[Owasp-rochester-announce] OWASP Meeting - Ethical Hacking as a Professional Penetration Testing Technique

Ralph Durkee rd at rd1.net
Sat Apr 20 14:38:24 UTC 2013

The slides from Thursday's presentation are available on the Rochester 
OWASP website.


Principal Security Consultant

On 03/11/2013 05:23 PM, Ralph Durkee wrote:
> Event Invitation
> Title:
> OWASP Meeting - Ethical Hacking as a Professional Penetration Testing 
> Technique
> Location:
> RIT's Golisano Hall Auditorium (Building 70, Room 1400)
> When:
> Thu 18 Apr 2013 05:30 PM -- 07:30 PM
> Organizer:
> 	ralph.durkee at gmail.com <ralph.durkee at gmail.com>
> Description:
> Joint OWASP - ISSA meeting We'll have some brief news and chapter 
> business followed by a presentation by Ralph Durkee. Food will be 
> provided so please register by responding for this invite by 
> responding to this invite or sending an email to info at rocissa.org. You 
> can park in J or T Lots. Campus maps are on-line http://maps.rit.edu. 
> Presentation Title: Ethical Hacking as a Professional Penetration 
> Testing Technique Ralph will briefly discuss Ethical Hacking (EH) and 
> Penetration Testing (PT), why they are important and how they differ. 
> He will talk about the ethical hacking mindset and the ethical hacking 
> process and why it's important as a professional penetration testing 
> meta-technique. The presentation will then apply the EH process with 
> audience participation on exploiting sample vulnerabilities of both 
> servers and clients. The examples will cover several specific, yet 
> basic tools and techniques that continue to be effective in the 
> exploitations of systems, applications and clients. Of course he'll 
> also briefly discuss how to defend against these attacks. Although the 
> cool tools and sexy exploits tend to get much of the attention when it 
> comes to penetration testing, the focus will be on the ethical hacking 
> as a meta-technique and how it can be applied to maximize the 
> usefulness of the results to the hiring organization. The presentation 
> will also cover some common misconceptions, mistakes, ethical issues 
> and non-professionalisms that continue to trouble the profession. Bio 
> Ralph Durkee is the principal security consultant and president of 
> Durkee Consulting, Inc since 1996. Ralph founded the OWASP Rochester, 
> NY chapter and has served on the board since 2004. Ralph served on the 
> ISSA chapter board to start the Rochester ISSA chapter as well as 
> starting the annual Rochester Security Summit. He has served as the 
> ISSA chapter president since 2010. He performs a variety of network 
> and application penetration tests, software security assessments and 
> secure software development consultations for clients. His expertise 
> in penetration testing, incident handling, secure software development 
> and secure Internet and web applications is based on over 30 years of 
> both hands-on and technical training experience. He has developed and 
> taught a wide variety of professional security seminars including 
> custom web application security training, and SANS SEC401 & SEC504 - 
> Hacker Techniques and Incident Handling and CISSP bootcamp courses 
> since 2004. Ralph also regularly consults on the development and 
> implementation of a wide variety of security standards such as web 
> application security, database encryption, Windows and Linux security. 
> Ralph also has done security consulting for compliance with the 
> Payment Card Industry Data Security Standard, and holds the following 
> certifications CISSP, CRISC, GSEC, GCIH, GSNA, GCIA, and GPEN. View 
> your event at 
> http://www.google.com/calendar/event?action=VIEW&ueid=4dosmvscgn8cusqsjmu18a1bk4.
> Comment:
> Attendees:
> 	owasp-rochester-announce at lists.owasp.org 
> <owasp-rochester-announce at lists.owasp.org>
> 	Ralph Durkee <ralph.durkee at gmail.com>
> _______________________________________________
> Owasp-rochester-announce mailing list
> Owasp-rochester-announce at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-rochester-announce

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-rochester-announce/attachments/20130420/aff26fb8/attachment.html>

More information about the Owasp-rochester-announce mailing list