Скачать или смотреть #HITB2022SIN

It is hard to protect what you cannot see. So many times, organizations are not aware of all their assets, including APIs. They prepare to have their Internet-exposed application assessed during pentests but have to go through the drill of taking inventory of all the applications. This is a similar task for all external assets, and companies do not always know what they have exposed, which makes assessing and securing them difficult. Phillip Wylie discusses how to integrate APIs into External Attack Surface Management (EASM) to improve the security posture of external facing APIs.



Detailed Outline:


Defining Attack Surface Management (ASM)
Why Prioritize External Attack Surface Management (EASM)?
Discovering Attack Surface
API Pentesting & Tools
Addressing Gaps EASM


===


Phillip is a cybersecurity professional and offensive security SME with over 18 years of experience, over half of his career in offensive security. During his offensive security career, he has worked in consulting and as an internal pentesting resource for companies in the financial and consumer product industries. Phillip’s offensive security includes penetration testing, application pentesting, and red teaming. He enjoys mentoring and educating others about pentesting during workshops at conferences and other events. His offensive security educator roles include community college adjunct instructor and curriculum and content creation. Phillip co-authored the book, “The Pentester Blueprint: Starting a Career as an Ethical Hacker” based on his conference talk on starting a career as a pentester and was featured in the “Tribe of Hackers: Red Team”. He is also a podcaster and the host of “The Hacker Factory Podcast”.