AppSecEU08 Trends in Web Hacking: What's hot in 2008

From OWASP
Revision as of 16:39, 31 July 2008 by Oshezaf (Talk | contribs)

Jump to: navigation, search

The presentation

OWASP IL 2008 01 Ofer Shezaf.jpg
The web hacking incident database (WHID) is a Web Application Security Consortium project dedicated to maintaining a list of web applications related security incidents. The databsae classifies each reported attack by, among other criteria, the method used, the outcome of the attack and the industry and the country of the attacked organization. Based on the database Breach Labs which sponsors WHID issues a periodical report on trends in Web Application Security.

By providing answers to questions such as:

  • The drivers behind Web hacking.
  • The technology hackers used.
  • The types of organizations attacked most often.
  • The common outcomes

WHID enable research into the business model behind hacking. The presentation will discuss WHID findings, focusing on rising trends in Web Attacks in the 1st hald of 2008. Beyond discussin the technical aspects of the attacks, the presntation will analyze the bsuness model of each attack and The presentation also discussed the technology and business behind recent important trends in Web Attacks as such as SQL injection bots planting iFrame malware them are We also discus

The talk will present the WHID 2007 annual report findings, updates for the 1st half of 2008 and expand of several key areas such as the sharp rise in iframe hacking and the risk associated with service providers.

The speaker

Ofer Shezaf leads Product Management for Breach Security, Inc. where he is responsible for defining Breach Security’s product road map and features. Prior to assuming his current role, Ofer led security research at the company. Shezaf combines broad experience in information security, focusing on application security with a background in entrepreneurship and venture capital.

Prior to joining Shezaf served as a technology expert for leading venture capital funds such as Pitango and Evergreen and and previously as a group manager and later a special advisor on national infrastructure protection for the Israeli government and intelligence forces.

As a well known application security expert, Shezaf is an officer of the Web Application Security Consortium (WASC) where he leads the Web Hacking Incidents Database project, and leads the Israeli chapter of the Open Web Application Security Project (OWASP). Shezaf holds a bachelor degree in computer engineering from the Technion, and an MBA from Tel-Aviv University.