cso-in-residence, echelon one,...

39

David Mortman CSO-in-Residence, Echelon One, LLC A Tale of 2.0 Webs

Upload: others

Post on 28-Jul-2020

2 views

Category:

Documents

0 download

Report

Download

Embed Size (px):

TRANSCRIPT

Page 1: CSO-in-Residence, Echelon One, LLCcdn.ttgtmedia.com/searchSecurity/downloads/ATaleOf2.0Webs_Best… · E New England Ave Shad st E south st R veriea E Ave Mccoy an Ave N Map a Park

David MortmanCSO-in-Residence, Echelon One, LLC

A Tale of 2.0 Webs

Page 2: CSO-in-Residence, Echelon One, LLCcdn.ttgtmedia.com/searchSecurity/downloads/ATaleOf2.0Webs_Best… · E New England Ave Shad st E south st R veriea E Ave Mccoy an Ave N Map a Park

It Was The Best of Times

Page 3: CSO-in-Residence, Echelon One, LLCcdn.ttgtmedia.com/searchSecurity/downloads/ATaleOf2.0Webs_Best… · E New England Ave Shad st E south st R veriea E Ave Mccoy an Ave N Map a Park

It Was The Worst of Times

Page 4: CSO-in-Residence, Echelon One, LLCcdn.ttgtmedia.com/searchSecurity/downloads/ATaleOf2.0Webs_Best… · E New England Ave Shad st E south st R veriea E Ave Mccoy an Ave N Map a Park

With Apologies to Dickens

Page 5: CSO-in-Residence, Echelon One, LLCcdn.ttgtmedia.com/searchSecurity/downloads/ATaleOf2.0Webs_Best… · E New England Ave Shad st E south st R veriea E Ave Mccoy an Ave N Map a Park

It Was The Best of Times

Page 6: CSO-in-Residence, Echelon One, LLCcdn.ttgtmedia.com/searchSecurity/downloads/ATaleOf2.0Webs_Best… · E New England Ave Shad st E south st R veriea E Ave Mccoy an Ave N Map a Park

Page 7: CSO-in-Residence, Echelon One, LLCcdn.ttgtmedia.com/searchSecurity/downloads/ATaleOf2.0Webs_Best… · E New England Ave Shad st E south st R veriea E Ave Mccoy an Ave N Map a Park

Page 8: CSO-in-Residence, Echelon One, LLCcdn.ttgtmedia.com/searchSecurity/downloads/ATaleOf2.0Webs_Best… · E New England Ave Shad st E south st R veriea E Ave Mccoy an Ave N Map a Park

It Was The “Worst” of Times

Page 9: CSO-in-Residence, Echelon One, LLCcdn.ttgtmedia.com/searchSecurity/downloads/ATaleOf2.0Webs_Best… · E New England Ave Shad st E south st R veriea E Ave Mccoy an Ave N Map a Park

Technical Issues

Cross Site ScriptingCross Site Request Forgery

SQL InjectionClickjacking

iFrame InjectionGIFARS

Page 10: CSO-in-Residence, Echelon One, LLCcdn.ttgtmedia.com/searchSecurity/downloads/ATaleOf2.0Webs_Best… · E New England Ave Shad st E south st R veriea E Ave Mccoy an Ave N Map a Park

Related Technical Issues

DNS Cache PoisoningBGP Hijacking

Page 11: CSO-in-Residence, Echelon One, LLCcdn.ttgtmedia.com/searchSecurity/downloads/ATaleOf2.0Webs_Best… · E New England Ave Shad st E south st R veriea E Ave Mccoy an Ave N Map a Park

Architecture and Other Issues

Business Logic FlawsDeep Linking

Page 12: CSO-in-Residence, Echelon One, LLCcdn.ttgtmedia.com/searchSecurity/downloads/ATaleOf2.0Webs_Best… · E New England Ave Shad st E south st R veriea E Ave Mccoy an Ave N Map a Park

Data LeakagePrivacy IssuesIdentity Theft

Page 13: CSO-in-Residence, Echelon One, LLCcdn.ttgtmedia.com/searchSecurity/downloads/ATaleOf2.0Webs_Best… · E New England Ave Shad st E south st R veriea E Ave Mccoy an Ave N Map a Park

http://1raindrop.typepad.com/

Page 14: CSO-in-Residence, Echelon One, LLCcdn.ttgtmedia.com/searchSecurity/downloads/ATaleOf2.0Webs_Best… · E New England Ave Shad st E south st R veriea E Ave Mccoy an Ave N Map a Park

Innovation?What Innovation?

