SlideShare a Scribd company logo
1 of 88
Download to read offline
 
 
 
 
 
 
 
 
 
 
 
 
“ One intrusion set [hacker attack], not the most prolific, we see pulling data out globally that is  50 times greater than Wikileaks  ever day. ”   General Keith B. Alexander,  USA, Commander, U.S. Cyber Command
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
"French espionage is so widespread that the damages (it causes) the German economy are larger as a whole than those caused by China or Russia." an undated note from the US embassy in Berlin said, according to a Norwegian translation by Aftenposten.
 
 
 
 
 
"It [cyber-attack] could theoretically cause a loss of life, but also a huge economic loss. ” Janet Napolitano Department of Homeland Security Chief
 
 
 
 
 
“ This summer a significant attempt on the Foreign Office system was foiled. These are attacks on our national interest. They are unacceptable. And we will respond to them as robustly as we do any other national security threat. ” David Cameron, UK Prime Minister
“ When warranted, we will respond to hostile acts in cyberspace as we would to any other threat to our country. ”   Department of Defense  Cyberspace Policy Report (Nov. 2011)
 
 
 
“ China is playing by different rules. One, they are stealing intellectual property. Number two, they're hacking into our computer systems, both government and corporate. ” Mitt Romney
 
 
 
 
“ Rogers has actually spoken with executives from some of the American businesses hit by cyberattacks, and he says stolen intellectual property from just one hi-tech company cost them billions of dollars in research and revenue as well as thousands of U.S. jobs. ”   The Chairman of the House Intelligence Committee Republican Rep. Mike Rogers of Michigan
 
 
 
 
 
 
 
 
 
"When nations steal terabytes of information  our nation suffers for 20, 30, 40 years . ”   (Retired) Lt. Gen. Steven Boutelle Former U.S. Army's Chief Information Officer
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
Builders Those who develop of secure code. Breakers Those who locate vulnerabilities in written code.  Defenders Those who fend off active website attacks. The biggest problem in application security today… The need for qualified people.
Builders Gary McGraw (CTO, Cigital) says roughly 1% of all programmers should be software security pros, or “Builders” in our case. Gary, through a project called BSIMM, arrived at 1% by surveying dozens of software security programs among large companies and measuring what they do. Worldwide programmer population:   17 million We’ll need  170,000  “Builders”
Breakers We’ll use a ratio of 1 “breaker” per to 100 websites. This ratio comes from internal metrics at WhiteHat Security generated from assessment conducted over the last 8 years and encompassing more than 5,000 websites. “ Important” (SSL) website population:   1.2 million We’ll need  12,000  “Breakers”  Out of 550 million total websites that should be assessed continuously for vulnerabilities.
Defenders No idea how to begin to estimate the Defender need, but it’ll be in the tens of thousands at least. Considering the vast number of website assets that must be protected, the 1 billion online users who someone needs to ensure are playing nice, and monitoring the serious volume of Web traffic they generate. ?
Hack  Yourself  First

More Related Content

What's hot

Cyber War ( World War 3 )
Cyber War ( World War 3 )Cyber War ( World War 3 )
Cyber War ( World War 3 )Sameer Paradia
 
6 Cybersecurity Trends to Watch in 2019
6 Cybersecurity Trends to Watch in 20196 Cybersecurity Trends to Watch in 2019
6 Cybersecurity Trends to Watch in 2019BluePayProcessing
 
Cyber Crime Seminar Jan 2015
Cyber Crime Seminar Jan 2015Cyber Crime Seminar Jan 2015
Cyber Crime Seminar Jan 2015Kevin Murphy
 
Hacking Municipal Government Best Practices for Protection of Sensitive Loc...
Hacking Municipal Government  Best Practices for Protection of  Sensitive Loc...Hacking Municipal Government  Best Practices for Protection of  Sensitive Loc...
Hacking Municipal Government Best Practices for Protection of Sensitive Loc...Ben Griffith
 
Securing Cyber Space- Eljay Robertson
Securing Cyber Space- Eljay RobertsonSecuring Cyber Space- Eljay Robertson
Securing Cyber Space- Eljay RobertsonEljay Robertson
 
BSides Delhi-2018 Keynote by Pukhraj Singh (Politics & Power in Cybersecurity)
BSides Delhi-2018 Keynote by Pukhraj Singh (Politics & Power in Cybersecurity)BSides Delhi-2018 Keynote by Pukhraj Singh (Politics & Power in Cybersecurity)
BSides Delhi-2018 Keynote by Pukhraj Singh (Politics & Power in Cybersecurity)Pukhraj Singh
 
