Presentation is loading. Please wait.

Presentation is loading. Please wait.

SO YOU WANT TO BE A HACKER? Maybe not yet, but you will at the end of the hour!

Published byJaime Earl Modified over 10 years ago

Similar presentations

Presentation on theme: "SO YOU WANT TO BE A HACKER? Maybe not yet, but you will at the end of the hour!"— Presentation transcript:

1 SO YOU WANT TO BE A HACKER? Maybe not yet, but you will at the end of the hour!

2 Agenda  Introductions  Why you should listen to me  Day in the life of Joe  What makes a security tester different?  DEMOS!  Cross Site Scripting  SQL injection  Java Decomplier

3 Introduction  Joe Basirico – Dev Manager and Security Consultant for Security Innovation  Worked in security for about 6 years now  Worked for Microsoft before SI  Security Trainer, Engineer, Consultant, etc.

4 Day in the life  Work with Software, Financial, Insurance, companies to help them produce more secure software  Find Vulnerabilities in software so hackers don’t  Help our customers fix them before they release

5 The Work  One week to a couple months engagement  Quickly learn the system  Find theoretical flaws through threat modeling and intuition  Verify flaws through testing  Help client remediate the flaw directly or through recommendations

6 What makes a great hacker?  Complete Knowledge of the System  Great security testers know everything about every layer of the system, from browser to hardware  A Great Imagination  What’s really going on back there?  An Evil Streak  What’s the worst thing I could do?  Steal passwords, credit card numbers, take the system down?

7 Example

8 Demos!  Cross Site Scripting  SQL Injection  Forceful Browsing  Decompilation

9 Remediation  Be very careful with your input!  Assume the world is malicious  Think like an attacker  Protect yourself

10 Questions? E-mail jbasirico@securityinnovation.com

Download ppt "SO YOU WANT TO BE A HACKER? Maybe not yet, but you will at the end of the hour!"

Similar presentations

Writing Secure Code By Sam Nasr, MCAD, MCT, MCTS March 18, 2009.

Writing Secure Code By Sam Nasr, MCAD, MCT, MCTS March 18, 2009.
Preventing Web Application Injections with Complementary Character Coding Raymond Mui Phyllis Frankl Polytechnic Institute of NYU Presented at ESORICS.

Preventing Web Application Injections with Complementary Character Coding Raymond Mui Phyllis Frankl Polytechnic Institute of NYU Presented at ESORICS.
Esri International User Conference | San Diego, CA Demo Theater | ArcGIS Beta Community and ArcGIS 10.1 Beta Program Mike Hogan & Rohit Gupta July 12 th,

Esri International User Conference | San Diego, CA Demo Theater | ArcGIS Beta Community and ArcGIS 10.1 Beta Program Mike Hogan & Rohit Gupta July 12 th,
© 2009 IBM Corporation IBM Rational Application Security The Bank Job Utilizing XSS Vulnerabilities Adi Sharabani IBM Rational Application Security Research.

© 2009 IBM Corporation IBM Rational Application Security The Bank Job Utilizing XSS Vulnerabilities Adi Sharabani IBM Rational Application Security Research.
HI-TEC 2011 SQL Injection. Client’s Browser HTTP or HTTPS Web Server Apache or IIS HTML Forms CGI Scripts Database SQL Server or Oracle or MySQL ODBC.

HI-TEC 2011 SQL Injection. Client’s Browser HTTP or HTTPS Web Server Apache or IIS HTML Forms CGI Scripts Database SQL Server or Oracle or MySQL ODBC.
Designed-in Security Some Major Challenges Security Group Department of Computer Science University of California, Santa Barbara Trustworthy.

Designed-in Security Some Major Challenges Security Group Department of Computer Science University of California, Santa Barbara Trustworthy.
Creating Stronger, Safer, Web Facing Code JPL IT Security Mary Rivera June 17, 2011.

Creating Stronger, Safer, Web Facing Code JPL IT Security Mary Rivera June 17, 2011.
E. halFILE™ Providing images and documents to the Internet hal Systems Corporation Overview.

E. halFILE™ Providing images and documents to the Internet hal Systems Corporation Overview.
Social Networking Services and User Data Protection

Social Networking Services and User Data Protection
Cyber Crime Game Players By Marharyta Abreu & Iwona Sornat.

Cyber Crime Game Players By Marharyta Abreu & Iwona Sornat.
Computer Security And Computer Crimes. Problem under consideration A software flaw was found in a national bank's web site that allows anyone who knows.

Computer Security And Computer Crimes. Problem under consideration A software flaw was found in a national bank's web site that allows anyone who knows.
It’s always better live. MSDN Events Security Best Practices Part 2 of 2 Reducing Vulnerabilities using Visual Studio 2008.

It’s always better live. MSDN Events Security Best Practices Part 2 of 2 Reducing Vulnerabilities using Visual Studio 2008.
Cyber Security - Threats James Clement Network Specialist ETS: Communications & Network Services

Cyber Security - Threats James Clement Network Specialist ETS: Communications & Network Services
Introduction to Web Application Security

Introduction to Web Application Security
Chapter 4 Application Security Knowledge and Test Prep

Chapter 4 Application Security Knowledge and Test Prep
Presenter Deddie Tjahjono.  Introduction  Website Application Layer  Why Web Application Security  Web Apps Security Scanner  About  Feature  How.

Presenter Deddie Tjahjono.  Introduction  Website Application Layer  Why Web Application Security  Web Apps Security Scanner  About  Feature  How.
Web Application Testing with AppScan Terry Labach.

Web Application Testing with AppScan Terry Labach.
Norman SecureSurf Protect your users when surfing the Internet.

Norman SecureSurf Protect your users when surfing the Internet.
1 Title ECI: Anatomy of a Cyber Investigation Who Are the Actors.

1 Title ECI: Anatomy of a Cyber Investigation Who Are the Actors.
Unit 2 - Hardware Computer Security.

Unit 2 - Hardware Computer Security.

Similar presentations

Ads by Google