Page 15: CSO-in-Residence, Echelon One, LLCcdn.ttgtmedia.com/searchSecurity/downloads/ATaleOf2.0Webs_Best… · E New England Ave Shad st E south st R veriea E Ave Mccoy an Ave N Map a Park

Page 16: CSO-in-Residence, Echelon One, LLCcdn.ttgtmedia.com/searchSecurity/downloads/ATaleOf2.0Webs_Best… · E New England Ave Shad st E south st R veriea E Ave Mccoy an Ave N Map a Park

Page 17: CSO-in-Residence, Echelon One, LLCcdn.ttgtmedia.com/searchSecurity/downloads/ATaleOf2.0Webs_Best… · E New England Ave Shad st E south st R veriea E Ave Mccoy an Ave N Map a Park

Page 18: CSO-in-Residence, Echelon One, LLCcdn.ttgtmedia.com/searchSecurity/downloads/ATaleOf2.0Webs_Best… · E New England Ave Shad st E south st R veriea E Ave Mccoy an Ave N Map a Park

But….

Page 19: CSO-in-Residence, Echelon One, LLCcdn.ttgtmedia.com/searchSecurity/downloads/ATaleOf2.0Webs_Best… · E New England Ave Shad st E south st R veriea E Ave Mccoy an Ave N Map a Park

It Could Be A Lot Worse

Page 20: CSO-in-Residence, Echelon One, LLCcdn.ttgtmedia.com/searchSecurity/downloads/ATaleOf2.0Webs_Best… · E New England Ave Shad st E south st R veriea E Ave Mccoy an Ave N Map a Park

Fortunately…

Page 21: CSO-in-Residence, Echelon One, LLCcdn.ttgtmedia.com/searchSecurity/downloads/ATaleOf2.0Webs_Best… · E New England Ave Shad st E south st R veriea E Ave Mccoy an Ave N Map a Park

There Are Options

Page 22: CSO-in-Residence, Echelon One, LLCcdn.ttgtmedia.com/searchSecurity/downloads/ATaleOf2.0Webs_Best… · E New England Ave Shad st E south st R veriea E Ave Mccoy an Ave N Map a Park

Push Vendors

Page 23: CSO-in-Residence, Echelon One, LLCcdn.ttgtmedia.com/searchSecurity/downloads/ATaleOf2.0Webs_Best… · E New England Ave Shad st E south st R veriea E Ave Mccoy an Ave N Map a Park

When will you stop making such crappy software?

Page 24: CSO-in-Residence, Echelon One, LLCcdn.ttgtmedia.com/searchSecurity/downloads/ATaleOf2.0Webs_Best… · E New England Ave Shad st E south st R veriea E Ave Mccoy an Ave N Map a Park

When you stop buying it.

Page 25: CSO-in-Residence, Echelon One, LLCcdn.ttgtmedia.com/searchSecurity/downloads/ATaleOf2.0Webs_Best… · E New England Ave Shad st E south st R veriea E Ave Mccoy an Ave N Map a Park

Security In The SDLC

Page 26: CSO-in-Residence, Echelon One, LLCcdn.ttgtmedia.com/searchSecurity/downloads/ATaleOf2.0Webs_Best… · E New England Ave Shad st E south st R veriea E Ave Mccoy an Ave N Map a Park

SDLC In 8 Slides

Page 27: CSO-in-Residence, Echelon One, LLCcdn.ttgtmedia.com/searchSecurity/downloads/ATaleOf2.0Webs_Best… · E New England Ave Shad st E south st R veriea E Ave Mccoy an Ave N Map a Park

Educate

Page 28: CSO-in-Residence, Echelon One, LLCcdn.ttgtmedia.com/searchSecurity/downloads/ATaleOf2.0Webs_Best… · E New England Ave Shad st E south st R veriea E Ave Mccoy an Ave N Map a Park

Design

Page 29: CSO-in-Residence, Echelon One, LLCcdn.ttgtmedia.com/searchSecurity/downloads/ATaleOf2.0Webs_Best… · E New England Ave Shad st E south st R veriea E Ave Mccoy an Ave N Map a Park

Code

Page 30: CSO-in-Residence, Echelon One, LLCcdn.ttgtmedia.com/searchSecurity/downloads/ATaleOf2.0Webs_Best… · E New England Ave Shad st E south st R veriea E Ave Mccoy an Ave N Map a Park

Test

Page 31: CSO-in-Residence, Echelon One, LLCcdn.ttgtmedia.com/searchSecurity/downloads/ATaleOf2.0Webs_Best… · E New England Ave Shad st E south st R veriea E Ave Mccoy an Ave N Map a Park

Ship

Page 32: CSO-in-Residence, Echelon One, LLCcdn.ttgtmedia.com/searchSecurity/downloads/ATaleOf2.0Webs_Best… · E New England Ave Shad st E south st R veriea E Ave Mccoy an Ave N Map a Park

Update

Page 33: CSO-in-Residence, Echelon One, LLCcdn.ttgtmedia.com/searchSecurity/downloads/ATaleOf2.0Webs_Best… · E New England Ave Shad st E south st R veriea E Ave Mccoy an Ave N Map a Park

