Trustwave SpiderLabs Uncovers Ov3r_Stealer Malware Spread via Phishing and Facebook Advertising. Learn More

Trustwave SpiderLabs Uncovers Ov3r_Stealer Malware Spread via Phishing and Facebook Advertising. Learn More

Services
Capture
Managed Detection & Response

Eliminate active threats with 24/7 threat detection, investigation, and response.

twi-managed-portal-color
Co-Managed SOC (SIEM)

Maximize your SIEM investment, stop alert fatigue, and enhance your team with hybrid security operations support.

twi-briefcase-color-svg
Advisory & Diagnostics

Advance your cybersecurity program and get expert guidance where you need it most.

tw-laptop-data
Penetration Testing

Test your physical locations and IT infrastructure to shore up weaknesses before exploitation.

twi-database-color-svg
Database Security

Prevent unauthorized access and exceed compliance requirements.

twi-email-color-svg
Email Security

Stop email threats others miss and secure your organization against the #1 ransomware attack vector.

tw-officer
Digital Forensics & Incident Response

Prepare for the inevitable with 24/7 global breach response in-region and available on-site.

tw-network
Firewall & Technology Management

Mitigate risk of a cyberattack with 24/7 incident and health monitoring and the latest threat intelligence.

Solutions
BY TOPIC
Microsoft Exchange Server Attacks
Stay protected against emerging threats
Rapidly Secure New Environments
Security for rapid response situations
Securing the Cloud
Safely navigate and stay protected
Securing the IoT Landscape
Test, monitor and secure network objects
Why Trustwave
About Us
Awards and Accolades
Trustwave SpiderLabs Team
Trustwave Fusion Security Operations Platform
Trustwave Security Colony
Partners
Technology Alliance Partners
Key alliances who align and support our ecosystem of security offerings
Trustwave PartnerOne Program
Join forces with Trustwave to protect against the most advance cybersecurity threats
News Releases

Five Members of Trustwave's SpiderLabs to Speak at Black Hat 2010

CHICAGO (October 21, 2010) -  Security experts from Trustwave, the leading provider of information security and compliance solutions, will deliver multiple briefings at Black Hat 2010 in Las Vegas, July 28 through 29. The presentations will be delivered by members of SpiderLabs, the advanced security team at Trustwave responsible for incident response and forensics, penetration testing and application security, and security research.

David Byrne and Charles Henderson will deliver GWT Security: Don't Get Distracted by Bright Shiny Objects, which will look at common vulnerabilities in Google's Web Toolkit (GWT). The GWT backs many of the slickest web-based applications being built today, which explains its gain in popularity. However, GWT supports not only a nice graphical user interface, but also allows for advanced features called remote procedure calls (RPC). While GWT-based applications can be very secure, like all frameworks it is often implemented very poorly. Insecure RPC calls are fairly common in the GWT application world as developers are not familiar with the technology or simply think of it as bullet proof.

This presentation will demonstrate how to exploit common vulnerabilities in GWT applications, particularly with RPC functionality. The non-human readable format of its browser-side the JavaScript makes penetration testing GWT applications very time consuming. To aid with testing, Byrne and Henderson will release REGWT, a tool to reverse engineer GWT applications. It will allow a penetration tester to map out GWT RPC methods and browser-side logic that would otherwise be hidden and easily test them for various vulnerabilities.

Nicholas Percoco and Jibran Ilyas will present Malware Freak Show 2010, which will expand upon their initial Malware Freak Show presentation delivered at DEFCON 17. This year's talk will explore four new pieces of malware that were obtained during more than 200 investigations conducted in 2009 by Trustwave's SpiderLabs. The presentation will include the anatomy of a successful malware attack, a profile on each sample and victim, and a live demonstration of each piece of malware discussed.

Steve Ocepek and Charles Henderson will deliver Need a Hug? I'm Secure, which will look at the ways manual penetration testing can help an organization protect their environment from 0-day attacks, as well as more common vulnerabilities like SQL injection and cross-site scripting (XSS). While organizations are concerned with new 0-days, they tend to forget that the older, less 'interesting' attacks can lead to exploits. Trustwave's Global Security Report demonstrates that most security breaches happen due to simple mis-configurations or older attacks like SQL injection.

This presentation will provide an overview of the effectiveness of penetration testing, whether focusing on the older, tried-and-true attacks or testing in response to 0-days, security alerts and reports of vulnerabilities in the wild. Penetration testing has the opportunity to contrast weak points in the infrastructure with other areas that have effective counter-measures in place. This presentation will help attendees motivate clients by giving them visibility into exactly what works and what doesn't, and generally how to be more helpful to the client.

In addition, Trustwave's booth, 31, will feature a preview of the PenTest Manager, the latest application in Trustwave's Managed Security Portal, which allows SpiderLabs clients to manage penetration test projects and findings, providing rich evidence detailing the vulnerabilities identified during a test. The PenTest Manager streamlines the remediation and vulnerability management process by providing a highly customizable reporting interface designed to allow organizations to quickly track, prioritize and resolve security vulnerabilities.

"With new 0-day attacks and exploits via existing channels, it's clear the need for information security will continue to increase," says Robert J. McCullen, chairman and CEO of Trustwave. "Real attackers don't care about the age of the vulnerability, if it works, they use it. For this reason, businesses need to always follow security best practices through the application development lifecycle to help ensure they've protected their organization and its consumers."

"Uncovering new, never-before-seen vulnerabilities to attack an environment is always exciting, but we must not lose sight of the existing vulnerabilities that have proven to be the more destructive of two evils," says Nicholas J. Percoco, senior vice president of SpiderLabs. "However, we hope that shedding new light on such vulnerabilities will help better secure an organization or the applications it's creating for the general community."

About Trustwave

Trustwave is a leading provider of on-demand and subscription-based information security and payment card industry compliance management solutions to businesses and government entities throughout the world. For organizations faced with today's challenging data security and compliance environment, Trustwave provides a unique approach with comprehensive solutions that include its flagship TrustKeeper® compliance management software and other proprietary security solutions including SIEM , WAF , EV SSL certificates  and secure digital certificates . Trustwave has helped hundreds of thousands of organizations-ranging from Fortune 500 businesses and large financial institutions to small and medium-sized retailers-manage compliance and secure their network infrastructures, data communications and critical information assets. Trustwave is headquartered in Chicago with offices throughout North America, South America, Europe, Africa, Asia and Australia. For more information, visit https://www.trustwave.com/en-us/.

Latest News Releases

New Trustwave SpiderLabs Research Exposes Unique Cybersecurity Threats Facing Education Industry

Chicago – February 22, 2024 – Trustwave, a leading cybersecurity and managed security services provider, today released comprehensive research uncovering unique cybersecurity threats faced by...

Read More

Trustwave MailMarshal Now Available on Microsoft Azure Marketplace

Chicago – February 1, 2024 – Trustwave, a global cybersecurity and managed security services leader, today announced the availability of Trustwave MailMarshal on the Microsoft Azure Marketplace, an...

Read More

Aquion and Trustwave Announce Strategic Partnership to Boost Cybersecurity in Australia and New Zealand

Sydney, Australia - Jan 30, 2024 - Aquion, a specialist in value-added software distribution, proudly announces its strategic partnership with global managed cybersecurity leader Trustwave. This...

Read More