Synergy in Joint Cyber Operations - Indian National Defence University & HQ I...
Synergy in Joint Cyber Operations - Indian National Defence University & HQ I...Synergy in Joint Cyber Operations - Indian National Defence University & HQ I...
Synergy in Joint Cyber Operations - Indian National Defence University & HQ I...Pukhraj Singh
 
Why Are We Being Watched?
Why Are We Being Watched?Why Are We Being Watched?
Why Are We Being Watched?Crystal Miller
 
Digital Security
Digital SecurityDigital Security
Digital SecurityCASTAC01
 
Information Security – Review Of 2008 And 2009 97 2003
Information Security – Review Of 2008 And 2009 97 2003Information Security – Review Of 2008 And 2009 97 2003
Information Security – Review Of 2008 And 2009 97 2003Graeme Payne
 
Pukhraj Singh - Keynote - ITWeb Security Summit-2019, Johannesburg, South Africa
Pukhraj Singh - Keynote - ITWeb Security Summit-2019, Johannesburg, South AfricaPukhraj Singh - Keynote - ITWeb Security Summit-2019, Johannesburg, South Africa
Pukhraj Singh - Keynote - ITWeb Security Summit-2019, Johannesburg, South AfricaPukhraj Singh
 
DefendEdge - Negotiating Ransomware
DefendEdge - Negotiating RansomwareDefendEdge - Negotiating Ransomware
DefendEdge - Negotiating RansomwareCSNP
 
F5 Networks Hacktivism Focus Group
F5 Networks Hacktivism Focus GroupF5 Networks Hacktivism Focus Group
F5 Networks Hacktivism Focus GroupF5 Networks
 

What's hot (18)

Cyber War ( World War 3 )
Cyber War ( World War 3 )Cyber War ( World War 3 )
Cyber War ( World War 3 )
 
6 Cybersecurity Trends to Watch in 2019
6 Cybersecurity Trends to Watch in 20196 Cybersecurity Trends to Watch in 2019
6 Cybersecurity Trends to Watch in 2019
 
Judgement Day - Slovakia
Judgement Day  - SlovakiaJudgement Day  - Slovakia
Judgement Day - Slovakia
 
Cyber Crime Seminar Jan 2015
Cyber Crime Seminar Jan 2015Cyber Crime Seminar Jan 2015
Cyber Crime Seminar Jan 2015
 
Hacking Municipal Government Best Practices for Protection of Sensitive Loc...
Hacking Municipal Government  Best Practices for Protection of  Sensitive Loc...Hacking Municipal Government  Best Practices for Protection of  Sensitive Loc...
Hacking Municipal Government Best Practices for Protection of Sensitive Loc...
 
Cyberwarfare
CyberwarfareCyberwarfare
Cyberwarfare
 
Cyberterrorism: The Security of Critical Infrastructure and Public Places in ...
Cyberterrorism: The Security of Critical Infrastructure and Public Places in ...Cyberterrorism: The Security of Critical Infrastructure and Public Places in ...
Cyberterrorism: The Security of Critical Infrastructure and Public Places in ...
 
Securing Cyber Space- Eljay Robertson
Securing Cyber Space- Eljay RobertsonSecuring Cyber Space- Eljay Robertson
Securing Cyber Space- Eljay Robertson
 
BSides Delhi-2018 Keynote by Pukhraj Singh (Politics & Power in Cybersecurity)
BSides Delhi-2018 Keynote by Pukhraj Singh (Politics & Power in Cybersecurity)BSides Delhi-2018 Keynote by Pukhraj Singh (Politics & Power in Cybersecurity)
BSides Delhi-2018 Keynote by Pukhraj Singh (Politics & Power in Cybersecurity)
 
Synergy in Joint Cyber Operations - Indian National Defence University & HQ I...
Synergy in Joint Cyber Operations - Indian National Defence University & HQ I...Synergy in Joint Cyber Operations - Indian National Defence University & HQ I...
Synergy in Joint Cyber Operations - Indian National Defence University & HQ I...
 
Cyber Security and The Cloud
Cyber Security and The CloudCyber Security and The Cloud
Cyber Security and The Cloud
 
Why Are We Being Watched?
Why Are We Being Watched?Why Are We Being Watched?
Why Are We Being Watched?
 
