DSS ITSEC 2013 Conference 07.11.2013 - Security in High Risk Environment
DSS ITSEC 2013 Conference 07.11.2013 - Gubarevich Peter - CEH - Insecurity of Applications
-
Upload
andris-soroka -
Category
Technology
-
view
256 -
download
4
description
Transcript of DSS ITSEC 2013 Conference 07.11.2013 - Gubarevich Peter - CEH - Insecurity of Applications
Application Insecurity
Presented by Peter Gubarevich
MCT, CCSI, MVP: Enterprise Security
Certified EC-Council Instructor
Certified Ethical Hacker
2 Agenda
Most common attacks vectors today
Demo: Exploiting Mozilla Firefox Remote Code Execution vulnerability
Demo: Exploiting Adobe Flash and Oracle Java vulnerabilities
Demo: Exploiting Adobe Reader and Foxit Reader vulnerabilities
Certified Ethical Hacker v8 Course Contents
Q&A
3Quick Statistics+5 to Knowledge Skill
4 Industry-wide operating system, browser, and application vulnerabilities, 2H10–1H13
Source: Microsoft Security Intelligence Report vol.15
5 Drive-by download: Latvia is the world’s 2nd with 6.6 drive-by URLs for every 1,000 URLs
Source: Microsoft Security Intelligence Report vol.15
6
A surprising number of administrators and end-users only update Operating Systems,
while leaving Browsers, Plugins and Office Suits unpatched.Now let’s see what hacker can do with this software.
7
Demo: exploiting Firefox vulnerabilityActually, it’s about any of your favorite browsers
8
Demo: exploiting Flash Player & JavaRemote Code Execution that even bypasses sandbox
9
Demo: exploiting popular PDF readersBecause 0wning browser is not enough
10
Ethical Hacking and Countermeasures v8+8 to Attack Skill
11 CEHv8 Contents at a GlanceANSI 17024-accredited course
Ethical Hacking
Scanning Networks and Enumeration
System Hacking
Trojans, Viruses and Worms
Sniffing Networks
Cross-Site Scripting Attacks
SQL Injection
Buffer Overflow
Countermeasures
Limiting Privileges
Managing Updates
Application Whitelisting
Implementing Cryptography
Securing Traffic with IPSec
… and more
12 EC-Council Accredited Training Center New Horizons Latvia
To enroll for your CEH training,
call: +371 67847600, mail to: [email protected]
or visit: Elizabetes 65-10, Rīga, Latvia
Q&A