The OWASP Foundationhttp://www.owasp.orgCyber Security: An OverviewBrad Carvalhome@bradcarvalho.comTwitter: @bradcarvalho
Brad Carvalho• Cyber Security Engineer at Aerstone• Senior at MSU Denver• OWASP Boulder chapter member• SnowFROC Conferenc...
Cyber Attacks – Private Sector3
4Nation States at Cyber War
5It’s overwhelming!
6Impacts are very serious …
7Even more serious …
Stuxnet• Targeted Iran’s Uraniumenrichment plants• Increased centrifugesoperating speeds whilereporting back normalvalues ...
Flame• Cyber Espionage Tool• Screenshots, keyboardactivity and network traffic• Records Skypeconversations• Operated by co...
LinkedIn• Over 6.5 million passwordhashes recovered• Over 4 million of those havealready been cracked. (as 6months ago)• U...
11What can be done?
Improve Security Architecture• Web Application Firewalls• Intrusion Detection Systems• Log Monitoring• Embrace the cloud• ...
13Application Security
14Personal SecurityKeePass• EncryptedPassword store• Andriod and IOSversions1Password• 1-click open• Online shoppingcreden...
15Education and OutreachMSU Denver – Cyber Security Team
16Opportunities• Internships• Pentesters• Application Security Analysts• SOC (Security Operations Center) Analysts• DevOps...
Questions?17
Upcoming SlideShare
Loading in …5
×

Cyber Security - An Overview

328 views
251 views

Published on

Presentation given to a general computer elective at Metropolitan State University of Denver

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
328
On SlideShare
0
From Embeds
0
Number of Embeds
139
Actions
Shares
0
Downloads
2
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Cyber Security - An Overview

  1. 1. The OWASP Foundationhttp://www.owasp.orgCyber Security: An OverviewBrad Carvalhome@bradcarvalho.comTwitter: @bradcarvalho
  2. 2. Brad Carvalho• Cyber Security Engineer at Aerstone• Senior at MSU Denver• OWASP Boulder chapter member• SnowFROC Conference Committee• Blah … Blah … Blah.Did I establish enough credibility?
  3. 3. Cyber Attacks – Private Sector3
  4. 4. 4Nation States at Cyber War
  5. 5. 5It’s overwhelming!
  6. 6. 6Impacts are very serious …
  7. 7. 7Even more serious …
  8. 8. Stuxnet• Targeted Iran’s Uraniumenrichment plants• Increased centrifugesoperating speeds whilereporting back normalvalues to the C&C center• Self replicated via USB• Believed to be created by ajoin venture between theU.S and Israel.8
  9. 9. Flame• Cyber Espionage Tool• Screenshots, keyboardactivity and network traffic• Records Skypeconversations• Operated by command andcontrol servers• Could update itself with newmalware or attack vectors• Believed to be created byU.S and Israel9
  10. 10. LinkedIn• Over 6.5 million passwordhashes recovered• Over 4 million of those havealready been cracked. (as 6months ago)• Used an outdated hashingalgorithm to storepasswords (MD5)• Did not salt their passwordhashes (makes themsusceptible to rainbowattacks)• SQL injection!10
  11. 11. 11What can be done?
  12. 12. Improve Security Architecture• Web Application Firewalls• Intrusion Detection Systems• Log Monitoring• Embrace the cloud• Automate everything!12
  13. 13. 13Application Security
  14. 14. 14Personal SecurityKeePass• EncryptedPassword store• Andriod and IOSversions1Password• 1-click open• Online shoppingcredentials• Not free• Android and IOSversionsPasswordSafe• Autotype• Clear Layout• Free!
  15. 15. 15Education and OutreachMSU Denver – Cyber Security Team
  16. 16. 16Opportunities• Internships• Pentesters• Application Security Analysts• SOC (Security Operations Center) Analysts• DevOps Engineers (security focused)• Network Security Engineers• Security Architects• Sales Engineers (security focuses)• Developers!
  17. 17. Questions?17

×