OWASP Dallas

•

0 gefällt mir•285 views

Branden Williams

Branden takes the audience through a discussion of the basic elements found in many recent breaches.

Recent Breaches
& their Causes
Branden R. Williams, CISSP, CISM

brw@brandenwilliams.com

http://www.brandenwilliams.com

Agenda

• My background

• Where I see breaches

• If I were a bad guy, where would I go?

• Discuss causes of recent breaches

• Q/A

My background

Where do I see breaches?

• Fewer attacks against
the network layer

• Usually relatively
complex

Where are the weak ones?

• Brick & Mortar Retail

• Internal Sites

• Small-Medium Biz

• Healthcare Practices

• New Cashless Ventures

Recent Breach Trends

Applications in Debug Mode

• Applications going into production with debugging info
set

• Excessive logs on systems
• Track Data
• Usernames/Passwords
• Admin functions

• Extra functions available for use

Deprecated or old code
• Developers leaving old code that can still be executed
• page1.asp when page.asp is the correct version
• Deprecated functions (triggered through get/post)

• Poorly executed upgrades
• Old code from old versions
(jump.php not in current ver)
• Incomplete Upgrades

Poor Hardening
• Applications ignoring input validation

• Blank SQL Account passwords (INCLUDING SA)

• Easily Guessed Passwords

• Complex applications with 3rd party middleware
• Follow the data path
• Consider binary analysis

• Clear User IDs/Passwords from app to DB or stored

Other Misc. Causes

• DLL injection

• Drive-By in the form of hidden iFrames
• INTERESTING Attacks
• Complexity increasing

• Memory Dumping

• Sniffer/Keylogger

• Any/Any rules on ﬁrewalls

Thank you!
brw@brandenwilliams.com

brandenwilliams.com

Weitere ähnliche Inhalte

Ähnlich wie OWASP Dallas

The SolarWinds attack brought additional scrutiny software supply chain security, but concerns about organizations’ software supply chains have been discussed for a number of years. Development organizations’ shift to DevOps or DevSecOps has pushed teams to adopt new technologies in the build pipeline – often hosted by 3rd parties. This has resulted in build pipelines that expose a complicated and often uncharted attack surface. In addition, modern products also incorporate code from a variety of contributors – ranging from in-house developers, 3rd party development contractors, as well as an array open source contributors. This talk looks at the challenge of developing secure build pipelines. This is done via the construction of a threat model for an example software build pipeline that walks through how the various systems and communications along the way can potentially be misused by malicious actors. Coverage of the major components of a build pipeline – source control, open source component management, software builds, automated testing, and packaging for distribution – is used to enumerate likely attack surface exposed via the build process and to highlight potential controls that can be put in place to harden the pipeline against attacks. The presentation is intended to be useful both for evaluating internal build processes as well as to support the evaluation of critical external vendors’ processes.

Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...

Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...

Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...

Shiny, Let’s Be Bad Guys: Exploiting and Mitigating the Top 10 Web App Vulner...

Shiny, Let’s Be Bad Guys: Exploiting and Mitigating the Top 10 Web App Vulner...

Shiny, Let’s Be Bad Guys: Exploiting and Mitigating the Top 10 Web App Vulner...

How to Destroy a Database

How to Destroy a Database

How to Destroy a Database

Ch 1: Web Application (In)security & Ch 2: Core Defense Mechanisms

Ch 1: Web Application (In)security & Ch 2: Core Defense Mechanisms

Ch 1: Web Application (In)security & Ch 2: Core Defense Mechanisms

Security best practice and regulations such as SOX, HIPAA, GDPR and others require you to restrict access to your critical IBM i systems and their data, but this is easier said than done. Legacy, proprietary access protocols now co-exist with new, open-source protocols to create access control headaches. View this webcast on-demand for an in-depth discussion of IBM i access points that must be secured and how exit points can be leveraged to accomplish the task. We’ll cover: • Securing network access and communication ports • How database access via open-source protocols can be secured • Taking control of command execution

