Lifecycle of a security incident: from detection to response
Starting from a web application that comes with an exploitable critical bug detected during a penetration test by the red team, we will learn how to put in place some countermeasures to detect the attempts to exploit the vulnerability while keeping the system online. This allows us to mitigate the vulnerability risk while software engineers work to fix the problem. At the same time the blue team will use web server logs to build detection rules that will help in the incident response phase (if there is one). A full immersion in the activities of a defense team based on a real life experience.
Giovanni merlos Mellini is founder and president of Cyber Saiyan - www.cybersaiyan.it - a no profit organization founded to promote social initiatives to spread cyber security and ethical hacking culture; Cyber Saiyan organizes RomHack - www.romhack.io - a free cyber security conference held yearly in Rome. He is the head of "Information, systems and network Security" in ENAV, the italian air navigation service provider. Sometimes he writes about open source, security and boring stuff on his blog Scubarda - www.scubarda.com