SlideShare une entreprise Scribd logo

The Top 10/20 Internet Security Vulnerabilities – A Primer

A
amiable_indian

The Top 10/20 Internet Security Vulnerabilities – A Primer

TechnologieSpirituel
1  sur  82
The Top 10/20 Internet Security Vulnerabilities – A Primer Randy Marchany VA Tech Computing Center The SANS Institute COVITS 2000
Introduction ,[object Object],[object Object],[object Object],[object Object]
Introduction ,[object Object],[object Object],[object Object]
Pay Me Now or Pay Me Later ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Why Are We Vulnerable? ,[object Object],[object Object],[object Object]
So Many Systems, Not Enough Time….. ,[object Object],[object Object],[object Object],[object Object],[object Object]
Hacking = Rocket Science? Not! ,[object Object],[object Object]
Why Are the Attacks Successful? ,[object Object],[object Object]
Why Are the Attacks Successful? ,[object Object],[object Object],[object Object]
Some Pointers About the Lists ,[object Object],[object Object],[object Object],[object Object],[object Object]
Some Pointers about the Lists ,[object Object],[object Object],[object Object],[object Object]
Some More Pointers about the Lists ,[object Object],[object Object]
Some More Pointers about the Lists ,[object Object],[object Object],[object Object],[object Object],[object Object]
Item #1: BIND ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Item #1: BIND ,[object Object],[object Object]
Item #1: BIND ,[object Object],[object Object],[object Object],[object Object]
Item #2: CGI Scripts ,[object Object],[object Object],[object Object],[object Object]
The Second Item – CGI Scripts ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Item #3: Remote Procedure Calls (RPC) ,[object Object],[object Object],[object Object],[object Object]
Item #3: Remote Procedure Calls (RPC) ,[object Object],[object Object],[object Object],[object Object],[object Object]
Item #4: Microsoft Internet Information Server (IIS) ,[object Object],[object Object],[object Object]
Item #4: Microsoft Internet Information Server (IIS) ,[object Object],[object Object],[object Object],[object Object]
Item #5: Sendmail Weakness ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Item #5: Sendmail Weakness ,[object Object],[object Object],[object Object],[object Object],[object Object]
Item #6: sadmind and mountd ,[object Object],[object Object]
Item #6: sadmind and mountd ,[object Object],[object Object],[object Object],[object Object],[object Object]
Item #7: Global File Sharing ,[object Object],[object Object]
Item #7: Global File Sharing ,[object Object],[object Object]
Item #7: Global File Sharing ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Item #8: User Accounts with No Passwords ,[object Object],[object Object]
Item #8: User Accounts with No Passwords ,[object Object],[object Object]
Item #8: User Accounts with No Passwords ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Item #9: IMAP, POP Vulnerabilities ,[object Object],[object Object]
Item #9: IMAP, POP Vulnerabilities ,[object Object],[object Object]
Item#9: IMAP, POP Vulnerabilities ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Item #10: SNMP Vulnerabilities ,[object Object],[object Object]
Item #10: SNMP Vulnerabilities ,[object Object],[object Object]
Item #10: SNMP Vulnerabilities ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Summary ,[object Object],[object Object],[object Object],[object Object]
The SANS/FBI Top 20 List If we had fixed the top 10, there wouldn’t be a top 20. 
Top 20 List Organization ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Top 20 Summary ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Top 20 Summary ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Top 20 Summary ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
G1: Default OS Installations ,[object Object],[object Object],[object Object],[object Object]
G1: Default OS Installations ,[object Object],[object Object]
G1: Default OS Installations ,[object Object],[object Object],[object Object]
G1: Default OS Installations ,[object Object],[object Object],[object Object],[object Object]
G3: Non-existent, Incomplete Backups ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
G3: Non-existent, Incomplete Backups ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
G3: Non-existent, Incomplete Backups ,[object Object],[object Object],[object Object]
G4: Large Number of Open Ports ,[object Object],[object Object],[object Object],[object Object]
G4: Large Number of Open Ports ,[object Object],[object Object],[object Object],[object Object]
G4: Large Number of Open Ports ,[object Object],[object Object],[object Object],[object Object]
G5: Incorrect Ingress/Egress Router Filters ,[object Object],[object Object],[object Object],[object Object],[object Object]
G5: Incorrect Ingress/Egress Router Filters ,[object Object],[object Object],[object Object]
G5: Incorrect Ingress/Egress Router Filters ,[object Object],[object Object],[object Object],[object Object],[object Object]
G6: Non-existent, Incomplete Logging ,[object Object],[object Object],[object Object],[object Object],[object Object]
G6: Non-existent, Incomplete Logging ,[object Object],[object Object],[object Object],[object Object],[object Object]
W1: Unicode – Web Server Traversal ,[object Object],[object Object],[object Object],[object Object]
W1: Unicode – Web Server Traversal ,[object Object],[object Object],[object Object],[object Object]
W1: Unicode – Web Server Traversal ,[object Object],[object Object],[object Object]
W1: Unicode – Web Server Traversal ,[object Object],[object Object]
W1: Unicode – Web Server Traversal ,[object Object],[object Object],[object Object],[object Object]
W2: ISAPI Extension Buffer Overflows ,[object Object],[object Object],[object Object],[object Object]
W2: ISAPI Extension Buffer Overflows ,[object Object],[object Object],[object Object]
W2: ISAPI Extension Buffer Overflows ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
W5: Null Session Connections ,[object Object],[object Object],[object Object]
W5: Null Session Connections ,[object Object],[object Object],[object Object],[object Object]
W5: Null Session Connections ,[object Object],[object Object],[object Object],[object Object]
W6: Weak Hashing in SAM ,[object Object],[object Object],[object Object],[object Object]
W6: Weak Hashing in SAM ,[object Object],[object Object],[object Object],[object Object]
W6: Weak Hashing in SAM ,[object Object],[object Object],[object Object],[object Object]
U4: R Commands ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
U4: R Commands ,[object Object],[object Object],[object Object],[object Object],[object Object]
U5: LPD ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
U5:LPD ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Common Vulnerable Ports ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Common Vulnerable Ports ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Common Vulnerable Ports ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Summary ,[object Object],[object Object],[object Object]
References ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

