SlideShare une entreprise Scribd logo

Threats from economical improvement rss 2010

Conviso Application Security
Conviso Application Security

Apresentação feita no Rochester Security Summit 2010 sobre o incremento do cyber crime nos países em desenvolvimento e como os projetos do OWASP podem ser utilizados para mudar esta realidade.

TechnologieBusiness
1  sur  20
Threats from the Economical Improvement Why the economy on emerging countries can pose as a threat to cyber security and how to improve the protection through continuous education Eduardo Vianna de Camargo Neves Conviso IT Security, Operations Manager OWASP Global Education Committee Member 1 Thursday, October 21, 2010 1
Overview The increase of global economy and their reflections on BRIC countries, are changing how these societies make business and interact with the rest of the world Companies from Brazil, India, Russia and China are not working only on their own markets anymore A new mid-class with access to credit lines and technology is impulsing commerce on new markets and becoming one economic power Cyber crime is raising in the same proportion, following the money and profiling new opportunities with a lower risk Conviso IT Security | Threats from the Economical Improvement 2 Thursday, October 21, 2010 2
Overview This presentation will focus on Brazil and a proposal to contribute on cyber crime prevention and reduction through education on computer security for the society This is an on-going project which are being improved and will be presented with new data at OWASP AppSec DC, on November 2010 A white paper is being produced with collaboration from other companies and independent researchers to improve content and allow new deliveries An OWASP Project will be launched on 2011 to support this initiative as part of Global Education Committee efforts on Latin America, supporters and contributors are welcome Conviso IT Security | Threats from the Economical Improvement 3 Thursday, October 21, 2010 3
Changes on economy and society Conviso IT Security | Threats from the Economical Improvement 4 Thursday, October 21, 2010 4
Welcome to a Brave New World Brazil, Russian Federation, India and China had made impressive changes on their economies and transform how their society are dealing with it Brazil is a world-leader on agribusiness and lead specific high-tech sectors such as airplane production and oil exploration Russia is the world's second largest oil exporter and largest gas exporter and the economy is growing since 2001 India is one of the fastest growing telecom markets in the world and maintains a unemployment rate of 10.7% on 2009 China contributed 1/3 of global economic growth in 2004 and accounted for half of global growth in metals demand Source: The World Factbook by CIA Conviso IT Security | Threats from the Economical Improvement 5 Thursday, October 21, 2010 5
The Role of a New Society According to the World Bank, developing countries' share in world trade rose from 16% in 1990 to 30% in 2006, led by China and with Brazil and India not far behind The urban Chinese middle class will spend close to $2.3 trillion a year by 2025, while India's one should grow from 5 percent today to over 40 percent of the nation over the next 20 years In Brazil, 10 million people gained Internet between 2005 and 2007, making a total with access to nearly 40 million, or 29% of the population Companies, Governments and the society in all those countries are becoming stronger and using technology to support their grow Source: The World Bank Conviso IT Security | Threats from the Economical Improvement 6 Thursday, October 21, 2010 6
Reflections on cyber-crime The ties between economics and information security was discussed by Ross Anderson and other authors. The improvement of BRIC countries’ economies brings new topics Governments are not ready to deal with a change on the society which is creating millions of new users of Internet based services Companies are dealing with new threats using old technologies, the Market for Lemons is here People are buying computers and smart phones to be on line but they really don’t understand the risks and impacts of a connected world Conviso IT Security | Threats from the Economical Improvement 7 Thursday, October 21, 2010 7
The results are on our sight Cyber crime is increasing world-wide and besides the fact that numbers are very complicated, there are some questions which can lead a discussion on causes and solutions Governments are not ready to deal with a change on the society which is creating millions of new users of Internet based services Companies are dealing with new threats using old technologies, the Market for Lemons is here People are buying computers and smart phones to be on line but they really don’t understand the risks and impacts of a connected world Conviso IT Security | Threats from the Economical Improvement 8 Thursday, October 21, 2010 8
The Brazilian Scenario Conviso IT Security | Threats from the Economical Improvement 9 Thursday, October 21, 2010 9
