Hackers and developers are compared in the document. Hackers are described as skillful with deep technical understanding but often unsocial and focused on breaking systems. Developers are portrayed as true professionals who work with people to build applications and believe they can change the world. The document then provides examples of how hacking can look simple, such as cross-site scripting attacks on websites. It offers suggestions for prevention including input sanitization and access control. Later it discusses hacking in Node.js and risks of SQL and NoSQL injection. Finally it addresses how hacking and development skills could be applied for social good or security testing.
The security of an application is a continuous struggle between solid proactive controls and quality in SDLC versus human weakness and resource restrictions. As the pentester's experience confirms, unfortunatelly even in high-risk (e.g. banking) applications, developed by recognized vendors, the latter often wins - and we end up with critical vulnerabilities.
One of the primary reasons is lack of mechanisms enforcing secure code by default, as opposed to manual adding security per each function. Whenever the secure configuration is not default, there will almost inevitably be bugs, especially in complex systems.
I will pinpoint what should be taken into consideration in the architecture and design process of the application. I will show solutions that impose security in ways difficult to circumvent unintentionally by creative developers. I will also share with the audience the pentester's (=attacker's) perspective, and a few clever tricks that made the pentest
(=attack) painful, or just rendered the scenarios irrelevant.
Looking for Vulnerable Code. Vlad SavitskyVlad Savitsky
How to find vulnerable code in your Drupal project?
Different attacks and how to protect your site?
What to do if you find security problem in code/site?
Caution: This is a dated presentation; uploaded for reference. While the principles remain valid, specifics may have changed.
This presentation was made for software developers in Chandigarh - as a part of the NULL & OWASP Chandigarh Chapter activities.
It covers the basics of secure software development and secure coding using OWASP Top 10 as a broad guide.
AppSecCali - How Credential Stuffing is EvolvingJarrod Overson
This talk was given at AppSec California, January 2020.
Credential stuffing and other automated attacks are evolving passed every defense thrown in their way. CAPTCHAs don't work, Fingerprints don't work, Magical AI-whatevers don't work. The value is just too great.
The security of an application is a continuous struggle between solid proactive controls and quality in SDLC versus human weakness and resource restrictions. As the pentester's experience confirms, unfortunatelly even in high-risk (e.g. banking) applications, developed by recognized vendors, the latter often wins - and we end up with critical vulnerabilities.
One of the primary reasons is lack of mechanisms enforcing secure code by default, as opposed to manual adding security per each function. Whenever the secure configuration is not default, there will almost inevitably be bugs, especially in complex systems.
I will pinpoint what should be taken into consideration in the architecture and design process of the application. I will show solutions that impose security in ways difficult to circumvent unintentionally by creative developers. I will also share with the audience the pentester's (=attacker's) perspective, and a few clever tricks that made the pentest
(=attack) painful, or just rendered the scenarios irrelevant.
Looking for Vulnerable Code. Vlad SavitskyVlad Savitsky
How to find vulnerable code in your Drupal project?
Different attacks and how to protect your site?
What to do if you find security problem in code/site?
Caution: This is a dated presentation; uploaded for reference. While the principles remain valid, specifics may have changed.
This presentation was made for software developers in Chandigarh - as a part of the NULL & OWASP Chandigarh Chapter activities.
It covers the basics of secure software development and secure coding using OWASP Top 10 as a broad guide.
AppSecCali - How Credential Stuffing is EvolvingJarrod Overson
This talk was given at AppSec California, January 2020.
Credential stuffing and other automated attacks are evolving passed every defense thrown in their way. CAPTCHAs don't work, Fingerprints don't work, Magical AI-whatevers don't work. The value is just too great.
This talk walks through the basics of web security without focussing too much on the particular tools that you choose. The concepts are universal, although most examples will be in Perl. We'll also look at various attack vectors (SQL Injection, XSS, CSRF, and more) and see how you can avoid them. Whether you're an experienced web developer (we all need reminding) or just starting out, this talk can help avoid being the next easy harvest of The Bad Guys.
