SlideShare une entreprise Scribd logo

Securing Machine Clouds from Web-Based Threats

Télécharger en tant que PPTX, PDF
SensePost
SensePost

This document summarizes security threats to machine clouds based on cursory testing of a machine cloud system. It finds that machine clouds are vulnerable due to exposed administrative interfaces, issues in the content management system layer like cross-site scripting, lack of transport layer encryption, and the ability for rogue machines to connect and execute malicious payloads. The growth of connected devices and their management via web-based interfaces introduces threats beyond traditional web applications. Proper security measures are needed to protect the integrity of machine clouds and the systems they connect.

TechnologieBusiness
1  sur  47
Security Threats to Machine Clouds george@sensepost.com
about: us Georg-Christian Pranschke http://www.sensepost.com/blog/7733.html
what we’re going to talk about • the cloud • why this talk ? • machine clouds ? • results: cursory “testing” • what does all this mean ?
The Cloud
clobbering the cloud!
cloud security
Why This Talk ?
security threats to machine clouds • fast growing mobile connectivity • greater number of connected devices • management complexity and high costs • web-based device management for connected devices • inherits some of the web app threats plus new ones
Machine Clouds ?
machine clouds?
machine clouds? • home automation • vehicle tracking • tele-medicine • location-based services • “M2M and connected products are changing our world” • “safer, simpler and more productive” • “less cost per year than full-time employee” • i.e. ATMs monitoring -> access to finances • i.e. medical equipment -> ensuring very best patient care • i.e. smart signs -> law enforcement • i.e. cars -> driving behaviour to insurance carriers
machine cloud ui: the web application
machine - cloud integration
protocol dissection (i) DHCP response
protocol dissection (ii) restart request response
machine – cloud interaction (i)
machine – cloud interaction (ii)
connecting a machine
Results: Cursory “Testing”
#include <disclaimer.h>
approach Business Logic Application Infrastructure web application/web services <<>> “rogue machine”
the environment (i)
the environment (ii)
threat: exposed administrative interfaces
threats: cms layer (i)
threats: cms layer (ii)
threats: cms layer(iii)
threats: web app layer
clickjacking/ui redressing
SDKs (i)
SDKs (ii)
SDKs (iii)
SDKs (iv)
a side note…
transport layer encryption (i)
transport layer encryption (ii)
lame ? (i)
lame ? (ii)
lame ? (iii)
threat: malicious applets
a side note …
threat: rogue machines
putting it all together • malicious applets • obtain vendor id or … • unauthorised connection • upload of XSS payload or … • XSS -> session hijacking and …
What Does All This Mean ?
what does all this mean
Security Threats to Machine Clouds Thank You!

Recommandé

IBM Cloud Security Enforcer
IBM Cloud Security EnforcerIBM Cloud Security Enforcer
IBM Cloud Security EnforcerCamilo Fandiño Gómez
 
Introducing IBM Cloud Security Enforcer, CASB, IDaaS and Threat Prevention
Introducing IBM Cloud Security Enforcer, CASB, IDaaS and Threat PreventionIntroducing IBM Cloud Security Enforcer, CASB, IDaaS and Threat Prevention
Introducing IBM Cloud Security Enforcer, CASB, IDaaS and Threat PreventionIBM Security
 
Mobile Applications for Business Use
Mobile Applications for Business UseMobile Applications for Business Use
Mobile Applications for Business UseSwiftTech Solutions, Inc.
 
Cloud Applications for Businesses
Cloud Applications for BusinessesCloud Applications for Businesses
Cloud Applications for BusinessesSwiftTech Solutions, Inc.
 
Case Closed with IBM Application Security on Cloud infographic
Case Closed with IBM Application Security on Cloud infographicCase Closed with IBM Application Security on Cloud infographic
Case Closed with IBM Application Security on Cloud infographicIBM Security
 
Infographic network protection security
Infographic network protection securityInfographic network protection security
Infographic network protection securityIBM Security
 
Mi5 Red Eye Wireless &amp; My Mi5 101
Mi5 Red Eye Wireless &amp; My Mi5 101Mi5 Red Eye Wireless &amp; My Mi5 101
Mi5 Red Eye Wireless &amp; My Mi5 101HelenWattie
 
VoIP: Reasons Your Business Should Switch to Internet Phone Calls
VoIP: Reasons Your Business Should Switch to Internet Phone CallsVoIP: Reasons Your Business Should Switch to Internet Phone Calls
VoIP: Reasons Your Business Should Switch to Internet Phone CallsSwiftTech Solutions, Inc.
 

