In a world where “cloud”, “web applications” and “bring your own device (BYOD)” are becoming general trends, it’s time to dive into the mind of a cyber criminal. Security is not an option, it’s a must!
We live in a world where IT becomes a general availability. Where people want to have their freedom, their own space, their own identity and especially their own tools. In that same world “consumerization” started, a growing tendency for new IT to emerge first in the consumer market and then spread into business and government organizations. People nowadays have smartphones, tablets. They want to have wireless internet everywhere, centralize their data in a data store, want to have their data available anytime. Their business must be on social media sites for marketing. THEY are different, THEY are the once you should contact, THEY have clearly identified themselves, but what if THEY lost their identity, or what happens when THEY got a security issue. Now who THEY are before YOU trust them… In this session you will see a general overview of what cybercrime is, but more importantly what you can do to report it. Why the first 24h are important to report a crime, the importance of back-ups, updates and most importantly vulnerability management. You will also see what the impact is for the business as well as the development cycle and how it comes that some vulnerabilities remain unfixed. We will also take a look at the IBM X-Force 2012 Mid Year Trend And Risk Report and the OWASP Top 10 attacks. Eventually we will focus on Web Application Security, the responsibilities of every person, what is the best strategy to counter vulnerabilities and what cyber criminals are seeking and what they do when they can't find it. We then start with a real life test case from scratch where we identify a possible target, seek it's possible vulnerabilities, write down our attack vector plan to eventually start to exploit the victim's target.
Objectives of the presentation: