Difference between revisions of "Hacking by Numbers"

From OWASP
Jump to: navigation, search
m
m
Line 5: Line 5:
 
== The speaker  ==
 
== The speaker  ==
  
Tom is a member of the [http://www.whitehatsec.com WhiteHat Security] and serves as a Board Member of the OWASP Foundation more details can be found on a [http://www.proactiverisk.com webpage in a cloud]   
+
Tom is a member of the [http://www.whitehatsec.com WhiteHat Security] and serves as a Board Member of the OWASP Foundation more details can be found at [http://www.proactiverisk.com his webpage on a cloud]   
 
+
<div style="font-family: sans-serif; font-size: 12px; text-align: center;">
+
<img src="http://doiop.com/asscert.png" <a href="http://www.asscert.com/">Certified Application Security Specialist</a></div>
+
  
 
[[Category:OWASP_AppSec_DC_09]] [[Category:OWASP_Conference_Presentations]]
 
[[Category:OWASP_AppSec_DC_09]] [[Category:OWASP_Conference_Presentations]]

Revision as of 18:08, 3 October 2009

The presentation

Owasp logo normal.jpg
There is a difference between what is possible and what is probable, something we often lose sight of in the world of information security. For example, a vulnerability represents a possible way for an attacker to exploit an asset, but remember not all vulnerabilities are created equal. Obviously we must also keep in mind that just because a vulnerability exists does not necessarily mean it will be exploited, or indicate by whom or to what extent. Clearly, many vulnerabilities are very serious leaving the door open to compromise of sensitive information, financial loss, brand damage, violation of industry regulations, and downtime. Some vulnerabilities are more difficult to exploit than others and therefore attract different attackers. Autonomous worms & viruses may attack one type of issue, while a sentient targeted attacker may prefer another path. Better understanding of these factors enables us to make informed business decisions about website risk management and what is probable.

The speaker

Tom is a member of the WhiteHat Security and serves as a Board Member of the OWASP Foundation more details can be found at his webpage on a cloud