Recommandé

IBM Cloud Security Enforcer
IBM Cloud Security EnforcerIBM Cloud Security Enforcer
IBM Cloud Security EnforcerCamilo Fandiño Gómez
 
Introducing IBM Cloud Security Enforcer, CASB, IDaaS and Threat Prevention
Introducing IBM Cloud Security Enforcer, CASB, IDaaS and Threat PreventionIntroducing IBM Cloud Security Enforcer, CASB, IDaaS and Threat Prevention
Introducing IBM Cloud Security Enforcer, CASB, IDaaS and Threat PreventionIBM Security
 
Mobile Applications for Business Use
Mobile Applications for Business UseMobile Applications for Business Use
Mobile Applications for Business UseSwiftTech Solutions, Inc.
 
Cloud Applications for Businesses
Cloud Applications for BusinessesCloud Applications for Businesses
Cloud Applications for BusinessesSwiftTech Solutions, Inc.
 
Case Closed with IBM Application Security on Cloud infographic
Case Closed with IBM Application Security on Cloud infographicCase Closed with IBM Application Security on Cloud infographic
Case Closed with IBM Application Security on Cloud infographicIBM Security
 
Infographic network protection security
Infographic network protection securityInfographic network protection security
Infographic network protection securityIBM Security
 
Mi5 Red Eye Wireless &amp; My Mi5 101
Mi5 Red Eye Wireless &amp; My Mi5 101Mi5 Red Eye Wireless &amp; My Mi5 101
Mi5 Red Eye Wireless &amp; My Mi5 101HelenWattie
 
VoIP: Reasons Your Business Should Switch to Internet Phone Calls
VoIP: Reasons Your Business Should Switch to Internet Phone CallsVoIP: Reasons Your Business Should Switch to Internet Phone Calls
VoIP: Reasons Your Business Should Switch to Internet Phone CallsSwiftTech Solutions, Inc.
 
Infographic: 5 Tips for Cloud Success
Infographic: 5 Tips for Cloud SuccessInfographic: 5 Tips for Cloud Success
Infographic: 5 Tips for Cloud SuccessIBM Security
 
Infographic: Mobile is growing and so are security threats
Infographic: Mobile is growing and so are security threatsInfographic: Mobile is growing and so are security threats
Infographic: Mobile is growing and so are security threatsIBM Security
 
Turn Your Legacy App Into a Mobile App
Turn Your Legacy App Into a Mobile AppTurn Your Legacy App Into a Mobile App
Turn Your Legacy App Into a Mobile AppSwiftTech Solutions, Inc.
 
Is your data on the cloud at risk?
Is your data on the cloud at risk?Is your data on the cloud at risk?
Is your data on the cloud at risk?SwiftTech Solutions, Inc.
 
Smart mobile apps & architectuur
Smart mobile apps & architectuurSmart mobile apps & architectuur
Smart mobile apps & architectuurArnd Brugman
 
Automation
AutomationAutomation
Automationsanky_panky
 
[Infographic]]Managing Assets and Endpoints
[Infographic]]Managing Assets and Endpoints[Infographic]]Managing Assets and Endpoints
[Infographic]]Managing Assets and EndpointsSymantec
 
Major global information security trends - a summary
Major global information security trends - a summaryMajor global information security trends - a summary
Major global information security trends - a summarySensePost
 
SNMP : Simple Network Mediated (Cisco) Pwnage
SNMP : Simple Network Mediated (Cisco) PwnageSNMP : Simple Network Mediated (Cisco) Pwnage
SNMP : Simple Network Mediated (Cisco) PwnageSensePost
 
Putting the tea back into cyber terrorism
Putting the tea back into cyber terrorismPutting the tea back into cyber terrorism
Putting the tea back into cyber terrorismSensePost
 
ZaCon 2015 - Zombie Mana Attacks
ZaCon 2015 - Zombie Mana AttacksZaCon 2015 - Zombie Mana Attacks
ZaCon 2015 - Zombie Mana AttacksSensePost
 
Offence oriented Defence
Offence oriented DefenceOffence oriented Defence
Offence oriented DefenceSensePost
 
