Hack miami emiliocasbas
May. 20, 2013•0 likes•4,758 views
Download to read offline
Report
Emilio CasbasFollow
Recommended
Content Management System SecuritySamvel Gevorgyan
CROSS-SITE REQUEST FORGERY - IN-DEPTH ANALYSIS 2011Samvel Gevorgyan
BEST PRACTICES OF WEB APPLICATION SECURITY By SAMVEL GEVORGYANSamvel Gevorgyan
Open Source CMS : How secure are they?Yassine Aboukir
Simple Ways to Secure and Maintain Your WordPress WebsiteRich Plakas
Owasp Top 10 A3: Cross Site Scripting (XSS)Michael Hendrickx
More Related Content
What's hot
How to avoid your website from keep getting hackedmounika k
Cross Site Scripting (XSS)Avi Aryan
The Nitty Gritty of Website SecurityHTS Hosting
Owasp2013 johannesullrichdrewz lin
Dzhengis 93098 ajax - securitydzhengo44
Cyber security considerations for Small and Medium Businessesebusinessmantra
Similar to Hack miami emiliocasbas
The state of CMS in 2019: Headless, JAMstack and ReactJS – or: If your Conten...Thomas Witt
So You Want a Job in CybersecurityTeri Radichel
Get Ready for Web Application Security TestingAlan Kan
![[2.1] Web application Security Trends - Omar Ganiev](https://cdn.slidesharecdn.com/ss_thumbnails/2-150301070554-conversion-gate02-thumbnail.jpg?width=384&height=256&fit=bounds)
[2.1] Web application Security Trends - Omar GanievOWASP Russia
Owasp web application security trendsbeched
B&W Netsparker overviewMarusya Maruzhenko
![[2.1] Web application Security Trends - Omar Ganiev](https://cdn.slidesharecdn.com/ss_thumbnails/2-150301070554-conversion-gate02-thumbnail.jpg?width=1600&height=908&fit=bounds)
Hack miami emiliocasbas
- 1. RAISING SECURITY AWARENESS AMONG WEB OWNERS AND USERS Emilio Casbas
- 2. The Presentation is about… Badware and Security awarene
- 4. Some numbers… 30k new malicious URLs each day 80% legitimate webs Sources: • http://www.sophos.com/medialibrary/PDFs/other/SophosSecurityThreatReport2012.pdf • http://www.barracudalabs.com/wordpress/index.php/2012/03/28/maliciousness-in-top-ranked-alexa-domains/ 2 popular websites (alexa TOP 25k) Drive by downloads • http://www.symantec.com/content/en/us/enterprise/other_resources/b-istr_main_report_v18_2012_21291018.en-us.pdf
- 7. WEB SECURITY IS BECOMING MORE CHALLENGING Source: Manufacturing compromise: The emergence of Exploit-as-a-service http://cseweb.ucsd.edu/~voelker/pubs/eaas-ccs12.pdf
- 8. WEB SECURITY IS BECOMING MORE CHALLENGING Source: Manufacturing compromise: The emergence of Exploit-as-a-service http://cseweb.ucsd.edu/~voelker/pubs/eaas-ccs12.pdf
- 9. WEB SECURITY IS BECOMING MORE CHALLENGING Source: Manufacturing compromise: The emergence of Exploit-as-a-service http://cseweb.ucsd.edu/~voelker/pubs/eaas-ccs12.pdf
- 10. WEB SECURITY IS BECOMING MORE CHALLENGING Source: Manufacturing compromise: The emergence of Exploit-as-a-service http://cseweb.ucsd.edu/~voelker/pubs/eaas-ccs12.pdf
- 11. WEB SECURITY IS BECOMING MORE CHALLENGING Source: Manufacturing compromise: The emergence of Exploit-as-a-service http://cseweb.ucsd.edu/~voelker/pubs/eaas-ccs12.pdf
- 12. HOW LONG malicious? Source: Manufacturing compromise: The emergence of Exploit-as-a-service http://cseweb.ucsd.edu/~voelker/pubs/eaas-ccs12.pdf 2.5h average lifetime
- 13. HOW LONG malicious? Source: Manufacturing compromise: The emergence of Exploit-as-a-service http://cseweb.ucsd.edu/~voelker/pubs/eaas-ccs12.pdf 2.5h average lifetime44 daysaverage lifetime compromised?
- 14. Bussines model?
- 15. Hot topic
- 16. But…
- 17. Some questions… What website software is targeted? How are the websites compromised?
- 18. Some info… “Compromised websites: an owner’s perspective” (paper) Source: • http://www.stopbadware.org/files/compromised-websites-an-owners-perspective.pdf
- 21. Problem … Compromised web sites 44 days average lifetime
- 22. Due to… Lack of security awareness of Web owners
- 23. Example… Lack of security awareness of Web owners
- 25. What could we do? Promote a safer web? Spend money on web security audits? Webmasters help for hacked sites?
- 26. What could we do? Promote a safer web? Spend money on web security audits? Webmasters help for hacked sites?
- 27. What could we do? Promote a safer web? Spend money on web security audits? Webmasters help for hacked sites?
- 28. What could we do? Promote a safer web? Spend money on web security audits? Webmasters help for hacked sites?
- 29. Can we… Raise web security awareness
- 30. Would it be possible?... Raise web security awareness through an obtainable goal for every website?
- 31. Test time… Raise web security awareness (Proof of Concept)
- 33. Example
- 36. Example
- 39. Example
- 40. Example
- 43. Example
- 46. STATS:
- 50. Security awareness value BAD BETTER Apache/2.2.22(Unix) mod_ssl/2.2.22 OpenSSL/0.9.8e-fips-rhel5 PHP/4.3.10-22 Microsoft-IIS/6.0 MetaGenerator[Joomla! 1.5 Index-Of UncommonHeaders[x-varnish X-Frame-Options[SAMEORIGIN X-XSS-Protection[ cloudflare-nginx gws
- 52. Desenmascara.me features: • Show a security awareness value • Infrastructure details in plain words • Suspicious iframes • Check website blacklisted • Ranking best websites
- 53. Desenmascara.me wishlist: • Implement AI • More passive checks • Public stats • Public API • Open Source project?
- 54. Desenmascara.me wishlist: • Raise web security awareness • Decrease numbers of compromised websites
- 55. Desenmascara.me wishlist: • Raise web security awareness • Decrease numbers of compromised websites
- 56. THANK YOU ! Questions ? ecasbas
- 57. Thank you! “I’ve seen estimates that over 99% of all internet attacks could be prevented if the web systems administrators would just use the most current versions” Bruche Schneier on <Secrets & Lies> “Webmasters need to ensure that their websites are running good code that isn’t open to exploitation” Ian Fette, Google Security Team