Presentation is loading. Please wait.

Presentation is loading. Please wait.

Research for Cyber Security Warwick University Industry Day 2018

Published byLaurence Griffith Modified over 5 years ago

Similar presentations

Presentation on theme: "Research for Cyber Security Warwick University Industry Day 2018"— Presentation transcript:

1 Research for Cyber Security Warwick University Industry Day 2018
Pete Vincent - IBM Security 19/03/2018

2 Agenda What the software engineers of tomorrow need to learn
The post quantum era The human element

3 The OWASP Top 10 A1:2017-Injection A2:2017-Broken Authentication
A3:2017-Sensitive Data Exposure A4:2017-XML External Entities (XXE) A5:2017-Broken Access Control A6:2017-Security Misconfiguration A7:2017-Cross-Site Scripting (XSS) A8:2017-Insecure Deserialization A9:2017-Using Components with Known Vulnerabilities A10:2017-Insufficient Logging & Monitoring

4 What the software engineers of tomorrow need to learn
Security professionals don't code, developers typically don't know much about security Security relies on penetration testing to find bugs, it would be better to eradicate them by writing secure code: Teach threat modelling Teach OWASP Most security spending is still on infrastructure security rather than application security The cost of fixing a defect increases significantly the later in the development cycle you find it Possible research: Are there wider business benefits of adopting a secure coding methodology? Hardware vulnerabilities

5 The post quantum era Due to their ability to solve much more complex problems in far less time, large-scale quantum computers have the potential to severely impact cryptography. Asymmetric cryptographic algorithms base their security on hard mathematical problems. This changes when running Shor’s algorithm, which can factor large numbers in days (or even hours), on a quantum computer. Symmetric algorithms, such as Advanced Encryption Standard (AES), do not face the same threat as asymmetric algorithms, but the key sizes need to be doubled to provide the same level of protection due to Grover’s algorithm. Google have developed “New Hope”, a post-quantum algorithm. The impact of quantum computing on cybersecurity will likely not be felt for many years. "New Hope" is promising but it's not yet had extensive cryptoanalysis.

6 The human element Information security is a human issue. Even as security technology gets better, most breaches come down to a human failure. Someone clicking, someone making assumptions, someone not following policy. Mistakes get made. Users need continuous awareness education, this needs to be effective. People are by nature helpful, attackers play on this. Badly written policies that are practically impossible to comply will encourage the wrong behaviour. Not giving users the right tools to do their job encourage the wrong behaviour. Possible research: The carrot vs the stick Changing the context Usable security - The Psychology of Information Security by Leron Zinatullin

7 Questions?

8

Download ppt "Research for Cyber Security Warwick University Industry Day 2018"

Similar presentations

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.
Don’t Teach Developers Security Caleb Sima Armorize Technologies.

Don’t Teach Developers Security Caleb Sima Armorize Technologies.
Infosec 2012 | 25/4/12 Application Performance Monitoring Ofer MAOR CTO Infosec 2012.

Infosec 2012 | 25/4/12 Application Performance Monitoring Ofer MAOR CTO Infosec 2012.
PENETRATION TESTING Presenters:Chakrit Sanbuapoh Sr. Information Security MFEC.

PENETRATION TESTING Presenters:Chakrit Sanbuapoh Sr. Information Security MFEC.
Don’t get Stung (An introduction to the OWASP Top Ten Project) Barry Dorrans Microsoft Information Security Tools NEW AND IMPROVED!

Don’t get Stung (An introduction to the OWASP Top Ten Project) Barry Dorrans Microsoft Information Security Tools NEW AND IMPROVED!
Avoiding The Top 10 Software Security Design Flaws Summary of Report Boston.NET Architecture Group Robert Hurlbut Presented 9/17/2014 This summary is distributed.

Avoiding The Top 10 Software Security Design Flaws Summary of Report Boston.NET Architecture Group Robert Hurlbut Presented 9/17/2014 This summary is distributed.
4.1.5 System Management Background What is in System Management Resource control and scheduling Booting, reconfiguration, defining limits for resource.

4.1.5 System Management Background What is in System Management Resource control and scheduling Booting, reconfiguration, defining limits for resource.
Cloud Computing Part #3 Zigmunds Buliņš, Mg. sc. ing 1.

Cloud Computing Part #3 Zigmunds Buliņš, Mg. sc. ing 1.
Social Networking Services and User Data Protection

Social Networking Services and User Data Protection
Chap 1: Overview Concepts of CIA: confidentiality, integrity, and availability Confidentiality: concealment of information –The need arises from sensitive.

Chap 1: Overview Concepts of CIA: confidentiality, integrity, and availability Confidentiality: concealment of information –The need arises from sensitive.
1 No Silver Bullet : Inherent Limitations of Computer Security Technologies Jeffrey W. Humphries Texas A&M University.

1 No Silver Bullet : Inherent Limitations of Computer Security Technologies Jeffrey W. Humphries Texas A&M University.
A Demo of and Preventing XSS in.NET Applications.

A Demo of and Preventing XSS in.NET Applications.
CMSC 414 Computer (and Network) Security Lecture 2 Jonathan Katz.

CMSC 414 Computer (and Network) Security Lecture 2 Jonathan Katz.
Software Security Course Course Outline 2-27-09. Course Overview Introduction to Software Security Common Attacks and Vulnerabilities Overview of Security.

Software Security Course Course Outline Course Overview Introduction to Software Security Common Attacks and Vulnerabilities Overview of Security.
Telenet for Business Mobile & Security? Brice Mees Security Services Operations Manager.

Telenet for Business Mobile & Security? Brice Mees Security Services Operations Manager.
Security and Risk Management. Who Am I Matthew Strahan from Content Security Principal Security Consultant I look young, but I’ve been doing this for.

Security and Risk Management. Who Am I Matthew Strahan from Content Security Principal Security Consultant I look young, but I’ve been doing this for.
SEC835 Database and Web application security Information Security Architecture.

SEC835 Database and Web application security Information Security Architecture.
Security testing of study information system Security team: Matis Alliksoo Alo Konno Urmo Lihten Taavi Podzuks Sander Saarm.

Security testing of study information system Security team: Matis Alliksoo Alo Konno Urmo Lihten Taavi Podzuks Sander Saarm.
Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.

Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.
Copyright 2007 © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

Copyright 2007 © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

Similar presentations

Ads by Google