"The Evolution of Malware" @EdgeAcademy16 - first day

-
At last it's the week of Edge Academy* again. 

 On my mind after first night of Netlight Edge Academy 2016 in Stockholm is – “The Evolution of Malware” presented by Hannes Sandahl @Netlight with the following agenda and discussion…

It’s been about 30 years since the first PC virus, Brain A, hit the net. What was once an annoyance has become an advanced tool for crime and espionage. We will talk about how malware has evolved and the future of it.

Ohhh, another awakening smack in the face. The evolution of Internet of things will besides creating a very interesting digital future really open up the malicious crime business widely. You can't easily hide behind your firewall anymore. Some of the main worries I see here are typically

  • The drivers or producers of Internet Of Things often comes from a non-IT background, leaving IT security left behind.
  • The typical consumer, you and me, know a computer can be affected of malicious intrusion, but don’t see the smartphone, smartwatch, smarthouse, smartshirt or smartcar as a computer, open for any malicious threat.
  • The typical consumers, you and me, don’t value IT-security enough. We’re not requesting for it nor are we prepared to pay extra for a more expensive alternative including better security.
  • The legal aspect, including both laws and authorities, are as always within IT (decades) of years behind, leaving very little hope for support to the end consumer.
  • And then, of course, we have the issue about integrity and personal/private data.

The solution? Tricky based on the main worries above. But I think we all understand we all need to take a little bit greater responsibility here, as end consumer as well as developers and producers.


OWASP is always a good place to start - owasp.org (see short description of useful OWASP projects below)

* Edge Academy is the Netlight yearly internal intimate technology festival happening within all of our offices, by consultants for consultants. #edgeacademy16 is the fifth edition of Edge Academy.

Useful OWASP projects - input form my colleague Jakob Pogulis @Netlight

OWASP Cheat Sheet Project. Short document (~5 pages) summarizing what to think about during design/implementation of systems, for example Authorization. Easy for anyone to use prior to, during and post development phase. (As default this should be the bare minimum for any software development project to keep track of)
https://www.owasp.org/index.php/Cheat_Sheets
https://www.owasp.org/images/9/9a/OWASP_Cheatsheets_Book.pdf

OWASP Code Review Guide. This is a longer guide about what's important to look for when reviewing various programming languages. Unfortunately not totally up to date however still always highly important.
https://www.owasp.org/index.php/Code_review
https://www.owasp.org/images/2/2e/OWASP_Code_Review_Guide-V1_1.pdf

OWASP Testing Guide. Longer guide about software testing in the area of security. Very good input for anyone with interest but quite heavy. This also works well as reference/cheat-sheet if you don't have the time to go through it all.
https://www.owasp.org/index.php/OWASP_Testing_Project
https://www.owasp.org/images/5/52/OWASP_Testing_Guide_v4.pdf

OWASP Software Assurance Maturity Model. Another longer guide/checklist describing how to evaluate software projects or products from a security perspective. Similar to Common Criteria but doesn't require half-a-year of study to perform a review...
https://www.owasp.org/index.php/SAMM

https://www.owasp.org/images/c/c0/SAMM-1.0.pdf


What's your thoughts about the future and malware?



 Folllow me on twitter: mandus_engman

Kommentarer

Skicka en kommentar

Populära inlägg i den här bloggen

Digitalization - How do I stay relevant? Netlight Edge Academy 2017 - our initimite digitalization festival all over Europe - will give some answers. #edge, #edgeacademy17, #genuine consultant, #netlight

-
Do you know what? The world is changing - the world is digitalizing. And I'm so happy to be part of it, as I easily get bored and feel good about being part of something greater (than myself). Digitalization is not about developing the best business plan, the best marketing plan and separately developing the best technology architecture. Digitalization is about pure business development where IT and IT architecture is part of your core business, not a support organization anymore. So, to compete in the digital race, IT Architecture must be a natural and crucial part of your every-day-business-development. Yes, the world is changing and so must we, to stay relevant.  How do I stay relevant?  By working in a place as Netlight built on the strong foundation of change, knowledge sharing and supporting each other. A natural win-win for all parties - employed, clients and Netlight as a company. Edge Academy, our intimate digitalization festival, is really our normal ...
Läs mer

Edge Academy 2016 - one Netlight way of creating together, this week all over Europe

-
Bild
What do you get when you mix competence, creativity and business sense together with a big portion of deep engagement and people who really cares? You get Edge Academy, an intimate yearly IT festival during a week happening in all Netlight offices all over Europe. By us consultants, for us consultants. Sounds interesting, one must really say, but what’s the agenda or theme? Of course whatever is currently relevant, or Edge as we call it within Netlight. That is whatever makes challenges or opportunities to our clients and our clients as being leaders and drivers of the digital future. What this may be in detail, all of our consultants know together (that’s why the agenda can’t be set by anyone else) so let’s have a peak into the schedule of what is currently Edge to us. Also this is as good answer as any to the question - what does Netlight actually do currently?  What we do in six months or in a year? Nobody knows, and that's the excitement, ask us then and we'l...
Läs mer

Is Microservices the future of all architectures? Is it "the" silver bullet for any company with a business critical IT?

-
Bild
      We all start there, with the famous Monolith Architecture. Why? Because it’s easy, it’s fast, it suits our needs just fine. Remember the first rule when distributing your systems – “Do NOT distribute your systems”, until you need it, then “Do NOT distribute your systems”, unless you really really really need it. So the Monolith is the perfect start for any start-up and can suit your need for a very long time, potentially forever.   So why bother understanding what Microservices is all about? There might come a day, when you feel you grow out of your Monolith. The size of your organization has grown quite a lot, your dev department is getting bigger, perhaps dev centers separated geographically. All you know is that growth is the only thing that will stay stable for the near future. Sooner or later I think you will start to see the typical signs of you outgrowing your Monolith (if not – congratulations, please tell me and the world how you did it); You s...
Läs mer