ElevenPaths Talks


Security testing methods with Gabriel Bergel.

April 7, 2016. Nowadays, testing methods are necessary to ensure minimum security quality in any product. In chapter 4, Gabriel Bergel, CSA of ElevenPaths in Chile, tells us about the available methods and what they offer. Please note: poor management of security testing may lead to high long-term costs as well as damages to image and reputation. Click play!

This webcast introduces different types of security testing: vulnerability analysis, pentest and ethical hacking. It also explains the existing testing methods, such as PTES, pentest framework, owasp, nist, ISSAF and OSSTMMM; and their advantages and disadvantages. You learn how to choose a method and are given more details about the most popular method and Gabriel Bergel’s method of choice: OSSTMM.

The webcast describes the various ways of integrating Latch into physical devices of the IoT ecosystem.

You find out about the most elementary integration but also about the most detailed option; and the implementation in an Arduino UNO, standard of Latch’s API and the topic of a series of articles in ElevenPaths’ blog, to describe every step in detail.

New in this context, you find out about an alternative way of using Latch’s API without SSL – a service developed on PHP; you can find its code on GitHub.

Next, a fully native Latch integration is described. It uses the official SKD on an Intel Edison board that has been programmed from the Arduino environment. We talk about concept testing of the integration of a money box with biometric authentication and multiple delegated authorizations.

You are also introduced to the re-implementation in Python language, which is compatible with any system: Windows, Mac or Linux/Unix, and can be run on the Raspberry PI board.

TAG: Latch, IoT, Arduino, Intel Edison, Python, Raspberry, SSL, PHP, Biometrics, Multiple Delegated Authorizations.

If you would like to find out more, check this series of articles about the phases of cyber-intelligence and good ethical hacking practices as part of a continuous process. They were written by our expert:


» The Phases of Cyber-Intelligence (in Spanish)
» Continuous Ethical Hacking: good practices of the king of the jungle (in Spanish)