Case in point, in 2005 the MySpace Samy Worm self-propagated in less than 24 hours using XSS and CSRF to infect more than one million user profiles and knock offline one of the Web’s largest properties. Since then, many Web worms have been released with increasing maliciousness. Cyber criminals are now exploiting website vulnerabilities daily to propagate additional forms of malware to their visitors.
With clickjacking, a relative newcomer, an attacker can invisibly hover website buttons below a user’s mouse, so that when the user clicks on what they see, they’re actually clicking on something the attacker wants them to. Clickjacking can easily lead to users involuntarily activating their camera and microphone where they can be spied upon. Adding to that is the huge drive towards developing Mash-ups where multiple untrusted data sources are combined in new and interesting ways. Any data poising that occurs upstream can easily impact the rest of the system, with few if any solutions to this problem existing. The more we’ve come to understand about the Web, the less secure it seems to get.
After experiencing Jeremiah Grossman’s presentation on these vulnerabilities, attendees will be able to:
Jeremiah Grossman is the founder and CTO of WhiteHat Security. He is considered a world-renowned expert in Web security, is a co- founder of the Web Application Security Consortium, and was named to InfoWorld’s Top 25 CTOs for 2007. Grossman is a frequent speaker at industry events including the Black Hat Briefings, RSA, CSI, HiTB, OWASP, ISSA, and a number of large universities. He has authored dozens of articles and white papers; is credited with the discovery of many cutting-edge attack and defensive techniques and is a co-author of XSS Attacks. Grossman is often quoted in major media publications such as SC Magazine, CSO Magazine, InfoWorld, USA Today, Dark Reading, SecurityFocus, and more. Prior to WhiteHat, Grossman was an information security officer at Yahoo!
Comments on this page are now closed.
Have a suggestion for a speaker or topic at Web 2.0 Expo San Francisco? Send an email to: email@example.com
View a complete list of Web 2.0 Expo contacts.