Recommandé

Freeware Security Tools You Need
Freeware Security Tools You NeedFreeware Security Tools You Need
Freeware Security Tools You Need
amiable_indian
 
WIFI; making a wireless connection
WIFI; making a wireless connectionWIFI; making a wireless connection
WIFI; making a wireless connection
Webster University
 
Webscarab demo @ OWASP Belgium
Webscarab demo @ OWASP BelgiumWebscarab demo @ OWASP Belgium
Webscarab demo @ OWASP Belgium
Philippe Bogaerts
 
Attacking Automatic Wireless Network Selection
Attacking Automatic Wireless Network SelectionAttacking Automatic Wireless Network Selection
Attacking Automatic Wireless Network Selection
amiable_indian
 
Writing Secure Code – Threat Defense
Writing Secure Code – Threat DefenseWriting Secure Code – Threat Defense
Writing Secure Code – Threat Defense
amiable_indian
 
Anton Chuvakin on Honeypots
Anton Chuvakin on HoneypotsAnton Chuvakin on Honeypots
Anton Chuvakin on Honeypots
Anton Chuvakin
 
Windows network
Windows networkWindows network
Windows network
Jithesh Nair
 
How to Hack WiFi on Windows
How to Hack WiFi on Windows How to Hack WiFi on Windows
How to Hack WiFi on Windows
Vrushank Narola
 

Recommandé

Freeware Security Tools You Need
Freeware Security Tools You NeedFreeware Security Tools You Need
Freeware Security Tools You Need
amiable_indian
 
WIFI; making a wireless connection
WIFI; making a wireless connectionWIFI; making a wireless connection
WIFI; making a wireless connection
Webster University
 
Webscarab demo @ OWASP Belgium
Webscarab demo @ OWASP BelgiumWebscarab demo @ OWASP Belgium
Webscarab demo @ OWASP Belgium
Philippe Bogaerts
 
Attacking Automatic Wireless Network Selection
Attacking Automatic Wireless Network SelectionAttacking Automatic Wireless Network Selection
Attacking Automatic Wireless Network Selection
amiable_indian
 
Writing Secure Code – Threat Defense
Writing Secure Code – Threat DefenseWriting Secure Code – Threat Defense
Writing Secure Code – Threat Defense
amiable_indian
 
