Surviving the Internet in 2010

1,066 views

Published on

A decade ago, we began doing business over the web. Browsers and web servers became the building blocks of services and applications on the Internet. Web application security was a major concern in 2000, but little progress has been made to fix the problems. 2009 saw the underground cyber economy grow by leaps and bounds. Spam is a lucrative business. Writing exploits fetches real money. Large scale breaches of customer data are on the rise. You can purchase pay-per-hour DDoS attacks. The effectiveness of antivirus software has fallen well below acceptable levels. Today, it is impossible for an average user to "survive the web" without falling prey to scams or malware.

We need to take another look at the fundamental building blocks that deliver our web applications. Are browsers and protocols capable of delivering secure web applications? Standards have evolved, but without a focus on application security. In our quest for a slicker Web 2.0, have we compromised on fundamental security principles? Although there is no clear solution in sight, it is time that we start asking for what is really needed.

Published in: Technology
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
1,066
On SlideShare
0
From Embeds
0
Number of Embeds
39
Actions
Shares
0
Downloads
0
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

Surviving the Internet in 2010

  1. 1. Surviving the Internet in 2010<br />Saumil Shah<br />ceo, Net-Square<br />ITWeb - Johannesburg 2010<br />
  2. 2. # who am i<br />Saumil Shah, CEO Net-square<br />LinkedIn: saumilshah<br />A warm welcome to<br />
  3. 3. It is<br />How did we get here?<br />
  4. 4.
  5. 5.
  6. 6. LOOK AT ALL THE COOL STUFF!!<br />5<br />
  7. 7. 5<br />33%<br />MORE!<br />
  8. 8. 5<br />With JIT!Fights DEP, ASLR!<br />
  9. 9. 5<br />Worldwide coverage,<br />Hides your tracks.<br />
  10. 10. 5<br />...as never seen before!<br />
  11. 11. 5<br />GUARANTEED!!<br />Fresh new bugs,<br />Present on most computers<br />
  12. 12.
  13. 13.
  14. 14.
  15. 15.
  16. 16. I can haz sandbox<br />
  17. 17. A/V? HIPS? NIDS? HIDS? XXYY?<br />credit: twitter.com/j0emccray<br />
  18. 18.
  19. 19. Application Delivery<br />Authentication<br />Statefulness<br />Data Typing<br />Non-mutable<br />
  20. 20. Application Delivery<br />The Web<br />at present<br />Authentication<br />Statefulness<br />Data Typing<br />Non-mutable<br />HTTP<br />HTML<br />
  21. 21. Application Delivery<br />The Web<br />at present<br />Authentication<br />Statefulness<br />Data Typing<br />Non-mutable<br />HTTP<br />HTML<br />AJAX<br />Flash<br />Sandbox<br />HTML5<br />Anti-XSS<br />WAF<br />Silverlight<br />Web sockets<br />MIND THE GAP<br />
  22. 22. DEP bypass<br />ASLR bypass<br />A/V evasion<br />...<br />
  23. 23. High Tech vs. Low Tech<br />Acrobat LibTiff - CVE-2010-0188<br />Return Oriented Programming code<br />Escape-From-PDF<br />No fancy tricks<br />
  24. 24.
  25. 25.
  26. 26. It is happening NOW<br />
  27. 27. The Solution?<br />HTML 8.0<br />HTTP 2.0<br />Browser Security Model<br />Self Contained Apps<br />
  28. 28. kthxbai<br />www.net-square.com<br />secure . automate . innovate<br />

×