The Economic Redemption As a result of deep changes started on 1994 and maintained by all Governments, Brazil is now watching a new and continuous social improvement Almost 52% of the population are in Mid-Class, comparing to a rate of 32% on 1992 10 million people gained Internet between 2005 and 2007, making a total with access to nearly 40 million, or 29% of the population The number of credit cards rose from 27 million on 2006 to 150 million in 2009 Source: BBC and Reuters Conviso IT Security | Threats from the Economical Improvement 10 Thursday, October 21, 2010 10
Timeline Cyber crime are being conducted in Brazil since 2001. Attacks are increasing, being more sophisticated and trending to client-side approaches and target hosts in other countries Incidents on Year Attack Trend Fraud % CERT.BR 2001 • Initial deployment of rudimentary keyloggers 5,997 0% • Brute force attacks on bank sites 2004 • Increase in sophisticated phishing 75,722 5% • DNS compromises widely used (“pharming”) 2007 • Trojans delivered via drive-by downloads 160,080 28% • Malware modifying client’s hosts file 2009 • Usage of XSS and CSRF 358,343 69% • Identity Theft Source: CERT.BR Conviso IT Security | Threats from the Economical Improvement 11 Thursday, October 21, 2010 11
Cyber Crime Evolution Fraud, are still the major issues, however a new trend is being observed on the last three years Social networks are being used to share criminal information, from child pornography to kidnapping. The damage is affecting local and international companies as co-responsible Attacks are moving from trojans to exploration of common flaws on web sites such as XSS and CSRF to support fraud and identity theft Brazil’s electrical grid was supposed targeted by crackers, however data leakage on Government web sites and systems are becoming a routine Source: Safernet.org.br, Symantec and Conviso Security Labs Conviso IT Security | Threats from the Economical Improvement 12 Thursday, October 21, 2010 12
Why you should care about USA is accounted for 19% of Internet based attacks but the BRIC countries also compose a large slice of this problem 8% USA 21% 4% 3% 60% Brazil Russia India 6% China World 19% And there are a lot of space to grow Source: Internet Security Threat report, by Symantec Conviso IT Security | Threats from the Economical Improvement 13 Thursday, October 21, 2010 13
The Call for Education Conviso IT Security | Threats from the Economical Improvement 14 Thursday, October 21, 2010 14
Education is the Key We do not believe that education only for the community is enough to transform this scenario. A more comprehensive approach must be delivered for three major areas. The Government must understand how fragile web security can be and prepare their own strategies do deal with Companies must understand how to buy, develop and maintain secure applications for their customers The academia must change their directions. Security is not optional and all programers and managers must understand that as part of their competencies Conviso IT Security | Threats from the Economical Improvement 15 Thursday, October 21, 2010 15
The OWASP Role There are several OWASP Projects ready to be used by anyone which needs to make more secure software, so a “packing strategy” is required to make them more palatable for different audiences Governments must understand why application security matters and must be a strategy for the country and an obligation to their citizens Companies must promote security in all business areas and relate this achievement on the executive agenda The Academia must include computer security on several areas as a common discipline like statistics and math. Specialization is great, but do not achieve the responsible parties Conviso IT Security | Threats from the Economical Improvement 16 Thursday, October 21, 2010 16
Conclusions Conviso IT Security | Threats from the Economical Improvement 17 Thursday, October 21, 2010 17
Next Steps This is a simple but ambitious project which we believe will change how people understand application security on the BRIC countries and several complementary steps are required Specific competencies to support delivery process Effort allocation to adapt current content to the reality in each country Leaders to support the overall development and achieve other countries with similar situation than Brazil Conviso IT Security | Threats from the Economical Improvement 18 Thursday, October 21, 2010 18
Acknowledgements The following companies, organizations and individuals supported this research and sponsored this presentation: Conviso IT Security: Sponsored my travel and is supporting this research (Disclaimer: I am one of the parters) Anchises Moraes Guimaraes De Paula: IT Security researcher working with me on this development. You can tweet him at @anchisesbr All images used in this presentation are licensed on Creative Commons and the original sources can be reached clicking on them Conviso IT Security | Threats from the Economical Improvement 19 Thursday, October 21, 2010 19
Threats from the Economical Improvement Why the economy on emerging countries can pose as a threat to cyber security and how to improve the protection through continuous education Eduardo Vianna de Camargo Neves Conviso IT Security, Operations Manager OWASP Global Education Committee Member 20 Thursday, October 21, 2010 20