Anton Chuvakin on Honeypots
Anton Chuvakin on HoneypotsAnton Chuvakin on Honeypots
Anton Chuvakin on Honeypots
Anton Chuvakin
 
Windows network
Windows networkWindows network
Windows network
Jithesh Nair
 
How to Hack WiFi on Windows
How to Hack WiFi on Windows How to Hack WiFi on Windows
How to Hack WiFi on Windows
Vrushank Narola
 
Firewall
FirewallFirewall
Firewall
Manikyala Rao
 
Hacking Wireless Networks : Null Delhi (November)
Hacking Wireless Networks : Null Delhi (November)Hacking Wireless Networks : Null Delhi (November)
Hacking Wireless Networks : Null Delhi (November)
Mandeep Jadon
 
Module 4 Enumeration
Module 4 EnumerationModule 4 Enumeration
Module 4 Enumeration
leminhvuong
 
Firewall - Network Defense in Depth Firewalls
Firewall - Network Defense in Depth FirewallsFirewall - Network Defense in Depth Firewalls
Firewall - Network Defense in Depth Firewalls
phanleson
 
Hacking wireless networks
Hacking wireless networksHacking wireless networks
Hacking wireless networks
Sahil Rai
 
Fundamentals of network hacking
Fundamentals of network hackingFundamentals of network hacking
Fundamentals of network hacking
Pranshu Pareek
 
How Hack WiFi through Aircrack-ng in Kali Linux Cyber Security
How Hack WiFi through Aircrack-ng in Kali Linux Cyber SecurityHow Hack WiFi through Aircrack-ng in Kali Linux Cyber Security
How Hack WiFi through Aircrack-ng in Kali Linux Cyber Security
Ahmad Yar
 
Ethical hacking Chapter 7 - Enumeration - Eric Vanderburg
Ethical hacking Chapter 7 - Enumeration - Eric VanderburgEthical hacking Chapter 7 - Enumeration - Eric Vanderburg
Ethical hacking Chapter 7 - Enumeration - Eric Vanderburg
Eric Vanderburg
 
Attacking and Securing WPA Enterprise Networks
Attacking and Securing WPA Enterprise NetworksAttacking and Securing WPA Enterprise Networks
Attacking and Securing WPA Enterprise Networks
Northeast Ohio Information Security Forum
 
Firewall Essentials
Firewall EssentialsFirewall Essentials
Firewall Essentials
Sylvain Maret
 
How to hack a telecom and stay alive
How to hack a telecom and stay aliveHow to hack a telecom and stay alive
How to hack a telecom and stay alive
qqlan
 
Barriers to TOR Research at UC Berkeley
Barriers to TOR Research at UC BerkeleyBarriers to TOR Research at UC Berkeley
Barriers to TOR Research at UC Berkeley
joebeone
 
Denis Baranov: Root via XSS
Denis Baranov: Root via XSSDenis Baranov: Root via XSS
Denis Baranov: Root via XSS
qqlan
 
How to hack a telecommunication company and stay alive. Sergey Gordeychik
How to hack a telecommunication company and stay alive. Sergey GordeychikHow to hack a telecommunication company and stay alive. Sergey Gordeychik
How to hack a telecommunication company and stay alive. Sergey Gordeychik
Positive Hack Days
 
Create a-strong-two-factors-authentication-device-for-less-than-chf-100
Create a-strong-two-factors-authentication-device-for-less-than-chf-100Create a-strong-two-factors-authentication-device-for-less-than-chf-100
Create a-strong-two-factors-authentication-device-for-less-than-chf-100
Cyber Security Alliance
 
Security & ethical hacking p2
Security & ethical hacking p2Security & ethical hacking p2
Security & ethical hacking p2
ratnalajaggu
 
Exploiting WiFi Security
Exploiting WiFi Security Exploiting WiFi Security
Exploiting WiFi Security
Hariraj Rathod
 
Security Attack Analysis for Finding and Stopping Network Attacks
Security Attack Analysis for Finding and Stopping Network AttacksSecurity Attack Analysis for Finding and Stopping Network Attacks
Security Attack Analysis for Finding and Stopping Network Attacks
Savvius, Inc
 
The New Landscape of Airborne Cyberattacks
The New Landscape of Airborne CyberattacksThe New Landscape of Airborne Cyberattacks
The New Landscape of Airborne Cyberattacks
Priyanka Aash
 
