�ݺ�ߣshows by User: jasonjfrank

�ݺ�ߣshows by User: jasonjfrank / http://www.slideshare.net/images/logo.gif �ݺ�ߣshows by User: jasonjfrank / Sat, 20 Aug 2016 03:45:39 GMT �ݺ�ߣShare feed for �ݺ�ߣshows by User: jasonjfrank Breaching a Web Application - Common Issues and Mitigating Steps /slideshow/breaching-a-web-application-common-issues-and-mitigating-steps/65178602 breachingawebapplication-160820034539
It seems like every day that another company's logo is plastered across the media and they have lost thousands, if not millions of customer records. This kind of data loss is damaging to a company's reputation and their customers have little control of their private information. Attackers often want this data for financial gain or to embarrass that company. There are several methods a malicious attacker will use to gain access to this data. Injection-based attacks leverage an application's lack of input validation to extract information and allow for unauthorized data access. In addition, the platform on which the application resides can be leveraged to gain unauthorized admin access and ultimately, data access. Both scenarios will be discussed and demonstrated in this talk. Finally, mitigating steps will be discussed at every level of the attack. The approach will be a defense in depth model that will proactively protect a web application. While there is no silver bullet against a determined attacker, these mitigations will make their lives more difficult.]]>
It seems like every day that another company's logo is plastered across the media and they have lost thousands, if not millions of customer records. This kind of data loss is damaging to a company's reputation and their customers have little control of their private information. Attackers often want this data for financial gain or to embarrass that company. There are several methods a malicious attacker will use to gain access to this data. Injection-based attacks leverage an application's lack of input validation to extract information and allow for unauthorized data access. In addition, the platform on which the application resides can be leveraged to gain unauthorized admin access and ultimately, data access. Both scenarios will be discussed and demonstrated in this talk. Finally, mitigating steps will be discussed at every level of the attack. The approach will be a defense in depth model that will proactively protect a web application. While there is no silver bullet against a determined attacker, these mitigations will make their lives more difficult.]]> Sat, 20 Aug 2016 03:45:39 GMT /slideshow/breaching-a-web-application-common-issues-and-mitigating-steps/65178602 jasonjfrank@slideshare.net(jasonjfrank) Breaching a Web Application - Common Issues and Mitigating Steps jasonjfrank It seems like every day that another company's logo is plastered across the media and they have lost thousands, if not millions of customer records. This kind of data loss is damaging to a company's reputation and their customers have little control of their private information. Attackers often want this data for financial gain or to embarrass that company. There are several methods a malicious attacker will use to gain access to this data. Injection-based attacks leverage an application's lack of input validation to extract information and allow for unauthorized data access. In addition, the platform on which the application resides can be leveraged to gain unauthorized admin access and ultimately, data access. Both scenarios will be discussed and demonstrated in this talk. Finally, mitigating steps will be discussed at every level of the attack. The approach will be a defense in depth model that will proactively protect a web application. While there is no silver bullet against a determined attacker, these mitigations will make their lives more difficult. <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/breachingawebapplication-160820034539-thumbnail.jpg?width=120&height=120&fit=bounds" /><br> It seems like every day that another company's logo is plastered across the media and they have lost thousands, if not millions of customer records. This kind of data loss is damaging to a company's reputation and their customers have little control of their private information. Attackers often want this data for financial gain or to embarrass that company. There are several methods a malicious attacker will use to gain access to this data. Injection-based attacks leverage an application's lack of input validation to extract information and allow for unauthorized data access. In addition, the platform on which the application resides can be leveraged to gain unauthorized admin access and ultimately, data access. Both scenarios will be discussed and demonstrated in this talk. Finally, mitigating steps will be discussed at every level of the attack. The approach will be a defense in depth model that will proactively protect a web application. While there is no silver bullet against a determined attacker, these mitigations will make their lives more difficult.

