VerSprite Videos

Helpful Video Tutorials from Security Experts

Gain access to VS-Labs’ security advisories detailing vulnerabilities found in major products for MacOs, Windows, Android, and iOS.

Oh the POSsibilities – BSides ATL 2018

5 May 2018

Oh the POSsibilities - BSides ATL 2018 In this presentation, we share our Point-of-Sale security research which has revealed a multitude of concerns regarding the secure development of payment applications. We discuss our analysis of several PA-DSS validated applications for security vulnerabilities and configuration issues. Next, we cover our implementation of a proof-of-concept attack chain that demonstrates the capabilities an attacker could leverage in a vulnerable scenario. Finally, we discuss the process of vulnerability discovery, development of attacker capabilities, as…

Read more

arrow right
avatart

posted by Fabius Watson

Going Back in Time to Abuse Android’s JIT | INFILTRATE 2018

27 April 2018

Going Back in Time to Abuse Android's JIT - Infiltrate 2018 During this presentation at Infiltrate 2018, VerSprite’s Director of Security Research, Ben Watson, takes a deep dive into the Dalvik Virtual Machine's JIT implementation and how it can be used and abused to execute shellcode. Watch this video to take a cursory look at the JIT compiler introduced in Android Nougat, and whether or not the same techniques can be applied. In addition, we review the tools that were…

Read more

arrow right
avatart

posted by Ben Watson

Fixing Threat Models with OWASP Efforts – AppSecUSA 2017

10 October 2017

Fixing Threat Models with OWASP Efforts - AppSecUSA 2017 Global organizations have been working off of a broken or non-existent threat model. Distracted with compliance, plagued with undefined attack surfaces, a deluge of inoperable threat intel, risk distortions, and made complacent by a sea of controls, *Sec practitioners should feel compelled to reboot their approach. This talk exemplifies how key OWASP projects can truly bootstrap the smallest of *Sec groups to make a measurable impact to applying security through measurable…

Read more

arrow right
avatart

posted by Versprite

Threat Modeling with PASTA – AppSec EU 2017

25 May 2017

Threat Modeling with PASTA - AppSec EU 2017  Developers needs prescriptive guidance on preemptive design and coding techniques. This can be done blindly or in alignment to both application use cases and the context of abuse cases or threats. This talk speaks to case studies in risk centric threat modeling with the PASTA (Process for Attack Simulation and Threat Analysis) methodology and provide 3 use cases of IoT, E-Commerce, and Mobile Applications. This talk assumes that a basic understanding…

Read more

arrow right
avatart

posted by Versprite

Process for Attack Simulation and Threat Analysis (PASTA) Risk Centric Threat Models

29 December 2016

What is PASTA? The Process for Attack Simulation and Threat Analysis (PASTA) is a new process for the analysis of cyber threats by focusing on business impacts and with the ultimate objective of protecting the company digital assets such as data and critical business functions. This is not a stand alone threat model for software developers but a risk framework that can be used by organizations to analyze the impacts to the assets and critical business functions assuming these can…

Read more

arrow right
avatart

posted by Versprite

Waypoint | Threat Modeling Tool Overview

21 December 2015

Generic overview to the Waypoint Threat & Countermeasure guidance tool. This threat modeling tool is intended to help developers and architects consider possible threat scenarios to their application environments based upon the technology components that they are using in their application and app architecture.

Read more

arrow right
avatart

posted by Versprite

Receive Security News





Let us build a tailored engagement for you.

We are an international squad of professionals working as one.

logos