Controlling Access to IBM i Systems and Data

Controlling Access to IBM i Systems and Data

Controlling Access to IBM i Systems and Data

In today’s IT world, the threats from bad actors are increasing and the negative impacts of a data breach continue to rise. Responsible enterprises have an obligation to handle the personal data of their customers with care and protect their company’s information with all the tools at their disposal. For IBM i customers, this includes system settings, company-wide security protocols and the strategic use of additional third-party solutions. These solutions should include things like multi factor authentication (MFA), auditing and SEIM features, access control, authority elevation, and more. In this presentation, we will help you understand how all these elements can work together to create an effective, comprehensive IBM i security environment. Watch this on-demand webinar to learn about: • taking a holistic approach to IBM i Security • what to look for when you consider adding a security product to your IBM i IT infrastructure. • the components to consider a comprehensive, effective security strategy • how Precisely can help

What Does a Full Featured Security Strategy Look Like?

What Does a Full Featured Security Strategy Look Like?

What Does a Full Featured Security Strategy Look Like?

Vulnerability Assessment is, by some, regarded as one of the least “sexy” capabilities in information security. However, it is the presenter’s view that it is also a key component of any successful infosec program, and one that is often overlooked. Doing so serves an injustice to the organization and results in many missed opportunities to help ensure success in protecting critical information assets. The presenter will explore how Vulnerability Assessment can be leveraged “Beyond the Scan” and provide tangible value to not only the security team, but the entire business that it supports.

Beyond the Scan: The Value Proposition of Vulnerability Assessment

Beyond the Scan: The Value Proposition of Vulnerability Assessment

Beyond the Scan: The Value Proposition of Vulnerability Assessment

Implementing security for your library | PLAN Tech Day Conference

Implementing security for your library | PLAN Tech Day Conference

Implementing security for your library | PLAN Tech Day Conference

Uweb Meeting Presentation - Website Exploits

Uweb Meeting Presentation - Website Exploits

Uweb Meeting Presentation - Website Exploits

In this session, we will discuss the Great Simplification Architecture, instead of creating abstract towers of babel, we will see how we can create agile, maintainable and easy to work with architectures and systems that allow you to just go in and start working, rather than spend a lot of time an effort hammering everything in sight, looking for the nail that the architecture diagram's page 239 says must be there.

Hard Coding as a design approach

Hard Coding as a design approach

Hard Coding as a design approach

Controlling all the ways your company’s data is being accessed, especially given the proliferation of open source software and other non-traditional data-access methods, is critical to ensuring security and regulatory compliance. This webinar reviews the different ways your data can be accessed, discusses how exit points work and how they can be managed, and why a global data access control strategy is especially important to efficiently protect sensitive data against unwanted access. Topics include: • IBM i access methods and risks • Using exit programs to block traditional and modern access methods • Real life examples and perspectives

Expand Your Control of Access to IBM i Systems and Data

Expand Your Control of Access to IBM i Systems and Data

Expand Your Control of Access to IBM i Systems and Data

CNIT 129S: Securing Web Applications Ch 1-2

CNIT 129S: Securing Web Applications Ch 1-2

CNIT 129S: Securing Web Applications Ch 1-2

Defcon 23 - damon small - beyond the scan

Defcon 23 - damon small - beyond the scan

Defcon 23 - damon small - beyond the scan

Oracle database threats - LAOUC Webinar

Oracle database threats - LAOUC Webinar

Oracle database threats - LAOUC Webinar

Mr. desmond cloud security_format

Mr. desmond cloud security_format

Mr. desmond cloud security_format

Design Reviews for Operations - Velocity Europe 2014

Design Reviews for Operations - Velocity Europe 2014

Design Reviews for Operations - Velocity Europe 2014

How a Hacker Sees Your Site

How a Hacker Sees Your Site

How a Hacker Sees Your Site

Patrick Laverty

8 cloud design patterns you ought to know - Update Conference 2018

8 cloud design patterns you ought to know - Update Conference 2018

8 cloud design patterns you ought to know - Update Conference 2018

Defcon 25 Packet Hacking Village - Finding Your Way to Domain Access

Defcon 25 Packet Hacking Village - Finding Your Way to Domain Access

Defcon 25 Packet Hacking Village - Finding Your Way to Domain Access

Cloud patterns at Carleton University

Cloud patterns at Carleton University

Cloud patterns at Carleton University

Ähnlich wie OWASP Dallas (20)

Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...

Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...

Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...

Shiny, Let’s Be Bad Guys: Exploiting and Mitigating the Top 10 Web App Vulner...

Shiny, Let’s Be Bad Guys: Exploiting and Mitigating the Top 10 Web App Vulner...

Shiny, Let’s Be Bad Guys: Exploiting and Mitigating the Top 10 Web App Vulner...

How to Destroy a Database

How to Destroy a Database

How to Destroy a Database

Ch 1: Web Application (In)security & Ch 2: Core Defense Mechanisms

Ch 1: Web Application (In)security & Ch 2: Core Defense Mechanisms

Ch 1: Web Application (In)security & Ch 2: Core Defense Mechanisms

Controlling Access to IBM i Systems and Data

Controlling Access to IBM i Systems and Data

Controlling Access to IBM i Systems and Data

What Does a Full Featured Security Strategy Look Like?

What Does a Full Featured Security Strategy Look Like?

What Does a Full Featured Security Strategy Look Like?

Beyond the Scan: The Value Proposition of Vulnerability Assessment

Beyond the Scan: The Value Proposition of Vulnerability Assessment

Beyond the Scan: The Value Proposition of Vulnerability Assessment

Implementing security for your library | PLAN Tech Day Conference

Implementing security for your library | PLAN Tech Day Conference

Implementing security for your library | PLAN Tech Day Conference

Uweb Meeting Presentation - Website Exploits

Uweb Meeting Presentation - Website Exploits

Uweb Meeting Presentation - Website Exploits

Hard Coding as a design approach

Hard Coding as a design approach

Hard Coding as a design approach

Expand Your Control of Access to IBM i Systems and Data

Expand Your Control of Access to IBM i Systems and Data

Expand Your Control of Access to IBM i Systems and Data

CNIT 129S: Securing Web Applications Ch 1-2

CNIT 129S: Securing Web Applications Ch 1-2

CNIT 129S: Securing Web Applications Ch 1-2

Defcon 23 - damon small - beyond the scan

Defcon 23 - damon small - beyond the scan

Defcon 23 - damon small - beyond the scan

Oracle database threats - LAOUC Webinar

Oracle database threats - LAOUC Webinar

Oracle database threats - LAOUC Webinar

Mr. desmond cloud security_format

Mr. desmond cloud security_format

Mr. desmond cloud security_format

Design Reviews for Operations - Velocity Europe 2014

Design Reviews for Operations - Velocity Europe 2014

Design Reviews for Operations - Velocity Europe 2014

How a Hacker Sees Your Site

How a Hacker Sees Your Site

How a Hacker Sees Your Site

8 cloud design patterns you ought to know - Update Conference 2018

8 cloud design patterns you ought to know - Update Conference 2018

8 cloud design patterns you ought to know - Update Conference 2018

Defcon 25 Packet Hacking Village - Finding Your Way to Domain Access

Defcon 25 Packet Hacking Village - Finding Your Way to Domain Access

Defcon 25 Packet Hacking Village - Finding Your Way to Domain Access

Cloud patterns at Carleton University

Cloud patterns at Carleton University

Cloud patterns at Carleton University

Kürzlich hochgeladen

Strategies for Landing an Oracle DBA Job as a Fresher

Strategies for Landing an Oracle DBA Job as a Fresher

Strategies for Landing an Oracle DBA Job as a Fresher

Remote DBA Services

Presentation on how to chat with PDF using ChatGPT code interpreter

Presentation on how to chat with PDF using ChatGPT code interpreter

Presentation on how to chat with PDF using ChatGPT code interpreter

GenAI Risks & Security Meetup 01052024.pdf

GenAI Risks & Security Meetup 01052024.pdf

GenAI Risks & Security Meetup 01052024.pdf

[2024]Digital Global Overview Report 2024 Meltwater.pdf

[2024]Digital Global Overview Report 2024 Meltwater.pdf

[2024]Digital Global Overview Report 2024 Meltwater.pdf

In an era where artificial intelligence (AI) stands at the forefront of business innovation, Information Architecture (IA) is at the core of functionality. See “There’s No AI Without IA” – (from 2016 but even more relevant today) Understanding and leveraging how Information Architecture (IA) supports AI synergies between knowledge engineering and prompt engineering is critical for senior leaders looking to successfully deploy AI for internal and externally facing knowledge processes. This webinar be a high-level overview of the methodologies that can elevate AI-driven knowledge processes supporting both employees and customers. Core Insights Include: Strategic Knowledge Engineering: Delve into how structuring AI's knowledge base is required to prevent hallucinations, enable contextual retrieval of accurate information. This will include discussion of gold standard libraries of use cases support testing various LLMs and structures and configurations of knowledge base. Precision in Prompt Engineering: Learn the art of crafting prompts that direct AI to deliver targeted, relevant responses, thereby