Application
Insecurity

Presented by Peter Gubarevich
MCT, CCSI, MVP: Enterprise Security
Certified EC-Council Instructor
...
2

Agenda
 Most common attacks vectors today
 Demo: Exploiting Mozilla Firefox Remote Code Execution vulnerability
 Dem...
3

Quick Statistics
+5 to Knowledge Skill
4

Industry-wide operating system, browser,
and application vulnerabilities, 2H10–1H13

Source: Microsoft Security Intelli...
5

Drive-by download: Latvia is the world’s 2nd
with 6.6 drive-by URLs for every 1,000 URLs

Source: Microsoft Security In...
A surprising number of administrators and
end-users only update Operating Systems,

6

while leaving Browsers, Plugins and...
7

Demo: exploiting Firefox vulnerability
Actually, it’s about any of your favorite browsers
8

Demo: exploiting Flash Player & Java
Remote Code Execution that even bypasses sandbox
9

Demo: exploiting popular PDF readers
Because 0wning browser is not enough
10

Ethical Hacking and Countermeasures v8
+8 to Attack Skill
11

CEHv8 Contents at a Glance
ANSI 17024-accredited course
Ethical Hacking

Countermeasures

 Scanning Networks and Enum...
12

EC-Council Accredited Training Center
New Horizons Latvia
To enroll for your CEH training,
call: +371 67847600, mail t...
Q&A
Upcoming SlideShare
Loading in …5
×

DSS ITSEC 2013 Conference 07.11.2013 - Gubarevich Peter - CEH - Insecurity of Applications

559 views
352 views

Published on

Presentation from one of the remarkable IT Security events in the Baltic States organized by “Data Security Solutions” (www.dss.lv ) Event took place in Riga, on 7th of November, 2013 and was visited by more than 400 participants at event place and more than 300 via online live streaming.

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
559
On SlideShare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
7
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

DSS ITSEC 2013 Conference 07.11.2013 - Gubarevich Peter - CEH - Insecurity of Applications

  1. 1. Application Insecurity Presented by Peter Gubarevich MCT, CCSI, MVP: Enterprise Security Certified EC-Council Instructor Certified Ethical Hacker
  2. 2. 2 Agenda  Most common attacks vectors today  Demo: Exploiting Mozilla Firefox Remote Code Execution vulnerability  Demo: Exploiting Adobe Flash and Oracle Java vulnerabilities  Demo: Exploiting Adobe Reader and Foxit Reader vulnerabilities  Certified Ethical Hacker v8 Course Contents  Q&A
  3. 3. 3 Quick Statistics +5 to Knowledge Skill
  4. 4. 4 Industry-wide operating system, browser, and application vulnerabilities, 2H10–1H13 Source: Microsoft Security Intelligence Report vol.15
  5. 5. 5 Drive-by download: Latvia is the world’s 2nd with 6.6 drive-by URLs for every 1,000 URLs Source: Microsoft Security Intelligence Report vol.15
  6. 6. A surprising number of administrators and end-users only update Operating Systems, 6 while leaving Browsers, Plugins and Office Suits unpatched. Now let’s see what hacker can do with this software.
  7. 7. 7 Demo: exploiting Firefox vulnerability Actually, it’s about any of your favorite browsers
  8. 8. 8 Demo: exploiting Flash Player & Java Remote Code Execution that even bypasses sandbox
  9. 9. 9 Demo: exploiting popular PDF readers Because 0wning browser is not enough
  10. 10. 10 Ethical Hacking and Countermeasures v8 +8 to Attack Skill
  11. 11. 11 CEHv8 Contents at a Glance ANSI 17024-accredited course Ethical Hacking Countermeasures  Scanning Networks and Enumeration  Limiting Privileges  System Hacking  Managing Updates  Trojans, Viruses and Worms  Application Whitelisting  Sniffing Networks  Implementing Cryptography  Cross-Site Scripting Attacks  Securing Traffic with IPSec  SQL Injection  Buffer Overflow  … and more
  12. 12. 12 EC-Council Accredited Training Center New Horizons Latvia To enroll for your CEH training, call: +371 67847600, mail to: office@nh.lv or visit: Elizabetes 65-10, Rīga, Latvia
  13. 13. Q&A

×