Penetration testing, What’s this?
Penetration testing, What’s this?Penetration testing, What’s this?
Penetration testing, What’s this?
Dmitry Evteev
 
101 run commands
101 run commands101 run commands
101 run commands
Sunil Patel
 
Cyber Intelligence Operations Center
Cyber Intelligence Operations CenterCyber Intelligence Operations Center
Cyber Intelligence Operations Center
Bill Ross
 

Contenu connexe

Tendances

Module 4 Enumeration
Module 4 EnumerationModule 4 Enumeration
Module 4 Enumeration
leminhvuong
 
Attacking and Securing WPA Enterprise Networks
Attacking and Securing WPA Enterprise NetworksAttacking and Securing WPA Enterprise Networks
Attacking and Securing WPA Enterprise Networks
Northeast Ohio Information Security Forum
 
How to hack a telecom and stay alive
How to hack a telecom and stay aliveHow to hack a telecom and stay alive
How to hack a telecom and stay alive
qqlan
 
Denis Baranov: Root via XSS
Denis Baranov: Root via XSSDenis Baranov: Root via XSS
Denis Baranov: Root via XSS
qqlan
 
How to hack a telecommunication company and stay alive. Sergey Gordeychik
How to hack a telecommunication company and stay alive. Sergey GordeychikHow to hack a telecommunication company and stay alive. Sergey Gordeychik
How to hack a telecommunication company and stay alive. Sergey Gordeychik
Positive Hack Days
 
Security Attack Analysis for Finding and Stopping Network Attacks
Security Attack Analysis for Finding and Stopping Network AttacksSecurity Attack Analysis for Finding and Stopping Network Attacks
Security Attack Analysis for Finding and Stopping Network Attacks
Savvius, Inc
 
Penetration testing, What’s this?
Penetration testing, What’s this?Penetration testing, What’s this?
Penetration testing, What’s this?
Dmitry Evteev
 

Tendances (20)

Firewall
FirewallFirewall
Firewall
 
Hacking Wireless Networks : Null Delhi (November)
Hacking Wireless Networks : Null Delhi (November)Hacking Wireless Networks : Null Delhi (November)
Hacking Wireless Networks : Null Delhi (November)
 
Module 4 Enumeration
Module 4 EnumerationModule 4 Enumeration
Module 4 Enumeration
 
Firewall - Network Defense in Depth Firewalls
Firewall - Network Defense in Depth FirewallsFirewall - Network Defense in Depth Firewalls
Firewall - Network Defense in Depth Firewalls
 
Hacking wireless networks
Hacking wireless networksHacking wireless networks
Hacking wireless networks
 
Fundamentals of network hacking
Fundamentals of network hackingFundamentals of network hacking
Fundamentals of network hacking
 
How Hack WiFi through Aircrack-ng in Kali Linux Cyber Security
How Hack WiFi through Aircrack-ng in Kali Linux Cyber SecurityHow Hack WiFi through Aircrack-ng in Kali Linux Cyber Security
How Hack WiFi through Aircrack-ng in Kali Linux Cyber Security
 
Ethical hacking Chapter 7 - Enumeration - Eric Vanderburg
Ethical hacking Chapter 7 - Enumeration - Eric VanderburgEthical hacking Chapter 7 - Enumeration - Eric Vanderburg
Ethical hacking Chapter 7 - Enumeration - Eric Vanderburg
 
Attacking and Securing WPA Enterprise Networks
Attacking and Securing WPA Enterprise NetworksAttacking and Securing WPA Enterprise Networks
Attacking and Securing WPA Enterprise Networks
 
Firewall Essentials
Firewall EssentialsFirewall Essentials
Firewall Essentials
 
How to hack a telecom and stay alive
How to hack a telecom and stay aliveHow to hack a telecom and stay alive
How to hack a telecom and stay alive
 
Barriers to TOR Research at UC Berkeley
Barriers to TOR Research at UC BerkeleyBarriers to TOR Research at UC Berkeley
Barriers to TOR Research at UC Berkeley
 
Denis Baranov: Root via XSS
Denis Baranov: Root via XSSDenis Baranov: Root via XSS
Denis Baranov: Root via XSS
 
How to hack a telecommunication company and stay alive. Sergey Gordeychik
How to hack a telecommunication company and stay alive. Sergey GordeychikHow to hack a telecommunication company and stay alive. Sergey Gordeychik
How to hack a telecommunication company and stay alive. Sergey Gordeychik
 
