Hacker Halted Miami , USA 2010

•

2 gefällt mir•730 views

Aditya K Sood

Technologie

Disclaimer Web Maniac - Hacking Trust Pentesting web applications in a hacker’s way. Attack surface varies from application to application. How to think below the surface? That’s the aim! All contents of this presentation represent my own beliefs and views and do not, unless explicitly stated otherwise, represent the beliefs of my current, or any of my previous in that effect, employers. Screenshots have been shared from various resources. This is done to show the comparative model of various methodologies.

About Me ,[object Object],http://www.secniche.org ,[object Object]

Worked previously for Armorize as Senior Security Practitioner , COSEINC as Senior Security Researcher and Security Consultant for KPMG ,[object Object]

Like to do Bug Hunting and Malware dissection.

Released Advisories to Forefront Companies.

Active Speaker at Security Conferences including RSA etc.

Blog: http://secniche.blogspot.com| http://zeroknock.blogspot.com,[object Object]

Web Application Security- A view of Reality

Web Application – Testing and Development Methodologies

Facets of Web Application Pen Testing (WAPT)

Demonstrations – Live Targets ,[object Object]

 Web Application Security Standards - ?? ! Answers ! ,[object Object]

Do they comprise of all types of vulnerabilities ?

Are all types of web attacks predefined in them?

Do you think the design of web application matters? [to what extent ]

A view of web application and a website under testing.

Do platforms and web servers matter while web application assessment?

Do you think penetration testing of web applications is beyond these standards ?

 Web Application State and Risks © OWASP

 Web Application Architecture - Development

 Web Application Testing - Methodologies

 Why Security Testing ? Defacement Statistics © Zone H

 Web Application Security ! Reality - Broken

 Existence and Reality – Web Penetration Test ,[object Object]

Weitere ähnliche Inhalte

Was ist angesagt?

Introduction to Security TestingvodQA

Owasp A9 USING KNOWN VULNERABLE COMPONENTS IT 6873 presentationDerrick Hunter

Feeding the Virtual Patch PipelineDevOps.com

Testing Web Application SecurityTed Husted

Explore Security Testingshwetaupadhyay

Evil User Stories - Improve Your Application SecurityAnne Oikarinen

Search AttacksAung Khant

Security testingbaskar p

Penetration Testing RomSoft SRL

Security Implications of the Cloud - CSS ATX 2017Alert Logic

How to find Zero day vulnerabilitiesMohammed A. Imran

Get Ready for Web Application Security TestingAlan Kan

Security TestingQualitest

Security testingTabăra de Testare

Intrusion Detection Systems By Anamoly-Based Using Neural NetworkIOSR Journals

Domain Driven Security at Internetdagarna-2014Dan BerghJohnsson

How to develop an AppSec culture in your project 99X Technology

Don’t let Your Website Spread Malware – a New Approach to Web App SecuritySasha Nunke

What is security testing and why it is so important?ONE BCG

Web Application Security and AwarenessAbdul Rahman Sherzad

Was ist angesagt? (20)

Introduction to Security Testing

Owasp A9 USING KNOWN VULNERABLE COMPONENTS IT 6873 presentation

Feeding the Virtual Patch Pipeline

Testing Web Application Security

Explore Security Testing

Evil User Stories - Improve Your Application Security

Search Attacks

Security testing

Penetration Testing

Security Implications of the Cloud - CSS ATX 2017

How to find Zero day vulnerabilities

Get Ready for Web Application Security Testing

Security Testing

Security testing

Intrusion Detection Systems By Anamoly-Based Using Neural Network

Domain Driven Security at Internetdagarna-2014

How to develop an AppSec culture in your project

Don’t let Your Website Spread Malware – a New Approach to Web App Security

What is security testing and why it is so important?

