The Badmin project: (Na-na-nanana Na-na-nanana BADMIN)

Presented at DerbyCon 2.0 Reunion (2012), Sept. 29, 2012, 5 p.m. (50 minutes).

Web Application Firewall. Network Access Control. Intrusion Detection Systems/Intrusion Preventions Systems. Intrinsic Heuristic Detectioneering Devices, this presentation can exploit them all.

The security industry is awash with device strategies attempting to remediate the most prevalent security issues in a single stroke. In fact, some of the biggest names in security are attempting to squeeze as many buzz words into one platform as possible to lure in the unknowing. This tactic gives them the ability to market any product as a must-have for IT and security professionals, while rudimentary security procedures are routinely overlooked. There is nothing more basic than an admin portal that, due to incompetence or ignorance, has not been fully customized for the application’s needs.

Quick Facts: Default Admin Login Portals are enabled on over a ten million websites currently (stats only for /admin and /admin/login.php)

There are still portals in wide use on the net that God could get into (Yes, even though he wouldn’t be up this late)


Presenters:

  • Gillis Jones
    The Jolly Green Giant of information security, Gillis hails from southern Alabama and currently makes his home in California. Employed at WhiteHat Security in Santa Clara as an Application Security Engineer, He is way too easily amused by insufficient authentication on admin portals and enjoys trudging his way through the most difficult problems in security.