Improvement in Rogue Access Points - SensePost Defcon 22
Improvement in Rogue Access Points - SensePost Defcon 22Improvement in Rogue Access Points - SensePost Defcon 22
Improvement in Rogue Access Points - SensePost Defcon 22SensePost
 
Introducing (DET) the Data Exfiltration Toolkit
Introducing (DET) the Data Exfiltration ToolkitIntroducing (DET) the Data Exfiltration Toolkit
Introducing (DET) the Data Exfiltration ToolkitSensePost
 
Hacking your Connected Car: What you need to know NOW
Hacking your Connected Car: What you need to know NOWHacking your Connected Car: What you need to know NOW
Hacking your Connected Car: What you need to know NOWKapil Kanugo
 
Security in cloud computing kashyap kunal
Security in cloud computing kashyap kunalSecurity in cloud computing kashyap kunal
Security in cloud computing kashyap kunalKashyap Kunal
 
Cloud security
Cloud securityCloud security
Cloud securityTushar Kayande
 
Countering Cybersecurity Risk in Today's IoT World
Countering Cybersecurity Risk in Today's IoT WorldCountering Cybersecurity Risk in Today's IoT World
Countering Cybersecurity Risk in Today's IoT WorldBrad Nicholas
 
Embracing Failure - AzureDay Rome
Embracing Failure - AzureDay RomeEmbracing Failure - AzureDay Rome
Embracing Failure - AzureDay RomeAlberto Acerbis
 
EMEA10: Trepidation in Moving to the Cloud
EMEA10: Trepidation in Moving to the CloudEMEA10: Trepidation in Moving to the Cloud
EMEA10: Trepidation in Moving to the CloudCompTIA UK
 
2_24551_Virtualization_SC_0113
2_24551_Virtualization_SC_01132_24551_Virtualization_SC_0113
2_24551_Virtualization_SC_0113Jim Romeo
 
Cloud Computing in migrant
Cloud Computing in migrant Cloud Computing in migrant
Cloud Computing in migrantMigrant Systems
 

Contenu connexe

Tendances

Infographic: 5 Tips for Cloud Success
Infographic: 5 Tips for Cloud SuccessInfographic: 5 Tips for Cloud Success
Infographic: 5 Tips for Cloud SuccessIBM Security
 
Infographic: Mobile is growing and so are security threats
Infographic: Mobile is growing and so are security threatsInfographic: Mobile is growing and so are security threats
Infographic: Mobile is growing and so are security threatsIBM Security
 
Smart mobile apps & architectuur
Smart mobile apps & architectuurSmart mobile apps & architectuur
Smart mobile apps & architectuurArnd Brugman
 
[Infographic]]Managing Assets and Endpoints
[Infographic]]Managing Assets and Endpoints[Infographic]]Managing Assets and Endpoints
[Infographic]]Managing Assets and EndpointsSymantec
 

Tendances (7)

Infographic: 5 Tips for Cloud Success
Infographic: 5 Tips for Cloud SuccessInfographic: 5 Tips for Cloud Success
Infographic: 5 Tips for Cloud Success
 
Infographic: Mobile is growing and so are security threats
Infographic: Mobile is growing and so are security threatsInfographic: Mobile is growing and so are security threats
Infographic: Mobile is growing and so are security threats
 
Turn Your Legacy App Into a Mobile App
Turn Your Legacy App Into a Mobile AppTurn Your Legacy App Into a Mobile App
Turn Your Legacy App Into a Mobile App
 
Is your data on the cloud at risk?
Is your data on the cloud at risk?Is your data on the cloud at risk?
Is your data on the cloud at risk?
 
Smart mobile apps & architectuur
Smart mobile apps & architectuurSmart mobile apps & architectuur
Smart mobile apps & architectuur
 
Automation
AutomationAutomation
Automation
 
[Infographic]]Managing Assets and Endpoints
[Infographic]]Managing Assets and Endpoints[Infographic]]Managing Assets and Endpoints
[Infographic]]Managing Assets and Endpoints
 

En vedette

Major global information security trends - a summary
Major global information security trends - a summaryMajor global information security trends - a summary
Major global information security trends - a summarySensePost
 
SNMP : Simple Network Mediated (Cisco) Pwnage
SNMP : Simple Network Mediated (Cisco) PwnageSNMP : Simple Network Mediated (Cisco) Pwnage
SNMP : Simple Network Mediated (Cisco) PwnageSensePost
 
