1 / 10

So you want to be a Hacker?

So you want to be a Hacker?. Maybe not yet, but you will at the end of the hour!. Agenda. Introductions Why you should listen to me Day in the life of Joe What makes a security tester different? DEMOS! Cross Site Scripting SQL injection Java Decomplier. Introduction.

ramona
Download Presentation

So you want to be a Hacker?

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. So you want to be a Hacker? Maybe not yet, but you will at the end of the hour!

  2. Agenda • Introductions • Why you should listen to me • Day in the life of Joe • What makes a security tester different? • DEMOS! • Cross Site Scripting • SQL injection • Java Decomplier

  3. Introduction • Joe Basirico – Dev Manager and Security Consultant for Security Innovation • Worked in security for about 6 years now • Worked for Microsoft before SI • Security Trainer, Engineer, Consultant, etc.

  4. Day in the life • Work with Software, Financial, Insurance, companies to help them produce more secure software • Find Vulnerabilities in software so hackers don’t • Help our customers fix them before they release

  5. The Work • One week to a couple months engagement • Quickly learn the system • Find theoretical flaws through threat modeling and intuition • Verify flaws through testing • Help client remediate the flaw directly or through recommendations

  6. What makes a great hacker? • Complete Knowledge of the System • Great security testers know everything about every layer of the system, from browser to hardware • A Great Imagination • What’s really going on back there? • An Evil Streak • What’s the worst thing I could do? • Steal passwords, credit card numbers, take the system down?

  7. Example

  8. Demos! • Cross Site Scripting • SQL Injection • Forceful Browsing • Decompilation

  9. Remediation • Be very careful with your input! • Assume the world is malicious • Think like an attacker • Protect yourself

  10. Questions? E-mail jbasirico@securityinnovation.com Questions? Comments?

More Related