optimizing customer experiences and business outcomes. Unified Approach for Enhanced AI Performance: Explore the intersection of knowledge and prompt engineering to develop AI systems that are not only more responsive but also aligned with overarching business strategies. Guiding Principles for Implementation: Equip yourself with best practices, ethical guidelines, and strategic considerations for embedding these technologies into your business ecosystem effectively. This webinar is designed to empower business and technology leaders with the knowledge to harness the full potential of AI, ensuring their organizations not only keep pace with digital transformation but lead the charge. Join us to map a roadmap to fully leverage Information Architecture (IA) and AI chart a course towards a future where AI is a key pillar of strategic innovation and business success.

EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx

EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx

EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx

Earley Information Science

Axa Assurance Maroc - Insurer Innovation Award 2024

Axa Assurance Maroc - Insurer Innovation Award 2024

Axa Assurance Maroc - Insurer Innovation Award 2024

The Digital Insurer

What is a good lead in your organisation? Which leads are priority? What happens to leads? When sales and marketing give different answers to these questions, or perhaps aren't sure of the answers at all, frustrations build and opportunities are left on the table. Join us for an illuminating session with Cian McLoughlin, HubSpot Principal Customer Success Manager, as we look at that crucial piece of the customer journey in which leads are transferred from marketing to sales.

04-2024-HHUG-Sales-and-Marketing-Alignment.pptx

04-2024-HHUG-Sales-and-Marketing-Alignment.pptx

04-2024-HHUG-Sales-and-Marketing-Alignment.pptx

The presentation explores the development and application of artificial intelligence (AI) from its inception to its current status in the modern world. The term "artificial intelligence" was first coined by John McCarthy in 1956 to describe efforts to develop computer programs capable of performing tasks that typically require human intelligence. This concept was first introduced at a conference held at Dartmouth College, where programs demonstrated capabilities such as playing chess, proving theorems, and interpreting texts. In the early stages, Alan Turing contributed to the field by defining intelligence as the ability of a being to respond to certain questions intelligently, proposing what is now known as the Turing Test to evaluate the presence of intelligent behavior in machines. As the decades progressed, AI evolved significantly. The 1980s focused on machine learning, teaching computers to learn from data, leading to the development of models that could improve their performance based on their experiences. The 1990s and 2000s saw further advances in algorithms and computational power, which allowed for more sophisticated data analysis techniques, including data mining. By the 2010s, the proliferation of big data and the refinement of deep learning techniques enabled AI to become mainstream. Notable milestones included the success of Google's AlphaGo and advancements in autonomous vehicles by companies like Tesla and Waymo. A major theme of the presentation is the application of generative AI, which has been used for tasks such as natural language text generation, translation, and question answering. Generative AI uses large datasets to train models that can then produce new, coherent pieces of text or other media. The presentation also discusses the ethical implications and the need for regulation in AI, highlighting issues such as privacy, bias, and the potential for misuse. These concerns have prompted calls for comprehensive regulations to ensure the safe and equitable use of AI technologies. Artificial intelligence has also played a significant role in healthcare, particularly highlighted during the COVID-19 pandemic, where it was used in drug discovery, vaccine development, and analyzing the spread of the virus. The capabilities of AI in healthcare are vast, ranging from medical diagnostics to personalized medicine, demonstrating the technology's potential to revolutionize fields beyond just technical or consumer applications. In conclusion, AI continues to be a rapidly evolving field with significant implications for various aspects of society. The development from theoretical concepts to real-world applications illustrates both the potential benefits and the challenges that come with integrating advanced technologies into everyday life. The ongoing discussion about AI ethics and regulation underscores the importance of managing these technologies responsibly to maximize their their benefits while minimizing potential harms.