Books

Threat ModelingWriting Secure Code

Software Security: Building Security In

Page 34: CSO-in-Residence, Echelon One, LLCcdn.ttgtmedia.com/searchSecurity/downloads/ATaleOf2.0Webs_Best… · E New England Ave Shad st E south st R veriea E Ave Mccoy an Ave N Map a Park

Resources

OWASPNoScript

BugMeNotAdBlock

Page 35: CSO-in-Residence, Echelon One, LLCcdn.ttgtmedia.com/searchSecurity/downloads/ATaleOf2.0Webs_Best… · E New England Ave Shad st E south st R veriea E Ave Mccoy an Ave N Map a Park

http://jeremiahgrossman.blogspot.com

Page 36: CSO-in-Residence, Echelon One, LLCcdn.ttgtmedia.com/searchSecurity/downloads/ATaleOf2.0Webs_Best… · E New England Ave Shad st E south st R veriea E Ave Mccoy an Ave N Map a Park

http://ha.ckers.org/blog

Page 37: CSO-in-Residence, Echelon One, LLCcdn.ttgtmedia.com/searchSecurity/downloads/ATaleOf2.0Webs_Best… · E New England Ave Shad st E south st R veriea E Ave Mccoy an Ave N Map a Park

http://1raindrop.typepad.com/

Page 38: CSO-in-Residence, Echelon One, LLCcdn.ttgtmedia.com/searchSecurity/downloads/ATaleOf2.0Webs_Best… · E New England Ave Shad st E south st R veriea E Ave Mccoy an Ave N Map a Park

Page 39: CSO-in-Residence, Echelon One, LLCcdn.ttgtmedia.com/searchSecurity/downloads/ATaleOf2.0Webs_Best… · E New England Ave Shad st E south st R veriea E Ave Mccoy an Ave N Map a Park

David MortmanCSO-in-Residence, Echelon One, LLC

A Tale of 2.0 Webs

3516 E. Southern Ave. - Strategic Retail Groupsrgaz.com/wp-content/uploads/3516-E.-Southern-Ave..pdf · STRATEGIC 3516 E. Southern Ave., Mesa, AZ NORTHWEST CORNER OF VAL VISTA DR

Authentication Best Practices for 2013cdn.ttgtmedia.com/searchSecurity/downloads/E-Guide_User... · 2013-10-04 · best practices Industry experts Jonathan Hassel and Ajay Kumar take

Ave Maria - e. Cossetto

E-guide Mobile Security Buyer’s Guidecdn.ttgtmedia.com/searchSecurity/downloads/Mobile... · 2016. 7. 5. · When evaluating mobile device management products and vendors, these

PAGE lEft intEntionAlly BlAnk - Seattle...11th Ave E 12th Ave E 13th Ave E f ederal Ave E 14th Ave E Malden Ave E 15th Ave E E Republican St E Mercer St E Roy St E Vallley St SitE

E Colfax Ave. Vine St. York St. Josephine St. Columbine St ......E H a l e P k w y E Colfax Ave. E 14th Ave. E 13th Ave. E 8th Ave. E 7th Ave. E 6th Ave. E H a l e P k w y E 12th Ave

NWC OF E. ORANGETHORPE AVE. & LAKEVIEW AVE....NWC OF E. ORANGETHORPE AVE. & LAKEVIEW AVE. PLACENTIA, CA 92870 RANDALL DALBY SENIOR VICE PRESIDENT CALDRE 01259576 949.790.3165 [email protected]

Vulnerability Management Tools Buyer’s Guidecdn.ttgtmedia.com/searchSecurity/downloads/... · The business case for vulnerability management tools E-guide detailed results, although

Longs Peak St N 19th Ave Main St Brighton E Bridge St ...brightoncrossings.com/wp-content/themes/brighton-crossings-v1.5... · NORTH E 136th Ave N 19th Ave S 50th Ave S 27th Ave E

ity E ng er's Quarter Section Index - Denver · 2002-09-03 · n C l u b R d. E 2 3 3 0 0 128th Ave. 120th Ave. 112th Ave. 104th Ave. 96th Ave. 80th Ave. 88th Ave. N 8000 N 12800

505 mass ave e book

State Legislative District Reference Map€¦ · Malena Dr E Taft Ave Stanford Ave W Orangethorpe Ave N Cambridge St W Struck Ave Trask Ave C ent r Av e N Tustin St Pacific Ave W

E-guide Network Access Control (NAC) Buyer’s Guidecdn.ttgtmedia.com › searchSecurity › downloads › Network...network access control products Five questions to ask before you

SUDOKU - havredailynews.com...May 06, 2015 · 210 1st Ave W 25 5th St Gildford: 925 1st Ave 210 1st Ave 530 1st St W 405 7th St E 505 7th St E 523 5th Ave E 730 6th Ave E Maps w/item

