This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "Hacking by Numbers"
From OWASP
m |
Leeannehart (talk | contribs) |
||
(One intermediate revision by one other user not shown) | |||
Line 1: | Line 1: | ||
== The presentation == | == The presentation == | ||
− | [[Image: | + | [[Image:Tom_Brennan.jpg|200px|thumb|right|Tom Brennen]]There is a difference between what is possible and what is probable, something we often lose sight of in the world of information security. For example, a vulnerability represents a possible way for an attacker to exploit an asset, but remember not all vulnerabilities are created equal. Obviously we must also keep in mind that just because a vulnerability exists does not necessarily mean it will be exploited, or indicate by whom or to what extent. Clearly, many vulnerabilities are very serious leaving the door open to compromise of sensitive information, financial loss, brand damage, violation of industry regulations, and downtime. Some vulnerabilities are more difficult to exploit than others and therefore attract different attackers. Autonomous worms & viruses may attack one type of issue, while a sentient targeted attacker may prefer another path. Better understanding of these factors enables us to make informed business decisions about website risk management and what is probable. |
== The speaker == | == The speaker == | ||
− | Tom is a member of the [http://www.whitehatsec.com WhiteHat Security] and serves as a Board Member of the OWASP Foundation more details can be found | + | Tom is a member of the [http://www.whitehatsec.com WhiteHat Security] and serves as a Board Member of the OWASP Foundation more details can be found at [http://www.proactiverisk.com his webpage on a cloud] |
− | |||
− | |||
− | |||
[[Category:OWASP_AppSec_DC_09]] [[Category:OWASP_Conference_Presentations]] | [[Category:OWASP_AppSec_DC_09]] [[Category:OWASP_Conference_Presentations]] |
Latest revision as of 15:25, 20 October 2009
The presentation
There is a difference between what is possible and what is probable, something we often lose sight of in the world of information security. For example, a vulnerability represents a possible way for an attacker to exploit an asset, but remember not all vulnerabilities are created equal. Obviously we must also keep in mind that just because a vulnerability exists does not necessarily mean it will be exploited, or indicate by whom or to what extent. Clearly, many vulnerabilities are very serious leaving the door open to compromise of sensitive information, financial loss, brand damage, violation of industry regulations, and downtime. Some vulnerabilities are more difficult to exploit than others and therefore attract different attackers. Autonomous worms & viruses may attack one type of issue, while a sentient targeted attacker may prefer another path. Better understanding of these factors enables us to make informed business decisions about website risk management and what is probable.The speaker
Tom is a member of the WhiteHat Security and serves as a Board Member of the OWASP Foundation more details can be found at his webpage on a cloud