Front Range OWASP Conference 2013/Sessions/Sess2 Tech2

Jump to: navigation, search

How Malware Attacks Web Applications

Modern malware has outpaced the ability for traditional defenses to detect and contain the threats. The core of the presentation will address several techniques used by malware to attack web applications, including:

  • WebInjects (aka Man-in-the-Browser)
    Files that contain JavaScript and HTML in order to alter the user experience in the application.
  • Form-Grabbing
    The technique for capturing web form data within browsers.
  • Session Hijacking
    The ability to redirect control of a session to an attacker.
  • Persistence and Stealth
    How does the malware go undetected, for so long?
  • Countermeasures
    How to detect malware interacting with your web applications.

Slides Video

Casey Smith

Casey is an Information Security Analyst at FirstBank.
Casey Smith