The security of an application is a continuous struggle between solid proactive controls and quality in SDLC versus human weakness and resource restrictions. As the pentester's experience confirms, unfortunatelly even in high-risk (e.g. banking) applications, developed by recognized vendors, the latter often wins - and we end up with critical vulnerabilities.
One of the primary reasons is lack of mechanisms enforcing secure code by default, as opposed to manual adding security per each function. Whenever the secure configuration is not default, there will almost inevitably be bugs, especially in complex systems. I will pinpoint what should be taken into consideration in the architecture and design process of the application. I will show solutions that impose security in ways difficult to circumvent unintentionally by creative developers. I will also share with the audience the pentester's (=attacker's) perspective, and a few clever tricks that made the pentest (=attack) painful, or just rendered the scenarios irrelevant.
Drupal core is a secure product, but how secure are contrib modules? And custom ones?
This session is about proper use of the drupal api's and some best practices for secure drupal development.
A pragmatic approach to different SQL Injection techniques such as Stacked statements, Tautology based, Union based, Error based, Second Order and Blind SQL Injection coherently explaining the path behind these attacks including tips and tricks to make them more likely to work in real life.
Also I will show you ways to avoid weak defenses as black listing and quote filtering as well as how privilege escalation may take place from this sort of vulnerabilities.
There will be a live demonstration where you can catch on some handy tools and actually see blind sql injection working efficiently with the latest techniques showing you why this type of SQL injection shouldn't be taken any less seriously than any other.
Finally, a word on countermeasures and real solutions to prevent these attacks, what you should do and what you should not.
http://videos.sapo.pt/ZvwITnTBMzD8HYvEZrov (video)
Few developers pay attention to security, in spite of the unstoppable tide of security defects in code. Big money is being spent by governments to buy bugs, and exploits have become a new class of weapon in the arsenal of militaries around the world. It is high time that developers pay attention. In these slides, Coverity CTO & co-founder Andy Chou presents a model for how developers can begin to think about security, including some of the most common types of weaknesses that are still plaguing our applications. For each weakness, a concrete code example helps illustrate the bug and what to do about it. From there, he goes up a level and discuss why developers need to begin to "own security" and change the culture from within in order to make a dent in the security problems we face.
Full-RAG: A modern architecture for hyper-personalizationZilliz
Mike Del Balso, CEO & Co-Founder at Tecton, presents "Full RAG," a novel approach to AI recommendation systems, aiming to push beyond the limitations of traditional models through a deep integration of contextual insights and real-time data, leveraging the Retrieval-Augmented Generation architecture. This talk will outline Full RAG's potential to significantly enhance personalization, address engineering challenges such as data management and model training, and introduce data enrichment with reranking as a key solution. Attendees will gain crucial insights into the importance of hyperpersonalization in AI, the capabilities of Full RAG for advanced personalization, and strategies for managing complex data integrations for deploying cutting-edge AI solutions.
GridMate - End to end testing is a critical piece to ensure quality and avoid...ThomasParaiso2
End to end testing is a critical piece to ensure quality and avoid regressions. In this session, we share our journey building an E2E testing pipeline for GridMate components (LWC and Aura) using Cypress, JSForce, FakerJS…
This talk walks through the basics of web security without focussing too much on the particular tools that you choose. The concepts are universal, although most examples will be in Perl. We'll also look at various attack vectors (SQL Injection, XSS, CSRF, and more) and see how you can avoid them. Whether you're an experienced web developer (we all need reminding) or just starting out, this talk can help avoid being the next easy harvest of The Bad Guys.
The security of an application is a continuous struggle between solid proactive controls and quality in SDLC versus human weakness and resource restrictions. As the pentester's experience confirms, unfortunatelly even in high-risk (e.g. banking) applications, developed by recognized vendors, the latter often wins - and we end up with critical vulnerabilities.
One of the primary reasons is lack of mechanisms enforcing secure code by default, as opposed to manual adding security per each function. Whenever the secure configuration is not default, there will almost inevitably be bugs, especially in complex systems. I will pinpoint what should be taken into consideration in the architecture and design process of the application. I will show solutions that impose security in ways difficult to circumvent unintentionally by creative developers. I will also share with the audience the pentester's (=attacker's) perspective, and a few clever tricks that made the pentest (=attack) painful, or just rendered the scenarios irrelevant.
