Stratum is proud to be sponsoring the first OWASP Tampa Day this Monday, June 20th. The free event will feature presentations aimed at providing developers and Information Security professionals with an introduction to application security. The event features 4 presentations from application security experts and ‘sold-out’ in less than 48 hours with 76 registered attendees. You can visit the event’s Eventbrite page for more information.
Stratum’s own Trevor Hawthorn will be presenting PCI for Developers: Lessons from the Real World,
Any organization that stores, processes, or transmits credit card data must comply with the Payment Card Industry’s (PCI) Data Security Standards (DSS). PCI can be daunting even for compliance and security experts. If you are a developer, it can be a major headache. Sooner or later the day will come when you (or your developers) will need to integrate PCI into your Software Development Lifecycle (SDLC). During this talk Trevor will discuss what is required to meet PCI compliance, and examine how a wide variety of organizations tackle their compliance obligations.
Stratum is also a sponsor of the OWASP Tampa chapter.
We are finally able to share something exciting that Stratum has been working on for the past several months.
If you look at recent data breaches– the kind where the attackers are inside the network hanging out and shipping sensitive data out of the network– you will find two things in common: spear phishing is how they got in and some form of data exfiltration is how they got out. Read Mandiant’s M-Trends report or the Verizon Data Breach Reports; it’s all discussed in-depth. Attackers are exploiting user endpoints to get right to the heart of the network. Why mess around with finding a perimeter vulnerability (sure they still exist) when you can own something in the soft chewy center of a network with access to almost everything? While this represents a major, actively exploited attack vector, the industry does not have a comprehensive, repeatable and scaleable solution to test organizations’ susceptibility to these attacks. Until now.
Today we are announcing our new Security-as-a-Service (SaaS) offering:
ThreatSim allows customers to easily run their own advanced attacker simulation campaigns that tests users, user end point devices, network security controls, 3rd party security solutions and incident response plans. ThreatSim answers three critical questions that all organizations should be asking right now:
- How can attackers get in?
- How do attackers get my data out?
- What can we do to prevent it?
The ThreatSim website, www.threatsim.com, has more details on our new service, including how to sign up to be a beta customer. We will provide more updates here on our blog and via our ThreatSim twitter account, @threatsim. For inquires please email us at firstname.lastname@example.org or fill out the Request A Demo page on the ThreatSim website.