Digital Security
Digital SecurityDigital Security
Digital Security
 
Information Security – Review Of 2008 And 2009 97 2003
Information Security – Review Of 2008 And 2009 97 2003Information Security – Review Of 2008 And 2009 97 2003
Information Security – Review Of 2008 And 2009 97 2003
 
Cyber crime
Cyber crimeCyber crime
Cyber crime
 
Pukhraj Singh - Keynote - ITWeb Security Summit-2019, Johannesburg, South Africa
Pukhraj Singh - Keynote - ITWeb Security Summit-2019, Johannesburg, South AfricaPukhraj Singh - Keynote - ITWeb Security Summit-2019, Johannesburg, South Africa
Pukhraj Singh - Keynote - ITWeb Security Summit-2019, Johannesburg, South Africa
 
DefendEdge - Negotiating Ransomware
DefendEdge - Negotiating RansomwareDefendEdge - Negotiating Ransomware
DefendEdge - Negotiating Ransomware
 
F5 Networks Hacktivism Focus Group
F5 Networks Hacktivism Focus GroupF5 Networks Hacktivism Focus Group
F5 Networks Hacktivism Focus Group
 

Viewers also liked

Viewers also liked (7)

Window of Art
Window of ArtWindow of Art
Window of Art
 
Apresentação connected smart cities-jcc
Apresentação connected smart cities-jccApresentação connected smart cities-jcc
Apresentação connected smart cities-jcc
 
Walkovszky
WalkovszkyWalkovszky
Walkovszky
 
Wallowsky
WallowskyWallowsky
Wallowsky
 
Costa Vasca
Costa VascaCosta Vasca
Costa Vasca
 
Walkovszky
WalkovszkyWalkovszky
Walkovszky
 
undefined
undefinedundefined
undefined
 

Similar to Web Breaches in 2011-“This is Becoming Hourly News and Totally Ridiculous"

December ISSA Meeting Executive Security Presentation
December ISSA Meeting   Executive Security PresentationDecember ISSA Meeting   Executive Security Presentation
December ISSA Meeting Executive Security Presentationwhmillerjr
 
Cyber(in)security: systemic risks and responses
Cyber(in)security: systemic risks and responsesCyber(in)security: systemic risks and responses
Cyber(in)security: systemic risks and responsesblogzilla
 
Systemic cybersecurity risk
Systemic cybersecurity riskSystemic cybersecurity risk
Systemic cybersecurity riskblogzilla
 
Cybersecurity 2020 the biggest threats to watch out for
Cybersecurity 2020 the biggest threats to watch out forCybersecurity 2020 the biggest threats to watch out for
Cybersecurity 2020 the biggest threats to watch out forCigniti Technologies Ltd
 
Cybersecurity Awareness- Libya' 1st Cybersecurity Days Conference (CDC)
Cybersecurity Awareness- Libya' 1st Cybersecurity Days Conference (CDC)Cybersecurity Awareness- Libya' 1st Cybersecurity Days Conference (CDC)
Cybersecurity Awareness- Libya' 1st Cybersecurity Days Conference (CDC)Esam Abulkhirat
 
Cyber Risk in Real Estate Sales - Workshop Presentation
Cyber Risk in Real Estate Sales - Workshop PresentationCyber Risk in Real Estate Sales - Workshop Presentation
Cyber Risk in Real Estate Sales - Workshop PresentationBrad Deflin
 
HE Mag_New Cyber Threats_ITSource
HE Mag_New Cyber Threats_ITSourceHE Mag_New Cyber Threats_ITSource
HE Mag_New Cyber Threats_ITSourceBrian Arellanes
 
AECF: A Look into Cyber Crime - Doomsday Preppers for the Naked and Afraid
AECF: A Look into Cyber Crime - Doomsday Preppers for the Naked and AfraidAECF: A Look into Cyber Crime - Doomsday Preppers for the Naked and Afraid
AECF: A Look into Cyber Crime - Doomsday Preppers for the Naked and AfraidPhil Agcaoili
 
1. security 20 20 - ebook-vol2
1. security 20 20 - ebook-vol21. security 20 20 - ebook-vol2
1. security 20 20 - ebook-vol2Adela Cocic
 
Cyber Security Report 2019
Cyber Security Report 2019Cyber Security Report 2019
Cyber Security Report 2019Omar Bshara
 
