Most organizations are engaged in combating IT and cyber security threats, by looking at better and more mature technologies and are implementing many tools. ISO27001:2013 provides a mechanism to integrate all elements of cyber security and business objectives to create a very robust mechanism to combat these threats, by setting up an Information Security Management System (ISMS). This talk will focus on how an Information Security Management System, can be used to enhance the capabilities of a cyber-security program through governance and management, irrespective of whether and organization is certified or not.

In this presentation , the speaker would give his perspective of penetration test design based on his implementation experience. The talk will cover the details related to Reconnaissance, Scanning and Attack based test design approach.

The talk will cover cloud security specific details around following areas :
- Cloud deployed products security technical architecture
- Common mistakes that customer make when they move on premise application to cloud
- How to beat hacker by thinking like a hacker
- Overview of Testing application using hacking tools
- Understanding Privacy, Multi-tenant concerns
- Short live Demo of moving on premise application to Cloud using MS threat model
- Server side Input validation examples
- TLS examples
- Cloud Authentication and authorization patterns
- encryption best practices
- Database security best practices
During the Presentation, I will try to involve audience by online Poll, quizzes and token gifts and Q&A.

One of the biggest challenge and question raised in cybersecurity is "who" attacked your organization and "why" . In our talk we explain how it is possible to attribute the attackers of a targeted APT campaign.
The talk would be based on our analysis on an APT Teams specialized in targeting private organization using Mobile Malwares via social media. We would explain in our talk how we traced the attackers, identified their infrastructures, tools they used to attack their targets. The talk would help people understanding APT groups targeting private organizations and how the culprits could be tracked. Since the attackers mainly target government contractors and private companies, we would explain the many ways organizations could stop such attacks. The targeted audience of the talk would be anyone who want's to know mobile malware analysis and how to Gather Intelligence on Targeted Attacks.

What is Deep Web ?
- Difference between Deep Web, Dark Web and Surface Web
- Research on underground carding shop where all Indian banks' credit card and debit cards were on sell
- Overview of how these hidden dark markets can be accessed / a few important terminologies related to Deep dark web
- A few tips for being anonymous online while dealing with such dark webs
- Overview of popular dark markets, their operators and history(if any) related to them
- Services offered by these dark markets
- Information regarding the latest research by MIT on these dark markets and its effect on the current dark market
- Closing remarks

How many times have we heard the following phrases, "I do not know how much is my application share?", "I will be ready to buy the Top Application Security Scanning Products available in market, but will my application be secured?", "Can I measure my application security effectiveness against a defined maturity model?", "I have received a long list of vulnerabilities reported but my development team does not have the bandwidth to fix them!", "My testing team does not know how to perform a Security Test!", "I have outsourced my application or product development to this vendor but now I have hundreds of security vulnerabilities reported just when I was planning to go for product deployment. I do not have time to fix them and my neck is about to be slaughtered!!!"
With lots of new applications getting hacked almost every day, Securing Applications have gained greater prominence. But is there a potential magic pill to solve most of these Application Security Challenges?!
The Answer is YES and this session will give you insights to that magical pill. Come and explore!