Recommandé

An exploratory evidence of youth’s ict empowerment in nigeria
An exploratory evidence of youth’s ict empowerment in nigeriaAn exploratory evidence of youth’s ict empowerment in nigeria
An exploratory evidence of youth’s ict empowerment in nigeria
Alexander Decker
 
India Positive Economic Outlook
India Positive Economic OutlookIndia Positive Economic Outlook
India Positive Economic Outlook
Zinnov
 
Concept paper-on-igf-2014-istanbul-turkey-from-nepal-s-perspective-docx (1)
Concept paper-on-igf-2014-istanbul-turkey-from-nepal-s-perspective-docx (1)Concept paper-on-igf-2014-istanbul-turkey-from-nepal-s-perspective-docx (1)
Concept paper-on-igf-2014-istanbul-turkey-from-nepal-s-perspective-docx (1)
Shreedeep Rayamajhi
 
The mint countries as emerging economic power bloc
The mint countries as emerging economic power blocThe mint countries as emerging economic power bloc
The mint countries as emerging economic power bloc
Alexander Decker
 
IT501 ch01
IT501 ch01IT501 ch01
IT501 ch01
Bhusit Net
 
IT501 Ch02
IT501 Ch02IT501 Ch02
IT501 Ch02
Bhusit Net
 
Vietnam ICT White Book 2009
Vietnam ICT White Book 2009Vietnam ICT White Book 2009
Vietnam ICT White Book 2009
Tran Trung Thanh
 
Mint Countries (Mexico, Indonesia, Nigeria and Turkey)
Mint Countries (Mexico, Indonesia, Nigeria and Turkey)Mint Countries (Mexico, Indonesia, Nigeria and Turkey)
Mint Countries (Mexico, Indonesia, Nigeria and Turkey)
ed gbargaye
 

Recommandé

An exploratory evidence of youth’s ict empowerment in nigeria
An exploratory evidence of youth’s ict empowerment in nigeriaAn exploratory evidence of youth’s ict empowerment in nigeria
An exploratory evidence of youth’s ict empowerment in nigeria
Alexander Decker
 
India Positive Economic Outlook
India Positive Economic OutlookIndia Positive Economic Outlook
India Positive Economic Outlook
Zinnov
 
Concept paper-on-igf-2014-istanbul-turkey-from-nepal-s-perspective-docx (1)
Concept paper-on-igf-2014-istanbul-turkey-from-nepal-s-perspective-docx (1)Concept paper-on-igf-2014-istanbul-turkey-from-nepal-s-perspective-docx (1)
Concept paper-on-igf-2014-istanbul-turkey-from-nepal-s-perspective-docx (1)
Shreedeep Rayamajhi
 
The mint countries as emerging economic power bloc
The mint countries as emerging economic power blocThe mint countries as emerging economic power bloc
The mint countries as emerging economic power bloc
Alexander Decker
 
IT501 ch01
IT501 ch01IT501 ch01
IT501 ch01
Bhusit Net
 
IT501 Ch02
IT501 Ch02IT501 Ch02
IT501 Ch02
Bhusit Net
 
Vietnam ICT White Book 2009
Vietnam ICT White Book 2009Vietnam ICT White Book 2009
Vietnam ICT White Book 2009
Tran Trung Thanh
 
Mint Countries (Mexico, Indonesia, Nigeria and Turkey)
Mint Countries (Mexico, Indonesia, Nigeria and Turkey)Mint Countries (Mexico, Indonesia, Nigeria and Turkey)
Mint Countries (Mexico, Indonesia, Nigeria and Turkey)
ed gbargaye
 
Abotoaduras & Bonés
Abotoaduras & BonésAbotoaduras & Bonés
Abotoaduras & Bonés
Conviso Application Security
 
Você confia nas suas aplicações mobile?
Você confia nas suas aplicações mobile?Você confia nas suas aplicações mobile?
Você confia nas suas aplicações mobile?
Conviso Application Security
 
Brand You 2 Altius
Brand You 2 AltiusBrand You 2 Altius
Brand You 2 Altius
su.key.tea
 
Pintures Rupestres
Pintures RupestresPintures Rupestres
Pintures Rupestres
sonllahp
 
Nac-Tech
Nac-TechNac-Tech
Nac-Tech
su.key.tea
 
CBI swine flu seminar - Bruce Mann Cabinet Office - Helping Business Prepared...
CBI swine flu seminar - Bruce Mann Cabinet Office - Helping Business Prepared...CBI swine flu seminar - Bruce Mann Cabinet Office - Helping Business Prepared...
CBI swine flu seminar - Bruce Mann Cabinet Office - Helping Business Prepared...
Confederation of British Industry
 
Dinosaures
DinosauresDinosaures
Dinosaures
sonllahp
 
Pintures Rupestres
Pintures RupestresPintures Rupestres
Pintures Rupestres
sonllahp
 
London and the low carbon economy
London and the low carbon economyLondon and the low carbon economy
London and the low carbon economy
Confederation of British Industry
 
ICT4D, Digital technologies for development
ICT4D, Digital technologies for developmentICT4D, Digital technologies for development
ICT4D, Digital technologies for development
Roberto Polillo
 
The Impact of the Internet on SME Businesses
The Impact of the Internet on SME BusinessesThe Impact of the Internet on SME Businesses
The Impact of the Internet on SME Businesses
businessesinhypergrowth
 
Broadbandrecommendation08 12 10final
Broadbandrecommendation08 12 10finalBroadbandrecommendation08 12 10final
Broadbandrecommendation08 12 10final
Subrata Mondal
 
Cybersecurity Event 2010
Cybersecurity Event 2010Cybersecurity Event 2010
Cybersecurity Event 2010
segughana
 