Web Application Security and Awareness

Andere mochten auch

Ruído Ambiental em SalvadorTecnoprev - Consultoria em Segurança do Trabalho e Meio Ambiente

Mobile Application Development KCS - Krish Compusoft Services

Growth Week 2011: Country Session 4 – India-BiharThe International Growth Centre

RESUME_ARPAshish Patel

Nanomaterials For Solar Energy Conversion ShankarShankar MV

CRITERIOS Y PAUTAS DE EVALUACION EN E LEARNINGBertha Ramirez

Cc TRES GRADOS DEL ORDEN SACERDOTALGladysmorayma Creamer Berrios

PECADOJair de Barros

TREINAMENTO NR 35 EM SALVADORTecnoprev - Consultoria em Segurança do Trabalho e Meio Ambiente

Escatologia estudo 10 o milênio e interpretaçõesJoao Franca

Presentación ansiedad y angustiaBelkisPereira

Educacion inical MSCMilagros Salazar

O mito de satanásJoao Franca

Atendimento pré hospitalar -1Eduardo Gomes da Silva

TThe effect of interval from semen collection to IUI, does it matterNeelam Ohri

Andere mochten auch (15)

Ruído Ambiental em Salvador

Mobile Application Development

Growth Week 2011: Country Session 4 – India-Bihar

RESUME_ARP

Nanomaterials For Solar Energy Conversion Shankar

CRITERIOS Y PAUTAS DE EVALUACION EN E LEARNING

Cc TRES GRADOS DEL ORDEN SACERDOTAL

PECADO

TREINAMENTO NR 35 EM SALVADOR

Escatologia estudo 10 o milênio e interpretações

Presentación ansiedad y angustia

Educacion inical MSC

O mito de satanás

Atendimento pré hospitalar -1

TThe effect of interval from semen collection to IUI, does it matter

Ähnlich wie Hacker Halted Miami , USA 2010

Factors Affecting The Threat Agent InvolvedJennifer Campbell

How Does a Data Breach Happen? Claranet UK

Why Penetration Tests Are Important Cyber51martinvoelk

The security mindset securing social media integrations and social learning...franco_bb

Essentials of Web Application Security: what it is, why it matters and how to...Cenzic

Security Testing Approach for Web Application Testing.pdfAmeliaJonas2

Research PaperDavid Chaponniere

Tech Throwdown: Secure Containerization vs WhitelistingInvincea, Inc.

Web Investigation Through Penetration Tests.pptxEntertainmentMedley

Penetration Testing for Cybersecurity Professionals211 Check

Cyber Octet - What is Web Application Penetration Testing (WAPT).pdfCyber Octet Private Limited

How Can I Reduce The Risk Of A Cyber-Attack?Osei Fortune

Allianz Global CISO october-2015-draftEoin Keary

Zero Trust Model PresentationGowdhaman Jothilingam

Top 20 certified ethical hacker interview questions and answerShivamSharma909

Scaling Web 2.0 Malware InfectionWayne Huang

TRISC 2010 - Grapevine , TexasAditya K Sood

Social Enterprise Rises! …and so are the Risks - DefCamp 2012DefCamp

Ownux global Aug 2023.pdfBella Nirvana Center

A Comparative Study between Vulnerability Assessment and Penetration TestingYogeshIJTSRD

Ähnlich wie Hacker Halted Miami , USA 2010 (20)

Factors Affecting The Threat Agent Involved

How Does a Data Breach Happen?

Why Penetration Tests Are Important Cyber51

The security mindset securing social media integrations and social learning...

Essentials of Web Application Security: what it is, why it matters and how to...

Security Testing Approach for Web Application Testing.pdf

Research Paper

Tech Throwdown: Secure Containerization vs Whitelisting

Web Investigation Through Penetration Tests.pptx

Penetration Testing for Cybersecurity Professionals

Cyber Octet - What is Web Application Penetration Testing (WAPT).pdf

How Can I Reduce The Risk Of A Cyber-Attack?

Allianz Global CISO october-2015-draft

Zero Trust Model Presentation

Top 20 certified ethical hacker interview questions and answer

Scaling Web 2.0 Malware Infection

TRISC 2010 - Grapevine , Texas

Social Enterprise Rises! …and so are the Risks - DefCamp 2012

Ownux global Aug 2023.pdf

A Comparative Study between Vulnerability Assessment and Penetration Testing

Mehr von Aditya K Sood

Emerging Trends in Online Social Networks MalwareAditya K Sood

Enfilade: Tool to Detect Infections in MongoDB InstancesAditya K Sood

Detecting Ransomware/Bot Infections in ElasticsearchAditya K Sood

BlackHat 2014 Briefings - Exploiting Fundamental Weaknesses in Botnet C&C Pan...Aditya K Sood