Drupal core is a secure product, but how secure are contrib modules? And custom ones?
This session is about proper use of the drupal api's and some best practices for secure drupal development.
A pragmatic approach to different SQL Injection techniques such as Stacked statements, Tautology based, Union based, Error based, Second Order and Blind SQL Injection coherently explaining the path behind these attacks including tips and tricks to make them more likely to work in real life.
Also I will show you ways to avoid weak defenses as black listing and quote filtering as well as how privilege escalation may take place from this sort of vulnerabilities.
There will be a live demonstration where you can catch on some handy tools and actually see blind sql injection working efficiently with the latest techniques showing you why this type of SQL injection shouldn't be taken any less seriously than any other.
Finally, a word on countermeasures and real solutions to prevent these attacks, what you should do and what you should not.
http://videos.sapo.pt/ZvwITnTBMzD8HYvEZrov (video)
Few developers pay attention to security, in spite of the unstoppable tide of security defects in code. Big money is being spent by governments to buy bugs, and exploits have become a new class of weapon in the arsenal of militaries around the world. It is high time that developers pay attention. In these slides, Coverity CTO & co-founder Andy Chou presents a model for how developers can begin to think about security, including some of the most common types of weaknesses that are still plaguing our applications. For each weakness, a concrete code example helps illustrate the bug and what to do about it. From there, he goes up a level and discuss why developers need to begin to "own security" and change the culture from within in order to make a dent in the security problems we face.
Full-RAG: A modern architecture for hyper-personalizationZilliz
Mike Del Balso, CEO & Co-Founder at Tecton, presents "Full RAG," a novel approach to AI recommendation systems, aiming to push beyond the limitations of traditional models through a deep integration of contextual insights and real-time data, leveraging the Retrieval-Augmented Generation architecture. This talk will outline Full RAG's potential to significantly enhance personalization, address engineering challenges such as data management and model training, and introduce data enrichment with reranking as a key solution. Attendees will gain crucial insights into the importance of hyperpersonalization in AI, the capabilities of Full RAG for advanced personalization, and strategies for managing complex data integrations for deploying cutting-edge AI solutions.
GridMate - End to end testing is a critical piece to ensure quality and avoid...ThomasParaiso2
End to end testing is a critical piece to ensure quality and avoid regressions. In this session, we share our journey building an E2E testing pipeline for GridMate components (LWC and Aura) using Cypress, JSForce, FakerJS…
In the rapidly evolving landscape of technologies, XML continues to play a vital role in structuring, storing, and transporting data across diverse systems. The recent advancements in artificial intelligence (AI) present new methodologies for enhancing XML development workflows, introducing efficiency, automation, and intelligent capabilities. This presentation will outline the scope and perspective of utilizing AI in XML development. The potential benefits and the possible pitfalls will be highlighted, providing a balanced view of the subject.
We will explore the capabilities of AI in understanding XML markup languages and autonomously creating structured XML content. Additionally, we will examine the capacity of AI to enrich plain text with appropriate XML markup. Practical examples and methodological guidelines will be provided to elucidate how AI can be effectively prompted to interpret and generate accurate XML markup.
Further emphasis will be placed on the role of AI in developing XSLT, or schemas such as XSD and Schematron. We will address the techniques and strategies adopted to create prompts for generating code, explaining code, or refactoring the code, and the results achieved.
The discussion will extend to how AI can be used to transform XML content. In particular, the focus will be on the use of AI XPath extension functions in XSLT, Schematron, Schematron Quick Fixes, or for XML content refactoring.
The presentation aims to deliver a comprehensive overview of AI usage in XML development, providing attendees with the necessary knowledge to make informed decisions. Whether you’re at the early stages of adopting AI or considering integrating it in advanced XML development, this presentation will cover all levels of expertise.
By highlighting the potential advantages and challenges of integrating AI with XML development tools and languages, the presentation seeks to inspire thoughtful conversation around the future of XML development. We’ll not only delve into the technical aspects of AI-powered XML development but also discuss practical implications and possible future directions.
