Front Range OWASP Conference 2013/Presentations/Malware
How Malware Attacks Web Applications
Modern malware has outpaced the ability for traditional defenses to detect and contain the threats. The core of the presentation will address several techniques used by malware to attack web applications, including:
- WebInjects (aka Man-in-the-Browser)
The technique for capturing web form data within browsers.
- Session Hijacking
The ability to redirect control of a session to an attacker.
- Persistence and Stealth
How does the malware go undetected, for so long?
How to detect malware interacting with your web applications.