This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "Front Range OWASP Conference 2013/Presentations/Malware"
From OWASP
Mark Major (talk | contribs) (Created page with "===How Malware Attacks Web Applications=== Modern malware has outpaced the ability for traditional defenses to detect and contain the threats. The core of the presentation wi...") |
Jess Garrett (talk | contribs) |
||
| Line 8: | Line 8: | ||
* Persistence and Stealth<br>How does the malware go undetected, for so long? | * Persistence and Stealth<br>How does the malware go undetected, for so long? | ||
* Countermeasures<br>How to detect malware interacting with your web applications. | * Countermeasures<br>How to detect malware interacting with your web applications. | ||
| + | |||
| + | [[Media:Smith.pdf | Slides]] | ||
| + | [https://vimeo.com/68107330 Video] | ||
| + | <br> | ||
Latest revision as of 17:47, 11 June 2013
How Malware Attacks Web Applications
Modern malware has outpaced the ability for traditional defenses to detect and contain the threats. The core of the presentation will address several techniques used by malware to attack web applications, including:
- WebInjects (aka Man-in-the-Browser)
Files that contain JavaScript and HTML in order to alter the user experience in the application. - Form-Grabbing
The technique for capturing web form data within browsers. - Session Hijacking
The ability to redirect control of a session to an attacker. - Persistence and Stealth
How does the malware go undetected, for so long? - Countermeasures
How to detect malware interacting with your web applications.
