Security@ 2022 may be over, but the insights it offered go far beyond the one-day event. This Security@ Beyond webinar series continues the conversation about how to protect your constantly evolving attack surface and stay ahead of emerging threats.
These Security@ Beyond on-demand sessions bring you thoughtful conversations from a variety of security leaders and ethical hackers, on topics ranging from rethinking ASM to taking a proactive approach to zero days.
Attack surfaces are expanding, spurred on by the continuous release of new digital services and business transformation. In this session you will learn why it’s time to implement an attack resistance management strategy to find unknown risks missed by automated tools, then unlock the security expertise of ethical hackers to close critical gaps, rank risk and prioritize remediations across your attack surface. This session will include live demos of HackerOne's Attack Resistance Management portfolio.
Digital transformation, mergers and acquisitions, and cloud migrations have created a security gap. On average, 37% of an organization’s attack surface is unknown or unprotected, leaving the door wide open for a breach. Defensive security tactics and automated scanning cannot find these unknown, vulnerable assets that cybercriminals seek out.
Join us for an introduction to HackerOne Assets, an attack surface management (ASM) solution that combines continuous automated scanning with a proactive risk assessment from a community of security experts so you can increase your resistance to attack. In this live session, you’ll learn how to:
- Discover, inventory, risk-rank, and remediate unknown or rogue digital assets
- Prioritize security testing with continual asset monitoring and tracking
- Unify attack surface status in a single view to accelerate remediation actions and enable real-time reporting
What’s your definition of a zero day? Exactly what a zero day is, and how one should be tackled when it comes to bug bounty, has been a contentious issue for years. Drawing on his experience at Project Zero and as a longstanding member of the hacking community, Chris will explore the evolution of zero days, from Stuxnet to Log4j. He will explain why zero days are not usually rewarded in bug bounty programs and why Log4j was unique in this regard, drawing on hacker and customer data and stories from the incident. Chris will share his philosophy on a ‘pay for value’ approach to zero days and how progressive CISOs can work alongside the hacking community to reduce the risk from zero days, in whichever definition applies.
See what you missed at the Security@ main event
6+ hours of on-demand content to choose from