• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
The Top Ten Cybersecurity Threats of 2008
 

The Top Ten Cybersecurity Threats of 2008

on

  • 4,264 views

First, A Brief Overview of OWASP

First, A Brief Overview of OWASP

Second, AMCHAM ICT Presentation Top Ten Cybersecurity Threats of 2008
Open Discussion about Threats

Third, OWASP Meeting after AMCHAM ICT

Statistics

Views

Total Views
4,264
Views on SlideShare
4,224
Embed Views
40

Actions

Likes
4
Downloads
0
Comments
1

4 Embeds 40

http://www.thecepblog.com 32
http://www.slideshare.net 4
http://www.linkedin.com 3
https://courses.smumn.edu 1

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel

11 of 1 previous next

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
  • Nice info though a bit dated now. for 2010 info, check out this presentation: http://www.slideshare.net/ohmygov/cybersecurity-threats-facing-us-gov. BRIEF BUT CONVINCING!
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

The Top Ten Cybersecurity Threats of 2008 The Top Ten Cybersecurity Threats of 2008 Presentation Transcript

  • The Top Ten Cybersecurity Threats of 2008 Tim Bass, CISSP Chapter Leader, OWASP Thailand [email_address] , +66832975101
  • AMCHAM – OWASP Thailand Agenda
    • First, A Brief Overview of OWASP
    • Second, AMCHAM ICT Presentation
      • Top Ten Cybersecurity Threats of 2008
      • Open Discussion about Threats
    • Third, OWASP Meeting after AMCHAM ICT
  • OWASP – Open Web Application Security Project
    • US 501(c)3, open source non-profit charitable foundation dedicated to enabling organizations so they can develop, maintain, and acquire software they can trust.
    • OWASP does not endorse commercial products or services.
    • Making Security Visible , through…
      • Documentation
        • Top Ten, Dev. Guide, Design Guide, Testing Guide, …
      • Tools
        • WebGoat, WebScarab, Site Generator, Report Generator, ESAPI, CSRF Guard, CSRF Tester, Stinger, Pantera, …
      • Working Groups
        • Browser Security, Industry Sectors, Access Control (XACML), Education, Mobile Phone Security, Preventive Security, OWASP SDL, OWASP Governance, RIA
      • Security Community and Awareness
        • Local Chapters, Conferences, Tutorials, Mailing Lists
  • What Is Unique about OWASP?
    • Everything we do in OWASP is free and open…
    • OWASP Principles
      • All OWASP products are free and open
      • Application security knowledge should be freely available
      • OWASP encourages awareness, discussion, and best practices
      • Making security visible is key to changing the software market
      • OWASP does not recommend any commercial products or services
      • OWASP will not discuss/disclose 0-day exploits
  • OWASP Corporate Members – October 2008
  • OWASP Worldwide Community www.owasp.org Note: NYC Chapter Has Over 1000 Members (Google Maps broken)
  • OWASP Worldwide Community www.owasp.org
  • OWASP Membership
    • Members have the ability to allocate their membership fees to projects, working groups or chapters they are interested in
    • Members will have the ability to vote of specific OWASP governance issues (Tom to figure this out)
    • Membership makes a public statement of support to OWASP
    • Very important: There is no ‘member-only content’ Apart from the (under construction) OWASP Member packs, there is NOTHING that an member gets that it doesn’t already have (i.e. all OWASP materials and participation are available to everybody (members and non members))
  • OWASP Main Site Traffic Worldwide Users Most New Visitors /wk
  • OWASP Conferences
  •  
  • OWASP Books (http://stores.lulu.com/owasp)
  • OWASP Knowledge Base
    • 3,913 total articles
    • 427 presentations
    • 200 updates per day
    • 179 mailing lists
    • 180 blogs monitored
    • 31 doc projects
    • 19 deface attempts
    • 12 grants
