1 / 10

Unlocking the Secrets of Ethical Hacking: A Hands-On Introduction

Join Joe Basirico, a seasoned Security Consultant, as he takes you on a journey through the world of hacking. In this one-hour session, you will learn the essential skills and mindset of a security tester. Through engaging demos, including Cross-Site Scripting and SQL Injection, Joe will illustrate the vulnerabilities that hackers exploit. Discover what makes a great hacker and gain insights into ethical hacking practices that can help secure software in industries like finance and insurance. Get ready to think like an attacker to better protect yourself!

ramona
Télécharger la présentation

Unlocking the Secrets of Ethical Hacking: A Hands-On Introduction

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. So you want to be a Hacker? Maybe not yet, but you will at the end of the hour!

  2. Agenda • Introductions • Why you should listen to me • Day in the life of Joe • What makes a security tester different? • DEMOS! • Cross Site Scripting • SQL injection • Java Decomplier

  3. Introduction • Joe Basirico – Dev Manager and Security Consultant for Security Innovation • Worked in security for about 6 years now • Worked for Microsoft before SI • Security Trainer, Engineer, Consultant, etc.

  4. Day in the life • Work with Software, Financial, Insurance, companies to help them produce more secure software • Find Vulnerabilities in software so hackers don’t • Help our customers fix them before they release

  5. The Work • One week to a couple months engagement • Quickly learn the system • Find theoretical flaws through threat modeling and intuition • Verify flaws through testing • Help client remediate the flaw directly or through recommendations

  6. What makes a great hacker? • Complete Knowledge of the System • Great security testers know everything about every layer of the system, from browser to hardware • A Great Imagination • What’s really going on back there? • An Evil Streak • What’s the worst thing I could do? • Steal passwords, credit card numbers, take the system down?

  7. Example

  8. Demos! • Cross Site Scripting • SQL Injection • Forceful Browsing • Decompilation

  9. Remediation • Be very careful with your input! • Assume the world is malicious • Think like an attacker • Protect yourself

  10. Questions? E-mail jbasirico@securityinnovation.com Questions? Comments?

More Related