Putting the tea back into cyber terrorism
Putting the tea back into cyber terrorismPutting the tea back into cyber terrorism
Putting the tea back into cyber terrorismSensePost
 
ZaCon 2015 - Zombie Mana Attacks
ZaCon 2015 - Zombie Mana AttacksZaCon 2015 - Zombie Mana Attacks
ZaCon 2015 - Zombie Mana AttacksSensePost
 
Offence oriented Defence
Offence oriented DefenceOffence oriented Defence
Offence oriented DefenceSensePost
 
Improvement in Rogue Access Points - SensePost Defcon 22
Improvement in Rogue Access Points - SensePost Defcon 22Improvement in Rogue Access Points - SensePost Defcon 22
Improvement in Rogue Access Points - SensePost Defcon 22SensePost
 
Introducing (DET) the Data Exfiltration Toolkit
Introducing (DET) the Data Exfiltration ToolkitIntroducing (DET) the Data Exfiltration Toolkit
Introducing (DET) the Data Exfiltration ToolkitSensePost
 

En vedette (7)

Major global information security trends - a summary
Major global information security trends - a summaryMajor global information security trends - a summary
Major global information security trends - a summary
 
SNMP : Simple Network Mediated (Cisco) Pwnage
SNMP : Simple Network Mediated (Cisco) PwnageSNMP : Simple Network Mediated (Cisco) Pwnage
SNMP : Simple Network Mediated (Cisco) Pwnage
 
Putting the tea back into cyber terrorism
Putting the tea back into cyber terrorismPutting the tea back into cyber terrorism
Putting the tea back into cyber terrorism
 
ZaCon 2015 - Zombie Mana Attacks
ZaCon 2015 - Zombie Mana AttacksZaCon 2015 - Zombie Mana Attacks
ZaCon 2015 - Zombie Mana Attacks
 
Offence oriented Defence
Offence oriented DefenceOffence oriented Defence
Offence oriented Defence
 
Improvement in Rogue Access Points - SensePost Defcon 22
Improvement in Rogue Access Points - SensePost Defcon 22Improvement in Rogue Access Points - SensePost Defcon 22
Improvement in Rogue Access Points - SensePost Defcon 22
 
Introducing (DET) the Data Exfiltration Toolkit
Introducing (DET) the Data Exfiltration ToolkitIntroducing (DET) the Data Exfiltration Toolkit
Introducing (DET) the Data Exfiltration Toolkit
 

Similaire à Securing Machine Clouds from Web-Based Threats

Hacking your Connected Car: What you need to know NOW
Hacking your Connected Car: What you need to know NOWHacking your Connected Car: What you need to know NOW
Hacking your Connected Car: What you need to know NOWKapil Kanugo
 
Security in cloud computing kashyap kunal
Security in cloud computing kashyap kunalSecurity in cloud computing kashyap kunal
Security in cloud computing kashyap kunalKashyap Kunal
 
Countering Cybersecurity Risk in Today's IoT World
Countering Cybersecurity Risk in Today's IoT WorldCountering Cybersecurity Risk in Today's IoT World
Countering Cybersecurity Risk in Today's IoT WorldBrad Nicholas
 
Embracing Failure - AzureDay Rome
Embracing Failure - AzureDay RomeEmbracing Failure - AzureDay Rome
Embracing Failure - AzureDay RomeAlberto Acerbis
 
EMEA10: Trepidation in Moving to the Cloud
EMEA10: Trepidation in Moving to the CloudEMEA10: Trepidation in Moving to the Cloud
EMEA10: Trepidation in Moving to the CloudCompTIA UK
 
2_24551_Virtualization_SC_0113
2_24551_Virtualization_SC_01132_24551_Virtualization_SC_0113
2_24551_Virtualization_SC_0113Jim Romeo
 
Cloud Computing in migrant
Cloud Computing in migrant Cloud Computing in migrant
Cloud Computing in migrantMigrant Systems
 
Final Year IEEE Project 2013-2014 - Cloud Computing Project Title and Abstract
Final Year IEEE Project 2013-2014 - Cloud Computing Project Title and AbstractFinal Year IEEE Project 2013-2014 - Cloud Computing Project Title and Abstract
Final Year IEEE Project 2013-2014 - Cloud Computing Project Title and Abstractelysiumtechnologies
 
Cloud computing an Introduction
Cloud computing an IntroductionCloud computing an Introduction
Cloud computing an IntroductionSayyed S
 
