Browse communities
Browse communities
Presenting a webinar?

Bugging Web 2.0

Aditya K Sood
This talk sheds light on deterrent nature of world of web vulnerabilities.

The talk reflects our research including released and reported vulnerabilities in the critical web enterprise applications, network devices and the website providing online services.

The business is a crucial aspect of the online world and to combat against web vulnerabilities it is necessary to trace the roots. New attack vectors will be a part of this presentation which can be used effectively in penetration testing of web applications.

Some of the new attacks cover in this presentation as follows:
1. Inline Hyperlinking Injections through MS Office documents
2. Persistent Redirection Log off Vulnerability and Malware Issues
3. Exploiting I-Paper Platforms – SCRIBD Case Study
4. Web Widget Interface Flaws – Access Control Design Issues.
5. Cross Interface Attacks – Attacking Network Devices through FTP
Consoles
Jan 24 2011
64 mins
Bugging Web 2.0
More from this community:

IT Security

  • Live and recorded (5488)
  • Upcoming (129)
  • Date
  • Rating
  • Views
  • Channel
  • Channel profile
  • The Factors & Technologies that Drive Data Security Confidence in UK Firms May 14 2015 1:00 pm UTC 45 mins
    Bob Tarzey, Analyst and Director, Quocirca
    What are the factors and technologies that engender UK Firms with the highest levels of confidence in their data security measures?

    Attend this webinar with Bob Tarzey, Analyst and Director at Quocirca, as he reviews new research that examines:

    - The confidence levels amongst UK businesses about the security of their sensitive business data
    - The three key factors that drive the highest confidence levels
    - The security technologies that help deliver these high confidence level - with the specific technologies that enable the management of complex information supply chains
    - The measures firms at the bleeding edge take to make sharing data in the cloud more secure
  • Large Scale, High Performance Visibility Plane for Cloud and Web Service May 13 2015 6:00 pm UTC 45 mins
    Gordon Beith, Director of Product Management
    This webinar will describe the challenges faced by cloud and web service providers when attempting to monitor, manage, and troubleshoot across large data centers and networks, whether fully owned or hosted. It will describe the benefits of using a unified visibility plane as the solution to address these challenges, in a cost-effective and streamlined manner, whether it is for security, performance, and/or troubleshooting purposes.
  • Security Ratings by the Numbers: Taking Mountains of Data to Create Risk Metrics May 13 2015 5:00 pm UTC 45 mins
    Mike Woodward, Program Director of Data, BitSight
    Every day BitSight processes and synthesizes tens of billions of events into easy-to-understand, high-quality security ratings. These ratings empower organizations to confidently assess and manage their security performance and that of peers, vendors, insureds, and acquisition targets.

    Join Mike Woodward, BitSight’s Program Director of Data, to learn how the data scientists and researchers at BitSight collect, analyze, and process all of this data to produce actionable and insightful Security Ratings.

    Attendees will also learn:

    How BitSight calculates ratings using a wide variety of risk vectors including security events, diligence factors and user behaviors

    The importance of comprehensive network footprint maps in producing industry standard security ratings

    Why monitoring performance over time can be beneficial for identifying trends and new risk indicators

    The ways customers are using Security Ratings to manage third party risk, benchmark security performance, assess and negotiate cyber insurance premiums, and remediate security risk involved in mergers and acquisitions.
  • Five Approaches to Increase Visibility and Control in Modern Data Center Network May 13 2015 4:00 pm UTC 45 mins
    Warren Wu, Sr Director, Product Marketing, Data Center
    Data centers are rapidly consolidating infrastructure for greater efficiency, while evolving to deliver greater agility and scale for the business. At the same time, advanced threats are breaching the perimeter and roaming freely, putting more data at risk. In this webinar we compare five different architectures for pushing security from the edge deeper into the network, and review the corresponding requirements for network security solutions to properly secure next-generation data centers, cloud, and software-defined networking (SDN) environments.
  • Selecting a SIEM: Experiences from the Trenches May 13 2015 3:00 pm UTC 60 mins
    Justin Everett: Williams Companies Dave Wiseman: Saint Luke's Health System.VP and Chief Information Security Officer:
    Today’s cyber threat landscape demands a fresh look at security intelligence. Whether you have a first generation SIEM (e.g., ArcSight, enVision, Q1 Labs, etc.) in place today and are concerned about blind spots or are overwhelmed by its complexity, or you’re considering deploying a SIEM for the first time, this panel discussion will give you practical insights from SIEM veterans that will help you refine your security intelligence strategy.

    Watch a moderated panel discussion featuring security experts who will discuss:

    -Cyber security dynamics fueling the need for improved Security Intelligence
    -Visibility and functional gaps to be aware of in first generation SIEMs
    -Selecting a SIEM: Key considerations and requirements
    -Migration considerations when moving to a new SIEM
    -Assessing the staffing requirements for a new SIEM deployment


    "Panelists:
    Justin Everett: Security Analyst, Williams Companies
    Dave Wiseman: Director of Information Security, Saint Luke's Health System
    VP and Chief Information Security Officer, Fortune 500 Healthcare Services Company"
  • Dynamic IAM: Adaptive Risk-based Access to Web Apps and Data May 13 2015 3:00 pm UTC 45 mins
    Richard Walters, General Manager & VP of IAM, Intermedia
    Alongside the increased adoption of cloud and mobility technologies in the enterprise environment, there is a general expectation to have 24x7 access to web applications and data from personal and company-owned mobile devices and from any location. During this webinar, we’ll show you how to implement a new approach to identity and access management that’s device and location aware.

