security hole #18 - security matters

24

dddd

Upload: igor-beliaiev

Post on 16-Apr-2017

56 views

Category:

Technology

0 download

Report

Download

Embed Size (px):

TRANSCRIPT

Page 1: Security Hole #18 - Security Matters

dddd

Page 2: Security Hole #18 - Security Matters

Page 3: Security Hole #18 - Security Matters

We are small company

We don’t have anything important

We don’t have payments

Nobody would hack us

Page 4: Security Hole #18 - Security Matters

All about money

The question is not IF hackedThe Question is WHEN

Page 5: Security Hole #18 - Security Matters

Consequences of Security FAILURE

TrustMoney

Datastolen

Timeto recover

Penaltiesfor

incident

Customers

Reputation

Page 6: Security Hole #18 - Security Matters

Page 7: Security Hole #18 - Security Matters

Let’s go deeper

Page 8: Security Hole #18 - Security Matters

Non-critical application

Page 9: Security Hole #18 - Security Matters

Scanners win!

Page 10: Security Hole #18 - Security Matters

Or no?

Page 11: Security Hole #18 - Security Matters

Restrictions

Page 12: Security Hole #18 - Security Matters

But…let’s come back to registration page

Page 13: Security Hole #18 - Security Matters

But…let’s come back to registration page

Page 14: Security Hole #18 - Security Matters

Clientside restrictions bypass

Page 15: Security Hole #18 - Security Matters

Clientside restrictions bypass

Page 16: Security Hole #18 - Security Matters

alert(‘win’)

Page 17: Security Hole #18 - Security Matters

XSS can do more

Page 18: Security Hole #18 - Security Matters

XSS can do more

Page 19: Security Hole #18 - Security Matters

and even more

Page 20: Security Hole #18 - Security Matters

And the most interesting part

Page 21: Security Hole #18 - Security Matters

Database access

Page 22: Security Hole #18 - Security Matters

Changing admin password

Page 23: Security Hole #18 - Security Matters

Skype: ghost-bel

Page 24: Security Hole #18 - Security Matters

OWASP Lviv Team

Because Security Matters Security compliance …...Because security matters. netop is the most secure, trusted and scalable remote solution on the market today. We’ve been helping

Protecting What Matters...An Enterprise Approach to Cloud Security

E.I.S. European Institute for Security Matters (Luxembourg 1981)

tools for security that matters

Why Web Security Matters!

SECURITY MATTERS

SITSD Program Security Matters Security Site/Security Matters...Security website for the most current list of Security Awareness Events. Welcome to the inaugu-ral issue of Security

Nonprofit Security Matters: It's Not About the Network

Thriving Residents, Thriving Cities: Family Financial Security Matters

Security Hole #11 - Competitive intelligence

WINCHESTER HOUSE SECURITY: WHY AN ENTERPRISE SECURITY ARCHITECTURE MATTERS

[ WHITE PAPER ] WHY DATA-CENTRIC SECURITY MATTERS · 2017-10-24 · [ white paper ] why data-centric security matters cybercrime and data breaches are on the rise data security is

Why security matters

Compliance Standards Interoperability: Matters of security · Compliance, standards, interoperability: Matters of security Zoltán Précsényi, Symantec Corporation 7 ICT is high

Election security in Nigeria : matters arisinglibrary.fes.de/pdf-files/bueros/nigeria/10404.pdf · edited by 'lai olurode election security in nigeria: matters arisingelection security

CSCD 303 Essential Computer Security Winter 2014 Lecture 7 - Desktop Security Vulnerabilities Reading: References at end of Slides Security Hole

Why Security Matters for Marketers

An ACE in the Hole - Stealthy Host Persistence via Security Descriptors

Security Matters: The Evolution of Samsung KNOX™

SITSD Program Security Matters Security Site/Securit… · Focus on Passwords Security Matters is the monthly information security newsletter pub-lished by the Enterprise Security

Legal Matters Matter for Financial Security

Lightning Talk: Security matters @ploneconf 2014

SECURITY DEVICES, TITLE MATTERS AND OTHER ISSUES OF

Security Matters - A.S.P Security Services: Security Guards · Security Matters ™ Quarterly/Seasonal Newsletter for Employees and Clients ... around us. We can brighten the days

SECURITY MATTERS - assets.manutd.com

Security Hole #11 - Unusual security vulnerabilities - Yuriy Bilyk

Security Hole #12 Lviv SoftServe-Symphony Solutions "Lockpicking Authentication"

Agrochemicals and Security: Why It MattersIntro-01 Why It Matters Agrochemicals and Security Why It Matters

SITSD Program Security Matters Security Site... · Focus on Email Security Matters is the monthly information security newsletter pub-lished by the Enterprise Security Program. Each

CSCD 303 Essential Computer Security Spring 2013 Lecture 7 - Desktop Security Vulnerabilities Reading: References at end of Slides Security Hole

Global Wi-Fi Development and Why Security Matters

Baja California’s Economy, Security, and Why It Matters

Security Matters V.T. Raja, Ph.D., Oregon State University

Security hole #5 application security science or quality assurance

Security Hole #18 - Cryptolocker Ransomware