DSS ITSEC 2013 Conference 07.11.2013  - Gubarevich Peter - CEH - Insecurity of Applications
Upcoming SlideShare
Loading in...5
×
 

DSS ITSEC 2013 Conference 07.11.2013 - Gubarevich Peter - CEH - Insecurity of Applications

on

  • 363 views

Presentation from one of the remarkable IT Security events in the Baltic States organized by “Data Security Solutions” (www.dss.lv ) Event took place in Riga, on 7th of November, 2013 and was ...

Presentation from one of the remarkable IT Security events in the Baltic States organized by “Data Security Solutions” (www.dss.lv ) Event took place in Riga, on 7th of November, 2013 and was visited by more than 400 participants at event place and more than 300 via online live streaming.

Statistics

Views

Total Views
363
Views on SlideShare
363
Embed Views
0

Actions

Likes
0
Downloads
6
Comments
0

0 Embeds 0

No embeds

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    DSS ITSEC 2013 Conference 07.11.2013  - Gubarevich Peter - CEH - Insecurity of Applications DSS ITSEC 2013 Conference 07.11.2013 - Gubarevich Peter - CEH - Insecurity of Applications Presentation Transcript

    • Application Insecurity Presented by Peter Gubarevich MCT, CCSI, MVP: Enterprise Security Certified EC-Council Instructor Certified Ethical Hacker
    • 2 Agenda  Most common attacks vectors today  Demo: Exploiting Mozilla Firefox Remote Code Execution vulnerability  Demo: Exploiting Adobe Flash and Oracle Java vulnerabilities  Demo: Exploiting Adobe Reader and Foxit Reader vulnerabilities  Certified Ethical Hacker v8 Course Contents  Q&A
    • 3 Quick Statistics +5 to Knowledge Skill
    • 4 Industry-wide operating system, browser, and application vulnerabilities, 2H10–1H13 Source: Microsoft Security Intelligence Report vol.15
    • 5 Drive-by download: Latvia is the world’s 2nd with 6.6 drive-by URLs for every 1,000 URLs Source: Microsoft Security Intelligence Report vol.15
    • A surprising number of administrators and end-users only update Operating Systems, 6 while leaving Browsers, Plugins and Office Suits unpatched. Now let’s see what hacker can do with this software.
    • 7 Demo: exploiting Firefox vulnerability Actually, it’s about any of your favorite browsers
    • 8 Demo: exploiting Flash Player & Java Remote Code Execution that even bypasses sandbox
    • 9 Demo: exploiting popular PDF readers Because 0wning browser is not enough
    • 10 Ethical Hacking and Countermeasures v8 +8 to Attack Skill
    • 11 CEHv8 Contents at a Glance ANSI 17024-accredited course Ethical Hacking Countermeasures  Scanning Networks and Enumeration  Limiting Privileges  System Hacking  Managing Updates  Trojans, Viruses and Worms  Application Whitelisting  Sniffing Networks  Implementing Cryptography  Cross-Site Scripting Attacks  Securing Traffic with IPSec  SQL Injection  Buffer Overflow  … and more
    • 12 EC-Council Accredited Training Center New Horizons Latvia To enroll for your CEH training, call: +371 67847600, mail to: office@nh.lv or visit: Elizabetes 65-10, Rīga, Latvia
    • Q&A