Application Insecurity

Presented by Peter Gubarevich

MCT, CCSI, MVP: Enterprise Security

Certified EC-Council Instructor

Certified Ethical Hacker

2 Agenda

Most common attacks vectors today

Demo: Exploiting Mozilla Firefox Remote Code Execution vulnerability

Demo: Exploiting Adobe Flash and Oracle Java vulnerabilities

Demo: Exploiting Adobe Reader and Foxit Reader vulnerabilities

Certified Ethical Hacker v8 Course Contents

Q&A

3Quick Statistics+5 to Knowledge Skill

4 Industry-wide operating system, browser, and application vulnerabilities, 2H10–1H13

Source: Microsoft Security Intelligence Report vol.15

5 Drive-by download: Latvia is the world’s 2nd with 6.6 drive-by URLs for every 1,000 URLs

Source: Microsoft Security Intelligence Report vol.15

6

A surprising number of administrators and end-users only update Operating Systems,

while leaving Browsers, Plugins and Office Suits unpatched.Now let’s see what hacker can do with this software.

7

Demo: exploiting Firefox vulnerabilityActually, it’s about any of your favorite browsers

8

Demo: exploiting Flash Player & JavaRemote Code Execution that even bypasses sandbox

9

Demo: exploiting popular PDF readersBecause 0wning browser is not enough

10

Ethical Hacking and Countermeasures v8+8 to Attack Skill

11 CEHv8 Contents at a GlanceANSI 17024-accredited course

Ethical Hacking

Scanning Networks and Enumeration

System Hacking

Trojans, Viruses and Worms

Sniffing Networks

Cross-Site Scripting Attacks

SQL Injection

Buffer Overflow

Countermeasures

Limiting Privileges

Managing Updates

Application Whitelisting

Implementing Cryptography

Securing Traffic with IPSec

… and more

12 EC-Council Accredited Training Center New Horizons Latvia

To enroll for your CEH training,

call: +371 67847600, mail to: office@nh.lv

or visit: Elizabetes 65-10, Rīga, Latvia

Q&A