SlideShare una empresa de Scribd logo

Online Security and Privacy Issues

E
ebusinessmantra

Online Security and Privacy Issues

Internet
1 de 40
Presented by ebusinessmantra at Online Security and Privacy Issues www.ebusinessmantra.com Presented by ebusinessmantra at ecommerce Conference at Umass Dartmouth, MA April 19, 2013
Agenda  (In)Security Landscape  It’s all business  What is your identity worth?  How does it work on the web?  Does it matter to SMB? Problem www.ebusinessmantra.com  Does it matter to SMB?  Myths about security  Vulnerability Exploits (Hacking 101) Demo  SQL Injection, XSS, Google Hacking  How do you minimize the risk?  Security Tools - Demo  Discussions ProblemSolution
About ebusinessmantra  WebApplication Security Consultants  Assess and recommend security solutions  Through partnerships, we offer:  WebApplication Security Scanner  WebApplication Firewalls www.ebusinessmantra.com  WebApplication Firewalls  Database Firewalls  File Systems Monitoring  Training and eLearning (in process)  Customers: *.mil, *.gov, *edu , *.org, *.com  Web Site Design and Development (past)
(In)Security Landscape  Number of incidents of data breaches reaches new record in 2012 www.ebusinessmantra.com
(In)Security Landscape www.ebusinessmantra.com
(In)Security Landscape Web + Hacking = 37% of all incidents www.ebusinessmantra.com
Top 10 security breaches of 2012  Wyndham Hotels – 600,000 credit cards #s stored in plain text, $10.5 billion in fraudulent transactions  Yahoo – 400,000 passwords stored in plain text (SQL injection)  Apple – 11 million Unique Device Identifiers - access user names, devices names, cell phone numbers and addresses  Global Payments – 1.5 million credit card numbers withTrack 2 data used www.ebusinessmantra.com  Global Payments – 1.5 million credit card numbers withTrack 2 data used to clone credit cards  Ghostshell - Hactivist Group stole account information for 1.6 government and contractors  LinkedIn – 6.5 million (hashed) passwords – published on web  Nationwide and Allied Insurance Co. – 1.1 million applicants’ info  South Carolina DOR – 3.8 million tax records  Zappos – 24 million customer data  Government Sector – 94 million Personal Identifiable Information (PII)
In the news… www.ebusinessmantra.com
In the news... www.ebusinessmantra.com
Cybercrime is on the rise www.ebusinessmantra.com
In the news… www.ebusinessmantra.com
Business of cybercrime  Cybercrime is a highly organized, well run profitable business  Hierarchal structure - specialists  Programmer, Hackers, Distributors, Hosting Providers, Money Mule, Cashiers,Tellers (FBI classification) www.ebusinessmantra.com Mule, Cashiers,Tellers (FBI classification)
Extortion www.ebusinessmantra.com
Fraudulent tax returns  Alabama: 1000 false returns for $1.7 million  LA County: 65 false returns for $358,000 www.ebusinessmantra.com  Fort Lauderdale: 2000 false tax returns were filed from 10/2010 - 6/2012 for $11 million.
Your identity @ bargain price… Fullz Info USAType A package # of records Price/record Full Name Email address + password PhysicalAddress Phone Number 1- 499 0.25 500 - 4999 0.22 5000 - 9999 0.18 www.ebusinessmantra.com Phone Number DOB, SSN, DL Numbers Bank Name,Account number + routing number Employer's name + # years of employment 10000 - 16499 0.16 Fullz Info USAType B package includes mother’s maiden name. Web site claims to have 99 to 100% of people in US in their database and have most upto date database.
Typical Offers on Black Market - Price List Products Price Credit card details $2 - $90 Physical credit cards $190 + cost of details Card cloners $200 - $1000 Bank credentials $80 to $700 (with guaranteed balance) www.ebusinessmantra.com Bank credentials $80 to $700 (with guaranteed balance) Bank transfers and cashing checks from 10% to 40% of total Online stores and pay platforms $80 - $1500 with guaranteed balance
(In)Security Landscape  Pretty grim, sobering landscape!  Notable web sites have been hacked (Govt., security firms, banks)  Many are not reported and many more do not know they are being hacked. Your web site might www.ebusinessmantra.com know they are being hacked. Your web site might have been hacked and you may be unaware of it.  Organized crimes, blackmail/extortion, defraud IRS  High costs to remediate: $90 - $300 per record, plus lost business, tangible and intangible losses
How does it work on the web?  Hackers exploit vulnerabilities in the code  to steal data  to make you, web site users, do things that you did not intend to  to distribute and install malware, ransom-ware, in general, bad- ware www.ebusinessmantra.com ware  Monitor your activities on the computer, web site and report data
We are Small Business, it does not matter to us…  S&M are most vulnerable because they don’t have resources that large organizations have.  Your site could be used to launch or distribute malware www.ebusinessmantra.com Your site could be used to launch or distribute malware  You may not think you are at risk – but actually you could be – usingWordPress or some other platform which may be vulnerable  Google search for vulnerabilities inWordPress site.
