Vantagepoint Security

[Delmiro Fain]

VantagePoint are specialists in penetration testing and application security with a focus on the industries undergoing rapid digital transformation. We helped to secure some of the first digital banks deployed in South East Asia and have since grown to work throughout the industry. Our clients include regional and global banking and finance, insurance, telecommunications, healthcare, FINtech and utility providers.

We have extensive experiance with mobile technologies and are active contributors to industry recognised standards. Founding members of Vantage Point authored both the OWASP Mobile Security Testing Guide (MSTG) and the OWASP Mobile Application Security Verification Standard (MASVS) which has become the defacto standard for mobile application security.

Velocity Assess is Vantage Points Penetration Testing as a Service model that gives our customers a flexible, efficient, and highly effective solution for implementing an enterprise security testing program no matter the size of the organisation.

Penetration Testing

Identify security vulnerabilities and weaknesses in applications, networks and cloud infrastructure the same way threat actors would attack your business-critical digital systems.

Managed Services

Scale your security testing program for unlimited on demand security testing that optimizes your security budget, maximizes operational efficiencies and delivers outstanding security outcomes.

Red Team Exercises

Conducting Red Team exercises to simulate attack scenarios that may occur if an organization were targeted by an Advanced Persistent Threat such as a nation state or sophisticated criminal organisation.

Security professionals are engaged during the entire product and service lifecycle to ensure security requirements and secure coding align with the Open Web Application Security Project (OWASP) standard. Throughout the Software and Service Delivery Lifecycles, products undergo security, vulnerability, performance and functional testing. Additionally, teams receive security-related and compliance training.

Deltek employs role-based authentication controls to ensure that only authorized personnel and services can access the cloud computing infrastructure. Deltek Cloud Operations staff employ multi-factor authentication to verify their identity, which increases the protection of access credentials and minimizes the scope of privileged account access.

Vantage Point Security provides independent security assurance across every stage of the software development lifecycle including application design, architecture review, source code review and penetration testing. Based in Singapore, the Vantage Point team work across SE Asia with clients within the Banking and Finance, Software Development, Telecommunications and Fintech sectors.

With its comprehensive suite of features and tools, Salesforce Shield is the perfect security solution for financial services organizations looking to stay ahead in today's increasingly digital world. From native encryption and event monitoring to field audit trails and platform encryption, Salesforce Shield offers a complete package of protection for sensitive customer data stored in the cloud.

Native Encryption is a core feature of Salesforce Shield that provides organizations with added protection for their customer data. With Native Encryption, customer data can be protected from unauthorized access without additional coding or development. This helps ensure compliance with various industry regulations such as HIPAA and GDPR.

Native Encryption also allows organizations to decrypt the data at any time while retaining its integrity. This makes it possible for them to access customer information quickly and efficiently when needed while still ensuring that it remains secure. Additionally, organizations can customize the encryption settings based on their specific needs.

Event Monitoring provides an extra layer of security by giving organizations real-time visibility into user activities across all Salesforce orgs. It also allows them to quickly detect suspicious activity and take immediate action to protect customer data. Event Monitoring enables organizations to monitor all user activities regardless of where they are located or what device they are using.

The Field Audit Trail feature of Salesforce Shield provides a full audit trail of user activities across all Salesforce orgs which can be used for compliance purposes. Organizations can track changes made to records over time and quickly identify potential issues so corrective action can be taken. The Field Audit Trail also helps ensure accuracy by following errors in real-time, which makes it easier to resolve issues before they become costly problems down the line.

Platform Encryption is another key component of Salesforce Shield that helps protect customer data from unauthorized access while still ensuring compliance with industry standards such as HIPAA and GDPR. With just one click, organizations can encrypt their entire Salesforce orgs which helps protect customer information from malicious actors or accidental errors while providing peace-of-mind assurance that their data will remain secure even in a breach or attack attempt.

Salesforce Shield is a comprehensive security solution that provides organizations with an extra layer of protection for their customer data. Vantage Point Consulting is here to help financial services companies evaluate and set up Salesforce Shield to ensure that their customer data remains secure and compliant with industry regulations such as HIPAA and GDPR. With our expertise, we can help you to confirm your organization's data is properly protected. Please reach out to us today to learn more about how we can help you unlock the potential of Salesforce Shield.

The Exploit Database is maintained by OffSec, an information security training company that provides various Information Security Certifications as well as high end penetration testing services. The Exploit Database is a non-profit project that is provided as a public service by OffSec.

The Exploit Database is a CVE compliant archive of public exploits and corresponding vulnerable software, developed for use by penetration testers and vulnerability researchers. Our aim is to serve the most comprehensive collection of exploits gathered through direct submissions, mailing lists, as well as other public sources, and present them in a freely-available and easy-to-navigate database. The Exploit Database is a repository for exploits and proof-of-concepts rather than advisories, making it a valuable resource for those who need actionable data right away.

The Google Hacking Database (GHDB) is a categorized index of Internet search engine queries designed to uncover interesting, and usually sensitive, information made publicly available on the Internet. In most cases, this information was never meant to be made public but due to any number of factors this information was linked in a web document that was crawled by a search engine that subsequently followed that link and indexed the sensitive information.

After nearly a decade of hard work by the community, Johnny turned the GHDB over to OffSec in November 2010, and it is now maintained as an extension of the Exploit Database. Today, the GHDB includes searches for other online search engines such as Bing, and other online repositories like GitHub, producing different, yet equally valuable results.

Multiple-vantage-point domain control validation (multiVA) is an emerging defense for mitigating BGP hijacks against Web PKI certificate authorities. While adoption of multiVA is growing, little work has quantified its effectiveness against BGP hijacks in the wild. We bridge the gap by presenting the first analysis framework that measures the security of multiVA deployment under a confluence of real-world routing and networking practices (namely, DNS and RPKI). Our framework accurately models the attack surface of multiVA by 1) considering attacks on DNS nameservers involved in domain validation, 2) incorporating deployed practical security techniques such as RPKI, 3) performing fine-grained Internet-scale analysis to compute resilience (i.e., how difficult it is to launch a BGP hijack against a domain and get a bogus certificate under multiVA). We apply our framework to perform a rigorous security analysis of the multiVA deployment of Let's Encrypt, compiling a dataset of 31 billion DNS queries for about 1 million domains over the course of four months. Our analysis shows that while DNS does enlarge the attack surface of multiVA, Let's Encrypt's multiVA deployment still offers an 88% median resilience against BGP hijacks, a notable improvement over the 76% resilience offered by single-vantage-point validation. RPKI, even in its current state of partial deployment, effectively mitigates BGP attacks and improves security of the deployment by 15%. Exploring over 11,000 different multiVA configurations, we find that Let's Encrypt's deployment can be further expanded to achieve a resilience of over 97% with only two additional vantage points in different public cloud providers. In addition to adding these vantage points, moving to a full quorum policy can achieve a maximal resilience of over 99%, motivating a rethinking of multiVA design parameters.

USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone. Support USENIX and our commitment to Open Access.

In this course, you will learn the various tools used to analyze and display data using FactoryTalk VantagePoint EMI. The course covers how to use the analysis and reporting tools to create Trends, Excel Reports, and Dashboards. You will have an opportunity to use the Portal and configure it to display content in various ways, including mobile devices. The course also focuses on extending the model in the product and configuring security. Upon completion of the course, you will be able to utilize many tools and techniques for the display, analysis, and reporting of data using FactoryTalk VantagePoint EMI.

3a8082e126