In his public lecture, Christian Timmerer provides insights into the fascinating history of video streaming, starting from its humble beginnings before YouTube to the groundbreaking technologies that now dominate platforms like Netflix and ORF ON. Timmerer also presents provocative contributions of his own that have significantly influenced the industry. He concludes by looking at future challenges and invites the audience to join in a discussion.
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AIVladimir Iglovikov, Ph.D.
Presented by Vladimir Iglovikov:
- https://www.linkedin.com/in/iglovikov/
- https://x.com/viglovikov
- https://www.instagram.com/ternaus/
This presentation delves into the journey of Albumentations.ai, a highly successful open-source library for data augmentation.
Created out of a necessity for superior performance in Kaggle competitions, Albumentations has grown to become a widely used tool among data scientists and machine learning practitioners.
This case study covers various aspects, including:
People: The contributors and community that have supported Albumentations.
Metrics: The success indicators such as downloads, daily active users, GitHub stars, and financial contributions.
Challenges: The hurdles in monetizing open-source projects and measuring user engagement.
Development Practices: Best practices for creating, maintaining, and scaling open-source libraries, including code hygiene, CI/CD, and fast iteration.
Community Building: Strategies for making adoption easy, iterating quickly, and fostering a vibrant, engaged community.
Marketing: Both online and offline marketing tactics, focusing on real, impactful interactions and collaborations.
Mental Health: Maintaining balance and not feeling pressured by user demands.
Key insights include the importance of automation, making the adoption process seamless, and leveraging offline interactions for marketing. The presentation also emphasizes the need for continuous small improvements and building a friendly, inclusive community that contributes to the project's growth.
Vladimir Iglovikov brings his extensive experience as a Kaggle Grandmaster, ex-Staff ML Engineer at Lyft, sharing valuable lessons and practical advice for anyone looking to enhance the adoption of their open-source projects.
Explore more about Albumentations and join the community at:
GitHub: https://github.com/albumentations-team/albumentations
Website: https://albumentations.ai/
LinkedIn: https://www.linkedin.com/company/100504475
Twitter: https://x.com/albumentations
How to Get CNIC Information System with Paksim Ga.pptxdanishmna97
Pakdata Cf is a groundbreaking system designed to streamline and facilitate access to CNIC information. This innovative platform leverages advanced technology to provide users with efficient and secure access to their CNIC details.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionAggregage
Join Maher Hanafi, VP of Engineering at Betterworks, in this new session where he'll share a practical framework to transform Gen AI prototypes into impactful products! He'll delve into the complexities of data collection and management, model selection and optimization, and ensuring security, scalability, and responsible use.
Essentials of Automations: The Art of Triggers and Actions in FMESafe Software
In this second installment of our Essentials of Automations webinar series, we’ll explore the landscape of triggers and actions, guiding you through the nuances of authoring and adapting workspaces for seamless automations. Gain an understanding of the full spectrum of triggers and actions available in FME, empowering you to enhance your workspaces for efficient automation.
We’ll kick things off by showcasing the most commonly used event-based triggers, introducing you to various automation workflows like manual triggers, schedules, directory watchers, and more. Plus, see how these elements play out in real scenarios.
Whether you’re tweaking your current setup or building from the ground up, this session will arm you with the tools and insights needed to transform your FME usage into a powerhouse of productivity. Join us to discover effective strategies that simplify complex processes, enhancing your productivity and transforming your data management practices with FME. Let’s turn complexity into clarity and make your workspaces work wonders!
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!SOFTTECHHUB
As the digital landscape continually evolves, operating systems play a critical role in shaping user experiences and productivity. The launch of Nitrux Linux 3.5.0 marks a significant milestone, offering a robust alternative to traditional systems such as Windows 11. This article delves into the essence of Nitrux Linux 3.5.0, exploring its unique features, advantages, and how it stands as a compelling choice for both casual users and tech enthusiasts.
