Presentation Title: Enterprise Hacking: Who Needs Exploit Codes?
Presentation Details:

Traditional business drivers (time to market, cost basis etc) are still the dominant factors when formulating technology strategy. Security issues, although recognised as being of primary concern, are usually left behind to catch up. In an era where turnkey solutions, outsourcing, enterprise application integration across traditional boundaries are becoming the norm, this approach is causing more of a headache in the long run than the perceived (short-term) economic gains.

Highlighting lessons learned during several assignments, we found that the roles played by third parties and the lack of visibility of extended business processes (and related technology infrastructure) are becoming the main challenge for an enterprises information security team. In several cases, access to sensitive systems were engineered through the simple use of guile and cunning, identifying weak links introduced by the complexity of third party relationships and the many inter-connections between business entities. And in a significant number of these cases, exploit codes were not even deployed.

Several ideas on how to mitigate these situations will be offered for further discussion.

About Jim

Jim Geovedi works as an Information Security consultant at Bellua Asia Pacific. He has over seven years of experience performing professional security assessment and penetration testing, ISMS Audit & Implementation and computer forensics. Jim prefers to approach security from an attacker’s perspective in order to readily pinpoint weaknesses. He was an invited speaker at international security conferences as well university and government symposia.

** Presenting with Fetri Miftach (Principal Consultant, PT. Bellua Asia Pacific)