On-demand Webinar: Vulnerability Management
Detecting a vulnerability is one thing, exploiting it is another. The true severity of a vulnerability may not be appreciated (i.e. taken seriously) until someone sees their private data being rinsed out before their very eyes. By their nature, some vulnerabilities are harder to exploit than others, but when a researcher (or bad guy) spots the hint of something “not quite right”, they will ruthlessly pursue the thing until it is exploited, leading to new and exotic techniques.
In this educational webinar, we build up an understanding of various exploitation techniques, working from more basic to more exotic scenarios, sparing no detail whilst remaining accessible to non-technical audiences.
We cover the following topics related to vulnerability management:
- Vulnerability scanning best practices
- Side-channel detection (e.g. use of delay injection)
- Out-of-Band detection (where there is no direct feedback of a vulnerability)
- The use of chained exploits and gadgets
- Real-life examples of exploitation from the wild
Meet the speakers
Nick’s main focus at AppCheck is innovation in the automated detection of vulnerabilities, particularly in increasingly complex and oft-targeted web applications, where contemporary scanning software often falls very short in comparison to the manual analysis of an experienced penetration tester. Needless to say, the goal of Nick and his team’s work is to lead in the narrowing of this gap in order to better meet the security concerns of organisations.
Nick has a background in Computer Science research and previously lectured in Operating Systems, Computer Networking, and Distributed Systems at the University of Birmingham School of Computer Science. He enjoys teaching, coding and talking about vulnerabilities and ideas with anyone who has the time
With a strong technical background in network and system administration, John has worked in IT since 2001 and in Information Security since 2008. He is equally “at home” speaking to businesspeople as he is working on a technical security issue with an IT team. His role includes head of technology at both CommSec and CheckScan+, where he leads the team in innovation and continuous improvements to all facets of the services.
John is passionate about cyber security. He pays particular interest in security testing, vulnerability management and remediation of security weaknesses.