ICT4D: Tecnologie digitali per lo sviluppo
ICT4D: Tecnologie digitali per lo sviluppoICT4D: Tecnologie digitali per lo sviluppo
ICT4D: Tecnologie digitali per lo sviluppo
Roberto Polillo
 
The cyber insurance market in china report by daxue consulting asian risks
The cyber insurance market in china report by daxue consulting asian risksThe cyber insurance market in china report by daxue consulting asian risks
The cyber insurance market in china report by daxue consulting asian risks
Daxue Consulting
 
Actioning Strategy: Leveraging Business Futures For Today's Strategic Planning
Actioning Strategy: Leveraging Business Futures For Today's Strategic PlanningActioning Strategy: Leveraging Business Futures For Today's Strategic Planning
Actioning Strategy: Leveraging Business Futures For Today's Strategic Planning
dgarand
 
Institute of Directors Future of Technology Report
Institute of Directors Future of Technology ReportInstitute of Directors Future of Technology Report
Institute of Directors Future of Technology Report
Ed Dodds
 
Internet of things
Internet of thingsInternet of things
Internet of things
varungoyal98
 
Sustainability and Disruptions
Sustainability and DisruptionsSustainability and Disruptions
Sustainability and Disruptions
SDGsPlus
 
Development in the Digital Age
Development in the Digital AgeDevelopment in the Digital Age
Development in the Digital Age
SDGsPlus
 
Technology Pioneers 2012
Technology Pioneers 2012Technology Pioneers 2012
Technology Pioneers 2012
Marinet Ltd
 
Will blockchain emerge as a tool to break the poverty chain in the Global South?
Will blockchain emerge as a tool to break the poverty chain in the Global South?Will blockchain emerge as a tool to break the poverty chain in the Global South?
Will blockchain emerge as a tool to break the poverty chain in the Global South?
eraser Juan José Calderón
 

Contenu connexe

En vedette

Pintures Rupestres
Pintures RupestresPintures Rupestres
Pintures Rupestres
sonllahp
 

En vedette (9)

Abotoaduras & Bonés
Abotoaduras & BonésAbotoaduras & Bonés
Abotoaduras & Bonés
 
Você confia nas suas aplicações mobile?
Você confia nas suas aplicações mobile?Você confia nas suas aplicações mobile?
Você confia nas suas aplicações mobile?
 
Brand You 2 Altius
Brand You 2 AltiusBrand You 2 Altius
Brand You 2 Altius
 
Pintures Rupestres
Pintures RupestresPintures Rupestres
Pintures Rupestres
 
Nac-Tech
Nac-TechNac-Tech
Nac-Tech
 
CBI swine flu seminar - Bruce Mann Cabinet Office - Helping Business Prepared...
CBI swine flu seminar - Bruce Mann Cabinet Office - Helping Business Prepared...CBI swine flu seminar - Bruce Mann Cabinet Office - Helping Business Prepared...
CBI swine flu seminar - Bruce Mann Cabinet Office - Helping Business Prepared...
 
Dinosaures
DinosauresDinosaures
Dinosaures
 
Pintures Rupestres
Pintures RupestresPintures Rupestres
Pintures Rupestres
 
London and the low carbon economy
London and the low carbon economyLondon and the low carbon economy
London and the low carbon economy
 

Similaire à Threats from economical improvement rss 2010

The Impact of the Internet on SME Businesses
The Impact of the Internet on SME BusinessesThe Impact of the Internet on SME Businesses
The Impact of the Internet on SME Businesses
businessesinhypergrowth
 
Broadbandrecommendation08 12 10final
Broadbandrecommendation08 12 10finalBroadbandrecommendation08 12 10final
Broadbandrecommendation08 12 10final
Subrata Mondal
 
Cybersecurity Event 2010
Cybersecurity Event 2010Cybersecurity Event 2010
Cybersecurity Event 2010
segughana
 
Institute of Directors Future of Technology Report
Institute of Directors Future of Technology ReportInstitute of Directors Future of Technology Report
Institute of Directors Future of Technology Report
Ed Dodds
 
Technology Pioneers 2012
Technology Pioneers 2012Technology Pioneers 2012
Technology Pioneers 2012
Marinet Ltd
 
Will blockchain emerge as a tool to break the poverty chain in the Global South?
Will blockchain emerge as a tool to break the poverty chain in the Global South?Will blockchain emerge as a tool to break the poverty chain in the Global South?
Will blockchain emerge as a tool to break the poverty chain in the Global South?
eraser Juan José Calderón
 