Unlocking Productivity: Leveraging the Potential of Copilot in Microsoft 365, a presentation by Christoforos Vlachos, Senior Solutions Manager – Modern Workplace, Uni Systems
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024Neo4j
Neha Bajwa, Vice President of Product Marketing, Neo4j
Join us as we explore breakthrough innovations enabled by interconnected data and AI. Discover firsthand how organizations use relationships in data to uncover contextual insights and solve our most pressing challenges – from optimizing supply chains, detecting fraud, and improving customer experiences to accelerating drug discoveries.
Pushing the limits of ePRTC: 100ns holdover for 100 daysAdtran
At WSTS 2024, Alon Stern explored the topic of parametric holdover and explained how recent research findings can be implemented in real-world PNT networks to achieve 100 nanoseconds of accuracy for up to 100 days.
A tale of scale & speed: How the US Navy is enabling software delivery from l...sonjaschweigert1
Rapid and secure feature delivery is a goal across every application team and every branch of the DoD. The Navy’s DevSecOps platform, Party Barge, has achieved:
- Reduction in onboarding time from 5 weeks to 1 day
- Improved developer experience and productivity through actionable findings and reduction of false positives
- Maintenance of superior security standards and inherent policy enforcement with Authorization to Operate (ATO)
Development teams can ship efficiently and ensure applications are cyber ready for Navy Authorizing Officials (AOs). In this webinar, Sigma Defense and Anchore will give attendees a look behind the scenes and demo secure pipeline automation and security artifacts that speed up application ATO and time to production.
We will cover:
- How to remove silos in DevSecOps
- How to build efficient development pipeline roles and component templates
- How to deliver security artifacts that matter for ATO’s (SBOMs, vulnerability reports, and policy evidence)
- How to streamline operations with automated policy checks on container images
Building RAG with self-deployed Milvus vector database and Snowpark Container...Zilliz
This talk will give hands-on advice on building RAG applications with an open-source Milvus database deployed as a docker container. We will also introduce the integration of Milvus with Snowpark Container Services.
2. Introduction
Player 1 :
Hackers
Expert: Skillful, with detailed understanding
of some area deeply, often scarily deeply.
Unsocial: Don’t want to come out of the shell.
Breaker: Hack Apps
Cool: People think that they are cool and they
think they are Awesome.
Super Power: They believe that they can be
"Masters of the Universe"
#sitWDF
Controller: Can use lot of Systems and
Languages and get them talk to each other.
Social: True and broad professionals, work
with people and communicate well
Builder: Create Apps
Boring: There are other more important
things in life than just coding.
Super Power: They believe they can change
this World.
Player 2 :
Developers
VS
8. Hacking looks ‘Simple’
#sitWDF
XSS - Cross Site Scripting
JavaScript's Built-In Function(s)
replace (JS String replace Method): returns a string after a pattern
http://www.zaobao.com.sg/search/site/"xxxxxxxx'yyyyy</img
Possibilities:
http://www.zaobao.com.sg/search/site/"-confirm(1)-"
http://www.zaobao.com.sg/search/site/");confirm(1);("
http://www.zaobao.com.sg/search/site/");confirm(1);// (does not work because // is filtered)
10. Easy Rules
#sitWDF
Preventions
• XSS (Cross Site Scripting) Prevention Cheat Sheet from OWASP
• HTML5 Security Clean Sheet
• Secure Coding Practice Guidelines
• Use Clean URL's: https://www.site.com/news.php?id=1337 is way more tempting than
https://www.site.com/news/some-news-or-today
• Sanitize Inputs: Must for XSS
• Controlling Access Control: http://www.site.com/phpmyadmin gave us access to comple
te database! No injection, nothing
• Validation on Input.
• Use White-Listing
• Switch-Off Errors.
11. Easy Rules
#sitWDF
Remember
“Successful hackers are not just good at hacking. What makes a great hacker successful is
that they are excellent at understanding human nature.”
( Developers love their code, just like its their child. )
“Do not trust anything ever, specially when it comes to user input.”
“Security is about layers. It has to be because no single layer can be guaranteed to actually be
secure”
Security is nothing but an ILLUSION.