Artificial Intelligence: Facts and Myths

Artificial Intelligence: Facts and Myths

Artificial Intelligence: Facts and Myths

BooK Now Call us at +918448380779 to hire a gorgeous and seductive call girl for sex. Take a Delhi Escort Service. The help of our escort agency is mostly meant for men who want sexual Indian Escorts In Delhi NCR. It should be noted that any impersonator will get 100 attention from our Young Girls Escorts in Delhi. They will assume the position of reliable allies. VIP Call Girl With Original Photos Book Tonight +918448380779 Our Cheap Price 1 Hour not available 2 Hours 5000 Full Night 8000 TAG: Call Girls in Delhi, Noida, Gurgaon, Ghaziabad, Connaught Place, Greater Kailash Delhi, Lajpat Nagar Delhi, Mayur Vihar Delhi, Chanakyapuri Delhi, New Friends Colony Delhi, Majnu Ka Tilla, Karol Bagh, Malviya Nagar, Saket, Khan Market, Noida Sector 18, Noida Sector 76, Noida Sector 51, Gurgaon Mg Road, Iffco Chowk Gurgaon, Rajiv Chowk Gurgaon All Delhi Ncr Free Home Deliver

08448380779 Call Girls In Diplomatic Enclave Women Seeking Men

08448380779 Call Girls In Diplomatic Enclave Women Seeking Men

08448380779 Call Girls In Diplomatic Enclave Women Seeking Men

Delhi Call girls

MySQL Webinar, presented on the 25th of April, 2024. Summary: MySQL solutions enable the deployment of diverse Database Architectures tailored to specific needs, including High Availability, Disaster Recovery, and Read Scale-Out. With MySQL Shell's AdminAPI, administrators can seamlessly set up, manage, and monitor these solutions, ensuring efficiency and ease of use in their administration. MySQL Router, on the other hand, provides transparent routing from the application traffic to the backend servers in the architectures, requiring minimal configuration. Completely built in-house and supported by Oracle, these solutions have been adopted by enterprises of all sizes for their business-critical applications. In this presentation, we'll delve into various database architecture solutions to help you choose the right one based on your business requirements. Focusing on technical details and the latest features to maximize the potential of these solutions.

Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...

Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...

Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...

Tech Trends Report 2024 Future Today Institute.pdf

Tech Trends Report 2024 Future Today Institute.pdf

Tech Trends Report 2024 Future Today Institute.pdf

Building Digital Trust in a Digital Economy Veronica Tan, Director - Cyber Security Agency of Singapore Apidays Singapore 2024: Connecting Customers, Business and Technology (April 17 & 18, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...

Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...

Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...

In this session, we will delve into strategic approaches for optimizing knowledge management within Microsoft 365, amidst the evolving landscape of Copilot. From leveraging automatic metadata classification and permission governance with SharePoint Premium, to unlocking Viva Engage for the cultivation of knowledge and communities, you will gain actionable insights to bolster your organization's knowledge-sharing initiatives. In this session, we will also explore how to facilitate solutions to enable your employees to find answers and expertise within Microsoft 365. You will leave equipped with practical techniques and a deeper understanding of how there is more to effective knowledge management than just enabling Copilot, but building actual solutions to prepare the knowledge that Copilot and your employees can use.

Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...

Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...

Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...

What are drone anti-jamming systems? The drone anti-jamming systems and anti-spoof technology protect against interference, jamming, and spoofing of the UAVs. To protect their security, countries are beginning to research drone anti-jamming systems, also known as drone strike weapons. The anti-jam and anti-spoof technology protects against interference, jamming and spoofing. A drone strike weapon is a drone attack weapon that can attack and destroy enemy drones. So what is so unique about this amazing system?

