The High Risk of Low Risk Applications

Presented at DerbyCon 3.0 All in the Family (2013), Sept. 27, 2013, 5 p.m. (50 minutes)

Is your network being hacked by agents of foreign governments? That’s a shame. But your web applications might be susceptible to attacks from much more everyday threats. To counter them, does you company do application risk assessments? There are always limited resources to doing assessments and testing; how do you decide which applications deserve the most attention? In this talk, we will review a real-life situation where what management thought was a innocent little low risk application actually had some nasty secrets in its closet.

Presenters:

• conrad reynolds
  Conrad has held a variety of positions in IT Audit, Application Development, Management, and Web Security in Fortune 50, non-profit, and government sectors. He has been implementing and advising on IT security solutions for several years. He currently hacks government web apps for a living.

Similar Presentations:

• RVAsec 2019 / Risk Assessment - The Heart of Risk-based Security
• ShmooCon I (2005) / Quantitative Risk Assessments - possible or crack dream?
• Texas Cyber Summit 2019 / CS-2024 The Risk Management Hydra and why you need multiple assessments