Presentation is loading. Please wait.

Presentation is loading. Please wait.

Security on Web 2.0 Krasznay Csaba. Google Search Trends.

Published byUrsula Lewis Modified over 9 years ago

Similar presentations

Presentation on theme: "Security on Web 2.0 Krasznay Csaba. Google Search Trends."— Presentation transcript:

1 Security on Web 2.0 Krasznay Csaba

2 Google Search Trends

3 Press Trends

4 malware deface data breach gossip phishing death lynching anti-privacy child porn data retention Media Image of Web 2.0

5 What really is Web 2.0?

6 ThreatsexploitVulnerabilitiescauseIncidentsdamageAssetshaveImpactsonOwner Risk Assessment

7 Hacker attack Malware infection Data loss No traces Copyright violation Software errors Data leaks Infection and downtime Data leaks Legal prosecution Productivity loss Resource waste Reputation damage Botnets Financial losses Identity theft Harassment Age verification threats Spam Hiding of origin Resource consumption Information fraud Inaccuracies of data Web 2.0 threats

8 Injection Attacks Cross-Site scripting Cross-Domain Attacks Malicious scripts Framework vulnerabilities Access, Authentication, Authorisation Development Process Issues Knowledge and Information Management vulnerabilities End-user Related problems General Software and Scripting Vulnerabilities Web 2.0 vulnerabilities

9 Target: the Person Think about Cyber-bullying and cyber-stalking Threats: Identity theft, Harassment, Age verification threats Vulnerabilities: Access, Authentication, Authorization; End-user Related problems Incident:the story of Megan Meier And think about what happened with Lori Drew… Asset: Private information, personal reputation, Physical security Impact: lethal…

10 Target: the Company Think about the Twitter account hacks Threats: Identity theft, Harassment, Spam, Information fraud Vulnerabilities: : Access, Authentication, Authorization; Knowledge and Information Management vulnerabilities Incident: celebrity Twitter hacks Asset: Corporate and personal reputation, Corporate secrets Impact: high

11 Target: the Country Think about WikiLeaks Threat: Data leak Vulnerabilities: Access, Authentication, Authorisation; Development Process Issues; Knowledge and Information Management vulnerabilities; End-user Related problems; General Software and Scripting Vulnerabilities Incident: Afghan War Diary Impact: high (maybe lethal?)

12 Target: the Computer Think about the Web 2.0 worms Threats: Botnets, Financial losses, Identity theft, Spam, Hiding of origin, Resource consumption Vulnerabilities: Access, Authentication, Authorisation; Development Process Issues; End-user Related problems; General Software and Scripting Vulnerabilities Incident: the KOOBFACE worm Impact: high

13 Conclusions Nothing has changed in our behavior for centuries, but we have new tools and broader audience Web 2.0 services are generally more secure in traditional technical aspect than other type of web services, but preventive controls are not enough We have to deal with the problem between the keyboard and the chair…

14 Maslow's hierarchy of needs Web 2.0 realizes three layers of human needs So people needs safety and security – but maybe we didn’t realize it yet If Web 2.0 can be lethal, do we also need the physiological layer?

15 Countermeasures Technical countermeasures: – Preventive controls focusing on information (DLP) – Detective controls (log management) – Secure applications (WAF, application controls) Administrative countermeasures – New security policy approach – New legal background – Broad awareness training – Communication, communication, communication Mathematical countermeasures – The more information we have the less value they have

16 THANK YOU! E-mail: csaba@krasznay.hu Web: www.krasznay.hu Facebook: http://www.facebook.com/krasznay.csaba Twitter: http://twitter.com/csabika25

Download ppt "Security on Web 2.0 Krasznay Csaba. Google Search Trends."

Similar presentations

OSG Computer Security Plans Irwin Gaines and Don Petravick 17-May-2006.

OSG Computer Security Plans Irwin Gaines and Don Petravick 17-May-2006.
© 2014 wheresjenny.com Cyber crime CYBER CRIME. © 2014 wheresjenny.com Cyber crime Vocabulary Defacement : An attack on a website that changes the visual.

© 2014 wheresjenny.com Cyber crime CYBER CRIME. © 2014 wheresjenny.com Cyber crime Vocabulary Defacement : An attack on a website that changes the visual.
Possible Threats To Data. Objectives To understand: Types of threats Importance of security Preventative and remedial actions Personal safety This will.

Possible Threats To Data. Objectives To understand: Types of threats Importance of security Preventative and remedial actions Personal safety This will.
The development of Internet A cow was lost in Jan 14th 2003. If you know where it is, please contact with me. My QQ number is 87881405. QQ is one of the.

The development of Internet A cow was lost in Jan 14th If you know where it is, please contact with me. My QQ number is QQ is one of the.
Copyright © 2012 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin CHAPTER FOUR ETHICS AND INFORMATION SECURITY: MIS BUSINESS CONCERNS.

Copyright © 2012 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin CHAPTER FOUR ETHICS AND INFORMATION SECURITY: MIS BUSINESS CONCERNS.
McGraw-Hill/Irwin ©2009 The McGraw-Hill Companies, All Rights Reserved CHAPTER 4 ETHICS AND INFORMATION SECURITY Business Driven Information Systems 2e.

McGraw-Hill/Irwin ©2009 The McGraw-Hill Companies, All Rights Reserved CHAPTER 4 ETHICS AND INFORMATION SECURITY Business Driven Information Systems 2e.
Chapter 4 McGraw-Hill/Irwin Copyright © 2011 by The McGraw-Hill Companies, Inc. All rights reserved. Ethics and Information Security.

Chapter 4 McGraw-Hill/Irwin Copyright © 2011 by The McGraw-Hill Companies, Inc. All rights reserved. Ethics and Information Security.
Page 1 Presented Insp. Amos Sylvester Trinidad and Tobago Police Service.

Page 1 Presented Insp. Amos Sylvester Trinidad and Tobago Police Service.
Cyber X-Force-SMS alert system for E-mail threats.

Cyber X-Force-SMS alert system for threats.
7.1 © 2007 by Prentice Hall 7 Chapter Securing Information Systems.

7.1 © 2007 by Prentice Hall 7 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Global Information Security Issues According to the E&Y Global Survey, Managers Say the Right Thing… –90% of 1400 companies surveyed in 66 countries say.

Global Information Security Issues According to the E&Y Global Survey, Managers Say the Right Thing… –90% of 1400 companies surveyed in 66 countries say.
E-Commerce Security and Fraud Issues and Protections

E-Commerce Security and Fraud Issues and Protections
Network Infrastructure Security. LAN Security Local area networks facilitate the storage and retrieval of programs and data used by a group of people.

Network Infrastructure Security. LAN Security Local area networks facilitate the storage and retrieval of programs and data used by a group of people.
CYBER CRIME AND SECURITY TRENDS

CYBER CRIME AND SECURITY TRENDS
Presenter Deddie Tjahjono.  Introduction  Website Application Layer  Why Web Application Security  Web Apps Security Scanner  About  Feature  How.

Presenter Deddie Tjahjono.  Introduction  Website Application Layer  Why Web Application Security  Web Apps Security Scanner  About  Feature  How.
Bank Crime Investigation Techniques by means of Forensic IT

Bank Crime Investigation Techniques by means of Forensic IT
CAP6135: Malware and Software Vulnerability Analysis Examples of Term Projects Cliff Zou Spring 2012.

CAP6135: Malware and Software Vulnerability Analysis Examples of Term Projects Cliff Zou Spring 2012.

Similar presentations

Ads by Google