  • OWASP Body of Knowledge Core Application Security Knowledge Base Acquiring and Building Secure Applications Verifying Application Security Managing Application Security Application Security Tools AppSec Education and CBT Research to Secure New Technologies Principles Threat Agents, Attacks, Vulnerabilities, Impacts, and Countermeasures OWASP Foundation 501c3 OWASP Community Platform (wiki, forums, mailing lists) Projects Chapters AppSec Conferences Guide to Building Secure Web Applications and Web Services Guide to Application Security Testing and Guide to Application Security Code Review Tools for Scanning, Testing, Simulating, and Reporting Web Application Security Issues Web Based Learning Environment and Guide for Learning Application Security Guidance and Tools for Measuring and Managing Application Security Research Projects to Figure Out How to Secure the Use of New Technologies (like Ajax)
  • OWASP Tools and Technology
  • OWASP Board
    • OWASP Board members:
      • Jeff Williams: Chair, Wiki, Management
      • Dave Wichers: Conferences, Financials
      • Tom Brennan : OWASP Governance
      • Sebastien Deleersnyder : OWASP Chapters and Projects
      • Dinis Cruz: Firehose of Ideas and Money spender
    • OWASP Board ‘power’
      • OWASP Financials (where does the money goes to),
      • leadership assignment,
      • conferences locations,
      • WIKI home page,
      • bank account details :)
    • The rest is ‘soft power’
      • i.e. we have it until we screw up
  • Finances and Grants
    • OWASP employees
    • Conferences costs
    • OWASP Admin
    • Grants
    • All membership fees are used to fund grants
    Revenue source: Conferences Revenue source: Members
  • AMCHAM – OWASP Thailand Agenda
    • First, A Brief Overview of OWASP
    • Second, AMCHAM ICT Presentation
      • Top Ten Cybersecurity Threats of 2008
      • Open Discussion about Threats
    • Third, OWASP Meeting after AMCHAM ICT
  • Components of Cybersecurity Risk Threat Vulnerability Impact (Criticality) Maximum Risk
    • Risk is the Intersection of Threat, Vulnerability & Impact
  • The Top Ten Cybersecurity Threats for 2008
    • Background
    • Many organizations publish “threat lists” but these lists confuse, generally mixing vulnerabilities and threats.
    • Because of this confusion and motivated by CISSP colleague at ACIS Professional Center, Thailand, I decided to create a “pure” cybersecurity threat list.
    • Note : OWASP maintains a top ten web vulnerabilities project. http://www.owasp.org/index.php/OWASP_Top_Ten_Project
    • The Top Ten Cybersecurity Threats (this presentation) http://www.thecepblog.com/2008/01/05/the-top-ten-cybersecurity-threats-for-2008/ is unrelated to the OWASP vulnerabilities list.
  • The Top Ten Cybersecurity Threats for 2008
    • Collaboration
    • Developed the cybersecurity threat list by seeking comments with peer IT security professionals on the vast CISSP mailing list.
    • Also, published the list in the LinkedIn network, seeking comments with peer IT security professionals on LinkedIn.
    • Published all the comments openly using Google Docs and responded to all comments
    • The entire collaboration process took two of months (started Nov 9 th , published final Jan 5 th ).
  • The Top Ten Cybersecurity Threats for 2008
    • Here are the results.
    • (a very good example of collaborative social networking, btw)
  • The Top Ten Cybersecurity Threats for 2008
    • On-line masquerading to abuse, attack, blackmail, bully, extort, or molest others.
    • Criminal fraud by password and identity theft via phishing, spyware, malware and theft of hardware.
    • Criminal use of botnets and botnet-like technologies for economic gain, for example email spam and denial of service attacks.
    • Cyberterrorism, bulling, vandalism and other forms of electronic violence and malfeasance.
    • Subversion of democratic political processes.
    • Criminal manipulation and subversion of financial markets.
    • Spying and theft of data by governments, industry, terrorists and other criminals.
    • Denial-of-service attacks by criminals and terrorists.
    • Sabotage, theft and other attacks by disgruntled employees and insiders.
    • Natural disasters, accidents or errors without malicious intent.
  • AMCHAM – OWASP Thailand Agenda
    • First, A Brief Overview of OWASP
    • Second, AMCHAM ICT Presentation
      • Top Ten Cybersecurity Threats of 2008
      • Open Discussion about Threats
    • Third, OWASP Meeting after AMCHAM ICT
  • Joint AMCHAM – OWASP Thailand Meeting
    • Thank You.