We don’t have anything of value on our web site…  Even if you don’t believe you have anything of value on your website, it could be used as a means for malicious acts. Here are some negative side- effects:  Credibility www.ebusinessmantra.com  Block -Your business website could be blocked by your Internet service provider or even Google, Bing, and other search engines.  http://www.google.com/safebrowsing/diagnostic?site=domainname  Blacklisting -Your email address or entire domain could be blacklisted by spam filtering services.  http://www.spamhaus.org: Track internet spam senders and spam services and provide real-time anti- spam protection and to identify and pursue spammers worldwide  Time and money - remediation
Myths about security  We have SSL (https) on my web site  Our network has firewalls  Our site is password protected  Our developers will deal with security www.ebusinessmantra.com  Our developers will deal with security  Our OS and software are upto date and patched  These are essential but none of these protect your web site from being hacked.
Are you chasing the mice or protecting the cheese? www.ebusinessmantra.com
Web Application Model www.ebusinessmantra.com • Attack passes as normal traffic through ports 80 & 443 • SSL, Network, OS securities cannot protect web applications
Vulnerability Exploits - Hacking 101  Demo  SQL Injection  Cross Site Scripting  Google Hacking www.ebusinessmantra.com
Injection Attack  Very widely used by hackers and is one of the top 10 vulnerabilities in web applications  SQL Injection Attack Demo www.ebusinessmantra.com
Cross Site Scripting Attack  Another very frequently used attack method - Demo www.ebusinessmantra.com
Google hacking demo  Have you Googled yourself or your business?  Advance Google search –  Demo  inurl:admin intext:username=AND email=AND password= OR pass= filetype:xls www.ebusinessmantra.com filetype:xls  "your password is" filetype:txt  Tools that can do the search for you - demo
How do you minimize risk?  Awareness  All stakeholders must recognize the risks and work towards mitigation  Culture within the organization, mandate from the management  Examples – IT (network security), coders (perplexed), management (state of denial), users (unsafe browsing, cool sites!)  Develop security strategy  Secure Coding Practices during SDLC  Developers need to understand the threats; write secure code; follow www.ebusinessmantra.com  Developers need to understand the threats; write secure code; follow published guidelines  Resource Intensive: time and $ - training, coding, testing  QA  During all stages of application development life cycle  At regular intervals while in production  Web Application Scanning, static code analysis  Monitoring  Web Application Scanning (demo)  Web Application Firewall  Database Firewall  Compliance
Security Strategy  Web Site Scanning  Snapshot of vulnerabilities (new vulnerabilities), fix vulnerabilities, and install patches  Web Application Firewall  Real time, continuous  Set policies to alerts and/or block attacks www.ebusinessmantra.com  Set policies to alerts and/or block attacks  Virtual patch from scanning results  Block traffic from certain region  Database Firewall  Data Protection  Set policies to alert and/or block attacks  (Prevent) Internal and external threats  Secured Hosting
PCI Requirements for Credit Cards www.ebusinessmantra.com
OWASP Top 10 vulnerabilities – set by worldwide security experts www.ebusinessmantra.com
Section 6 of PCI DSS www.ebusinessmantra.com
PCI DSS Requirements – web related www.ebusinessmantra.com
Security Tools  WebApplication Scanner  WebApplication Firewall  Database Firewall www.ebusinessmantra.com  Database Firewall  Secured Hosting
Demo – Vulnerability Scanning www.ebusinessmantra.com
How can we help…  Security Assessment  Develop a strategy  Implement strategy  Training www.ebusinessmantra.com  Training
Take away  Web presence and doing business on web is essential  Security should also be part of the web strategy  Internal and external threats  Develop a strategy for securing data www.ebusinessmantra.com  Develop a strategy for securing data  Take action  Call us if you need help with securing your digital assests.
Discussions www.ebusinessmantra.com
References  2012-DataBreachQuickView by Risk Based Security  The Cyber Crime Black Market – by Panda Security  Web Sites:  http://www.crn.com/slide-shows/security/240144596/the-top-10-security-breaches-of-2012.htm  http://www.esecurityplanet.com/network-security/salem-state-university-suffers-security-breach.html  http://datalossdb.org/incident_highlights/58-nothing-is-certain-but-death-taxes-and-identity-theft  http://www.securityweek.com/economic-update-cybercrime-economy-current-prices-black-market http://www.sbnonline.com/2012/01/your-personally-identifiable-information-it%E2%80%99s-valuable- www.ebusinessmantra.com  http://www.sbnonline.com/2012/01/your-personally-identifiable-information-it%E2%80%99s-valuable- to-someone/  http://it.toolbox.com/blogs/managing-infosec/google-hacking-master-list-28302  http://stopbadware.org  http://www.ncbi.nlm.nih.gov/pmc/articles/PMC1761937/  http://www.howcast.com/guides/593-How-to-Maintain-Internet-Security-and-Privacy  http://www.ftc.gov/bcp/menus/consumer/tech/privacy.shtm  http://www.whitehouse.gov/files/documents/cyber/National%20Cyber%20Security%20Alliance%20- %20Harris+Online+Security+and+Privacy+Study.pdf
Resources  OWASP www.owasp.org  Dataloss www.dataloss.org  Calculate your risk: https://databreachcalculator.com  Ebusinessmantra www.ebusinessmantra.com www.ebusinessmantra.com  Ebusinessmantra www.ebusinessmantra.com

