Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Practical security

561 views

Published on

Practical Security

Published in: Internet, Technology
  • Be the first to comment

  • Be the first to like this

Practical security

  1. 1. Practical Security Ron van der Molen Wizkunde Ron van der Molen 2014 - Wizkunde.nl
  2. 2. About me  Ron van der Molen  Father of a son, always learning  @RonvdMolen (twitter)  RonXS (IRC Freenode)  ron@wizkunde.nl  Wizkunde  My History Ron van der Molen 2014 - Wizkunde.nl
  3. 3. What is information security?  The practice of defending information from unauthorized access, use, disclosure, disruption, modification, perusal, inspection, recording or destruction  CIA  Confidentiality  Integrity  Availability Ron van der Molen 2014 - Wizkunde.nl
  4. 4. Impact of Information Security on WebDev  A rapid process, where innovation is one of the largest contradictions to information security  Building better, more stable, feature rich applications by implementing new tools/frameworks everyday, without knowing the full extent of knowledge that the developers have who are writing the code. Ron van der Molen 2014 - Wizkunde.nl
  5. 5. Impact of Information Security on WebDev  Use the tools to build code  Maintainable  Updateable  Reusable  Interchangeable  Educationable  This can also include secure, if the developers at hand, invest time in good coding practices and good security strategies Ron van der Molen 2014 - Wizkunde.nl
  6. 6. Most used attacks  Cross Site Scripting (XSS)  Cross Site Request Forgery (XSRF)  SQL Injection  Time Based Attacks  Sessions Fixation  Brute Forcing Ron van der Molen 2014 - Wizkunde.nl
  7. 7. Cross Site Scripting  Abusing the fact that a user trusts a website  Trusted content  Output is said to be genuine  Example Ron van der Molen 2014 - Wizkunde.nl
  8. 8. Cross-Site Request Forgery  Abusing the fact that a website trusts a browser  (Also called “reversed XSS”)  Example Ron van der Molen 2014 - Wizkunde.nl
  9. 9. SQL Injection  Abusing bad coding practises to inject SQL  Retreive information  Get unauthorized access  Damage the system  Example Ron van der Molen 2014 - Wizkunde.nl
  10. 10. Time Based Attacks  Profiling the system, to get data disclosure without needing explicit access to the software itself  Abusing facts or other security flaws get easier like this  Example Ron van der Molen 2014 - Wizkunde.nl
  11. 11. Session Fixation  Abusing another users session to get unauthorized access  Cookie Hijacking  XSS Scripting  Sometimes refered to as persistent XSS  Example Ron van der Molen 2014 - Wizkunde.nl
  12. 12. Bruteforcing  Send a huge amount of requests to the server, and force your way in by trial and error.  This can be more effective as you might think  In combination with time based attacks!  Example Ron van der Molen 2014 - Wizkunde.nl
  13. 13. More Attacks  Code Injection  Denial of Service (I.E. Syn Flooding)  Lower layer architectural attacks  Stack Overflow attacks  Heap Overflow attacks  Many many more known and unknown attacks! Ron van der Molen 2014 - Wizkunde.nl
  14. 14. Social Engineering What is it?  Using social skills, to change facts or hack and manipulate your way into a normally secured situation  Yes, its also social engineering if you manipulate or LIE to a person by changing facts to alter the outcome of a problem / situation Ron van der Molen 2014 - Wizkunde.nl
  15. 15. Social Engineering What is it?  Where is this an issue?  Everywhere!!!  Larger organisations  Inter organisation collaboration  So how does it work? Ron van der Molen 2014 - Wizkunde.nl
  16. 16. Social Engineering How does it work?  Psychology  Small Talk  Common Sense  Brutality  Insecurity / Uncertainty  Emotions Ron van der Molen 2014 - Wizkunde.nl
  17. 17. Social Engineering How does it work?  Reverse Psychology  The problem solver  The damsel in distress  Information by incentives  Random rewards to buy information  Discount websites to buy information Ron van der Molen 2014 - Wizkunde.nl
  18. 18. Social Engineering How does it work?  Toolkit of a social engineer  Guts  His mouth, you need to be able to talk  Knowing the targets habits  Social Media  Screen Reading  Sticky notes Ron van der Molen 2014 - Wizkunde.nl
  19. 19. Social Engineering Who does this?  Everybody, including you and me  Lie  Cheat  Manipulate  Self preservation Ron van der Molen 2014 - Wizkunde.nl
  20. 20. Social Engineering How is that even lucrative?  Information has value, and with value comes buyers  Kevin mitnick – The Art of Deception  Slot Machine example Ron van der Molen 2014 - Wizkunde.nl
  21. 21. Social Engineering How to prevent it?  Security through obscurity  Create security regulations for your company  Train employees on a regular basis  Assess your organisation by ethical hackers  It will not rule out Social Engineers! Ron van der Molen 2014 - Wizkunde.nl
  22. 22. Information Security  Dont overdo it! Ron van der Molen 2014 - Wizkunde.nl
  23. 23. Practical Security  What will you start doing tomorrow to improve?  Questions? Ron van der Molen 2014 - Wizkunde.nl

×