What Are The Drone Anti-jamming Systems Technology?

What Are The Drone Anti-jamming Systems Technology?

What Are The Drone Anti-jamming Systems Technology?

Antenna Manufacturer Coco

This presentations targets students or working professionals. You may know Google for search, YouTube, Android, Chrome, and Gmail, but did you know Google has many developer tools, platforms & APIs? This comprehensive yet still high-level overview outlines the most impactful tools for where to run your code, store & analyze your data. It will also inspire you as to what's possible. This talk is 50 minutes in length.

Powerful Google developer tools for immediate impact! (2023-24 C)

Powerful Google developer tools for immediate impact! (2023-24 C)

Powerful Google developer tools for immediate impact! (2023-24 C)

presentation ICT roal in 21st century education

presentation ICT roal in 21st century education

presentation ICT roal in 21st century education

GenCyber Cyber Security Day Presentation

GenCyber Cyber Security Day Presentation

GenCyber Cyber Security Day Presentation

Michael W. Hawkins

As privacy and data protection regulations evolve rapidly, organizations operating in multiple jurisdictions face mounting challenges to ensure compliance and safeguard customer data. With state-specific privacy laws coming up in multiple states this year, it is essential to understand what their unique data protection regulations will require clearly. How will data privacy evolve in the US in 2024? How to stay compliant? Our panellists will guide you through the intricacies of these states' specific data privacy laws, clarifying complex legal frameworks and compliance requirements. This webinar will review: - The essential aspects of each state's privacy landscape and the latest updates - Common compliance challenges faced by organizations operating in multiple states and best practices to achieve regulatory adherence - Valuable insights into potential changes to existing regulations and prepare your organization for the evolving landscape

TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments

TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments

TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments

The Raspberry Pi 5 was announced on October 2023. This new version of the popular embedded device comes with a new iteration of Broadcom’s VideoCore GPU platform, and was released with a fully open source driver stack, developed by Igalia. The presentation will discuss some of the major changes required to support this new Video Core iteration, the challenges we faced in the process and the solutions we provided in order to deliver conformant OpenGL ES and Vulkan drivers. The talk will also cover the next steps for the open source Raspberry Pi 5 graphics stack. (c) Embedded Open Source Summit 2024 April 16-18, 2024 Seattle, Washington (US) https://events.linuxfoundation.org/embedded-open-source-summit/ https://eoss24.sched.com/event/1aBEx

Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...

Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...

Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...

BooK Now Call us at +918448380779 to hire a gorgeous and seductive call girl for sex. Take a Delhi Escort Service. The help of our escort agency is mostly meant for men who want sexual Indian Escorts In Delhi NCR. It should be noted that any impersonator will get 100 attention from our Young Girls Escorts in Delhi. They will assume the position of reliable allies. VIP Call Girl With Original Photos Book Tonight +918448380779 Our Cheap Price 1 Hour not available 2 Hours 5000 Full Night 8000 TAG: Call Girls in Delhi, Noida, Gurgaon, Ghaziabad, Connaught Place, Greater Kailash Delhi, Lajpat Nagar Delhi, Mayur Vihar Delhi, Chanakyapuri Delhi, New Friends Colony Delhi, Majnu Ka Tilla, Karol Bagh, Malviya Nagar, Saket, Khan Market, Noida Sector 18, Noida Sector 76, Noida Sector 51, Gurgaon Mg Road, Iffco Chowk Gurgaon, Rajiv Chowk Gurgaon All Delhi Ncr Free Home Deliver

08448380779 Call Girls In Friends Colony Women Seeking Men

08448380779 Call Girls In Friends Colony Women Seeking Men

08448380779 Call Girls In Friends Colony Women Seeking Men

Delhi Call girls

Kürzlich hochgeladen (20)