Recomendados

Web application vulnerabilities
Web application vulnerabilitiesWeb application vulnerabilities
Web application vulnerabilitiesebusinessmantra
 
Why Should A Business Worry about Cyber Attacks?
Why Should A Business Worry about Cyber Attacks?Why Should A Business Worry about Cyber Attacks?
Why Should A Business Worry about Cyber Attacks?Ainsha Noordin (Umie)
 
Phishing Education
Phishing EducationPhishing Education
Phishing EducationBrandProtect
 
Beating Sophisticated Attackers at Their Game Using AWS
Beating Sophisticated Attackers at Their Game Using AWSBeating Sophisticated Attackers at Their Game Using AWS
Beating Sophisticated Attackers at Their Game Using AWSAmazon Web Services
 
Security risks awareness
Security risks awarenessSecurity risks awareness
Security risks awarenessJanagi Kannan
 
What is the Cybersecurity plan for tomorrow?
What is the Cybersecurity plan for tomorrow?What is the Cybersecurity plan for tomorrow?
What is the Cybersecurity plan for tomorrow?Samvel Gevorgyan
 
Data Science vs. the Bad Guys: Defending LinkedIn from Fraud and Abuse
Data Science vs. the Bad Guys: Defending LinkedIn from Fraud and AbuseData Science vs. the Bad Guys: Defending LinkedIn from Fraud and Abuse
Data Science vs. the Bad Guys: Defending LinkedIn from Fraud and AbuseDavid Freeman
 
Server-Side Second Factors: Approaches to Measuring User Authenticity
Server-Side Second Factors: Approaches to Measuring User AuthenticityServer-Side Second Factors: Approaches to Measuring User Authenticity
Server-Side Second Factors: Approaches to Measuring User AuthenticityDavid Freeman
 

Recomendados

Web application vulnerabilities
Web application vulnerabilitiesWeb application vulnerabilities
Web application vulnerabilitiesebusinessmantra
 
Why Should A Business Worry about Cyber Attacks?
Why Should A Business Worry about Cyber Attacks?Why Should A Business Worry about Cyber Attacks?
Why Should A Business Worry about Cyber Attacks?Ainsha Noordin (Umie)
 
Phishing Education
Phishing EducationPhishing Education
Phishing EducationBrandProtect
 
Beating Sophisticated Attackers at Their Game Using AWS
Beating Sophisticated Attackers at Their Game Using AWSBeating Sophisticated Attackers at Their Game Using AWS
Beating Sophisticated Attackers at Their Game Using AWSAmazon Web Services
 
Security risks awareness
Security risks awarenessSecurity risks awareness
Security risks awarenessJanagi Kannan
 
What is the Cybersecurity plan for tomorrow?
What is the Cybersecurity plan for tomorrow?What is the Cybersecurity plan for tomorrow?
What is the Cybersecurity plan for tomorrow?Samvel Gevorgyan
 
Data Science vs. the Bad Guys: Defending LinkedIn from Fraud and Abuse
Data Science vs. the Bad Guys: Defending LinkedIn from Fraud and AbuseData Science vs. the Bad Guys: Defending LinkedIn from Fraud and Abuse
Data Science vs. the Bad Guys: Defending LinkedIn from Fraud and AbuseDavid Freeman
 
