FROC2010 Abstract Nickerson
The Presentation: "Pwning the Developer"
Had enough SQLi,CSRF,XSS, and other code talk today? There is an EASIER and FASTER way. Throw away the fuzzers, drop the massive toolset and hours of beating your head against the wall. Ignore the scanners and let your whitehat/greyhat methodology have a rest. In this talk, we will talk about the path of least resistance, the people. Do you REALLY think that attackers are gonna send a TON of traffic at your app and fuzz it al day long? NOPE! They are gonna go after the source. Not the source code, the DEVELOPERS. We will go through how to profile developers, track them, and find out what REALLY goes on behind the curtain.
The Speaker: Chris Nickerson
Chris Nickerson is a Certified Information Systems Security Professional (CISSP) whose main area of expertise is focused on Red Team Testing ?nd Social Engineering. In order to help companies better defend and protect their critical data and key information systems. He has created a blended methodology to assess, implement, and manage information security realistically and effectively. As CEO of Lares, Chris leads a team of security consultants who conduct Security Risk Assessments, Social Engineering, Red Team Testing, Penetration testing, Application testing and regulatory compliance. He is a co-host of the Exotic Liability Podcast and a featured member of TruTV's Tiger Team show.