Trustwave's 2024 Retail Report Series Highlights Alarming E-Commerce Threats and Growing Fraud Against Retailers. Learn More

Trustwave's 2024 Retail Report Series Highlights Alarming E-Commerce Threats and Growing Fraud Against Retailers. Learn More

Services
Managed Detection & Response

Eliminate active threats with 24/7 threat detection, investigation, and response.

Co-Managed SOC (SIEM)

Maximize your SIEM investment, stop alert fatigue, and enhance your team with hybrid security operations support.

Advisory & Diagnostics

Advance your cybersecurity program and get expert guidance where you need it most.

Penetration Testing

Test your physical locations and IT infrastructure to shore up weaknesses before exploitation.

Database Security

Prevent unauthorized access and exceed compliance requirements.

Email Security

Stop email threats others miss and secure your organization against the #1 ransomware attack vector.

Digital Forensics & Incident Response

Prepare for the inevitable with 24/7 global breach response in-region and available on-site.

Firewall & Technology Management

Mitigate risk of a cyberattack with 24/7 incident and health monitoring and the latest threat intelligence.

Solutions
BY TOPIC
Microsoft Security
Unlock the full power of Microsoft Security
Offensive Security
Solutions to maximize your security ROI
Rapidly Secure New Environments
Security for rapid response situations
Securing the Cloud
Safely navigate and stay protected
Securing the IoT Landscape
Test, monitor and secure network objects
Why Trustwave
About Us
Awards and Accolades
Trustwave SpiderLabs Team
Trustwave Fusion Security Operations Platform
Trustwave Security Colony
Partners
Technology Alliance Partners
Key alliances who align and support our ecosystem of security offerings
Trustwave PartnerOne Program
Join forces with Trustwave to protect against the most advance cybersecurity threats
News Releases

Five Members of Trustwave's SpiderLabs to Speak at Black Hat 2010

CHICAGO (October 21, 2010) -  Security experts from Trustwave, the leading provider of information security and compliance solutions, will deliver multiple briefings at Black Hat 2010 in Las Vegas, July 28 through 29. The presentations will be delivered by members of SpiderLabs, the advanced security team at Trustwave responsible for incident response and forensics, penetration testing and application security, and security research.

David Byrne and Charles Henderson will deliver GWT Security: Don't Get Distracted by Bright Shiny Objects, which will look at common vulnerabilities in Google's Web Toolkit (GWT). The GWT backs many of the slickest web-based applications being built today, which explains its gain in popularity. However, GWT supports not only a nice graphical user interface, but also allows for advanced features called remote procedure calls (RPC). While GWT-based applications can be very secure, like all frameworks it is often implemented very poorly. Insecure RPC calls are fairly common in the GWT application world as developers are not familiar with the technology or simply think of it as bullet proof.

This presentation will demonstrate how to exploit common vulnerabilities in GWT applications, particularly with RPC functionality. The non-human readable format of its browser-side the JavaScript makes penetration testing GWT applications very time consuming. To aid with testing, Byrne and Henderson will release REGWT, a tool to reverse engineer GWT applications. It will allow a penetration tester to map out GWT RPC methods and browser-side logic that would otherwise be hidden and easily test them for various vulnerabilities.

Nicholas Percoco and Jibran Ilyas will present Malware Freak Show 2010, which will expand upon their initial Malware Freak Show presentation delivered at DEFCON 17. This year's talk will explore four new pieces of malware that were obtained during more than 200 investigations conducted in 2009 by Trustwave's SpiderLabs. The presentation will include the anatomy of a successful malware attack, a profile on each sample and victim, and a live demonstration of each piece of malware discussed.

Steve Ocepek and Charles Henderson will deliver Need a Hug? I'm Secure, which will look at the ways manual penetration testing can help an organization protect their environment from 0-day attacks, as well as more common vulnerabilities like SQL injection and cross-site scripting (XSS). While organizations are concerned with new 0-days, they tend to forget that the older, less 'interesting' attacks can lead to exploits. Trustwave's Global Security Report demonstrates that most security breaches happen due to simple mis-configurations or older attacks like SQL injection.

This presentation will provide an overview of the effectiveness of penetration testing, whether focusing on the older, tried-and-true attacks or testing in response to 0-days, security alerts and reports of vulnerabilities in the wild. Penetration testing has the opportunity to contrast weak points in the infrastructure with other areas that have effective counter-measures in place. This presentation will help attendees motivate clients by giving them visibility into exactly what works and what doesn't, and generally how to be more helpful to the client.

In addition, Trustwave's booth, 31, will feature a preview of the PenTest Manager, the latest application in Trustwave's Managed Security Portal, which allows SpiderLabs clients to manage penetration test projects and findings, providing rich evidence detailing the vulnerabilities identified during a test. The PenTest Manager streamlines the remediation and vulnerability management process by providing a highly customizable reporting interface designed to allow organizations to quickly track, prioritize and resolve security vulnerabilities.

"With new 0-day attacks and exploits via existing channels, it's clear the need for information security will continue to increase," says Robert J. McCullen, chairman and CEO of Trustwave. "Real attackers don't care about the age of the vulnerability, if it works, they use it. For this reason, businesses need to always follow security best practices through the application development lifecycle to help ensure they've protected their organization and its consumers."

"Uncovering new, never-before-seen vulnerabilities to attack an environment is always exciting, but we must not lose sight of the existing vulnerabilities that have proven to be the more destructive of two evils," says Nicholas J. Percoco, senior vice president of SpiderLabs. "However, we hope that shedding new light on such vulnerabilities will help better secure an organization or the applications it's creating for the general community."

About Trustwave

Trustwave is a leading provider of on-demand and subscription-based information security and payment card industry compliance management solutions to businesses and government entities throughout the world. For organizations faced with today's challenging data security and compliance environment, Trustwave provides a unique approach with comprehensive solutions that include its flagship TrustKeeper® compliance management software and other proprietary security solutions including SIEM , WAF , EV SSL certificates  and secure digital certificates . Trustwave has helped hundreds of thousands of organizations-ranging from Fortune 500 businesses and large financial institutions to small and medium-sized retailers-manage compliance and secure their network infrastructures, data communications and critical information assets. Trustwave is headquartered in Chicago with offices throughout North America, South America, Europe, Africa, Asia and Australia. For more information, visit https://www.trustwave.com/en-us/.

Latest News Releases

Trustwave's 2024 Retail Report Series Highlights Alarming E-Commerce Threats and Growing Fraud Against Retailers

Chicago – October 29, 2024 – Trustwave, a leading cybersecurity and managed security services provider, today released a series of reports detailing the threats facing the retail sector, marking the...

Read More

Trustwave Ranks in Top 10 on MSSP Alert’s Top 250 List for Eighth Consecutive Year

Chicago – October 24, 2024 – Trustwave has again been named a Top 10 MSSP by the industry publication MSSP Alert, a CyberRisk Alliance resource, in its 2024 Top 250 MSSPs List, placing 10th this year.

Read More

Trustwave Expands Partnership with Dicker Data to Deliver Full Range of Managed Security Services in Australia

Trustwave, a global leader in cybersecurity and managed security services, has announced an expanded partnership with Dicker Data, Australia’s premier IT distributor, which has long been a Trustwave...

Read More