Security automation in virtual and cloud environments v2
Security automation in virtual and cloud environments v2Security automation in virtual and cloud environments v2
Security automation in virtual and cloud environments v2rpark31
 
Keeping Mobile Security Simple - Suman (Shuman) Talukdar, Amphion Forum SF 2013
Keeping Mobile Security Simple - Suman (Shuman) Talukdar, Amphion Forum SF 2013Keeping Mobile Security Simple - Suman (Shuman) Talukdar, Amphion Forum SF 2013
Keeping Mobile Security Simple - Suman (Shuman) Talukdar, Amphion Forum SF 2013Suman Talukdar
 
Top 3 Reasons to Deliver Web Apps with Application Virtualization
Top 3 Reasons to Deliver Web Apps with Application VirtualizationTop 3 Reasons to Deliver Web Apps with Application Virtualization
Top 3 Reasons to Deliver Web Apps with Application VirtualizationCitrix
 
Internet of things - Introduction and Variations (Architecture)
Internet of things - Introduction and Variations (Architecture)Internet of things - Introduction and Variations (Architecture)
Internet of things - Introduction and Variations (Architecture)Mayank Vijh
 
Impactofthecloudforitmanagersisb204guest
Impactofthecloudforitmanagersisb204guestImpactofthecloudforitmanagersisb204guest
Impactofthecloudforitmanagersisb204guestManuel_Jesus
 
Impact Of The Cloud For IT Managers
Impact Of The Cloud For IT ManagersImpact Of The Cloud For IT Managers
Impact Of The Cloud For IT ManagersSimon Guest
 
CSU - ITC571 Capstone Project Seminar - Security Issues and challenges with W...
CSU - ITC571 Capstone Project Seminar - Security Issues and challenges with W...CSU - ITC571 Capstone Project Seminar - Security Issues and challenges with W...
CSU - ITC571 Capstone Project Seminar - Security Issues and challenges with W...Stuart Bennett
 
10-ways-the-dissolving-perimeter-kills-IT
10-ways-the-dissolving-perimeter-kills-IT10-ways-the-dissolving-perimeter-kills-IT
10-ways-the-dissolving-perimeter-kills-ITIdan Hershkovich
 
Cloud Security - Types, Common Threats & Tips To Mitigate.pdf
Cloud Security - Types, Common Threats & Tips To Mitigate.pdfCloud Security - Types, Common Threats & Tips To Mitigate.pdf
Cloud Security - Types, Common Threats & Tips To Mitigate.pdfDataSpace Academy
 

Similaire à Securing Machine Clouds from Web-Based Threats (20)

Hacking your Connected Car: What you need to know NOW
Hacking your Connected Car: What you need to know NOWHacking your Connected Car: What you need to know NOW
Hacking your Connected Car: What you need to know NOW
 
Security in cloud computing kashyap kunal
Security in cloud computing kashyap kunalSecurity in cloud computing kashyap kunal
Security in cloud computing kashyap kunal
 
Cloud security
Cloud securityCloud security
Cloud security
 
Countering Cybersecurity Risk in Today's IoT World
Countering Cybersecurity Risk in Today's IoT WorldCountering Cybersecurity Risk in Today's IoT World
Countering Cybersecurity Risk in Today's IoT World
 
Embracing Failure - AzureDay Rome
Embracing Failure - AzureDay RomeEmbracing Failure - AzureDay Rome
Embracing Failure - AzureDay Rome
 
EMEA10: Trepidation in Moving to the Cloud
EMEA10: Trepidation in Moving to the CloudEMEA10: Trepidation in Moving to the Cloud
EMEA10: Trepidation in Moving to the Cloud
 
2_24551_Virtualization_SC_0113
2_24551_Virtualization_SC_01132_24551_Virtualization_SC_0113
2_24551_Virtualization_SC_0113
 
Cloud Computing in migrant
Cloud Computing in migrant Cloud Computing in migrant
Cloud Computing in migrant
 
Final Year IEEE Project 2013-2014 - Cloud Computing Project Title and Abstract
Final Year IEEE Project 2013-2014 - Cloud Computing Project Title and AbstractFinal Year IEEE Project 2013-2014 - Cloud Computing Project Title and Abstract
Final Year IEEE Project 2013-2014 - Cloud Computing Project Title and Abstract
 