Create a-strong-two-factors-authentication-device-for-less-than-chf-100
Create a-strong-two-factors-authentication-device-for-less-than-chf-100Create a-strong-two-factors-authentication-device-for-less-than-chf-100
Create a-strong-two-factors-authentication-device-for-less-than-chf-100
 
Security & ethical hacking p2
Security & ethical hacking p2Security & ethical hacking p2
Security & ethical hacking p2
 
Exploiting WiFi Security
Exploiting WiFi Security Exploiting WiFi Security
Exploiting WiFi Security
 
Security Attack Analysis for Finding and Stopping Network Attacks
Security Attack Analysis for Finding and Stopping Network AttacksSecurity Attack Analysis for Finding and Stopping Network Attacks
Security Attack Analysis for Finding and Stopping Network Attacks
 
The New Landscape of Airborne Cyberattacks
The New Landscape of Airborne CyberattacksThe New Landscape of Airborne Cyberattacks
The New Landscape of Airborne Cyberattacks
 
Penetration testing, What’s this?
Penetration testing, What’s this?Penetration testing, What’s this?
Penetration testing, What’s this?
 

En vedette

101 run commands
101 run commands101 run commands
101 run commands
Sunil Patel
 
Networking session-4-final by aravind.R
Networking session-4-final by aravind.RNetworking session-4-final by aravind.R
Networking session-4-final by aravind.R
Navaneethan Naveen
 
Phishing As Tragedy of the Commons
Phishing As Tragedy of the CommonsPhishing As Tragedy of the Commons
Phishing As Tragedy of the Commons
amiable_indian
 
Uccn1003 -may10_-_lect02a_-_intro_to_networking_commands_software
Uccn1003 -may10_-_lect02a_-_intro_to_networking_commands_softwareUccn1003 -may10_-_lect02a_-_intro_to_networking_commands_software
Uccn1003 -may10_-_lect02a_-_intro_to_networking_commands_software
Shu Shin
 
Network Security Threats and Solutions
Network Security Threats and SolutionsNetwork Security Threats and Solutions
Network Security Threats and Solutions
Colin058
 

En vedette (13)

101 run commands
101 run commands101 run commands
101 run commands
 
Cyber Intelligence Operations Center
Cyber Intelligence Operations CenterCyber Intelligence Operations Center
Cyber Intelligence Operations Center
 
1218 MVT
1218 MVT1218 MVT
1218 MVT
 
Trace route
Trace route Trace route
Trace route
 
Networking session-4-final by aravind.R
Networking session-4-final by aravind.RNetworking session-4-final by aravind.R
Networking session-4-final by aravind.R
 
Information gathering using windows command line utility
Information gathering using windows command line utilityInformation gathering using windows command line utility
Information gathering using windows command line utility
 
Phishing As Tragedy of the Commons
Phishing As Tragedy of the CommonsPhishing As Tragedy of the Commons
Phishing As Tragedy of the Commons
 
100+ run commands for windows
100+ run commands for windows 100+ run commands for windows
100+ run commands for windows
 
Uccn1003 -may10_-_lect02a_-_intro_to_networking_commands_software
Uccn1003 -may10_-_lect02a_-_intro_to_networking_commands_softwareUccn1003 -may10_-_lect02a_-_intro_to_networking_commands_software
Uccn1003 -may10_-_lect02a_-_intro_to_networking_commands_software
 
Windows network security
Windows network securityWindows network security
Windows network security
 
Network Security Presentation
Network Security PresentationNetwork Security Presentation
Network Security Presentation
 
Network security
Network securityNetwork security
Network security
 
Network Security Threats and Solutions
Network Security Threats and SolutionsNetwork Security Threats and Solutions
Network Security Threats and Solutions
 

Similaire à The Top 10/20 Internet Security Vulnerabilities – A Primer

Hacking tutorial
Hacking tutorialHacking tutorial
Hacking tutorial
MSA Technosoft
 
The Media Access Control Address
The Media Access Control AddressThe Media Access Control Address
The Media Access Control Address
Angie Lee
 
