How an Attacker "Audits" Your Software Applications

Presented by

Joe Basirico, VP of Services at Security Innovation

About this talk

Software runs today’s business; however, security implications are often misunderstood, creating significant organizational risk. Poorly configured servers, 3rd-party software, and continuous release cycles put additional pressure on already stressed teams. Hackers no longer just exploit vulnerabilities in code -- faulty cloud deployments, weak database structures, and business logic problems are also easy targets for attackers. To reduce risk, you’ve got to audit your system in the same way an attacker would. This presentation demonstrates how attackers compromise the modern enterprise. For each attack demonstrated, mitigation practices will be discussed. WARNING: software will be harmed during this presentation. Viewer discretion advised. Topics include: - The modern technology stack - Easy pickings – hacking demonstrations!! - Auditing software-based systems: o Standards and policies o System updates and patching o Data leakage/exfiltration o Identity & access management o System logs and tracking o Tamper protections and detection o Authentication and access controls

Related topics:

More from this channel

Upcoming talks (9)
On-demand talks (116)
Subscribers (13992)
Security Innovation is an authority on software security and helps organizations build and deploy more secure software. Global technology vendors and enterprise IT organizations such as Microsoft, IBM, FedEx, ING, Symantec, Coca-Cola and GE rely on our expertise to understand the security risks in their software systems and facilitate the software and process change necessary to mitigate them. Security Innovation specializes in software security, an area where traditional “information security” and “business” consultants tend to struggle. We have been analyzing application vulnerabilities and risk for almost a decade and were one of the first providers of software risk solutions to Fortune 500 firms. Our unrivaled proficiency in technical analysis, coupled with sound knowledge of business processes, results in world-class solutions that bridge the gap between application security holes and risk management optimization.