Description: While the OWASP Top Ten issues are as prevalent as ever, today's applications are vulnerable to a new bread of attack, which are often deadlier. Being able to identify and remediate these issues before the bad guys find them is a must. Some of the exploits discussed will include Server Side Request Forgery (SSRF), XML External Entity Processing (XXE), Clickjacking, Authentication Token Stealing, SSL Attacks, and many more. Many of these new aged vulnerabilities can easily be leveraged in the total compromise of a system. These vulnerabilities will be demonstrated and remediation strategies will be discussed.
Currently, Andrew Leeth works at Salesforce. His responsibilities include application security, penetration testing, threat modeling, remediation, defense protections, and security guidance to development teams throughout the Software Development Lifecycle (SDLC). Andrew works closely with developers to ensure that customers' assets are secure in the company's products. Before that, Andrew was a consultant that provided security services to a variety of businesses both large and small, and across many industry verticals. He helped many of these companies assess and manage the security risks involved with cloud vendors. While consulting, he reviewed the security of hundreds of cloud providers, from larger providers, like Amazon and Microsoft, to small start-up companies. Andrew attended Indiana University where he received his degree in Security Informatics. Andrew also holds various certifications including the CSSLP, GWAPT, CEH, CCSK, GMOB, CISSP, and many others.
For More Information Please Visit: -
http://www.derbycon.com/
http://www.irongeek.com/i.php?page=videos/derbycon5/mainlist
Tags:
Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.