14. Hacking looks ‘Simple’
Even for
#sitWDF
Breaking SuccessFactors's XSS Filter
'-confirm(1)-' was enough to break SAP's SuccessFactors's XSS filter and were able to
make hundreds of web applications vulnerable ...
https://jobs.sap.com/talentcommunity/login/?returnurl="xxxxxxxx'yyyyy</img
Possibilities:
• </script><script>alert(1)</script>
• '-confirm(1)-'
15. Hacking looks ‘Simple’
Even for
#sitWDF
Breaking SuccessFactors's XSS Filter
https://jobs.sap.com/talentcommunity/login/?returnurl=</script><script>alert(1)</script>
Next Vector: <img src=x onerror=alert(1)>
16. Hacking looks ‘Simple’
Even for
#sitWDF
Breaking SuccessFactors's XSS Filter
Next Vector: <img src=x onerror=confirm(1)>
Next Vector: <a href=javascript:confirm(1)>click</a>
17. Hacking looks ‘Simple’
Even for
#sitWDF
Breaking SuccessFactors's XSS Filter
Next Vectors:
• <p onmouseover=prompt(1)>IamParagraph</p>
• <details ontoggle=confirm(1)>
• <input type=search onsearch=confirm(1)>
24. Hacking in Node.js
#sitWDF
Off Course XSS
Improper parsing of nested tags and Incomplete filtering of javascript: URIs
<s <onmouseover="alert(1)"> <s onmouseover="alert(1)">This is a test</s>
<a href="javascriptJ a V a S c R iPt::alert(1)" "<s>">test</a>
(With any Encoding)
25. Hacking in Node.js
#sitWDF
Server Side JavaScript Injection
Simple JS Command:
response.end(“Ended Response”);
[pid 25170] execve("/bin/sh", ["/bin/sh", "-c", "ls -l user input"],
26. Hacking in Node.js
#sitWDF
SQL and NoSQL Injection
Classic SQL Injection Bypass
SELECT * FROM users WHERE username = '$username' AND password = '$password‘
(SELECT * FROM users WHERE username = '' or 1=1--' AND password = '‘)
select author from books where id=$id -> (select author from books where id=2 or 1=1)
Statement stmt = conn.createStatement("INSERT INTO students VALUES('" + user + "')");
stmt.execute();
(Robert'); DROP TABLE students; --)
db.users.find({username: username, password: password}); (NoSQL)
{ "username": {"$gt": ""},
"password": {"$gt": ""} }
27. Secure Node.js
#sitWDF
Protection
XSS Prevention
• Sanitize untrusted HTML
http://jsxss.com/en/index.html
https://github.com/theSmaw/Caja-HTML-Sanitizer
https://www.owasp.org/index.php/Projects/OWASP_Node_js_Goat_Project
SSJSI Prevention
• Substitution of the eval() with the JSON.parse() function, the code is no longer injectable
• Use child_process.execFile or child_process.spawn instead of child_process.exec
28. Secure Node.js
#sitWDF
Protection
SQL and NoSQL Injection Prevention
• Using Parameterize SQL
var q = 'SELECT name FROM books WHERE id = $1'; client.query(q, ['3'], function(err, result) {});
• PreparedStatements avoid/prevent SQL Injection
Statement stmt = conn.prepareStatement("INSERT INTO student VALUES(?)");
stmt.setString(1, user);
stmt.execute();
(Use the $in Operator to Match Values)
db.users.find({user: { $in: [user] }, pass: { $in: [pass] }}); (NoSQL)
30. Positive Side
• Social Good: find solution for social benefit, operations and emergencies
• Penetration Testing: to find vulnerabilities that an attacker could exploit
• open-source: much of this open-source code is produced, tested and
improved by hackers, usually like hackathons
#sitWDF
Good Cause
31. Negative Side
• Corruption of government officials (58.0%)
• Cyber-terrorism (44.8%)
• Corporate tracking of personal information (44.6%)
• Terrorist attacks (44.4%)
• Government tracking of personal information (41.4%)
• Bio-warfare (40.9%)
• Identity theft (39.6%)
• Economic collapse (39.2%)
• Running out of money in the future (37.4%)
• Credit card fraud (36.9%)
• Source: Chapman University
#sitWDF
Top 10 fears of 2015