54 Chapter 1 • The Threat EnvironmentFIGURE 1-18 Cyberwar .docx
54 Chapter 1 • The Threat EnvironmentFIGURE 1-18 Cyberwar .docx54 Chapter 1 • The Threat EnvironmentFIGURE 1-18 Cyberwar .docx
54 Chapter 1 • The Threat EnvironmentFIGURE 1-18 Cyberwar .docxalinainglis
 
Analytics cybersecurity-predictions-2016
Analytics cybersecurity-predictions-2016Analytics cybersecurity-predictions-2016
Analytics cybersecurity-predictions-2016Jeremy Dormand
 
Top 12 Predictions from Leading Cybersecurity Experts
Top 12 Predictions from Leading Cybersecurity ExpertsTop 12 Predictions from Leading Cybersecurity Experts
Top 12 Predictions from Leading Cybersecurity ExpertsVincent Bellamy
 
Rp economic-impact-cybercrime2
Rp economic-impact-cybercrime2Rp economic-impact-cybercrime2
Rp economic-impact-cybercrime2Marcio Kanamaru
 
Cyber Security for Oil and Gas
Cyber Security for Oil and Gas Cyber Security for Oil and Gas
Cyber Security for Oil and Gas mariaidga
 

Similar to Web Breaches in 2011-“This is Becoming Hourly News and Totally Ridiculous" (20)

Terrorist Cyber Attacks
Terrorist Cyber AttacksTerrorist Cyber Attacks
Terrorist Cyber Attacks
 
December ISSA Meeting Executive Security Presentation
December ISSA Meeting   Executive Security PresentationDecember ISSA Meeting   Executive Security Presentation
December ISSA Meeting Executive Security Presentation
 
Cyber(in)security: systemic risks and responses
Cyber(in)security: systemic risks and responsesCyber(in)security: systemic risks and responses
Cyber(in)security: systemic risks and responses
 
Systemic cybersecurity risk
Systemic cybersecurity riskSystemic cybersecurity risk
Systemic cybersecurity risk
 
220715_Cybersecurity: What's at stake?
220715_Cybersecurity: What's at stake?220715_Cybersecurity: What's at stake?
220715_Cybersecurity: What's at stake?
 
Cybersecurity 2020 the biggest threats to watch out for
Cybersecurity 2020 the biggest threats to watch out forCybersecurity 2020 the biggest threats to watch out for
Cybersecurity 2020 the biggest threats to watch out for
 
Cybersecurity Awareness- Libya' 1st Cybersecurity Days Conference (CDC)
Cybersecurity Awareness- Libya' 1st Cybersecurity Days Conference (CDC)Cybersecurity Awareness- Libya' 1st Cybersecurity Days Conference (CDC)
Cybersecurity Awareness- Libya' 1st Cybersecurity Days Conference (CDC)
 
Cyber war
Cyber warCyber war
Cyber war
 
Cyber Risk in Real Estate Sales - Workshop Presentation
Cyber Risk in Real Estate Sales - Workshop PresentationCyber Risk in Real Estate Sales - Workshop Presentation
Cyber Risk in Real Estate Sales - Workshop Presentation
 
HE Mag_New Cyber Threats_ITSource
HE Mag_New Cyber Threats_ITSourceHE Mag_New Cyber Threats_ITSource
HE Mag_New Cyber Threats_ITSource
 
AECF: A Look into Cyber Crime - Doomsday Preppers for the Naked and Afraid
AECF: A Look into Cyber Crime - Doomsday Preppers for the Naked and AfraidAECF: A Look into Cyber Crime - Doomsday Preppers for the Naked and Afraid
AECF: A Look into Cyber Crime - Doomsday Preppers for the Naked and Afraid
 
1. security 20 20 - ebook-vol2
1. security 20 20 - ebook-vol21. security 20 20 - ebook-vol2
1. security 20 20 - ebook-vol2
 
Cyber Security Report 2019
Cyber Security Report 2019Cyber Security Report 2019
Cyber Security Report 2019
 
54 Chapter 1 • The Threat EnvironmentFIGURE 1-18 Cyberwar .docx
54 Chapter 1 • The Threat EnvironmentFIGURE 1-18 Cyberwar .docx54 Chapter 1 • The Threat EnvironmentFIGURE 1-18 Cyberwar .docx
54 Chapter 1 • The Threat EnvironmentFIGURE 1-18 Cyberwar .docx
 
