security hole #18 - security matters
TRANSCRIPT
dddd
We are small company
We don’t have anything important
We don’t have payments
Nobody would hack us
All about money
The question is not IF hackedThe Question is WHEN
Consequences of Security FAILURE
TrustMoney
Datastolen
Timeto recover
Penaltiesfor
incident
Customers
Reputation
Let’s go deeper
Non-critical application
Scanners win!
Or no?
Restrictions
But…let’s come back to registration page
But…let’s come back to registration page
Clientside restrictions bypass
Clientside restrictions bypass
alert(‘win’)
XSS can do more
XSS can do more
and even more
And the most interesting part
Database access
Changing admin password
Skype: ghost-bel
OWASP Lviv Team