Digital exclusion as a hindrance to the emergence of the information society:...
Digital exclusion as a hindrance to the emergence of the information society:...Digital exclusion as a hindrance to the emergence of the information society:...
Digital exclusion as a hindrance to the emergence of the information society:...
Przegląd Politologiczny
 
Partnerships for the 2030 Agenda: Role of Science, Technology, and Innovation
Partnerships for the 2030 Agenda: Role of Science, Technology, and InnovationPartnerships for the 2030 Agenda: Role of Science, Technology, and Innovation
Partnerships for the 2030 Agenda: Role of Science, Technology, and Innovation
SDGsPlus
 
Cyber savvy (2)
Cyber savvy (2)Cyber savvy (2)
Cyber savvy (2)
naveen p
 
NEED FOR CRITICAL CYBER DEFENCE, SECURITY STRATEGY AND PRIVACY POLICY IN BANG...
NEED FOR CRITICAL CYBER DEFENCE, SECURITY STRATEGY AND PRIVACY POLICY IN BANG...NEED FOR CRITICAL CYBER DEFENCE, SECURITY STRATEGY AND PRIVACY POLICY IN BANG...
NEED FOR CRITICAL CYBER DEFENCE, SECURITY STRATEGY AND PRIVACY POLICY IN BANG...
IJMIT JOURNAL
 

Similaire à Threats from economical improvement rss 2010 (20)

ICT4D, Digital technologies for development
ICT4D, Digital technologies for developmentICT4D, Digital technologies for development
ICT4D, Digital technologies for development
 
The Impact of the Internet on SME Businesses
The Impact of the Internet on SME BusinessesThe Impact of the Internet on SME Businesses
The Impact of the Internet on SME Businesses
 
Broadbandrecommendation08 12 10final
Broadbandrecommendation08 12 10finalBroadbandrecommendation08 12 10final
Broadbandrecommendation08 12 10final
 
Cybersecurity Event 2010
Cybersecurity Event 2010Cybersecurity Event 2010
Cybersecurity Event 2010
 
ICT4D: Tecnologie digitali per lo sviluppo
ICT4D: Tecnologie digitali per lo sviluppoICT4D: Tecnologie digitali per lo sviluppo
ICT4D: Tecnologie digitali per lo sviluppo
 
The cyber insurance market in china report by daxue consulting asian risks
The cyber insurance market in china report by daxue consulting asian risksThe cyber insurance market in china report by daxue consulting asian risks
The cyber insurance market in china report by daxue consulting asian risks
 
Actioning Strategy: Leveraging Business Futures For Today's Strategic Planning
Actioning Strategy: Leveraging Business Futures For Today's Strategic PlanningActioning Strategy: Leveraging Business Futures For Today's Strategic Planning
Actioning Strategy: Leveraging Business Futures For Today's Strategic Planning
 
Institute of Directors Future of Technology Report
Institute of Directors Future of Technology ReportInstitute of Directors Future of Technology Report
Institute of Directors Future of Technology Report
 
Internet of things
Internet of thingsInternet of things
Internet of things
 
Sustainability and Disruptions
Sustainability and DisruptionsSustainability and Disruptions
Sustainability and Disruptions
 
Development in the Digital Age
Development in the Digital AgeDevelopment in the Digital Age
Development in the Digital Age
 
Technology Pioneers 2012
Technology Pioneers 2012Technology Pioneers 2012
Technology Pioneers 2012
 
Will blockchain emerge as a tool to break the poverty chain in the Global South?
Will blockchain emerge as a tool to break the poverty chain in the Global South?Will blockchain emerge as a tool to break the poverty chain in the Global South?
Will blockchain emerge as a tool to break the poverty chain in the Global South?
 
Digital exclusion as a hindrance to the emergence of the information society:...
Digital exclusion as a hindrance to the emergence of the information society:...Digital exclusion as a hindrance to the emergence of the information society:...
Digital exclusion as a hindrance to the emergence of the information society:...
 
WEF: Technology Pioneers 2010
WEF: Technology Pioneers 2010WEF: Technology Pioneers 2010
WEF: Technology Pioneers 2010
 
Partnerships for the 2030 Agenda: Role of Science, Technology, and Innovation
Partnerships for the 2030 Agenda: Role of Science, Technology, and InnovationPartnerships for the 2030 Agenda: Role of Science, Technology, and Innovation
Partnerships for the 2030 Agenda: Role of Science, Technology, and Innovation
 
Delusions of-safety-cyber-savvy-ceo
Delusions of-safety-cyber-savvy-ceoDelusions of-safety-cyber-savvy-ceo
Delusions of-safety-cyber-savvy-ceo
 
Cyber savvy (2)
Cyber savvy (2)Cyber savvy (2)
Cyber savvy (2)
 
NEED FOR CRITICAL CYBER DEFENCE, SECURITY STRATEGY AND PRIVACY POLICY IN BANG...
NEED FOR CRITICAL CYBER DEFENCE, SECURITY STRATEGY AND PRIVACY POLICY IN BANG...NEED FOR CRITICAL CYBER DEFENCE, SECURITY STRATEGY AND PRIVACY POLICY IN BANG...
NEED FOR CRITICAL CYBER DEFENCE, SECURITY STRATEGY AND PRIVACY POLICY IN BANG...
 