Analytics cybersecurity-predictions-2016
Analytics cybersecurity-predictions-2016Analytics cybersecurity-predictions-2016
Analytics cybersecurity-predictions-2016
 
Top 12 Predictions from Leading Cybersecurity Experts
Top 12 Predictions from Leading Cybersecurity ExpertsTop 12 Predictions from Leading Cybersecurity Experts
Top 12 Predictions from Leading Cybersecurity Experts
 
Cyber terrorism
Cyber terrorismCyber terrorism
Cyber terrorism
 
Enterprise Cyber Security 2016
Enterprise Cyber Security 2016Enterprise Cyber Security 2016
Enterprise Cyber Security 2016
 
Rp economic-impact-cybercrime2
Rp economic-impact-cybercrime2Rp economic-impact-cybercrime2
Rp economic-impact-cybercrime2
 
Cyber Security for Oil and Gas
Cyber Security for Oil and Gas Cyber Security for Oil and Gas
Cyber Security for Oil and Gas
 

More from Jeremiah Grossman

All these vulnerabilities, rarely matter
All these vulnerabilities, rarely matterAll these vulnerabilities, rarely matter
All these vulnerabilities, rarely matterJeremiah Grossman
 
How to Determine Your Attack Surface in the Healthcare Sector
How to Determine Your Attack Surface in the Healthcare SectorHow to Determine Your Attack Surface in the Healthcare Sector
How to Determine Your Attack Surface in the Healthcare SectorJeremiah Grossman
 
The Attack Surface of the Healthcare Industry
The Attack Surface of the Healthcare IndustryThe Attack Surface of the Healthcare Industry
The Attack Surface of the Healthcare IndustryJeremiah Grossman
 
Exploring the Psychological Mechanisms used in Ransomware Splash Screens
Exploring the Psychological Mechanisms used in Ransomware Splash ScreensExploring the Psychological Mechanisms used in Ransomware Splash Screens
Exploring the Psychological Mechanisms used in Ransomware Splash ScreensJeremiah Grossman
 
What the Kidnapping & Ransom Economy Teaches Us About Ransomware
What the Kidnapping & Ransom Economy Teaches Us About RansomwareWhat the Kidnapping & Ransom Economy Teaches Us About Ransomware
What the Kidnapping & Ransom Economy Teaches Us About RansomwareJeremiah Grossman
 
What the Kidnapping & Ransom Economy Teaches Us About Ransomware
What the Kidnapping & Ransom Economy Teaches Us About RansomwareWhat the Kidnapping & Ransom Economy Teaches Us About Ransomware
What the Kidnapping & Ransom Economy Teaches Us About RansomwareJeremiah Grossman
 
Next Generation Endpoint Prtection Buyers Guide
Next Generation Endpoint Prtection Buyers GuideNext Generation Endpoint Prtection Buyers Guide
Next Generation Endpoint Prtection Buyers GuideJeremiah Grossman
 
Can Ransomware Ever Be Defeated?
Can Ransomware Ever Be Defeated?Can Ransomware Ever Be Defeated?
Can Ransomware Ever Be Defeated?Jeremiah Grossman
 
Ransomware is Here: Fundamentals Everyone Needs to Know
Ransomware is Here: Fundamentals Everyone Needs to KnowRansomware is Here: Fundamentals Everyone Needs to Know
Ransomware is Here: Fundamentals Everyone Needs to KnowJeremiah Grossman
 
Web Application Security Statistics Report 2016
Web Application Security Statistics Report 2016Web Application Security Statistics Report 2016
Web Application Security Statistics Report 2016Jeremiah Grossman
 
15 Years of Web Security: The Rebellious Teenage Years
15 Years of Web Security: The Rebellious Teenage Years15 Years of Web Security: The Rebellious Teenage Years
15 Years of Web Security: The Rebellious Teenage YearsJeremiah Grossman
 
15 Years of Web Security: The Rebellious Teenage Years
15 Years of Web Security: The Rebellious Teenage Years15 Years of Web Security: The Rebellious Teenage Years
15 Years of Web Security: The Rebellious Teenage YearsJeremiah Grossman
 
Where Flow Charts Don’t Go -- Website Security Statistics Report (2015)
Where Flow Charts Don’t Go -- Website Security Statistics Report (2015)Where Flow Charts Don’t Go -- Website Security Statistics Report (2015)
Where Flow Charts Don’t Go -- Website Security Statistics Report (2015)Jeremiah Grossman
 