Cloud Security.pptx
Cloud Security.pptxCloud Security.pptx
Cloud Security.pptx
 
Cloud computing an Introduction
Cloud computing an IntroductionCloud computing an Introduction
Cloud computing an Introduction
 
Security automation in virtual and cloud environments v2
Security automation in virtual and cloud environments v2Security automation in virtual and cloud environments v2
Security automation in virtual and cloud environments v2
 
Keeping Mobile Security Simple - Suman (Shuman) Talukdar, Amphion Forum SF 2013
Keeping Mobile Security Simple - Suman (Shuman) Talukdar, Amphion Forum SF 2013Keeping Mobile Security Simple - Suman (Shuman) Talukdar, Amphion Forum SF 2013
Keeping Mobile Security Simple - Suman (Shuman) Talukdar, Amphion Forum SF 2013
 
Top 3 Reasons to Deliver Web Apps with Application Virtualization
Top 3 Reasons to Deliver Web Apps with Application VirtualizationTop 3 Reasons to Deliver Web Apps with Application Virtualization
Top 3 Reasons to Deliver Web Apps with Application Virtualization
 
Internet of things - Introduction and Variations (Architecture)
Internet of things - Introduction and Variations (Architecture)Internet of things - Introduction and Variations (Architecture)
Internet of things - Introduction and Variations (Architecture)
 
Impactofthecloudforitmanagersisb204guest
Impactofthecloudforitmanagersisb204guestImpactofthecloudforitmanagersisb204guest
Impactofthecloudforitmanagersisb204guest
 
Impact Of The Cloud For IT Managers
Impact Of The Cloud For IT ManagersImpact Of The Cloud For IT Managers
Impact Of The Cloud For IT Managers
 
CSU - ITC571 Capstone Project Seminar - Security Issues and challenges with W...
CSU - ITC571 Capstone Project Seminar - Security Issues and challenges with W...CSU - ITC571 Capstone Project Seminar - Security Issues and challenges with W...
CSU - ITC571 Capstone Project Seminar - Security Issues and challenges with W...
 
10-ways-the-dissolving-perimeter-kills-IT
10-ways-the-dissolving-perimeter-kills-IT10-ways-the-dissolving-perimeter-kills-IT
10-ways-the-dissolving-perimeter-kills-IT
 
Cloud Security - Types, Common Threats & Tips To Mitigate.pdf
Cloud Security - Types, Common Threats & Tips To Mitigate.pdfCloud Security - Types, Common Threats & Tips To Mitigate.pdf
Cloud Security - Types, Common Threats & Tips To Mitigate.pdf
 

Plus de SensePost

objection - runtime mobile exploration
objection - runtime mobile explorationobjection - runtime mobile exploration
objection - runtime mobile explorationSensePost
 
Vulnerabilities in TN3270 based Application
Vulnerabilities in TN3270 based ApplicationVulnerabilities in TN3270 based Application
Vulnerabilities in TN3270 based ApplicationSensePost
 
Ruler and Liniaal @ Troopers 17
Ruler and Liniaal @ Troopers 17Ruler and Liniaal @ Troopers 17
Ruler and Liniaal @ Troopers 17SensePost
 
Heartbleed Overview
Heartbleed OverviewHeartbleed Overview
Heartbleed OverviewSensePost
 
Botconf 2013 - DNS-based Botnet C2 Server Detection
Botconf 2013 - DNS-based Botnet C2 Server DetectionBotconf 2013 - DNS-based Botnet C2 Server Detection
Botconf 2013 - DNS-based Botnet C2 Server DetectionSensePost
 
Rat a-tat-tat
Rat a-tat-tatRat a-tat-tat
Rat a-tat-tatSensePost
 
Hacking Z-Wave Home Automation Systems
Hacking Z-Wave Home Automation SystemsHacking Z-Wave Home Automation Systems
Hacking Z-Wave Home Automation SystemsSensePost
 
Inside .NET Smart Card Operating System
Inside .NET Smart Card Operating SystemInside .NET Smart Card Operating System
Inside .NET Smart Card Operating SystemSensePost
 
Its Ok To Get Hacked
Its Ok To Get HackedIts Ok To Get Hacked
Its Ok To Get HackedSensePost
 
Web Application Hacking
Web Application HackingWeb Application Hacking
Web Application HackingSensePost
 
Attacks and Defences
Attacks and DefencesAttacks and Defences
Attacks and DefencesSensePost
 