Dev and Blind - Attacking the weakest Link in IT Security
Dev and Blind - Attacking the weakest Link in IT SecurityDev and Blind - Attacking the weakest Link in IT Security
Dev and Blind - Attacking the weakest Link in IT Security
Mario Heiderich
 
Recognizing security threats
Recognizing security threatsRecognizing security threats
Recognizing security threats
Kishore Kumar
 
01_Metasploit - The Elixir of Network Security
01_Metasploit - The Elixir of Network Security01_Metasploit - The Elixir of Network Security
01_Metasploit - The Elixir of Network Security
Harish Chaudhary
 
HACKING DESCRIBE IN DETAIL FOR UNIVERSITY PROJECT
HACKING DESCRIBE IN DETAIL FOR UNIVERSITY PROJECTHACKING DESCRIBE IN DETAIL FOR UNIVERSITY PROJECT
HACKING DESCRIBE IN DETAIL FOR UNIVERSITY PROJECT
DHRUV562167
 
Lab-10 Malware Creation and Denial of Service (DoS) In t.docx
Lab-10 Malware Creation and Denial of Service (DoS) In t.docxLab-10 Malware Creation and Denial of Service (DoS) In t.docx
Lab-10 Malware Creation and Denial of Service (DoS) In t.docx
pauline234567
 

Similaire à The Top 10/20 Internet Security Vulnerabilities – A Primer (20)

Hacking
HackingHacking
Hacking
 
Hacking
HackingHacking
Hacking
 
Lecture about network and host security to NII students
Lecture about network and host security to NII studentsLecture about network and host security to NII students
Lecture about network and host security to NII students
 
Hacking and its Defence
Hacking and its DefenceHacking and its Defence
Hacking and its Defence
 
Hacking tutorial
Hacking tutorialHacking tutorial
Hacking tutorial
 
Hacking In Detail
Hacking In DetailHacking In Detail
Hacking In Detail
 
The Media Access Control Address
The Media Access Control AddressThe Media Access Control Address
The Media Access Control Address
 
Dev and Blind - Attacking the weakest Link in IT Security
Dev and Blind - Attacking the weakest Link in IT SecurityDev and Blind - Attacking the weakest Link in IT Security
Dev and Blind - Attacking the weakest Link in IT Security
 
Introduction To Information Security
Introduction To Information SecurityIntroduction To Information Security
Introduction To Information Security
 
Hacking 1224807880385377-9
Hacking 1224807880385377-9Hacking 1224807880385377-9
Hacking 1224807880385377-9
 
Teensy Programming for Everyone
Teensy Programming for EveryoneTeensy Programming for Everyone
Teensy Programming for Everyone
 
Hacking by Pratyush Gupta
Hacking by Pratyush GuptaHacking by Pratyush Gupta
Hacking by Pratyush Gupta
 
Sembang2 Keselamatan It 2004
Sembang2 Keselamatan It 2004Sembang2 Keselamatan It 2004
Sembang2 Keselamatan It 2004
 
Recognizing security threats
Recognizing security threatsRecognizing security threats
Recognizing security threats
 
Two-For-One Talk: Malware Analysis for Everyone
Two-For-One Talk: Malware Analysis for EveryoneTwo-For-One Talk: Malware Analysis for Everyone
Two-For-One Talk: Malware Analysis for Everyone
 
01_Metasploit - The Elixir of Network Security
01_Metasploit - The Elixir of Network Security01_Metasploit - The Elixir of Network Security
01_Metasploit - The Elixir of Network Security
 
HACKING DESCRIBE IN DETAIL FOR UNIVERSITY PROJECT
HACKING DESCRIBE IN DETAIL FOR UNIVERSITY PROJECTHACKING DESCRIBE IN DETAIL FOR UNIVERSITY PROJECT
HACKING DESCRIBE IN DETAIL FOR UNIVERSITY PROJECT
 
Event - Internet Thailand - Total Security Perimeters
Event - Internet Thailand - Total Security PerimetersEvent - Internet Thailand - Total Security Perimeters
Event - Internet Thailand - Total Security Perimeters
 
Layer7-WebServices-Hacking-and-Hardening.pdf
Layer7-WebServices-Hacking-and-Hardening.pdfLayer7-WebServices-Hacking-and-Hardening.pdf
Layer7-WebServices-Hacking-and-Hardening.pdf
 