WhiteHat’s Website Security Statistics Report 2015
WhiteHat’s Website Security Statistics Report 2015WhiteHat’s Website Security Statistics Report 2015
WhiteHat’s Website Security Statistics Report 2015Jeremiah Grossman
 
No More Snake Oil: Why InfoSec Needs Security Guarantees
No More Snake Oil: Why InfoSec Needs Security GuaranteesNo More Snake Oil: Why InfoSec Needs Security Guarantees
No More Snake Oil: Why InfoSec Needs Security GuaranteesJeremiah Grossman
 
WhiteHat Security 2014 Statistics Report Explained
WhiteHat Security 2014 Statistics Report ExplainedWhiteHat Security 2014 Statistics Report Explained
WhiteHat Security 2014 Statistics Report ExplainedJeremiah Grossman
 
WhiteHat 2014 Website Security Statistics Report
WhiteHat 2014 Website Security Statistics ReportWhiteHat 2014 Website Security Statistics Report
WhiteHat 2014 Website Security Statistics ReportJeremiah Grossman
 
WhiteHat Security Website Statistics [Full Report] (2013)
WhiteHat Security Website Statistics [Full Report] (2013)WhiteHat Security Website Statistics [Full Report] (2013)
WhiteHat Security Website Statistics [Full Report] (2013)Jeremiah Grossman
 
Top Ten Web Hacking Techniques of 2012
Top Ten Web Hacking Techniques of 2012Top Ten Web Hacking Techniques of 2012
Top Ten Web Hacking Techniques of 2012Jeremiah Grossman
 

More from Jeremiah Grossman (20)

All these vulnerabilities, rarely matter
All these vulnerabilities, rarely matterAll these vulnerabilities, rarely matter
All these vulnerabilities, rarely matter
 
How to Determine Your Attack Surface in the Healthcare Sector
How to Determine Your Attack Surface in the Healthcare SectorHow to Determine Your Attack Surface in the Healthcare Sector
How to Determine Your Attack Surface in the Healthcare Sector
 
The Attack Surface of the Healthcare Industry
The Attack Surface of the Healthcare IndustryThe Attack Surface of the Healthcare Industry
The Attack Surface of the Healthcare Industry
 
Exploring the Psychological Mechanisms used in Ransomware Splash Screens
Exploring the Psychological Mechanisms used in Ransomware Splash ScreensExploring the Psychological Mechanisms used in Ransomware Splash Screens
Exploring the Psychological Mechanisms used in Ransomware Splash Screens
 
What the Kidnapping & Ransom Economy Teaches Us About Ransomware
What the Kidnapping & Ransom Economy Teaches Us About RansomwareWhat the Kidnapping & Ransom Economy Teaches Us About Ransomware
What the Kidnapping & Ransom Economy Teaches Us About Ransomware
 
What the Kidnapping & Ransom Economy Teaches Us About Ransomware
What the Kidnapping & Ransom Economy Teaches Us About RansomwareWhat the Kidnapping & Ransom Economy Teaches Us About Ransomware
What the Kidnapping & Ransom Economy Teaches Us About Ransomware
 
Next Generation Endpoint Prtection Buyers Guide
Next Generation Endpoint Prtection Buyers GuideNext Generation Endpoint Prtection Buyers Guide
Next Generation Endpoint Prtection Buyers Guide
 
Can Ransomware Ever Be Defeated?
Can Ransomware Ever Be Defeated?Can Ransomware Ever Be Defeated?
Can Ransomware Ever Be Defeated?
 
Ransomware is Here: Fundamentals Everyone Needs to Know
Ransomware is Here: Fundamentals Everyone Needs to KnowRansomware is Here: Fundamentals Everyone Needs to Know
Ransomware is Here: Fundamentals Everyone Needs to Know
 
Web Application Security Statistics Report 2016
Web Application Security Statistics Report 2016Web Application Security Statistics Report 2016
Web Application Security Statistics Report 2016
 
15 Years of Web Security: The Rebellious Teenage Years
15 Years of Web Security: The Rebellious Teenage Years15 Years of Web Security: The Rebellious Teenage Years
15 Years of Web Security: The Rebellious Teenage Years
 
15 Years of Web Security: The Rebellious Teenage Years
15 Years of Web Security: The Rebellious Teenage Years15 Years of Web Security: The Rebellious Teenage Years
15 Years of Web Security: The Rebellious Teenage Years
 