Ict
IctIct
Ict
 

Plus de Conviso Application Security

Building Client-Side Attacks with HTML5 Features
Building Client-Side Attacks with HTML5 FeaturesBuilding Client-Side Attacks with HTML5 Features
Building Client-Side Attacks with HTML5 Features
Conviso Application Security
 

Plus de Conviso Application Security (20)

Entendendo o PCI-DSS
Entendendo o PCI-DSSEntendendo o PCI-DSS
Entendendo o PCI-DSS
 
Integrando testes de segurança ao processo de desenvolvimento de software
Integrando testes de segurança ao processo de desenvolvimento de softwareIntegrando testes de segurança ao processo de desenvolvimento de software
Integrando testes de segurança ao processo de desenvolvimento de software
 
Uma verdade inconveniente - Quem é responsável pela INsegurança das aplicações?
Uma verdade inconveniente - Quem é responsável pela INsegurança das aplicações? Uma verdade inconveniente - Quem é responsável pela INsegurança das aplicações?
Uma verdade inconveniente - Quem é responsável pela INsegurança das aplicações?
 
“Web Spiders” – Automação para Web Hacking
“Web Spiders” – Automação para Web Hacking“Web Spiders” – Automação para Web Hacking
“Web Spiders” – Automação para Web Hacking
 
Building Client-Side Attacks with HTML5 Features
Building Client-Side Attacks with HTML5 FeaturesBuilding Client-Side Attacks with HTML5 Features
Building Client-Side Attacks with HTML5 Features
 
Você Escreve Código e Quem Valida?
Você Escreve Código e Quem Valida?Você Escreve Código e Quem Valida?
Você Escreve Código e Quem Valida?
 
Testar não é suficiente. Tem que fazer direito!
Testar não é suficiente. Tem que fazer direito!Testar não é suficiente. Tem que fazer direito!
Testar não é suficiente. Tem que fazer direito!
 
Implementando Segurança em desenvolvimento com a verdadeira ISO
Implementando Segurança em desenvolvimento com a verdadeira ISOImplementando Segurança em desenvolvimento com a verdadeira ISO
Implementando Segurança em desenvolvimento com a verdadeira ISO
 
Automatizando a análise passiva de aplicações Web
Automatizando a análise passiva de aplicações WebAutomatizando a análise passiva de aplicações Web
Automatizando a análise passiva de aplicações Web
 
Pentest em Aplicações Móveis
Pentest em Aplicações MóveisPentest em Aplicações Móveis
Pentest em Aplicações Móveis
 
MASP: Um processo racional para garantir o nível de proteção das aplicações w...
MASP: Um processo racional para garantir o nível de proteção das aplicações w...MASP: Um processo racional para garantir o nível de proteção das aplicações w...
MASP: Um processo racional para garantir o nível de proteção das aplicações w...
 
HTML5 Seguro ou Inseguro?
HTML5 Seguro ou Inseguro?HTML5 Seguro ou Inseguro?
HTML5 Seguro ou Inseguro?
 
O processo de segurança em desenvolvimento, que não é ISO 15.408
O processo de segurança em desenvolvimento, que não é ISO 15.408O processo de segurança em desenvolvimento, que não é ISO 15.408
O processo de segurança em desenvolvimento, que não é ISO 15.408
 
Encontrando falhas em aplicações web baseadas em flash
Encontrando falhas em aplicações web baseadas em flashEncontrando falhas em aplicações web baseadas em flash
Encontrando falhas em aplicações web baseadas em flash
 
Protegendo Aplicações Php com PHPIDS - Php Conference 2009
Protegendo Aplicações Php com PHPIDS - Php Conference 2009Protegendo Aplicações Php com PHPIDS - Php Conference 2009
Protegendo Aplicações Php com PHPIDS - Php Conference 2009
 
Playing Web Fuzzing - H2HC 2009
Playing Web Fuzzing - H2HC 2009Playing Web Fuzzing - H2HC 2009
Playing Web Fuzzing - H2HC 2009
 
OWASP Top 10 e aplicações .Net - Tech-Ed 2007
OWASP Top 10 e aplicações .Net - Tech-Ed 2007OWASP Top 10 e aplicações .Net - Tech-Ed 2007
OWASP Top 10 e aplicações .Net - Tech-Ed 2007
 