TORRANCE TECH PARK - voit.reapplications.comvoit.reapplications.com/filecabinet/Trans/033709/... · Gramercy Pl Manhattan Pl Main St e Ampapola Ave Acacia Ave Madrid Ave Beech Ave

2822 E California Ave - Belltech

Pocket Guide to Managing Identity in a Hybrid Worldcdn.ttgtmedia.com/searchSecurity/downloads/E-Guide_IDAM.pdf · 2013-10-04 · disruptive technologies such as cloud-based systems,

images1.loopnet.com › d2 › bIN4sGb2dMWJzMmIGIS00Mf8Y… · Email [email protected] Monterey Park E Garvey Ave 5258-005-059 835 E Garvey Ave 825 E Garvey Ave (LOT 2)

Brandon, MB · 110 110 110 Richmond Ave. E BRANDON Patricia Ave. 49th St. E Limestone Rd. E 65th St. E Victoria Ave. E Auction Site 1A 2 Brandon, MB | July ˜˚, ˜˛˝˙ (Thursday)

Network Security Monitoring SearchSecurity webcast: 4 Dec 02

72ND AVE - City of Aurora · i-70 72nd ave 56th ave 48th ave 38th ave i-70 alameda ave jewell ave mississippi ave 26th ave 6th ave p e o r i a s t o t o m a c s t c h a m b e r s

751 26th Ave E, Seattle

FOR SALE 201 E UTAH AVE - LoopNet€¦ · Social Media: SITE PLAN & PHOTOS 201 E UTAH AVE LAND • 201 E UTAH AVE, LAS VEGAS, NV - 89104 e e d t e d. LAND • 201 E UTAH AVE, LAS

@sd43bcsd43bc For a digital map of schools ... · 110 66 39 35 E E S M 131109 59 28 Princeton Ave Roxton Ave Gislason Ave Baycrest Ave Wilkie Ave ve Kingston St B u r k e V il a g

· 2019. 9. 5. · (Eddie) Park onfluence East park onfluence E 26TH AVE E 25TH AVE E 24TH AVE [email protected]. Children's park (Sonny) P ark Polaris Be nedict < o Union Station o @

LOCATION MAP - Central Ohio Transit Authority · slabs playground court cota pr clevelandave elmore ave elmore ave e lamont ave w lamont ave e walfordst melrose ave w melrose ave

X ark III IX VII KEY · s maryland ave s drexel blvd e 56th st e 57th st e 55th st e 54th pl e 58th st e 59th st s kenwood ave s kimbark ave s kenwood ave s woodlawn ave s kimbark

GLENN AVE - STUDENT ENTRANCE E. UNIVERSITY …...STUDENT DROP OFF BARRICADE GLENN AVE - STUDENT ENTRANCE E. SAMFORD AVE - VISITOR ENTRANCE E. UNIVERSITY DR - BUS ENTRANCE Title DROP

US 301 FOUR CORNERS MINE RD FOUR C JOHN E ......CLYDE JONES RD 45 AVE DR E 48 AVE DR E 65 ST CT E 3 AVE E (VAN WHY RD) 11 AVE E 70 ST CT E 68 ST E 65 CT E 64 ST CT E LANDFILL RD SUMMER

52 36 RETAIL SPACE FOR LEASE Plaza on the Green...Longmont 95th Av e. Monteview Blvd. Monteview Blvd. 23rd Ave. 17th Ave. 11th Ave. 8th Ave. 6th Ave. 6th Ave. 1st Ave. Alameda Ave

Map data ©2019 Google · —1-275 Greenway Inbox - E st Intra E eth. E E W Palm Ave W Oak Ave Armature Works W Palm Ave W Oak Ave Phil Bourquardez Park E palm Ave Tampa YMCA Administrative

county map Map.pdfarbor lane arlington ave. augusta dr. ... dennis ave. dennison ave. drexel ave. ... county 67 -a 27-a harding highway 33-e e

Homewood Suites by Hilton Fresno...Joaq W Belmont Whitesbridge.R United States Fresno CD Fresno -San Jooquin E Ashlan Ave EShieldS A Ave E W Nees Ave W Bulla W Ave W Ave Homewood Suites

E 45TH AVE E 46TH AVE - Rezoning Centre, …...vancouver.ca/rezoning Welcome E 48TH AVE VE E 46TH AVE T E 49TH AVE E 45TH AVE T T Corpus Christi School Nanaimo Park Waverly Elementary

Brandon, MB · 2019. 7. 9. · 110 110 110 Richmond Ave. E BRANDON Patricia Ave. 49th St. E Limestone Rd. E 65th St. E Victoria Ave. E Auction Site 1A 2 Brandon, MB | July ˜˚, ˜˛˝˙