Server-Side Second Factors: Approaches to Measuring User Authenticity
Server-Side Second Factors: Approaches to Measuring User AuthenticityServer-Side Second Factors: Approaches to Measuring User Authenticity
Server-Side Second Factors: Approaches to Measuring User AuthenticityDavid Freeman
 
Web Application Security - "In theory and practice"
Web Application Security - "In theory and practice"Web Application Security - "In theory and practice"
Web Application Security - "In theory and practice"Jeremiah Grossman
 
Security&reliability
Security&reliabilitySecurity&reliability
Security&reliabilitycaca1009
 
Content Management System Security
Content Management System SecurityContent Management System Security
Content Management System SecuritySamvel Gevorgyan
 
Dos and Don'ts of Internet Security
Dos and Don'ts of Internet SecurityDos and Don'ts of Internet Security
Dos and Don'ts of Internet SecurityQuick Heal Technologies Ltd.
 
A Guide To Cyber Insurance
A Guide To Cyber InsuranceA Guide To Cyber Insurance
A Guide To Cyber InsuranceJohn Ryan
 
Cyber Risks & Liabilities - Cyber Security for Small Businesses
Cyber Risks & Liabilities - Cyber Security for Small BusinessesCyber Risks & Liabilities - Cyber Security for Small Businesses
Cyber Risks & Liabilities - Cyber Security for Small Businessesntoscano50
 
Web security presentation
Web security presentationWeb security presentation
Web security presentationJohn Staveley
 
Security Awareness Training from KnowBe4
Security Awareness Training from KnowBe4Security Awareness Training from KnowBe4
Security Awareness Training from KnowBe4Carol Montgomery Adams
 
10 best cybersecurity companies in healthcare for 2021
10 best cybersecurity companies in healthcare for 202110 best cybersecurity companies in healthcare for 2021
10 best cybersecurity companies in healthcare for 2021insightscare
 
Websecurity fundamentals for beginners
Websecurity fundamentals for beginnersWebsecurity fundamentals for beginners
Websecurity fundamentals for beginnersSamvel Gevorgyan
 
Безопасность данных мобильных приложений. Мифы и реальность.
Безопасность данных мобильных приложений. Мифы и реальность.Безопасность данных мобильных приложений. Мифы и реальность.
Безопасность данных мобильных приложений. Мифы и реальность.Advanced monitoring
 
What you need to know about cyber security
What you need to know about cyber securityWhat you need to know about cyber security
What you need to know about cyber securityCarol Meng-Shih Wang
 
Cyber security certification course
Cyber security certification courseCyber security certification course
Cyber security certification courseNishaPaunikar1
 
Hack miami emiliocasbas
Hack miami emiliocasbasHack miami emiliocasbas
Hack miami emiliocasbasEmilio Casbas
 
Staying Safe on the Computer and Online
Staying Safe on the Computer and OnlineStaying Safe on the Computer and Online
Staying Safe on the Computer and Onlinecat509
 
Data-driven storytelling and security stakeholder engagement - FND326-S - AWS...
Data-driven storytelling and security stakeholder engagement - FND326-S - AWS...Data-driven storytelling and security stakeholder engagement - FND326-S - AWS...
Data-driven storytelling and security stakeholder engagement - FND326-S - AWS...Amazon Web Services
 
When thieves strike: Executive briefing on SWIFT attacks
When thieves strike: Executive briefing on SWIFT attacksWhen thieves strike: Executive briefing on SWIFT attacks
When thieves strike: Executive briefing on SWIFT attacksSangram Gayal
 
Nat'l Cyber Security Awareness Month (NCSAM) Posters
Nat'l Cyber Security Awareness Month (NCSAM) PostersNat'l Cyber Security Awareness Month (NCSAM) Posters
Nat'l Cyber Security Awareness Month (NCSAM) PostersNetLockSmith
 
Web security leeds sharp dot netnotts
Web security leeds sharp dot netnottsWeb security leeds sharp dot netnotts
Web security leeds sharp dot netnottsJohn Staveley
 
Knowbe4 presentation
Knowbe4 presentationKnowbe4 presentation
Knowbe4 presentationMd Mofijul Haque
 
Cyber security considerations for Small and Medium Businesses
Cyber security considerations for Small and Medium BusinessesCyber security considerations for Small and Medium Businesses
Cyber security considerations for Small and Medium Businessesebusinessmantra
 
Cybersecurity Threats Web Developers Must Know.pptx
Cybersecurity Threats Web Developers Must Know.pptxCybersecurity Threats Web Developers Must Know.pptx
Cybersecurity Threats Web Developers Must Know.pptxMaster Infotech
 

