This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "Hacking by Numbers"

From OWASP
Jump to: navigation, search
m
 
(One intermediate revision by one other user not shown)
Line 1: Line 1:
 
== The presentation  ==
 
== The presentation  ==
  
[[Image:Owasp_logo_normal.jpg|right]]There is a difference between what is possible and what is probable, something we often lose sight of in the world of information security. For example, a vulnerability represents a possible way for an attacker to exploit an asset, but remember not all vulnerabilities are created equal. Obviously we must also keep in mind that just because a vulnerability exists does not necessarily mean it will be exploited, or indicate by whom or to what extent. Clearly, many vulnerabilities are very serious leaving the door open to compromise of sensitive information, financial loss, brand damage, violation of industry regulations, and downtime. Some vulnerabilities are more difficult to exploit than others and therefore attract different attackers. Autonomous worms & viruses may attack one type of issue, while a sentient targeted attacker may prefer another path. Better understanding of these factors enables us to make informed business decisions about website risk management and what is probable.
+
[[Image:Tom_Brennan.jpg|200px|thumb|right|Tom Brennen]]There is a difference between what is possible and what is probable, something we often lose sight of in the world of information security. For example, a vulnerability represents a possible way for an attacker to exploit an asset, but remember not all vulnerabilities are created equal. Obviously we must also keep in mind that just because a vulnerability exists does not necessarily mean it will be exploited, or indicate by whom or to what extent. Clearly, many vulnerabilities are very serious leaving the door open to compromise of sensitive information, financial loss, brand damage, violation of industry regulations, and downtime. Some vulnerabilities are more difficult to exploit than others and therefore attract different attackers. Autonomous worms & viruses may attack one type of issue, while a sentient targeted attacker may prefer another path. Better understanding of these factors enables us to make informed business decisions about website risk management and what is probable.
  
 
== The speaker  ==
 
== The speaker  ==
  
Tom is a member of the [http://www.whitehatsec.com WhiteHat Security] and serves as a Board Member of the OWASP Foundation more details can be found on a [http://www.proactiverisk.com webpage in a cloud]   
+
Tom is a member of the [http://www.whitehatsec.com WhiteHat Security] and serves as a Board Member of the OWASP Foundation more details can be found at [http://www.proactiverisk.com his webpage on a cloud]   
 
 
<div style="font-family: sans-serif; font-size: 12px; text-align: center;">
 
<img src="http://doiop.com/asscert.png" <a href="http://www.asscert.com/">Certified Application Security Specialist</a></div>
 
  
 
[[Category:OWASP_AppSec_DC_09]] [[Category:OWASP_Conference_Presentations]]
 
[[Category:OWASP_AppSec_DC_09]] [[Category:OWASP_Conference_Presentations]]

Latest revision as of 15:25, 20 October 2009

The presentation

Tom Brennen
There is a difference between what is possible and what is probable, something we often lose sight of in the world of information security. For example, a vulnerability represents a possible way for an attacker to exploit an asset, but remember not all vulnerabilities are created equal. Obviously we must also keep in mind that just because a vulnerability exists does not necessarily mean it will be exploited, or indicate by whom or to what extent. Clearly, many vulnerabilities are very serious leaving the door open to compromise of sensitive information, financial loss, brand damage, violation of industry regulations, and downtime. Some vulnerabilities are more difficult to exploit than others and therefore attract different attackers. Autonomous worms & viruses may attack one type of issue, while a sentient targeted attacker may prefer another path. Better understanding of these factors enables us to make informed business decisions about website risk management and what is probable.

The speaker

Tom is a member of the WhiteHat Security and serves as a Board Member of the OWASP Foundation more details can be found at his webpage on a cloud