1h2s/

Senior Security Engineer

CloudSEK

Vishal Singh is working as a Senior Security Engineer at CloudSEK. His main responsibility includes handling the Research & Development of CloudSEK ASM. He loves automating manual effort tasks, and also likes net surfing & exploring new places in his free time.

Other Talks in This Track

LOCATION

CommSec Track

DATE

August 26

TIME

16:30

LOCATION

CommSec Track

DATE

August 26

TIME

17:30

LOCATION

CommSec Track

DATE

August 26

TIME

12:00