Más contenido relacionado

La actualidad más candente

Web Application Security - "In theory and practice"
Web Application Security - "In theory and practice"Web Application Security - "In theory and practice"
Web Application Security - "In theory and practice"Jeremiah Grossman
 
Security&reliability
Security&reliabilitySecurity&reliability
Security&reliabilitycaca1009
 
Content Management System Security
Content Management System SecurityContent Management System Security
Content Management System SecuritySamvel Gevorgyan
 
A Guide To Cyber Insurance
A Guide To Cyber InsuranceA Guide To Cyber Insurance
A Guide To Cyber InsuranceJohn Ryan
 
Cyber Risks & Liabilities - Cyber Security for Small Businesses
Cyber Risks & Liabilities - Cyber Security for Small BusinessesCyber Risks & Liabilities - Cyber Security for Small Businesses
Cyber Risks & Liabilities - Cyber Security for Small Businessesntoscano50
 
Web security presentation
Web security presentationWeb security presentation
Web security presentationJohn Staveley
 
Security Awareness Training from KnowBe4
Security Awareness Training from KnowBe4Security Awareness Training from KnowBe4
Security Awareness Training from KnowBe4Carol Montgomery Adams
 
10 best cybersecurity companies in healthcare for 2021
10 best cybersecurity companies in healthcare for 202110 best cybersecurity companies in healthcare for 2021
10 best cybersecurity companies in healthcare for 2021insightscare
 
Websecurity fundamentals for beginners
Websecurity fundamentals for beginnersWebsecurity fundamentals for beginners
Websecurity fundamentals for beginnersSamvel Gevorgyan
 
Безопасность данных мобильных приложений. Мифы и реальность.
Безопасность данных мобильных приложений. Мифы и реальность.Безопасность данных мобильных приложений. Мифы и реальность.
Безопасность данных мобильных приложений. Мифы и реальность.Advanced monitoring
 
What you need to know about cyber security
What you need to know about cyber securityWhat you need to know about cyber security
What you need to know about cyber securityCarol Meng-Shih Wang
 
Cyber security certification course
Cyber security certification courseCyber security certification course
Cyber security certification courseNishaPaunikar1
 
Hack miami emiliocasbas
Hack miami emiliocasbasHack miami emiliocasbas
Hack miami emiliocasbasEmilio Casbas
 
Staying Safe on the Computer and Online
Staying Safe on the Computer and OnlineStaying Safe on the Computer and Online
Staying Safe on the Computer and Onlinecat509
 
Data-driven storytelling and security stakeholder engagement - FND326-S - AWS...
Data-driven storytelling and security stakeholder engagement - FND326-S - AWS...Data-driven storytelling and security stakeholder engagement - FND326-S - AWS...
Data-driven storytelling and security stakeholder engagement - FND326-S - AWS...Amazon Web Services
 
When thieves strike: Executive briefing on SWIFT attacks
When thieves strike: Executive briefing on SWIFT attacksWhen thieves strike: Executive briefing on SWIFT attacks
When thieves strike: Executive briefing on SWIFT attacksSangram Gayal
 
Nat'l Cyber Security Awareness Month (NCSAM) Posters
Nat'l Cyber Security Awareness Month (NCSAM) PostersNat'l Cyber Security Awareness Month (NCSAM) Posters
Nat'l Cyber Security Awareness Month (NCSAM) PostersNetLockSmith
 
Web security leeds sharp dot netnotts
Web security leeds sharp dot netnottsWeb security leeds sharp dot netnotts
Web security leeds sharp dot netnottsJohn Staveley
 

La actualidad más candente (20)

Web Application Security - "In theory and practice"
Web Application Security - "In theory and practice"Web Application Security - "In theory and practice"
Web Application Security - "In theory and practice"
 
Security&reliability
Security&reliabilitySecurity&reliability
Security&reliability
 
Content Management System Security
Content Management System SecurityContent Management System Security
Content Management System Security
 
Dos and Don'ts of Internet Security
Dos and Don'ts of Internet SecurityDos and Don'ts of Internet Security
Dos and Don'ts of Internet Security
 
A Guide To Cyber Insurance
A Guide To Cyber InsuranceA Guide To Cyber Insurance
A Guide To Cyber Insurance
 
Cyber Risks & Liabilities - Cyber Security for Small Businesses
Cyber Risks & Liabilities - Cyber Security for Small BusinessesCyber Risks & Liabilities - Cyber Security for Small Businesses
Cyber Risks & Liabilities - Cyber Security for Small Businesses
 
Web security presentation
Web security presentationWeb security presentation
Web security presentation
 