Lab-10 Malware Creation and Denial of Service (DoS) In t.docx
Lab-10 Malware Creation and Denial of Service (DoS) In t.docxLab-10 Malware Creation and Denial of Service (DoS) In t.docx
Lab-10 Malware Creation and Denial of Service (DoS) In t.docx
 

Plus de amiable_indian

Cisco IOS Attack & Defense - The State of the Art
Cisco IOS Attack & Defense - The State of the Art Cisco IOS Attack & Defense - The State of the Art
Cisco IOS Attack & Defense - The State of the Art
amiable_indian
 
Secrets of Top Pentesters
Secrets of Top PentestersSecrets of Top Pentesters
Secrets of Top Pentesters
amiable_indian
 
Workshop on Wireless Security
Workshop on Wireless SecurityWorkshop on Wireless Security
Workshop on Wireless Security
amiable_indian
 
Insecure Implementation of Security Best Practices: of hashing, CAPTCHA's and...
Insecure Implementation of Security Best Practices: of hashing, CAPTCHA's and...Insecure Implementation of Security Best Practices: of hashing, CAPTCHA's and...
Insecure Implementation of Security Best Practices: of hashing, CAPTCHA's and...
amiable_indian
 
Workshop on BackTrack live CD
Workshop on BackTrack live CDWorkshop on BackTrack live CD
Workshop on BackTrack live CD
amiable_indian
 
Reverse Engineering for exploit writers
Reverse Engineering for exploit writersReverse Engineering for exploit writers
Reverse Engineering for exploit writers
amiable_indian
 
State of Cyber Law in India
State of Cyber Law in IndiaState of Cyber Law in India
State of Cyber Law in India
amiable_indian
 
AntiSpam - Understanding the good, the bad and the ugly
AntiSpam - Understanding the good, the bad and the uglyAntiSpam - Understanding the good, the bad and the ugly
AntiSpam - Understanding the good, the bad and the ugly
amiable_indian
 
Reverse Engineering v/s Secure Coding
Reverse Engineering v/s Secure CodingReverse Engineering v/s Secure Coding
Reverse Engineering v/s Secure Coding
amiable_indian
 
Network Vulnerability Assessments: Lessons Learned
Network Vulnerability Assessments: Lessons LearnedNetwork Vulnerability Assessments: Lessons Learned
Network Vulnerability Assessments: Lessons Learned
amiable_indian
 
Economic offenses through Credit Card Frauds Dissected
Economic offenses through Credit Card Frauds DissectedEconomic offenses through Credit Card Frauds Dissected
Economic offenses through Credit Card Frauds Dissected
amiable_indian
 
Immune IT: Moving from Security to Immunity
Immune IT: Moving from Security to ImmunityImmune IT: Moving from Security to Immunity
Immune IT: Moving from Security to Immunity
amiable_indian
 
Reverse Engineering for exploit writers
Reverse Engineering for exploit writersReverse Engineering for exploit writers
Reverse Engineering for exploit writers
amiable_indian
 
Hacking Client Side Insecurities
Hacking Client Side InsecuritiesHacking Client Side Insecurities
Hacking Client Side Insecurities
amiable_indian
 
Web Exploit Finder Presentation
Web Exploit Finder PresentationWeb Exploit Finder Presentation
Web Exploit Finder Presentation
amiable_indian
 

Plus de amiable_indian (20)

Cisco IOS Attack & Defense - The State of the Art
Cisco IOS Attack & Defense - The State of the Art Cisco IOS Attack & Defense - The State of the Art
Cisco IOS Attack & Defense - The State of the Art
 
Secrets of Top Pentesters
Secrets of Top PentestersSecrets of Top Pentesters
Secrets of Top Pentesters
 
Workshop on Wireless Security
Workshop on Wireless SecurityWorkshop on Wireless Security
Workshop on Wireless Security
 
Insecure Implementation of Security Best Practices: of hashing, CAPTCHA's and...
Insecure Implementation of Security Best Practices: of hashing, CAPTCHA's and...Insecure Implementation of Security Best Practices: of hashing, CAPTCHA's and...
Insecure Implementation of Security Best Practices: of hashing, CAPTCHA's and...
 
