The Web Just Got a Little More Dangerous

Jeremiah Grossman (WhiteHat Security, Inc.)
Security
Location: 2010
Average rating: ****.
(4.00, 9 ratings)

When you look at many of the prominent website hacking incidents, it becomes obvious that website security is becoming increasingly challenging for today’s corporations. The cause is often not that an attacker took advantage of an unpatched well-known vulnerability, but instead took advantage of an unknown issue in a custom Web application. For example, Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF) are relatively simple attacks that, when coupled with JavaScript malware, can seriously impact any and everyone using a Web browser.

Case in point, in 2005 the MySpace Samy Worm self-propagated in less than 24 hours using XSS and CSRF to infect more than one million user profiles and knock offline one of the Web’s largest properties. Since then, many Web worms have been released with increasing maliciousness. Cyber criminals are now exploiting website vulnerabilities daily to propagate additional forms of malware to their visitors.

With clickjacking, a relative newcomer, an attacker can invisibly hover website buttons below a user’s mouse, so that when the user clicks on what they see, they’re actually clicking on something the attacker wants them to. Clickjacking can easily lead to users involuntarily activating their camera and microphone where they can be spied upon. Adding to that is the huge drive towards developing Mash-ups where multiple untrusted data sources are combined in new and interesting ways. Any data poising that occurs upstream can easily impact the rest of the system, with few if any solutions to this problem existing. The more we’ve come to understand about the Web, the less secure it seems to get.

After experiencing Jeremiah Grossman’s presentation on these vulnerabilities, attendees will be able to:
  • Comprehend how the most common Web attacks are carried out
  • Evaluate the real-world threat these vulnerabilities pose for corporate operations and reputation
  • Apply practical solutions to guard against them in near and long term
Photo of Jeremiah Grossman

Jeremiah Grossman

WhiteHat Security, Inc.

Jeremiah Grossman is the founder and CTO of WhiteHat Security. He is considered a world-renowned expert in Web security, is a co- founder of the Web Application Security Consortium, and was named to InfoWorld’s Top 25 CTOs for 2007. Grossman is a frequent speaker at industry events including the Black Hat Briefings, RSA, CSI, HiTB, OWASP, ISSA, and a number of large universities. He has authored dozens of articles and white papers; is credited with the discovery of many cutting-edge attack and defensive techniques and is a co-author of XSS Attacks. Grossman is often quoted in major media publications such as SC Magazine, CSO Magazine, InfoWorld, USA Today, Dark Reading, SecurityFocus, and more. Prior to WhiteHat, Grossman was an information security officer at Yahoo!

Comments on this page are now closed.

Comments

Michael Wu
04/06/2009 2:03pm PDT

Jeremiah said that he will provide the slides to the talk. So can someone put the slide up for this talk as the others.

  • 3Tera, Inc
  • Ascentium
  • Awareness
  • HiveLive, Inc.
  • ImageSpan
  • Jive Software
  • Juniper Networks
  • Kapow Technologies
  • Keynote Systems
  • LithiumTechnologies
  • Nokia
  • nomee
  • Qtask
  • Rackspace Hosting
  • Remy
  • TamTamy
  • Vignette
  • Yola (fka SynthaSite)
  • Znak
Sponsors
  • IBM
  • eBay
  • Microsoft Corporation
  • Salesforce.com
  • Adobe Systems, Inc.
  • EffectiveUI
  • Germany Trade & Invest
  • NeuStar
  • ONEsite

Sponsor & Exhibitor Opportunities

Natalia Dugandzic
415-947-6709
ndugandzic@techweb.com

Media Sponsor Opportunities

Matthew Balthazor
949-223-3628
mbalthazor@techweb.com

Speaker / Program Ideas

Have a suggestion for a speaker or topic at Web 2.0 Expo San Francisco? Send an email to: sf-idea@web2expo.com

Press/Media Inquiries

Maureen Jennings
707-827-7083
maureen@oreilly.com

or

Natalia Wodecki
415-947-6762
nwodecki@techweb.com

Contact Us

View a complete list of Web 2.0 Expo contacts.