Security Awareness Training from KnowBe4
Security Awareness Training from KnowBe4Security Awareness Training from KnowBe4
Security Awareness Training from KnowBe4
 
10 best cybersecurity companies in healthcare for 2021
10 best cybersecurity companies in healthcare for 202110 best cybersecurity companies in healthcare for 2021
10 best cybersecurity companies in healthcare for 2021
 
Websecurity fundamentals for beginners
Websecurity fundamentals for beginnersWebsecurity fundamentals for beginners
Websecurity fundamentals for beginners
 
Безопасность данных мобильных приложений. Мифы и реальность.
Безопасность данных мобильных приложений. Мифы и реальность.Безопасность данных мобильных приложений. Мифы и реальность.
Безопасность данных мобильных приложений. Мифы и реальность.
 
What you need to know about cyber security
What you need to know about cyber securityWhat you need to know about cyber security
What you need to know about cyber security
 
Cyber security certification course
Cyber security certification courseCyber security certification course
Cyber security certification course
 
Hack miami emiliocasbas
Hack miami emiliocasbasHack miami emiliocasbas
Hack miami emiliocasbas
 
Staying Safe on the Computer and Online
Staying Safe on the Computer and OnlineStaying Safe on the Computer and Online
Staying Safe on the Computer and Online
 
Data-driven storytelling and security stakeholder engagement - FND326-S - AWS...
Data-driven storytelling and security stakeholder engagement - FND326-S - AWS...Data-driven storytelling and security stakeholder engagement - FND326-S - AWS...
Data-driven storytelling and security stakeholder engagement - FND326-S - AWS...
 
When thieves strike: Executive briefing on SWIFT attacks
When thieves strike: Executive briefing on SWIFT attacksWhen thieves strike: Executive briefing on SWIFT attacks
When thieves strike: Executive briefing on SWIFT attacks
 
Nat'l Cyber Security Awareness Month (NCSAM) Posters
Nat'l Cyber Security Awareness Month (NCSAM) PostersNat'l Cyber Security Awareness Month (NCSAM) Posters
Nat'l Cyber Security Awareness Month (NCSAM) Posters
 
Web security leeds sharp dot netnotts
Web security leeds sharp dot netnottsWeb security leeds sharp dot netnotts
Web security leeds sharp dot netnotts
 
Knowbe4 presentation
Knowbe4 presentationKnowbe4 presentation
Knowbe4 presentation
 

Similar a Online Security and Privacy Issues

Cyber security considerations for Small and Medium Businesses
Cyber security considerations for Small and Medium BusinessesCyber security considerations for Small and Medium Businesses
Cyber security considerations for Small and Medium Businessesebusinessmantra
 
Cybersecurity Threats Web Developers Must Know.pptx
Cybersecurity Threats Web Developers Must Know.pptxCybersecurity Threats Web Developers Must Know.pptx
Cybersecurity Threats Web Developers Must Know.pptxMaster Infotech
 
Cyber 101 for smb execs v1
Cyber 101 for smb execs v1Cyber 101 for smb execs v1
Cyber 101 for smb execs v1NetWatcher
 
Cyber security awareness for end users
Cyber security awareness for end usersCyber security awareness for end users
Cyber security awareness for end usersNetWatcher
 
Ecommerce(2)
Ecommerce(2)Ecommerce(2)
Ecommerce(2)ecommerce
 
Introduction to the Current Threat Landscape
Introduction to the Current Threat LandscapeIntroduction to the Current Threat Landscape
Introduction to the Current Threat LandscapeMelbourne IT
 
Make Every Spin Count: Putting the Security Odds in Your Favor
Make Every Spin Count: Putting the Security Odds in Your FavorMake Every Spin Count: Putting the Security Odds in Your Favor
Make Every Spin Count: Putting the Security Odds in Your FavorDavid Perkins
 
Cyber security presentation
Cyber security presentationCyber security presentation
Cyber security presentationParab Mishra
 
parabcswithout-front-200320113631.pdf
parabcswithout-front-200320113631.pdfparabcswithout-front-200320113631.pdf
parabcswithout-front-200320113631.pdfNirGoldstein5
 
The Small Business Cyber Security Best Practice Guide
The Small Business Cyber Security Best Practice GuideThe Small Business Cyber Security Best Practice Guide
The Small Business Cyber Security Best Practice GuideInspiring Women
 
10 ways to protect your e commerce site from hacking & fraud
10 ways to protect your e commerce site from hacking & fraud10 ways to protect your e commerce site from hacking & fraud
10 ways to protect your e commerce site from hacking & fraudWebSitePulse
 
Security in e-commerce
Security in e-commerceSecurity in e-commerce
Security in e-commerceSensePost
 
