Introducing
Your new presentation assistant.
Refine, enhance, and tailor your content, source relevant images, and edit visuals quicker than ever before.
Trending searches
Who am I?
Assessment Manager
for SensePost
Wrote the Testing Guide
Now joint lead for ASVS
250, 000 contestants
info leaked.
1: SQLi
2: XSS
3: RFI
4: Botnets
What is the reason for the recent rash of hacking?
hackers aren't necessarily smart
victims are stupid
We aren't getting our message across
Lulzsec won't be the last
What lesson has been learned?
Rarely do big IT departments communicate with each other
Last file leaked was a list of routers.
Most had default usernames and passwords.
Lulzsec have shown how ineffective the security community & market really is
Too often the thought is "let's buy a tool!!"
AT&T used pirated copy of Winrar
Tools like vuln scanners, IPSes, and WAFs will fail you when you need them most.
Security is the first business I have seen where the customer is not always right.
Everyone in security is to blame
We in security cater more to those who check boxes than we do actual security
Work with the best out there
Training
There is no silver bullet approach
Security buy in across all levels
Embedded security testing
Doing it for
the Lulz
Gobble Gobble
It's hard to get the basics right
Daniel@SensePost.com
Daniel.Cuthbert@OWASP.org
@dcuthbert