Breaching a Web Application - Common Issues and Mitigating Steps from jasonjfrank

]]> 575 4 https://cdn.slidesharecdn.com/ss_thumbnails/breachingawebapplication-160820034539-thumbnail.jpg?width=120&height=120&fit=bounds presentation Black http://activitystrea.ms/schema/1.0/post

http://activitystrea.ms/schema/1.0/posted

0 Exploiting the Recruitment Process /slideshow/exploiting-the-recruitment-process/65178556 exploitingtherecruitmentprocess-160820034252
BSidesLV Talk about how Veris Group's Adaptive Threat Division recruits its employees.]]>
BSidesLV Talk about how Veris Group's Adaptive Threat Division recruits its employees.]]> Sat, 20 Aug 2016 03:42:51 GMT /slideshow/exploiting-the-recruitment-process/65178556 jasonjfrank@slideshare.net(jasonjfrank) Exploiting the Recruitment Process jasonjfrank BSidesLV Talk about how Veris Group's Adaptive Threat Division recruits its employees. <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/exploitingtherecruitmentprocess-160820034252-thumbnail.jpg?width=120&height=120&fit=bounds" /><br> BSidesLV Talk about how Veris Group's Adaptive Threat Division recruits its employees.

Exploiting the Recruitment Process from jasonjfrank

]]> 272 5 https://cdn.slidesharecdn.com/ss_thumbnails/exploitingtherecruitmentprocess-160820034252-thumbnail.jpg?width=120&height=120&fit=bounds presentation Black http://activitystrea.ms/schema/1.0/post

http://activitystrea.ms/schema/1.0/posted

0 Go Hack Yourself - 10 Pen Test Tactics for Blue Teamers /slideshow/go-hack-yourself-10-pen-test-tactics-for-blue-teamers/49602251 bsidespittsburgh2015-gohackyourself-150619140908-lva1-app6892
This presentation, given at BSidesPittsburgh 2015, discusses free tools and techniques penetration testers use that can be translated to network defenders for immediate impact and value.]]>
This presentation, given at BSidesPittsburgh 2015, discusses free tools and techniques penetration testers use that can be translated to network defenders for immediate impact and value.]]> Fri, 19 Jun 2015 14:09:08 GMT /slideshow/go-hack-yourself-10-pen-test-tactics-for-blue-teamers/49602251 jasonjfrank@slideshare.net(jasonjfrank) Go Hack Yourself - 10 Pen Test Tactics for Blue Teamers jasonjfrank This presentation, given at BSidesPittsburgh 2015, discusses free tools and techniques penetration testers use that can be translated to network defenders for immediate impact and value. <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/bsidespittsburgh2015-gohackyourself-150619140908-lva1-app6892-thumbnail.jpg?width=120&height=120&fit=bounds" /><br> This presentation, given at BSidesPittsburgh 2015, discusses free tools and techniques penetration testers use that can be translated to network defenders for immediate impact and value.

Go Hack Yourself - 10 Pen Test Tactics for Blue Teamers from jasonjfrank

]]> 18419 7 https://cdn.slidesharecdn.com/ss_thumbnails/bsidespittsburgh2015-gohackyourself-150619140908-lva1-app6892-thumbnail.jpg?width=120&height=120&fit=bounds presentation Black http://activitystrea.ms/schema/1.0/post

http://activitystrea.ms/schema/1.0/posted

0 https://public.slidesharecdn.com/v2/images/profile-picture.png https://cdn.slidesharecdn.com/ss_thumbnails/breachingawebapplication-160820034539-thumbnail.jpg?width=320&height=320&fit=bounds slideshow/breaching-a-web-application-common-issues-and-mitigating-steps/65178602 Breaching a Web Applic... https://cdn.slidesharecdn.com/ss_thumbnails/exploitingtherecruitmentprocess-160820034252-thumbnail.jpg?width=320&height=320&fit=bounds slideshow/exploiting-the-recruitment-process/65178556 Exploiting the Recruit... https://cdn.slidesharecdn.com/ss_thumbnails/bsidespittsburgh2015-gohackyourself-150619140908-lva1-app6892-thumbnail.jpg?width=320&height=320&fit=bounds slideshow/go-hack-yourself-10-pen-test-tactics-for-blue-teamers/49602251 Go Hack Yourself - 10 ...