    We’ll cover:

     How to addresses the authentication and authorization management challenges associated with the way people work today.

     How to enable cloud adoption with more flexible policies to automatically adapt and securely respond to changes in user types and behaviour.

     How to automate the selection and changing of passwords that’s long, strong and unique across all accounts.
  • From Complex to Chaotic: How Cloud Computing is Complicating NW Security May 13 2015 2:00 pm UTC 45 mins
    Jon Oltsik, Sr. Principal Analyst, Enterprise Strategy Group & Reuven Harrison, CTO & Co-Founder, Tufin
    New IT initiatives (like cloud computing) are making network security operations increasingly difficult. In spite of heroic efforts by the security team, network security operations issues are fast approaching a breaking point with teams struggling to keep up as organizations increase their use of hybrid (public & private) cloud.

    In this 45 minute webinar, you'll learn about the current network security operations transition, the challenges accompanying it and how to overcome these challenges.
  • Copyright Regime vs. Civil Liberties May 13 2015 1:00 pm UTC 45 mins
    Rick Falkvinge, Founder of the Swedish and first Pirate Party
    The copyright monopoly debate has gotten exactly nowhere since the
    days of Napster. There's still a copyright industry that insists on
    control of the net in the name of lost profits. But what does this do
    to the net? More to the point, why are we letting a literal cartoon
    industry have any say at all in regulation of our most important piece
    of infrastructure?

    In this presentation, Rick Falkvinge, founder of the Swedish and first
    Pirate Party, examines how the entire copyright industry position is a
    red herring, which is (or should be) completely irrelevant to
    policymaking on net issues. He brings up the concept of Analog
    Equivalent Rights, and painfully points out that some of the most
    crucial civil liberties of our parents are currently not being passed
    on to our children, because doing so would interfere with profits of
    entertainment companies.

    There's nothing wrong with profit as such. But no entrepreneur should
    get to dismantle civil liberties just because they can't make money
    otherwise.
  • New Thinking About Identity Management May 12 2015 4:00 pm UTC 45 mins
    Penny Crossman, Banking Technology News, Stephen Lange Ranzini, University Bank, Thomas Hardjono
    From massive security breaches to redundant entering of information to the privacy concerns raised by data brokers, it is clear that today's identity infrastructure is ill-suited for the digital age.

    How can identity management be retooled to serve the (sometimes conflicting) imperatives of security, privacy, convenience and compliance?

    Hear from FinTech industry experts from American Banker and learn:
    - What it will take to cross the digital chasm 
    - What role can and should financial service providers play in the transformation

    Find out how to retool your identity management by registering for this live webinar.
  • Internet Security Best Practices From the Global 1000 May 12 2015 4:00 pm UTC 45 mins
    Jim Reavis, CEO at the Cloud Security Alliance & Dan Druker, CMO at Zscaler
    The CSA's CEO Jim Reavis will be discussing the best practices for securing your organisation in the cloud. He'll be joined by Dan Druker, one of the leading thinkers at Zscaler, so make sure not to miss their thoughts on protecting your most valuable data.
  • The Virtual World Exposed: Hacking the Cloud May 12 2015 3:00 pm UTC 45 mins
    Jason Hart, VP Cloud Solutions, SafeNet, Larry Ponemon Chairman and Founder of the Ponemon Institute
    Join Gemalto in collaboration with Ponemon on May 12th as we reveal recent study results on how hackers are attacking the cloud.

    This presentation will use live demos to show how vulnerable cloud and virtual environments can be without the correct controls. Examples will include how password controls can be bypassed and compromised, why software keys are not good enough, and how personal life threatens your business and work life.
  • The Magnificent Seven – Best Practices for Cloud Security May 12 2015 2:00 pm UTC 45 mins
    James Brown, Director of Cloud Computing and Solutions Architecture, Alert Logic
    If you’re using or considering cloud, you should also be considering security in the cloud. Join our webinar where we will talk through seven practical best practice ideas for ensuring security in any cloud environment, from securing code and creating access management policies to understanding your cloud providers security model and where you need to assume security responsibility.

    We will explore real-world data about security incident threats identified in Alert Logic’s Cloud Security Report. This will help you understand the types of attacks happening in the cloud today, how the threat landscape has evolved as cloud adoption has accelerated in the last several years, but also how you can secure your organisation and avoid them.