Where Flow Charts Don’t Go -- Website Security Statistics Report (2015)
Where Flow Charts Don’t Go -- Website Security Statistics Report (2015)Where Flow Charts Don’t Go -- Website Security Statistics Report (2015)
Where Flow Charts Don’t Go -- Website Security Statistics Report (2015)
 
WhiteHat’s Website Security Statistics Report 2015
WhiteHat’s Website Security Statistics Report 2015WhiteHat’s Website Security Statistics Report 2015
WhiteHat’s Website Security Statistics Report 2015
 
No More Snake Oil: Why InfoSec Needs Security Guarantees
No More Snake Oil: Why InfoSec Needs Security GuaranteesNo More Snake Oil: Why InfoSec Needs Security Guarantees
No More Snake Oil: Why InfoSec Needs Security Guarantees
 
WhiteHat Security 2014 Statistics Report Explained
WhiteHat Security 2014 Statistics Report ExplainedWhiteHat Security 2014 Statistics Report Explained
WhiteHat Security 2014 Statistics Report Explained
 
WhiteHat 2014 Website Security Statistics Report
WhiteHat 2014 Website Security Statistics ReportWhiteHat 2014 Website Security Statistics Report
WhiteHat 2014 Website Security Statistics Report
 
Million Browser Botnet
Million Browser BotnetMillion Browser Botnet
Million Browser Botnet
 
WhiteHat Security Website Statistics [Full Report] (2013)
WhiteHat Security Website Statistics [Full Report] (2013)WhiteHat Security Website Statistics [Full Report] (2013)
WhiteHat Security Website Statistics [Full Report] (2013)
 
Top Ten Web Hacking Techniques of 2012
Top Ten Web Hacking Techniques of 2012Top Ten Web Hacking Techniques of 2012
Top Ten Web Hacking Techniques of 2012
 

Recently uploaded

Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxLoriGlavin3
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersNicole Novielli
 
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Alkin Tezuysal
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxLoriGlavin3
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxLoriGlavin3
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
Varsha Sewlal- Cyber Attacks on Critical Critical Infrastructure
Varsha Sewlal- Cyber Attacks on Critical Critical InfrastructureVarsha Sewlal- Cyber Attacks on Critical Critical Infrastructure
Varsha Sewlal- Cyber Attacks on Critical Critical Infrastructureitnewsafrica
 
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
Abdul Kader Baba- Managing Cybersecurity Risks  and Compliance Requirements i...Abdul Kader Baba- Managing Cybersecurity Risks  and Compliance Requirements i...
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...itnewsafrica
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxLoriGlavin3
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
Generative AI - Gitex v1Generative AI - Gitex v1.pptx
Generative AI - Gitex v1Generative AI - Gitex v1.pptxGenerative AI - Gitex v1Generative AI - Gitex v1.pptx
Generative AI - Gitex v1Generative AI - Gitex v1.pptxfnnc6jmgwh
 
Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Hiroshi SHIBATA
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
Design pattern talk by Kaya Weers - 2024 (v2)
Design pattern talk by Kaya Weers - 2024 (v2)Design pattern talk by Kaya Weers - 2024 (v2)
Design pattern talk by Kaya Weers - 2024 (v2)Kaya Weers
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxLoriGlavin3
 
Generative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfGenerative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfIngrid Airi González
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxLoriGlavin3
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsNathaniel Shimoni
 
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better StrongerModern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Strongerpanagenda
 

Recently uploaded (20)

Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software Developers
 
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
Varsha Sewlal- Cyber Attacks on Critical Critical Infrastructure
Varsha Sewlal- Cyber Attacks on Critical Critical InfrastructureVarsha Sewlal- Cyber Attacks on Critical Critical Infrastructure
Varsha Sewlal- Cyber Attacks on Critical Critical Infrastructure
 
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
Abdul Kader Baba- Managing Cybersecurity Risks  and Compliance Requirements i...Abdul Kader Baba- Managing Cybersecurity Risks  and Compliance Requirements i...
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
Generative AI - Gitex v1Generative AI - Gitex v1.pptx
Generative AI - Gitex v1Generative AI - Gitex v1.pptxGenerative AI - Gitex v1Generative AI - Gitex v1.pptx
Generative AI - Gitex v1Generative AI - Gitex v1.pptx
 
Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
Design pattern talk by Kaya Weers - 2024 (v2)
Design pattern talk by Kaya Weers - 2024 (v2)Design pattern talk by Kaya Weers - 2024 (v2)
Design pattern talk by Kaya Weers - 2024 (v2)
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
 
