Security SIG: The Front Door is Unlocked – Advanced Website Security Schemes
Topic: The Front Door is Unlocked – Advanced Website Security Schemes are often still vulnerable to Simple Attacks
Many experts still mistakenly believe that it requires elite, ninja-level hacking skills to wreak havoc and Make Money Fast on public websites. As the enterprise wraps itself in traditional web security blankets – “managing risk” with high-priced consultants and automated scanners and code reviews – hackers are constantly changing their attack strategies and tactics, pushing the envelope of what’s possible in the ever-changing Web security landscape.
In this presentation Arian will discuss how many corporate websites have misguided testing practices, inaccurate perceptions of the strategies and skill sets of potential hackers, and holes in their asset risk-management strategies. Rather than focusing on syntax attacks requiring programming skills like Cross-Site Scripting and SQL Injection - Arian will show how attackers find and exploit vulnerabilities for monetary gain using only a web browser and basic analytic skills. This session dispels the illusion of "shallow scanning security" a'la PCI and compliance-minded application security agendas. Arian will also provide rsteps and tactics the audience can use to re-evaluate their website security posture and mitigate these unseen, hard to detect risks.Speaker Bio:
Cubberley Community Center
4000 Middlefield Road, Room H-1
Palo Alto, CA