Upload
andris-soroka
View
256
Download
4
Embed Size (px)
DESCRIPTION
Presentation from one of the remarkable IT Security events in the Baltic States organized by “Data Security Solutions” (www.dss.lv ) Event took place in Riga, on 7th of November, 2013 and was visited by more than 400 participants at event place and more than 300 via online live streaming.
Citation preview
Application Insecurity
Presented by Peter Gubarevich
MCT, CCSI, MVP: Enterprise Security
Certified EC-Council Instructor
Certified Ethical Hacker
2 Agenda
Most common attacks vectors today
Demo: Exploiting Mozilla Firefox Remote Code Execution vulnerability
Demo: Exploiting Adobe Flash and Oracle Java vulnerabilities
Demo: Exploiting Adobe Reader and Foxit Reader vulnerabilities
Certified Ethical Hacker v8 Course Contents
Q&A
3Quick Statistics+5 to Knowledge Skill
4 Industry-wide operating system, browser, and application vulnerabilities, 2H10–1H13
Source: Microsoft Security Intelligence Report vol.15
5 Drive-by download: Latvia is the world’s 2nd with 6.6 drive-by URLs for every 1,000 URLs
Source: Microsoft Security Intelligence Report vol.15
6
A surprising number of administrators and end-users only update Operating Systems,
while leaving Browsers, Plugins and Office Suits unpatched.Now let’s see what hacker can do with this software.
7
Demo: exploiting Firefox vulnerabilityActually, it’s about any of your favorite browsers
8
Demo: exploiting Flash Player & JavaRemote Code Execution that even bypasses sandbox
9
Demo: exploiting popular PDF readersBecause 0wning browser is not enough
10
Ethical Hacking and Countermeasures v8+8 to Attack Skill
11 CEHv8 Contents at a GlanceANSI 17024-accredited course
Ethical Hacking
Scanning Networks and Enumeration
System Hacking
Trojans, Viruses and Worms
Sniffing Networks
Cross-Site Scripting Attacks
SQL Injection
Buffer Overflow
Countermeasures
Limiting Privileges
Managing Updates
Application Whitelisting
Implementing Cryptography
Securing Traffic with IPSec
… and more
12 EC-Council Accredited Training Center New Horizons Latvia
To enroll for your CEH training,
call: +371 67847600, mail to: [email protected]
or visit: Elizabetes 65-10, Rīga, Latvia
Q&A