BlackHat Arsenal 2014 - C-SCAD : Assessing Security Flaws in C-SCAD WebX Clie...Aditya K Sood

Network Security : Book Review : Targeted Cyber Attacks : Aditya K SoodAditya K Sood

Abusing Glype Proxies - Attacks, Exploits and DefencesAditya K Sood

NIframer - CPanel IFrame Injector (Bash based) - Virus Bulletin MagazineAditya K Sood

CrossTalk - The Art of Cyber Bank Robbery - Stealing your Money Through Insid...Aditya K Sood

BlackHat USA 2013 Arsenal - Sparty : A FrontPage and SharePoint Security Audi...Aditya K Sood

ToorCon 14 : Malandroid : The Crux of Android InfectionsAditya K Sood

DEF CON 20 - Botnets Die Hard - Owned and OperatedAditya K Sood

Hackers on Planet Earth (HOPE - 2012) Advancements in Botnet Attacks Aditya K Sood

NGR Bot Analysis PaperAditya K Sood

Virus bulletin 2011 Conference Paper - Browser Exploit Packs - Exploitation T...Aditya K Sood

Commercial Cyber Crime - Social Networks MalwareAditya K Sood

Virus Bulletin 2011 Conference - Browser Exploit Packs - Death by Bundled Exp...Aditya K Sood

OWASP AppSec USA 2011 - Dismantling Web MalwareAditya K Sood

Browser Malware TaxonomyAditya K Sood

BruCon (Brussels 2011) Hacking Conference - Botnets and Browsers (Brothers in...Aditya K Sood

Mehr von Aditya K Sood (20)

Emerging Trends in Online Social Networks Malware

Enfilade: Tool to Detect Infections in MongoDB Instances

Detecting Ransomware/Bot Infections in Elasticsearch

BlackHat 2014 Briefings - Exploiting Fundamental Weaknesses in Botnet C&C Pan...

BlackHat Arsenal 2014 - C-SCAD : Assessing Security Flaws in C-SCAD WebX Clie...

Network Security : Book Review : Targeted Cyber Attacks : Aditya K Sood

Abusing Glype Proxies - Attacks, Exploits and Defences

NIframer - CPanel IFrame Injector (Bash based) - Virus Bulletin Magazine

CrossTalk - The Art of Cyber Bank Robbery - Stealing your Money Through Insid...

BlackHat USA 2013 Arsenal - Sparty : A FrontPage and SharePoint Security Audi...

ToorCon 14 : Malandroid : The Crux of Android Infections

DEF CON 20 - Botnets Die Hard - Owned and Operated

Hackers on Planet Earth (HOPE - 2012) Advancements in Botnet Attacks

NGR Bot Analysis Paper

Virus bulletin 2011 Conference Paper - Browser Exploit Packs - Exploitation T...

Commercial Cyber Crime - Social Networks Malware

Virus Bulletin 2011 Conference - Browser Exploit Packs - Death by Bundled Exp...

OWASP AppSec USA 2011 - Dismantling Web Malware

Browser Malware Taxonomy

BruCon (Brussels 2011) Hacking Conference - Botnets and Browsers (Brothers in...

Kürzlich hochgeladen

IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge

Scaling API-first – The story of a global engineering organizationRadu Cotescu

From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software

Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko

Presentation on how to chat with PDF using ChatGPT code interpreternaman860154

Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...HostedbyConfluent

The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge

Google AI Hackathon: LLM based Evaluator for RAGSujit Pal

Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...gurkirankumar98700

Boost PC performance: How more available memory can improve productivityPrincipled Technologies

Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j

Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK

A Domino Admins Adventures (Engage 2024)Gabriella Davis

CNv6 Instructor Chapter 6 Quality of Servicegiselly40

08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls

Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun

🐬 The future of MySQL is Postgres 🐘RTylerCroy

A Call to Action for Generative AI in 2024Results

Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix

Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik

Kürzlich hochgeladen (20)

IAC 2024 - IA Fast Track to Search Focused AI Solutions

Scaling API-first – The story of a global engineering organization

From Event to Action: Accelerate Your Decision Making with Real-Time Automation

Handwritten Text Recognition for manuscripts and early printed texts

Presentation on how to chat with PDF using ChatGPT code interpreter

Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...

