It's Just a Flesh Wound!

Presented at NolaCon 2016, May 20, 2016, 4 p.m. (Unknown duration)

As more and more companies are breached via the web, security professionals continue to focus their attention on the critical and high severity vulnerabilities. While this approach would seem to make sense, it overlooks the fact that attackers are getting in through a key attack vector: low to medium severity vulnerabilities. Chained together, these “low hanging fruit” vulnerabilities can own your web application.

This presentation will help security teams think more holistically about the attack landscape. It will illustrate how an attacker can chain together lower end vulnerabilities to own your web application, the tools and tactics they might use, and how to prevent this from happening to you.

Presenters:

• Brett Gravois
  Brett is a Breaker of Web Applications, Leader of a DefCon Group, Maker of Tasty Food, and Owner of a Majestic Beard. He has over 17 years of experience in IT and Security, specializing in Web Application Pentesting, PCI practices, vulnerability scanning, and management. Twitter: @Security_Panda

Links:

• https://nolacon.com/talk/its-just-a-flesh-wound

Similar Presentations:

• DEF CON 8 (2000) / Web Application Security
• ToorCon San Diego 16 (2014) / If you like it then you shouldn't put a ring3 on it
• AppSec USA 2017 / When Molehill Vulnerabilities Become Mountainous Exploits