Corporate Threat Modeling v2
Corporate Threat Modeling v2Corporate Threat Modeling v2
Corporate Threat Modeling v2SensePost
 
State of the information security nation
State of the information security nationState of the information security nation
State of the information security nationSensePost
 
OK I'm here, so what's in it for me?
OK I'm here, so what's in it for me?OK I'm here, so what's in it for me?
OK I'm here, so what's in it for me?SensePost
 
Security threats facing SA businessess
Security threats facing SA businessessSecurity threats facing SA businessess
Security threats facing SA businessessSensePost
 
Security in e-commerce
Security in e-commerceSecurity in e-commerce
Security in e-commerceSensePost
 
Penetration testing and social engineering
Penetration testing and social engineeringPenetration testing and social engineering
Penetration testing and social engineeringSensePost
 
Getting punched in the face
Getting punched in the faceGetting punched in the face
Getting punched in the faceSensePost
 
The jar of joy
The jar of joyThe jar of joy
The jar of joySensePost
 
Web 2.0 security woes
Web 2.0 security woesWeb 2.0 security woes
Web 2.0 security woesSensePost
 

Plus de SensePost (20)

objection - runtime mobile exploration
objection - runtime mobile explorationobjection - runtime mobile exploration
objection - runtime mobile exploration
 
Vulnerabilities in TN3270 based Application
Vulnerabilities in TN3270 based ApplicationVulnerabilities in TN3270 based Application
Vulnerabilities in TN3270 based Application
 
Ruler and Liniaal @ Troopers 17
Ruler and Liniaal @ Troopers 17Ruler and Liniaal @ Troopers 17
Ruler and Liniaal @ Troopers 17
 
Heartbleed Overview
Heartbleed OverviewHeartbleed Overview
Heartbleed Overview
 
Botconf 2013 - DNS-based Botnet C2 Server Detection
Botconf 2013 - DNS-based Botnet C2 Server DetectionBotconf 2013 - DNS-based Botnet C2 Server Detection
Botconf 2013 - DNS-based Botnet C2 Server Detection
 
Rat a-tat-tat
Rat a-tat-tatRat a-tat-tat
Rat a-tat-tat
 
Hacking Z-Wave Home Automation Systems
Hacking Z-Wave Home Automation SystemsHacking Z-Wave Home Automation Systems
Hacking Z-Wave Home Automation Systems
 
Inside .NET Smart Card Operating System
Inside .NET Smart Card Operating SystemInside .NET Smart Card Operating System
Inside .NET Smart Card Operating System
 
Its Ok To Get Hacked
Its Ok To Get HackedIts Ok To Get Hacked
Its Ok To Get Hacked
 
Web Application Hacking
Web Application HackingWeb Application Hacking
Web Application Hacking
 
Attacks and Defences
Attacks and DefencesAttacks and Defences
Attacks and Defences
 
Corporate Threat Modeling v2
Corporate Threat Modeling v2Corporate Threat Modeling v2
Corporate Threat Modeling v2
 
State of the information security nation
State of the information security nationState of the information security nation
State of the information security nation
 
OK I'm here, so what's in it for me?
OK I'm here, so what's in it for me?OK I'm here, so what's in it for me?
OK I'm here, so what's in it for me?
 
Security threats facing SA businessess
Security threats facing SA businessessSecurity threats facing SA businessess
Security threats facing SA businessess
 
Security in e-commerce
Security in e-commerceSecurity in e-commerce
Security in e-commerce
 
Penetration testing and social engineering
Penetration testing and social engineeringPenetration testing and social engineering
Penetration testing and social engineering
 
Getting punched in the face
Getting punched in the faceGetting punched in the face
Getting punched in the face
 
The jar of joy
The jar of joyThe jar of joy
The jar of joy
 
Web 2.0 security woes
Web 2.0 security woesWeb 2.0 security woes
Web 2.0 security woes
 

Dernier

A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersNicole Novielli
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxunit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxBkGupta21
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionDilum Bandara
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfLoriGlavin3
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxLoriGlavin3
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 
Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embeddingZilliz
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxLoriGlavin3
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersRaghuram Pandurangan
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESSALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESmohitsingh558521
 

Dernier (20)

A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software Developers
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxunit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptx
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An Introduction
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdf
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 
Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embedding
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information Developers
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESSALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
 

Securing Machine Clouds from Web-Based Threats