    Key Takeaways:

    · 7 Practical actions you can take today for your cloud security

    · Understand the threat landscape

    · Insight into 2-3 recent high-profile breaches

    This webinar is essential for anyone who wants to understand how to build a plan for security and compliance in the cloud.
  • Securing Identity in the Cloud May 12 2015 12:00 pm UTC 45 mins
    Hans Zandbelt, Senior Technical Architect, Ping Identity
    - How to extend your IAM infrastructure to support Cloud based apps
    - The check list you need to get started
    - How to provide web single sign-on and API security for customers, partners, and employees
  • The Cloud - What are the Challenges and Opportunities for Law Enforcement? May 12 2015 11:00 am UTC 45 mins
    Philipp Amann, Senior Strategic Analyst, Europol's European Cybercrime Centre (EC3)
    After a brief introduction to the Europol’s European Cybercrime Centre, this webinar will discuss the challenges and opportunities that law enforcement face in relation to the Cloud.

    The webinar will specifically focus on those challenges and opportunities that present themselves to law enforcement in the fight against cybercrime. This will cover, among other things, the need for strong security and protection for privacy while finding the right balance between these essential requirements and the need to investigate criminal activities abusing Cloud services.
  • Taking a Data-Centric Approach to Cloud Data Protection May 12 2015 10:00 am UTC 45 mins
    Bob West, Chief Trust Officer, CipherCloud
    Organizations are moving to the cloud aggressively but many have concerns about security, more basically, how to approach this significant transition. This presentation will cover the leading practices in cloud strategy and cloud data protection.
  • The Mobile Security Problem for Small Businesses May 6 2015 5:00 pm UTC 60 mins
    Cameron Camp, Security Researcher
    Mobility can be a challenge for small businesses, especially when it comes to managing various devices and keeping them secure. ESET Security Researcher, Cameron Camp, explores mobile device management, BYOD and other challenges discussed during National Small Business Week.
  • Rethinking Remote Office Backup May 6 2015 5:00 pm UTC 45 mins
    Nick Kotterman, Product Marketing
    Remote office backup presents numerous challenges, including ever-increasing data volumes, network bandwidth constraints, overtaxed IT administrators and complicated, time-consuming backup processes. Compounding all this is a reliance on older technologies that are inefficient and costly. And the more sites your organization has, the challenges multiply.

    It's time for businesses to rethink remote office backup; one that meets data and regulatory retention requirements, is easy to deploy and maintain, and is secure and cost effective. Its time to look to the cloud.

    Join backup experts Druva to learn how remote office server backup has evolved. Discover how the cloud offers a new, and in most cases, a better approach. In this session you’ll learn:
    - How the latest advancements in cloud storage technology scale globally for enterprises of all sizes
    - Why advances in cloud security models are addressing stringent global security and data privacy issues, including data residency requirements and more
    - How an 'infinite data snapshot model' combined with cost-optimized flexible retention eliminates traditional vendor restrictions.

    Hear real-life use cases of how others are leveraging the cloud for remote server backup. Live Q&A will follow to answer your specific questions.
  • Cloud Security: It’s in the cloud - but where? May 6 2015 1:00 pm UTC 45 mins
    Steve Durbin, Managing Director, ISF Ltd
    Organisations are becoming increasingly dependent in their use of cloud services for business benefit both internally and when working with third party suppliers across multiple jurisdictions.

    However, while these services can be implemented quickly and easily, with increased legislation around data privacy, the rising threat of cyber theft and the requirement to access your data when you need it, organisations will need to have a clearer understanding of where their information is stored and how reliant these services are.

    During this webcast, Steve Durbin, Managing Director of ISF Ltd, will provide insights into how you can manage the risks associated with cloud computing to ensure maximum benefit.
  • CyberTECH Cyber+IoT eWeek Roundtable May 5 2015 4:00 pm UTC 60 mins
    Expert Panel
    The CyberTECH Cyber+IoT eWeek Roundtable features top industry experts sharing critical updates and information regarding IoT Security. The roundtable will be moderated by eWeek Editor, Chris Preimesberger and includes top cyber, IoT and InfoSec professionals. Special guest speakers include Michael Daniel, Special Assistant to the President and US Cybersecurity Coordinator for the White House, Mark Weatherford, Principal at the Chertoff Group, Enrique Salem, former CEO at Symantec.
  • NGFW 101: What is it and why should you care? May 4 2015 4:00 pm UTC 45 mins
    Deena Thomchick, Director of Product Marketing, Fortinet
    What makes a firewall a next generation firewall? How can next gen capabilities help you and what are the gotchas you should know before you turn it all on? Get your basic education on NGFW and some tips you should know before you get started.
For Certified Members and Information Security Professionals Globally
The International Council of E-Commerce Consultants (EC-Council) is a member-based organization that certifies individuals in various e-business and security skills. It is the owner and developer of the world famous Certified Ethical Hacker (C|EH), Computer Hacking Forensics Investigator (C|HFI) and EC-Council Certified Security Analyst (E|CSA)/License Penetration Tester (L|PT) programs, and various others offered in over 60 countries around the globe.

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: Bugging Web 2.0
  • Live at: Jan 24 2011 2:00 pm
  • Presented by: Aditya K Sood
  • From:
Your email has been sent.
or close
You must be logged in to email this