This document discusses the risks small companies face from cyber attacks even though they think they are not important targets. It notes that while companies may think a hack will not happen, it is not a question of if but when. The consequences of a security failure include loss of trust, money, data, time to recover, and penalties. It then explores how non-critical applications and registration pages can still be vulnerable to hackers bypassing client-side restrictions and gaining database access, allowing them to change passwords or access sensitive information.

1. dddd

3. We are small company
We don’t have anything important
We don’t have payments
Nobody would hack us

4. All about money
The question is not IF hacked
The Question is WHEN

5. Consequences of Security FAILURE
Trust
Money
Data
stolen
Time
to recover
Penalties
for incident
Customers
Reputation

7. Let’s go deeper

8. Non-critical application

9. Scanners win!

10. Or no?

11. Restrictions

12. But…let’s come back to registration page

13. But…let’s come back to registration page

14. Clientside restrictions bypass

15. Clientside restrictions bypass

16. alert(‘win’)

17. XSS can do more

18. XSS can do more

19. and even more

20. And the most interesting part

21. Database access

22. Changing admin password

23. Skype: ghost-bel

24. OWASP Lviv Team