Workshop on BackTrack live CD
Workshop on BackTrack live CDWorkshop on BackTrack live CD
Workshop on BackTrack live CD
 
Reverse Engineering for exploit writers
Reverse Engineering for exploit writersReverse Engineering for exploit writers
Reverse Engineering for exploit writers
 
State of Cyber Law in India
State of Cyber Law in IndiaState of Cyber Law in India
State of Cyber Law in India
 
AntiSpam - Understanding the good, the bad and the ugly
AntiSpam - Understanding the good, the bad and the uglyAntiSpam - Understanding the good, the bad and the ugly
AntiSpam - Understanding the good, the bad and the ugly
 
Reverse Engineering v/s Secure Coding
Reverse Engineering v/s Secure CodingReverse Engineering v/s Secure Coding
Reverse Engineering v/s Secure Coding
 
Network Vulnerability Assessments: Lessons Learned
Network Vulnerability Assessments: Lessons LearnedNetwork Vulnerability Assessments: Lessons Learned
Network Vulnerability Assessments: Lessons Learned
 
Economic offenses through Credit Card Frauds Dissected
Economic offenses through Credit Card Frauds DissectedEconomic offenses through Credit Card Frauds Dissected
Economic offenses through Credit Card Frauds Dissected
 
Immune IT: Moving from Security to Immunity
Immune IT: Moving from Security to ImmunityImmune IT: Moving from Security to Immunity
Immune IT: Moving from Security to Immunity
 
Reverse Engineering for exploit writers
Reverse Engineering for exploit writersReverse Engineering for exploit writers
Reverse Engineering for exploit writers
 
Hacking Client Side Insecurities
Hacking Client Side InsecuritiesHacking Client Side Insecurities
Hacking Client Side Insecurities
 
Web Exploit Finder Presentation
Web Exploit Finder PresentationWeb Exploit Finder Presentation
Web Exploit Finder Presentation
 
Network Security Data Visualization
Network Security Data VisualizationNetwork Security Data Visualization
Network Security Data Visualization
 
Enhancing Computer Security via End-to-End Communication Visualization
Enhancing Computer Security via End-to-End Communication Visualization Enhancing Computer Security via End-to-End Communication Visualization
Enhancing Computer Security via End-to-End Communication Visualization
 
Top Network Vulnerabilities Over Time
Top Network Vulnerabilities Over TimeTop Network Vulnerabilities Over Time
Top Network Vulnerabilities Over Time
 
What are the Business Security Metrics?
What are the Business Security Metrics? What are the Business Security Metrics?
What are the Business Security Metrics?
 
No Substitute for Ongoing Data, Quantification, Visualization, and Story-Telling
No Substitute for Ongoing Data, Quantification, Visualization, and Story-TellingNo Substitute for Ongoing Data, Quantification, Visualization, and Story-Telling
No Substitute for Ongoing Data, Quantification, Visualization, and Story-Telling
 

Dernier

Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
Joaquim Jorge
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 

Dernier (20)

Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 

The Top 10/20 Internet Security Vulnerabilities – A Primer

  • 1. The Top 10/20 Internet Security Vulnerabilities – A Primer Randy Marchany VA Tech Computing Center The SANS Institute COVITS 2000
  • 2.
  • 3.
  • 4.
  • 5.
  • 6.
  • 7.
  • 8.
  • 9.
  • 10.
  • 11.
  • 12.
  • 13.
  • 14.
  • 15.
  • 16.
  • 17.
  • 18.
  • 19.
  • 20.
  • 21.
  • 22.
  • 23.
  • 24.
  • 25.
  • 26.
  • 27.
  • 28.
  • 29.
  • 30.
  • 31.
  • 32.
  • 33.
  • 34.
  • 35.
  • 36.
  • 37.
  • 38.
  • 39.
  • 40. The SANS/FBI Top 20 List If we had fixed the top 10, there wouldn’t be a top 20. 
  • 41.
  • 42.
  • 43.
  • 44.
  • 45.
  • 46.
  • 47.
  • 48.
  • 49.
  • 50.
  • 51.
  • 52.
  • 53.
  • 54.
  • 55.
  • 56.
  • 57.
  • 58.
  • 59.
  • 60.
  • 61.
  • 62.
  • 63.
  • 64.
  • 65.
  • 66.
  • 67.
  • 68.
  • 69.
  • 70.
  • 71.
  • 72.
  • 73.
  • 74.
  • 75.
  • 76.
  • 77.
  • 78.
  • 79.
  • 80.
  • 81.
  • 82.