Tratando as vulnerabilidades do Top 10 com php
Tratando as vulnerabilidades do Top 10 com phpTratando as vulnerabilidades do Top 10 com php
Tratando as vulnerabilidades do Top 10 com php
 
Extreme Web Hacking - h2hc 2008
Extreme Web Hacking - h2hc 2008Extreme Web Hacking - h2hc 2008
Extreme Web Hacking - h2hc 2008
 
Testes de Segurança de Software (tech-ed 2008)
Testes de Segurança de Software (tech-ed 2008)Testes de Segurança de Software (tech-ed 2008)
Testes de Segurança de Software (tech-ed 2008)
 

Dernier

EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
Earley Information Science
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
vu2urc
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
Safe Software
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
Delhi Call girls
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
giselly40
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
Delhi Call girls
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
Enterprise Knowledge
 

Dernier (20)

How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Evaluating the top large language models.pdf
Evaluating the top large language models.pdfEvaluating the top large language models.pdf
Evaluating the top large language models.pdf
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 

Threats from economical improvement rss 2010

  • 1. Threats from the Economical Improvement Why the economy on emerging countries can pose as a threat to cyber security and how to improve the protection through continuous education Eduardo Vianna de Camargo Neves Conviso IT Security, Operations Manager OWASP Global Education Committee Member 1 Thursday, October 21, 2010 1
  • 2. Overview The increase of global economy and their reflections on BRIC countries, are changing how these societies make business and interact with the rest of the world Companies from Brazil, India, Russia and China are not working only on their own markets anymore A new mid-class with access to credit lines and technology is impulsing commerce on new markets and becoming one economic power Cyber crime is raising in the same proportion, following the money and profiling new opportunities with a lower risk Conviso IT Security | Threats from the Economical Improvement 2 Thursday, October 21, 2010 2
  • 3. Overview This presentation will focus on Brazil and a proposal to contribute on cyber crime prevention and reduction through education on computer security for the society This is an on-going project which are being improved and will be presented with new data at OWASP AppSec DC, on November 2010 A white paper is being produced with collaboration from other companies and independent researchers to improve content and allow new deliveries An OWASP Project will be launched on 2011 to support this initiative as part of Global Education Committee efforts on Latin America, supporters and contributors are welcome Conviso IT Security | Threats from the Economical Improvement 3 Thursday, October 21, 2010 3
  • 4. Changes on economy and society Conviso IT Security | Threats from the Economical Improvement 4 Thursday, October 21, 2010 4
  • 5. Welcome to a Brave New World Brazil, Russian Federation, India and China had made impressive changes on their economies and transform how their society are dealing with it Brazil is a world-leader on agribusiness and lead specific high-tech sectors such as airplane production and oil exploration Russia is the world's second largest oil exporter and largest gas exporter and the economy is growing since 2001 India is one of the fastest growing telecom markets in the world and maintains a unemployment rate of 10.7% on 2009 China contributed 1/3 of global economic growth in 2004 and accounted for half of global growth in metals demand Source: The World Factbook by CIA Conviso IT Security | Threats from the Economical Improvement 5 Thursday, October 21, 2010 5
  • 6. The Role of a New Society According to the World Bank, developing countries' share in world trade rose from 16% in 1990 to 30% in 2006, led by China and with Brazil and India not far behind The urban Chinese middle class will spend close to $2.3 trillion a year by 2025, while India's one should grow from 5 percent today to over 40 percent of the nation over the next 20 years In Brazil, 10 million people gained Internet between 2005 and 2007, making a total with access to nearly 40 million, or 29% of the population Companies, Governments and the society in all those countries are becoming stronger and using technology to support their grow Source: The World Bank Conviso IT Security | Threats from the Economical Improvement 6 Thursday, October 21, 2010 6
  • 7. Reflections on cyber-crime The ties between economics and information security was discussed by Ross Anderson and other authors. The improvement of BRIC countries’ economies brings new topics Governments are not ready to deal with a change on the society which is creating millions of new users of Internet based services Companies are dealing with new threats using old technologies, the Market for Lemons is here People are buying computers and smart phones to be on line but they really don’t understand the risks and impacts of a connected world Conviso IT Security | Threats from the Economical Improvement 7 Thursday, October 21, 2010 7
  • 8. The results are on our sight Cyber crime is increasing world-wide and besides the fact that numbers are very complicated, there are some questions which can lead a discussion on causes and solutions Governments are not ready to deal with a change on the society which is creating millions of new users of Internet based services Companies are dealing with new threats using old technologies, the Market for Lemons is here People are buying computers and smart phones to be on line but they really don’t understand the risks and impacts of a connected world Conviso IT Security | Threats from the Economical Improvement 8 Thursday, October 21, 2010 8