The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf

Google AI Hackathon: LLM based Evaluator for RAG

Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...

Boost PC performance: How more available memory can improve productivity

Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...

Unblocking The Main Thread Solving ANRs and Frozen Frames

A Domino Admins Adventures (Engage 2024)

CNv6 Instructor Chapter 6 Quality of Service

08448380779 Call Girls In Greater Kailash - I Women Seeking Men

Data Cloud, More than a CDP by Matt Robison

🐬 The future of MySQL is Postgres 🐘

A Call to Action for Generative AI in 2024

Swan(sea) Song – personal research during my six years at Swansea ... and bey...

Injustice - Developers Among Us (SciFiDevCon 2024)

Hacker Halted Miami , USA 2010

1. Web Maniac Hacking Trust Aditya K Sood [adi_ks [at] secniche.org] SecNiche Security

2. Disclaimer Web Maniac - Hacking Trust Pentesting web applications in a hacker’s way. Attack surface varies from application to application. How to think below the surface? That’s the aim! All contents of this presentation represent my own beliefs and views and do not, unless explicitly stated otherwise, represent the beliefs of my current, or any of my previous in that effect, employers. Screenshots have been shared from various resources. This is done to show the comparative model of various methodologies.

5. Like to do Bug Hunting and Malware dissection.

6. Released Advisories to Forefront Companies.

7. Active Speaker at Security Conferences including RSA etc.

9. Web Application Security- A view of Reality

10. Web Application – Testing and Development Methodologies

11. Facets of Web Application Pen Testing (WAPT)

12.

13.

14. Do they comprise of all types of vulnerabilities ?

15. Are all types of web attacks predefined in them?

16. Do you think the design of web application matters? [to what extent ]

17. A view of web application and a website under testing.

18. Do platforms and web servers matter while web application assessment?

19. Do you think penetration testing of web applications is beyond these standards ?

21.  Web Application Architecture - Development

22.  Web Application Testing - Methodologies

24.  Web Application Security ! Reality - Broken

25.  Is that Ethical?

26.

27. Is this all about reporting generic issues and using reports for cert’s?

28. Do you think organizational teams patch all the reported issues?

29. White box or Black box – Changed definitions.

30. Security Assessment ! = Penetration Testing [ Mismatch ]

31. Time dependency – A big factor in determining the effectiveness

32. Penetration Tests – Does not provide security / That’s the Truth

33.

34. Penetration tests emulate real world attacks to exploit the network and web infrastructure

35.

36.  Is that True ? # Then what about Human Ignorance ? # A critical component in every sphere. Hard to beat it.

37.  Thinking in the Wild – Web Penetration Testing. Is it all about shooting what we see ? Do we need to take care of the hidden or shadowed?

38.

39. Expertise – Hacking in a controlled manner

40.

41.

42. SQLXSSI – XSS through SQL Injections : Yahoo – 5:30 M

43. Persistent Redirection Attacks and Malware - 4:00 M

44. Content Delivery Networks – Infection Behavior - 4:09 M

45.

46.  Demo 2 : SQLXSSI – Using SQLI to conduct XSS

47.  Demo 3 : Persistent Logout Redirection Attacks

48.  Demo 4 : Third Party Content Delivery Infections

49.  Demo 5 : Widget Redirection Attacks

50.  Questions and Queries

51.  Thanks SecNiche Security : http://www.secniche.org Hacker Halted – http://www.hackerhalted.com

Hacker Halted Miami , USA 2010

Empfohlen

Empfohlen

Weitere ähnliche Inhalte

Was ist angesagt?

Was ist angesagt? (20)

Andere mochten auch

Andere mochten auch (15)

Ähnlich wie Hacker Halted Miami , USA 2010

Ähnlich wie Hacker Halted Miami , USA 2010 (20)

Mehr von Aditya K Sood

Mehr von Aditya K Sood (20)

Kürzlich hochgeladen

Kürzlich hochgeladen (20)

Hacker Halted Miami , USA 2010