Patch-22: how to protect your organisation when you can't patch everything

Date: 

Thursday, November 17, 2022 - 12:00 to 13:00

Event type: 

  • Webinar

Thu, Nov 17th, 2022 12:00 PM - 1:00 PM GMT
Join the webinar: Thursday November 17th 2022 | 12:00 - 13:00 GMT

Register today

Host: Tom Barber, Penetration Tester | Claranet Cyber Security

“Patching remains the single most important thing you can do to secure your technology…But although applying patches may be a basic security principle, that doesn't mean it's always easy to do in practice." NCSC

Nobody can fix everything. When your attack surface is constantly throwing up new vulnerabilities, context has to drive your remediation strategy.

Join Penetration Tester, Tom Barber, for a session on contextual vulnerability scoring. Using the top 5 most common high-impact vulnerabilities identified by our testing teams in 2022, he’ll demonstrate what contextual data must be gathered to define and address real risk, that is: the origin of a vulnerability, how it could be exploited and by whom, the operational impact of exploitation, and the tactics needed for remediation.

The following vulnerabilities will be covered in detail:

  • Outdated patches: Software vulnerable to publicly known exploits and system failure because of obsolete patches.
  • Cross Site Scripting (XSS): A malicious user attaches code to a website, which is executed when a victim loads the website.
  • SQL Injection: A threat actor can interfere with a website's backend queries, allowing them to interact with and disrupt the database.
  • Broken Access Control (IDOR): Some functions and resources may be accessible to users without the intended privileges.
  • File Upload: Users can upload files without adequate checks from the web application, enabling them to be used in malicious ways.

All vulns were identified during customer engagements through the first half of 2022 and selected for analysis due to their prevalence and High Impact ranking.

"High Impact"

Yielding significant opportunities for a threat actor to:

  • Disable, disrupt, destroy, or control computer systems or
  • Alter, block, delete, manipulate or steal data

By the end of the session, you’ll understand the process behind contextual vulnerability scoring (beyond CVSS), know what to look for in vulnerability reports, and have more confidence to design frameworks for pragmatic, risk-based prioritisation.

Who wil benefit most from the event:

  • CISOs/CIOs focusing on dynamic, continuous security at scale
  • Security/IT managers addressing cost efficiencies
  • IT teams that need to improve performance
  • CTOs and development teams building DevSecOps
  • Penetration testers
  • Security analysts

Register today