The document discusses the importance of security testing applications and websites. It provides some quick facts about vulnerabilities found in healthcare and ecommerce applications. It emphasizes that just because a site has not been hacked in 5 years does not mean it cannot be hacked. It encourages focusing on security to better protect users.
%in Durban+277-882-255-28 abortion pills for sale in Durban
Your users are humans and let's live our promise of securing them
1. Your users are humans
and let's live our promise
of securing them.01000100 01001111 01001111 01001101 01010011 00100000 01000100
01000001 01011001 00100000 01001001 01010011 00100000 01001110
01000101 01000001 01010010 00101110 00100000 01010000 01000101
01010010 01001001 01001111 01000100 00101110
@santhoshst
Unethical Hacker
Ethical Hacker
Exploratory Tester
Blogger
Author
Reader
Traveler
Lover
Leader
Mentor & Coach
Entrepreneur
Privacy Protector
Bad Programmer
2. Quick facts (in my experience & study)
Out of 10 healthcare applications, 8
can be exploited and compromised
One in every 30 e-Commerce
applications can be used to bypass
checkout and still buy products
Out of 10 1 or 2 customers understand
the importance of security
Out of 100 testers who show interest
in the security talks, only 1 or none
think about pursuing it or learning it.
HTTPS, SSH, 2Factor Authentication,
CAPTCHA, Public Keys doesn't mean you
are secure unless tested well.
If it has not been hacked for last 5
years, it doesn't mean it will not be
hacked now.
3. Your admin panel or login page is
accessible by anyone on the web via URL?
Wow, your user login has CAPTCHA to
stop brute-force attack, but your admin
login lacks CAPTCHA. Forgot about
yourself? (Ah, who would hack us?)
Did you forget to obfuscate *.css?
CSS file can be a motivation for attacker.
Woah, have you heard any web security
tester speaking about it? This is why
#Mindset is important
A *.css file which can motivate hacker
(example)
.adduser
{
background-color:#fff;
}
.deleteusers
{
border: 1px solid red;
}
Did you turn off the registrant email
address in who.is?
Did you try accessing files and folders
via forcible directory browsing. For
instance, try
yourwebsite.com/wp-content/uploads
(wordpress)? @santhoshst
4. Fasten your seatbelt for some live
demonstration of our beautiful security world.
Shhhhh...
Things spoken here and shown here is
solely for your educational purpose.
Please don't mess with my life.
5. What next?
Invention of Computers Invention of Internet Better Web Technologies
Hah!
We suck at security.
Let's go back.
Invention of Computers Invention of Internet
Hah!
We suck at security.
Let's go back.
Wait...
we can fix this.
Let's focus on
security!
@santhoshst
6. We care
about you &
we take care of
security
well
Really?
Really?
Really?
Really?
$
$
$
$
$
$
$
$
$
$
$
$
@santhoshst
7. Everyone speaks
about sex, but seldom
people speak about
sex education.
Similarly, everyone
speaks about
security, but seldom
they test.
@santhoshst
4
8. If you care about
the next
generation to have
a better lifestyle
in terms of privacy
and security, you
know what to do.
@santhoshst