Name
D3. Pen Test Data Science: Vulns, Metrics, Lions, Tigers, and Bears, Oh My
Track
Architecture/How-To
Date
Wednesday, May 9, 2018
Time
3:15 PM - 4:15 PM
Description
Session Description:
New research showing the statistically most prevalent technical vulnerabilities identified by advanced-skillset consultants on funded, fixed-objective pen testing engagements, simulating worst-case adversaries/scenarios. Data will be presented on most prevalent categories, risk levels, most-exploited technologies, the ‘top n’ specific vulnerabilities, and other trends. Comparisons with external datasets including the OWASP Top 10 will be analyzed. You’ll come away with strategies to prioritize the most important technical risks to your organization based on empirical data, and how to build a data analytics program to leverage your own vulnerability data.
Learner Objectives
After completing this session, learner will come away with:
- The most prevalent vulnerabilities based on empirical evidence, including categories, risk levels, and most-exploited technologies
- How to extract maximum value from external benchmarks like OWASP Top 10 by comparing it to your own data
- Strategies to prioritize the most important technical risks to your organization based on empirical data
- Ways to demonstrate how vulnerability statistical analysis can improve overall security program performance
- How to build a data analytics program leveraging your own vulnerability data
Speakers
CEUs
1