Generative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfGenerative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdf
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directions
 
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better StrongerModern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
 

Web Breaches in 2011-“This is Becoming Hourly News and Totally Ridiculous"

  • 1.  
  • 2.  
  • 3.  
  • 4.  
  • 5.  
  • 6.  
  • 7.  
  • 8.  
  • 9.  
  • 10.  
  • 11.  
  • 12.  
  • 13. “ One intrusion set [hacker attack], not the most prolific, we see pulling data out globally that is 50 times greater than Wikileaks ever day. ” General Keith B. Alexander, USA, Commander, U.S. Cyber Command
  • 14.  
  • 15.  
  • 16.  
  • 17.  
  • 18.  
  • 19.  
  • 20.  
  • 21.  
  • 22.  
  • 23.  
  • 24.  
  • 25.  
  • 26.  
  • 27.  
  • 28.  
  • 29.  
  • 30. "French espionage is so widespread that the damages (it causes) the German economy are larger as a whole than those caused by China or Russia." an undated note from the US embassy in Berlin said, according to a Norwegian translation by Aftenposten.
  • 31.  
  • 32.  
  • 33.  
  • 34.  
  • 35.  
  • 36. "It [cyber-attack] could theoretically cause a loss of life, but also a huge economic loss. ” Janet Napolitano Department of Homeland Security Chief
  • 37.  
  • 38.  
  • 39.  
  • 40.  
  • 41.  
  • 42. “ This summer a significant attempt on the Foreign Office system was foiled. These are attacks on our national interest. They are unacceptable. And we will respond to them as robustly as we do any other national security threat. ” David Cameron, UK Prime Minister
  • 43. “ When warranted, we will respond to hostile acts in cyberspace as we would to any other threat to our country. ” Department of Defense Cyberspace Policy Report (Nov. 2011)
  • 44.  
  • 45.  
  • 46.  
  • 47. “ China is playing by different rules. One, they are stealing intellectual property. Number two, they're hacking into our computer systems, both government and corporate. ” Mitt Romney
  • 48.  
  • 49.  
  • 50.  
  • 51.  
  • 52. “ Rogers has actually spoken with executives from some of the American businesses hit by cyberattacks, and he says stolen intellectual property from just one hi-tech company cost them billions of dollars in research and revenue as well as thousands of U.S. jobs. ” The Chairman of the House Intelligence Committee Republican Rep. Mike Rogers of Michigan
  • 53.  
  • 54.  
  • 55.  
  • 56.  
  • 57.  
  • 58.  
  • 59.  
  • 60.  
  • 61.  
  • 62. "When nations steal terabytes of information our nation suffers for 20, 30, 40 years . ” (Retired) Lt. Gen. Steven Boutelle Former U.S. Army's Chief Information Officer
  • 63.  
  • 64.  
  • 65.  
  • 66.  
  • 67.  
  • 68.  
  • 69.  
  • 70.  
  • 71.  
  • 72.  
  • 73.  
  • 74.  
  • 75.  
  • 76.  
  • 77.  
  • 78.  
  • 79.  
  • 80.  
  • 81.  
  • 82.  
  • 83.  
  • 84. Builders Those who develop of secure code. Breakers Those who locate vulnerabilities in written code. Defenders Those who fend off active website attacks. The biggest problem in application security today… The need for qualified people.
  • 85. Builders Gary McGraw (CTO, Cigital) says roughly 1% of all programmers should be software security pros, or “Builders” in our case. Gary, through a project called BSIMM, arrived at 1% by surveying dozens of software security programs among large companies and measuring what they do. Worldwide programmer population: 17 million We’ll need 170,000 “Builders”
  • 86. Breakers We’ll use a ratio of 1 “breaker” per to 100 websites. This ratio comes from internal metrics at WhiteHat Security generated from assessment conducted over the last 8 years and encompassing more than 5,000 websites. “ Important” (SSL) website population: 1.2 million We’ll need 12,000 “Breakers” Out of 550 million total websites that should be assessed continuously for vulnerabilities.
  • 87. Defenders No idea how to begin to estimate the Defender need, but it’ll be in the tens of thousands at least. Considering the vast number of website assets that must be protected, the 1 billion online users who someone needs to ensure are playing nice, and monitoring the serious volume of Web traffic they generate. ?
  • 88. Hack Yourself First