Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Your users are humans and let's live our promise of securing them

720 views

Published on

We have been in the software world for long now and I think still security is not given enough importance. Maybe lack of skills or lack of expertise? How about kickstarting your security testing learning after this talk? Santhosh Tuppad will demonstrate some quick hits (Well, the real hacks) to motivate you and also give you tips to kickstart your security testing learning. Ready for it? Let's do it and nail it down.

Published in: Software
  • Be the first to comment

Your users are humans and let's live our promise of securing them

  1. 1. Your users are humans and let's live our promise of securing them.01000100 01001111 01001111 01001101 01010011 00100000 01000100 01000001 01011001 00100000 01001001 01010011 00100000 01001110 01000101 01000001 01010010 00101110 00100000 01010000 01000101 01010010 01001001 01001111 01000100 00101110 @santhoshst Unethical Hacker Ethical Hacker Exploratory Tester Blogger Author Reader Traveler Lover Leader Mentor & Coach Entrepreneur Privacy Protector Bad Programmer
  2. 2. Quick facts (in my experience & study) Out of 10 healthcare applications, 8 can be exploited and compromised One in every 30 e-Commerce applications can be used to bypass checkout and still buy products Out of 10 1 or 2 customers understand the importance of security Out of 100 testers who show interest in the security talks, only 1 or none think about pursuing it or learning it. HTTPS, SSH, 2Factor Authentication, CAPTCHA, Public Keys doesn't mean you are secure unless tested well. If it has not been hacked for last 5 years, it doesn't mean it will not be hacked now.
  3. 3. Your admin panel or login page is accessible by anyone on the web via URL? Wow, your user login has CAPTCHA to stop brute-force attack, but your admin login lacks CAPTCHA. Forgot about yourself? (Ah, who would hack us?) Did you forget to obfuscate *.css? CSS file can be a motivation for attacker. Woah, have you heard any web security tester speaking about it? This is why #Mindset is important A *.css file which can motivate hacker (example) .adduser { background-color:#fff; } .deleteusers { border: 1px solid red; } Did you turn off the registrant email address in who.is? Did you try accessing files and folders via forcible directory browsing. For instance, try yourwebsite.com/wp-content/uploads (wordpress)? @santhoshst
  4. 4. Fasten your seatbelt for some live demonstration of our beautiful security world. Shhhhh... Things spoken here and shown here is solely for your educational purpose. Please don't mess with my life.
  5. 5. What next? Invention of Computers Invention of Internet Better Web Technologies Hah! We suck at security. Let's go back. Invention of Computers Invention of Internet Hah! We suck at security. Let's go back. Wait... we can fix this. Let's focus on security! @santhoshst
  6. 6. We care about you & we take care of security well Really? Really? Really? Really? $ $ $ $ $ $ $ $ $ $ $ $ @santhoshst
  7. 7. Everyone speaks about sex, but seldom people speak about sex education. Similarly, everyone speaks about security, but seldom they test. @santhoshst 4
  8. 8. If you care about the next generation to have a better lifestyle in terms of privacy and security, you know what to do. @santhoshst
  9. 9. PROVE ME WRONG. PROVE ME WRONG.01000100 01001111 01001111 01001101 01010011 00100000 01000100 01000001 01011001 00100000 01001001 01010011 00100000 01001110 01000101 01000001 01010010 00101110 00100000 01010000 01000101 01010010 01001001 01001111 01000100 00101110 @santhoshst

×