Strategies for Landing an Oracle DBA Job as a Fresher

Strategies for Landing an Oracle DBA Job as a Fresher

Strategies for Landing an Oracle DBA Job as a Fresher

Presentation on how to chat with PDF using ChatGPT code interpreter

Presentation on how to chat with PDF using ChatGPT code interpreter

Presentation on how to chat with PDF using ChatGPT code interpreter

GenAI Risks & Security Meetup 01052024.pdf

GenAI Risks & Security Meetup 01052024.pdf

GenAI Risks & Security Meetup 01052024.pdf

[2024]Digital Global Overview Report 2024 Meltwater.pdf

[2024]Digital Global Overview Report 2024 Meltwater.pdf

[2024]Digital Global Overview Report 2024 Meltwater.pdf

EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx

EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx

EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx

Axa Assurance Maroc - Insurer Innovation Award 2024

Axa Assurance Maroc - Insurer Innovation Award 2024

Axa Assurance Maroc - Insurer Innovation Award 2024

04-2024-HHUG-Sales-and-Marketing-Alignment.pptx

04-2024-HHUG-Sales-and-Marketing-Alignment.pptx

04-2024-HHUG-Sales-and-Marketing-Alignment.pptx

Artificial Intelligence: Facts and Myths

Artificial Intelligence: Facts and Myths

Artificial Intelligence: Facts and Myths

08448380779 Call Girls In Diplomatic Enclave Women Seeking Men

08448380779 Call Girls In Diplomatic Enclave Women Seeking Men

08448380779 Call Girls In Diplomatic Enclave Women Seeking Men

Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...

Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...

Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...

Tech Trends Report 2024 Future Today Institute.pdf

Tech Trends Report 2024 Future Today Institute.pdf

Tech Trends Report 2024 Future Today Institute.pdf

Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...

Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...

Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...

Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...

Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...

Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...

What Are The Drone Anti-jamming Systems Technology?

What Are The Drone Anti-jamming Systems Technology?

What Are The Drone Anti-jamming Systems Technology?

Powerful Google developer tools for immediate impact! (2023-24 C)

Powerful Google developer tools for immediate impact! (2023-24 C)

Powerful Google developer tools for immediate impact! (2023-24 C)

presentation ICT roal in 21st century education

presentation ICT roal in 21st century education

presentation ICT roal in 21st century education

GenCyber Cyber Security Day Presentation

GenCyber Cyber Security Day Presentation

GenCyber Cyber Security Day Presentation

TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments

TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments

TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments

Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...

Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...

Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...

08448380779 Call Girls In Friends Colony Women Seeking Men

08448380779 Call Girls In Friends Colony Women Seeking Men

08448380779 Call Girls In Friends Colony Women Seeking Men

OWASP Dallas

1. Recent Breaches & their Causes Branden R. Williams, CISSP, CISM brw@brandenwilliams.com http://www.brandenwilliams.com

2. Agenda • My background • Where I see breaches • If I were a bad guy, where would I go? • Discuss causes of recent breaches • Q/A

3. My background

4. Where do I see breaches? • Fewer attacks against the network layer • Usually relatively complex

5. Where are the weak ones? • Brick & Mortar Retail • Internal Sites • Small-Medium Biz • Healthcare Practices • New Cashless Ventures

6. Recent Breach Trends

7. Applications in Debug Mode • Applications going into production with debugging info set • Excessive logs on systems • Track Data • Usernames/Passwords • Admin functions • Extra functions available for use

8. Deprecated or old code • Developers leaving old code that can still be executed • page1.asp when page.asp is the correct version • Deprecated functions (triggered through get/post) • Poorly executed upgrades • Old code from old versions (jump.php not in current ver) • Incomplete Upgrades

9. Poor Hardening • Applications ignoring input validation • Blank SQL Account passwords (INCLUDING SA) • Easily Guessed Passwords • Complex applications with 3rd party middleware • Follow the data path • Consider binary analysis • Clear User IDs/Passwords from app to DB or stored

10. Other Misc. Causes • DLL injection • Drive-By in the form of hidden iFrames • INTERESTING Attacks • Complexity increasing • Memory Dumping • Sniffer/Keylogger • Any/Any rules on ﬁrewalls

11.

12. Thank you! brw@brandenwilliams.com brandenwilliams.com