Difference between revisions of "Botnet Resistant Coding: Protecting Your Users from Script Kiddies"

From OWASP
Jump to: navigation, search
(added link header)
(The speaker)
 
Line 7: Line 7:
 
[[Image:Owasp_logo_normal.jpg|right]]Zeus botnets are trojans accountable for a large percentage of all trojan infections. Zeus’s availability and ease of use make it popular amongst malicious individuals with low technical sophistication. Better social engineering scams, coupled with consistent levels of victim unawareness and carelessness on the part of software vendors, have created a need for greater web security. Using a standard LAMP stack and web programming techniques, a guideline was developed to mitigate and reduce the exposure of sensitive information from compromised clients. Because of the resultant confusion, attackers have either given up and moved on to an easier target, or have spent significant amounts of resources undoing damage to harvested POST data. The immediate objective of implementing these new techniques is to reduce the efficacy of Zeus and its counterparts and ebb cybercrime and identity fraud. Future use of these techniques will provide better chances against the compromising of users and web applications.
 
[[Image:Owasp_logo_normal.jpg|right]]Zeus botnets are trojans accountable for a large percentage of all trojan infections. Zeus’s availability and ease of use make it popular amongst malicious individuals with low technical sophistication. Better social engineering scams, coupled with consistent levels of victim unawareness and carelessness on the part of software vendors, have created a need for greater web security. Using a standard LAMP stack and web programming techniques, a guideline was developed to mitigate and reduce the exposure of sensitive information from compromised clients. Because of the resultant confusion, attackers have either given up and moved on to an easier target, or have spent significant amounts of resources undoing damage to harvested POST data. The immediate objective of implementing these new techniques is to reduce the efficacy of Zeus and its counterparts and ebb cybercrime and identity fraud. Future use of these techniques will provide better chances against the compromising of users and web applications.
  
== The speaker ==
+
== The speakers ==
 +
 
 +
'''Peter Greko''' is a Miami security researcher, board member of HackMiami, and an application analyst specializing in web security for a Fortune 20 company. Pete gives presentations to programming classes on web security practices and has presented for both HackMiami, South Florida OWASP, and the south Florida ISSA chapter meetings.
 +
 
 +
 
 +
'''Fabian Rothschild''' is a Miami college student leading malware research for HackMiami and has presented his research on ZeuS for South Florida OWASP. He is a consultant for small and medium businesses providing best security practices for application development. He enjoys programming in Python and running Linux.
 +
 
  
Speaker bio will be posted shortly.
 
  
 
[[Category:AppSec_DC_2010_Presentations]] [[Category:OWASP_Conference_Presentations]]
 
[[Category:AppSec_DC_2010_Presentations]] [[Category:OWASP_Conference_Presentations]]

Latest revision as of 09:35, 25 October 2010

468x60-banner-2010.gif

Registration | Hotel | Walter E. Washington Convention Center

The presentation

Owasp logo normal.jpg
Zeus botnets are trojans accountable for a large percentage of all trojan infections. Zeus’s availability and ease of use make it popular amongst malicious individuals with low technical sophistication. Better social engineering scams, coupled with consistent levels of victim unawareness and carelessness on the part of software vendors, have created a need for greater web security. Using a standard LAMP stack and web programming techniques, a guideline was developed to mitigate and reduce the exposure of sensitive information from compromised clients. Because of the resultant confusion, attackers have either given up and moved on to an easier target, or have spent significant amounts of resources undoing damage to harvested POST data. The immediate objective of implementing these new techniques is to reduce the efficacy of Zeus and its counterparts and ebb cybercrime and identity fraud. Future use of these techniques will provide better chances against the compromising of users and web applications.

The speakers

Peter Greko is a Miami security researcher, board member of HackMiami, and an application analyst specializing in web security for a Fortune 20 company. Pete gives presentations to programming classes on web security practices and has presented for both HackMiami, South Florida OWASP, and the south Florida ISSA chapter meetings.


Fabian Rothschild is a Miami college student leading malware research for HackMiami and has presented his research on ZeuS for South Florida OWASP. He is a consultant for small and medium businesses providing best security practices for application development. He enjoys programming in Python and running Linux.