, ,

Toreon sponsored the Cyber Security Challenge

The Cyber Security Challenge has become a not to miss event for students and industry professionals. This year Toreon was one of its main sponsors, with a booth in the venue and its own ‘Toreon challenge’.

On Friday Steven and Catherine manned the booth and were subjected to some social engineering attacks by the contestants. Many of these teams were able to capture a part of a challenge solution from us this way. The teams had a lot of fun during this challenge.

At lunchtime the teams battling for the finals on Saturday were announced and the teams that did not make the cut had a chance to play another game. Here all sponsors were role-playing employees of a hacked company and the contestants needed to figure out what happened. This was again a lot of fun seeing how the teams ran from one sponsor to the other trying to ask the right questions and solve the mystery.

On Saturday Toreon hosted one of the sponsor challenges and we opted to create a role-playing game in the style of a ‘choose your own adventure’ game. We received a lot of positive feedback on the style of this challenge; especially the original approach was appreciated by the finalists.

Saturday afternoon we watched the proceedings of the finals where Wouter, one of our interns, was performing exceptionally well. His team was constantly running in second and third place and they were able to grab second place in the end!

During the prize ceremony our managing partner Wouter Avondstondt handed out prizes to two winning teams. They received a copy of Cryptomancer, a role-playing game that combines cyber security with a fantasy setting.

 

, , , ,

Keep up to date with the latest Threat Modeling news and insights

Subscribe now to our monthly “Threat Modeling Insider” TMI newsletter – packed full of expert advice and articles to get you started with threat modeling.

Threat modeling has always been a passion and a cornerstone of the security services we provide. It helps to identify and mitigate potential security issues early on, when they are relatively easy and cost-effective to resolve.

This week we start our monthly newsletter “Threat Modeling Insider” (TMI). With this newsletter we promise you valuable and curated content from the field of threat modeling to your inbox on a monthly basis. Topics will include a threat modeling news digest, threat modeling resources, whitepapers, templates and presentations by threat modeling authorities and from our very own Toreon experts.

Subscribe to our monthly “Threat Modeling Insider” TMI newsletter.

A sneak preview

Thursday you’ll receive our first edition of the TMI newsletter including:

Additionally we’ll share updates and news on upcoming appearances and events to catch up with the Toreon team and our training sessions.

In conclusion: interested? Subscribe now and receive your first TMI newsletter on Thursday.

 

, , , , , , ,

Toreon presents Threat Modeling workshop at SecAppDev 2019

SecAppDev is an intensive one-week course in secure application development. For the 15th year in a row, SecAppDev organizes a leading-edge software security courses for developers, one of them is Toreon’s Whiteboard hacking (aka hands-on threat modeling).

Our White Board Hacking workshops put together everyone involved, such as product owners, architects and developers, to systematically analyze the application being designed and come up with the security measures needed to make it run securely. All of this happens before a single line of code is written!

Learn more about Whiteboard hacking

At SecAppDev our CEO Sebastien Deleersnyder proposes an action-packed 1 day Threat Modeling workshop as taught at OWASP, Black Hat USA and O’Reilly Security conferences. In groups of 3 to 4, participants are challenged to threat model two real-life use cases: a REST-based web application and an on-site IoT deployment.

Registration for the 2019 edition is now closed, but you can learn more about White Board Hacking at O’Reilly Velocity (San Jose), Black Hat (Las Vegas), HITB (Singapore and Dubai) or DevSecCon (London).

Consult the calendar

, , , ,

Toreon @ Niveau S

On the 19th and 20th of December, Toreon will be at the Niveau S event.

This event is targeted at government services and the activities will be an exciting mix of seminars, R&D demonstrations and a job/internship speed dating area. The overall theme is technological innovation and security.

We want to present ourself as a trusted partner for cyber security consultancy and advice and as an innovative player in this market. You will find us in the main hall with a live demo by our innovation department. Don’t be shy and come say hi!

Looking for a new challenge? Learn all about us and working at Toreon, look at our current job openings and book us for a speed date at the event.

In anticipation of this event, we’ve made a promo video that’s worth taking a look at:
Niveau S promo – NL
Niveau S promo – FR

See you in Brussels!

, , ,

New Whiteboard Hacking Training: Advanced and for Pentesters

One of Toreon’s key values is the gathering and sharing of knowledge. We try to encourage our own people to do this all the time and actively facilitate this. Knowledge grows exponentially when shared and combined with people of all knowledge levels, even if they come from different IT security domains.

This made us realise that we have a lot of knowledge to share. We see it as our duty to help train top notch IT security specialists. First we started to train the Toreon employees and later on also clients’ employees, which we have been doing for several years now. All this knowledge is now also available for your organisation. The better your people are trained and prepared, the more we can all focus on our main objective: creating a safer digital society.

We have expanded our knowledge base and have finetuned our workshops and trainings and are now also offering them to be booked for conferences and in-house company training.

Our Whiteboard Hacking training has been doing so well (OWASP AppSec Europe 2017 in Belfast, Northern Ireland – Black Hat USA 2017 in Las Vegas, USA – O’Reilly conference 2017, NY, USA) that we’ve developed an advanced version, which is already scheduled for Black Hat 2018 (USA and Europe) and BruCON 2018 (Ghent, Belgium):
BlackHat Las Vegas, USA (August 2018)
BlackHat London, UK ( December 2018)

We recently started with versions for pentesters and DevOps engineers: Offensive whiteboard hacking for penetration testers. Already available at:
– BruCON 2018, Ghent, Belgium (October 2018)
– DevSecCon 2018 London (October 2018)

Check out all the details of our available AppSec trainings.

Contact us for an in-house training offer, tailor made to suit your needs.

, , ,

Our ‘Adding Privacy by Design in Secure Application Development’ talk at OWASP London

On 5-June Seba delivered the talk “Adding Privacy by Design in Secure Application Development” at the OWASP Europe conference in London.

Seba addressed the complex GDPR challenge for developers as part of a Secure Development Lifecycle approach.

The presentation covered:

• GDPR requirements covering design, data lifecycle, users and end of life aspects
• Privacy by Design challenge
• Including GDPR in the Secure Development Life Cycle
• Mapping OWASP SAMM to the GDPR
• Integrating privacy in application security classification, awareness training, guidelines, AppSec champions, threat modeling, 3rd parties, security testing and incident management
• Introducing GDPR risk patterns

Our talk focussed on practical implementation aspects and demonstrations of real life use cases encountered in our software security and privacy projects.

You can download the slides here.

, ,

Why we sponsor BruCON 2017? Win the last ticket!

Proud sponsor!

We are a proud Diamond sponsor of BruCON 2017 because we:

  • Believe in supporting the IT security community in Belgium.
  • Like the really excellent line-up: http://2017.brucon.org/index.php/Schedule
  • Bring our consultants to the trainings and conference: to increase their knowledge and build our community network.
  • Are on the lookout for new colleagues to join our growing team.
  • Organize the Student CTF. We engage high school and university students of non-security curricula and stimulate them to consider a cyber security career.

We also share our last sponsor ticket. These are in high demand, as BruCON sold out some weeks ago!

How to win your ticket?

Each like/retweet of our blog post on LinkedIn or Twitter before 27 September midnight (CET). These will automatically enter our draw on Thursday. The winner will be announced on Thursday.

Hope to see you  next week!

Pass by our booth to have a chat and enjoy a beer.

The Toreon team