  • 9. The Brazilian Scenario Conviso IT Security | Threats from the Economical Improvement 9 Thursday, October 21, 2010 9
  • 10. The Economic Redemption As a result of deep changes started on 1994 and maintained by all Governments, Brazil is now watching a new and continuous social improvement Almost 52% of the population are in Mid-Class, comparing to a rate of 32% on 1992 10 million people gained Internet between 2005 and 2007, making a total with access to nearly 40 million, or 29% of the population The number of credit cards rose from 27 million on 2006 to 150 million in 2009 Source: BBC and Reuters Conviso IT Security | Threats from the Economical Improvement 10 Thursday, October 21, 2010 10
  • 11. Timeline Cyber crime are being conducted in Brazil since 2001. Attacks are increasing, being more sophisticated and trending to client-side approaches and target hosts in other countries Incidents on Year Attack Trend Fraud % CERT.BR 2001 • Initial deployment of rudimentary keyloggers 5,997 0% • Brute force attacks on bank sites 2004 • Increase in sophisticated phishing 75,722 5% • DNS compromises widely used (“pharming”) 2007 • Trojans delivered via drive-by downloads 160,080 28% • Malware modifying client’s hosts file 2009 • Usage of XSS and CSRF 358,343 69% • Identity Theft Source: CERT.BR Conviso IT Security | Threats from the Economical Improvement 11 Thursday, October 21, 2010 11
  • 12. Cyber Crime Evolution Fraud, are still the major issues, however a new trend is being observed on the last three years Social networks are being used to share criminal information, from child pornography to kidnapping. The damage is affecting local and international companies as co-responsible Attacks are moving from trojans to exploration of common flaws on web sites such as XSS and CSRF to support fraud and identity theft Brazil’s electrical grid was supposed targeted by crackers, however data leakage on Government web sites and systems are becoming a routine Source: Safernet.org.br, Symantec and Conviso Security Labs Conviso IT Security | Threats from the Economical Improvement 12 Thursday, October 21, 2010 12
  • 13. Why you should care about USA is accounted for 19% of Internet based attacks but the BRIC countries also compose a large slice of this problem 8% USA 21% 4% 3% 60% Brazil Russia India 6% China World 19% And there are a lot of space to grow Source: Internet Security Threat report, by Symantec Conviso IT Security | Threats from the Economical Improvement 13 Thursday, October 21, 2010 13
  • 14. The Call for Education Conviso IT Security | Threats from the Economical Improvement 14 Thursday, October 21, 2010 14
  • 15. Education is the Key We do not believe that education only for the community is enough to transform this scenario. A more comprehensive approach must be delivered for three major areas. The Government must understand how fragile web security can be and prepare their own strategies do deal with Companies must understand how to buy, develop and maintain secure applications for their customers The academia must change their directions. Security is not optional and all programers and managers must understand that as part of their competencies Conviso IT Security | Threats from the Economical Improvement 15 Thursday, October 21, 2010 15
  • 16. The OWASP Role There are several OWASP Projects ready to be used by anyone which needs to make more secure software, so a “packing strategy” is required to make them more palatable for different audiences Governments must understand why application security matters and must be a strategy for the country and an obligation to their citizens Companies must promote security in all business areas and relate this achievement on the executive agenda The Academia must include computer security on several areas as a common discipline like statistics and math. Specialization is great, but do not achieve the responsible parties Conviso IT Security | Threats from the Economical Improvement 16 Thursday, October 21, 2010 16
  • 17. Conclusions Conviso IT Security | Threats from the Economical Improvement 17 Thursday, October 21, 2010 17
  • 18. Next Steps This is a simple but ambitious project which we believe will change how people understand application security on the BRIC countries and several complementary steps are required Specific competencies to support delivery process Effort allocation to adapt current content to the reality in each country Leaders to support the overall development and achieve other countries with similar situation than Brazil Conviso IT Security | Threats from the Economical Improvement 18 Thursday, October 21, 2010 18
  • 19. Acknowledgements The following companies, organizations and individuals supported this research and sponsored this presentation: Conviso IT Security: Sponsored my travel and is supporting this research (Disclaimer: I am one of the parters) Anchises Moraes Guimaraes De Paula: IT Security researcher working with me on this development. You can tweet him at @anchisesbr All images used in this presentation are licensed on Creative Commons and the original sources can be reached clicking on them Conviso IT Security | Threats from the Economical Improvement 19 Thursday, October 21, 2010 19
  • 20. Threats from the Economical Improvement Why the economy on emerging countries can pose as a threat to cyber security and how to improve the protection through continuous education Eduardo Vianna de Camargo Neves Conviso IT Security, Operations Manager OWASP Global Education Committee Member 20 Thursday, October 21, 2010 20