Based on the below and using the 12 categories of threats identify 3 .pdf
Based on the below and using the 12 categories of threats identify 3 .pdfBased on the below and using the 12 categories of threats identify 3 .pdf
Based on the below and using the 12 categories of threats identify 3 .pdfarri2009av
 
ITSolutions|Currie Network Security Seminar
ITSolutions|Currie Network Security SeminarITSolutions|Currie Network Security Seminar
ITSolutions|Currie Network Security SeminarDaniel Versola
 
Fraud Engineering, from Merchant Risk Council Annual Meeting 2012
Fraud Engineering, from Merchant Risk Council Annual Meeting 2012Fraud Engineering, from Merchant Risk Council Annual Meeting 2012
Fraud Engineering, from Merchant Risk Council Annual Meeting 2012Nick Galbreath
 
Cybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your OrganizationCybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your OrganizationTriCorps Technologies
 
securityattackvectorsslidesharefinal-160405191759.pdf
securityattackvectorsslidesharefinal-160405191759.pdfsecurityattackvectorsslidesharefinal-160405191759.pdf
securityattackvectorsslidesharefinal-160405191759.pdfssuser6c59cb
 

Similar a Online Security and Privacy Issues (20)

Cyber security considerations for Small and Medium Businesses
Cyber security considerations for Small and Medium BusinessesCyber security considerations for Small and Medium Businesses
Cyber security considerations for Small and Medium Businesses
 
Cybersecurity Threats Web Developers Must Know.pptx
Cybersecurity Threats Web Developers Must Know.pptxCybersecurity Threats Web Developers Must Know.pptx
Cybersecurity Threats Web Developers Must Know.pptx
 
Cyber 101 for smb execs v1
Cyber 101 for smb execs v1Cyber 101 for smb execs v1
Cyber 101 for smb execs v1
 
Website Security: A Guide to Defending Your Website
Website Security: A Guide to Defending Your WebsiteWebsite Security: A Guide to Defending Your Website
Website Security: A Guide to Defending Your Website
 
Cyber security awareness for end users
Cyber security awareness for end usersCyber security awareness for end users
Cyber security awareness for end users
 
Ecommerce(2)
Ecommerce(2)Ecommerce(2)
Ecommerce(2)
 
Introduction to the Current Threat Landscape
Introduction to the Current Threat LandscapeIntroduction to the Current Threat Landscape
Introduction to the Current Threat Landscape
 
Make Every Spin Count: Putting the Security Odds in Your Favor
Make Every Spin Count: Putting the Security Odds in Your FavorMake Every Spin Count: Putting the Security Odds in Your Favor
Make Every Spin Count: Putting the Security Odds in Your Favor
 
Cyber security presentation
Cyber security presentationCyber security presentation
Cyber security presentation
 
parabcswithout-front-200320113631.pdf
parabcswithout-front-200320113631.pdfparabcswithout-front-200320113631.pdf
parabcswithout-front-200320113631.pdf
 
DWP Cybersecurity 101 for Nonprofits
DWP Cybersecurity 101 for NonprofitsDWP Cybersecurity 101 for Nonprofits
DWP Cybersecurity 101 for Nonprofits
 
The Small Business Cyber Security Best Practice Guide
The Small Business Cyber Security Best Practice GuideThe Small Business Cyber Security Best Practice Guide
The Small Business Cyber Security Best Practice Guide
 
10 ways to protect your e commerce site from hacking & fraud
10 ways to protect your e commerce site from hacking & fraud10 ways to protect your e commerce site from hacking & fraud
10 ways to protect your e commerce site from hacking & fraud
 
Security in e-commerce
Security in e-commerceSecurity in e-commerce
Security in e-commerce
 
Based on the below and using the 12 categories of threats identify 3 .pdf
Based on the below and using the 12 categories of threats identify 3 .pdfBased on the below and using the 12 categories of threats identify 3 .pdf
Based on the below and using the 12 categories of threats identify 3 .pdf
 
ITSolutions|Currie Network Security Seminar
ITSolutions|Currie Network Security SeminarITSolutions|Currie Network Security Seminar
ITSolutions|Currie Network Security Seminar
 
Cyber security
Cyber securityCyber security
Cyber security
 
Fraud Engineering, from Merchant Risk Council Annual Meeting 2012
Fraud Engineering, from Merchant Risk Council Annual Meeting 2012Fraud Engineering, from Merchant Risk Council Annual Meeting 2012
Fraud Engineering, from Merchant Risk Council Annual Meeting 2012
 
Cybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your OrganizationCybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your Organization
 
securityattackvectorsslidesharefinal-160405191759.pdf
securityattackvectorsslidesharefinal-160405191759.pdfsecurityattackvectorsslidesharefinal-160405191759.pdf
securityattackvectorsslidesharefinal-160405191759.pdf
 

Último

GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark Web
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark WebGDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark Web
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark WebJames Anderson
 
Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
(+971568250507 ))# Young Call Girls in Ajman By Pakistani Call Girls in ...
(+971568250507 ))# Young Call Girls in Ajman By Pakistani Call Girls in ...(+971568250507 ))# Young Call Girls in Ajman By Pakistani Call Girls in ...
(+971568250507 ))# Young Call Girls in Ajman By Pakistani Call Girls in ...Escorts Call Girls
 
Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$
Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$
Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$kojalkojal131
 
✂️ 👅 Independent Andheri Escorts With Room Vashi Call Girls 💃 9004004663
✂️ 👅 Independent Andheri Escorts With Room Vashi Call Girls 💃 9004004663✂️ 👅 Independent Andheri Escorts With Room Vashi Call Girls 💃 9004004663
✂️ 👅 Independent Andheri Escorts With Room Vashi Call Girls 💃 9004004663Call Girls Mumbai
 
Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...
Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...
Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...Delhi Call girls
 
Hot Call Girls |Delhi |Hauz Khas ☎ 9711199171 Book Your One night Stand
Hot Call Girls |Delhi |Hauz Khas ☎ 9711199171 Book Your One night StandHot Call Girls |Delhi |Hauz Khas ☎ 9711199171 Book Your One night Stand
Hot Call Girls |Delhi |Hauz Khas ☎ 9711199171 Book Your One night Standkumarajju5765
 
Call Girls In Pratap Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Pratap Nagar Delhi 💯Call Us 🔝8264348440🔝Call Girls In Pratap Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Pratap Nagar Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
Call Girls In Ashram Chowk Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Ashram Chowk Delhi 💯Call Us 🔝8264348440🔝Call Girls In Ashram Chowk Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Ashram Chowk Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
Call Now ☎ 8264348440 !! Call Girls in Sarai Rohilla Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Sarai Rohilla Escort Service Delhi N.C.R.Call Now ☎ 8264348440 !! Call Girls in Sarai Rohilla Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Sarai Rohilla Escort Service Delhi N.C.R.soniya singh
 
Enjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort Service
Enjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort ServiceEnjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort Service
Enjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort ServiceDelhi Call girls
 
𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...
𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...
𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...Neha Pandey
 
Best VIP Call Girls Noida Sector 75 Call Me: 8448380779
Best VIP Call Girls Noida Sector 75 Call Me: 8448380779Best VIP Call Girls Noida Sector 75 Call Me: 8448380779
Best VIP Call Girls Noida Sector 75 Call Me: 8448380779Delhi Call girls
 
AWS Community DAY Albertini-Ellan Cloud Security (1).pptx
AWS Community DAY Albertini-Ellan Cloud Security (1).pptxAWS Community DAY Albertini-Ellan Cloud Security (1).pptx
AWS Community DAY Albertini-Ellan Cloud Security (1).pptxellan12
 
Nanded City ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready ...
Nanded City ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready ...Nanded City ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready ...
Nanded City ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready ...tanu pandey
 
CALL ON ➥8923113531 🔝Call Girls Lucknow Lucknow best sexual service Online
CALL ON ➥8923113531 🔝Call Girls Lucknow Lucknow best sexual service OnlineCALL ON ➥8923113531 🔝Call Girls Lucknow Lucknow best sexual service Online
CALL ON ➥8923113531 🔝Call Girls Lucknow Lucknow best sexual service Onlineanilsa9823
 
Call Now ☎ 8264348440 !! Call Girls in Green Park Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Green Park Escort Service Delhi N.C.R.Call Now ☎ 8264348440 !! Call Girls in Green Park Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Green Park Escort Service Delhi N.C.R.soniya singh
 

Último (20)

Rohini Sector 6 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
Rohini Sector 6 Call Girls Delhi 9999965857 @Sabina Saikh No AdvanceRohini Sector 6 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
Rohini Sector 6 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
 
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark Web
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark WebGDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark Web
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark Web
 
Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝
 
Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝
 
(+971568250507 ))# Young Call Girls in Ajman By Pakistani Call Girls in ...
(+971568250507 ))# Young Call Girls in Ajman By Pakistani Call Girls in ...(+971568250507 ))# Young Call Girls in Ajman By Pakistani Call Girls in ...
(+971568250507 ))# Young Call Girls in Ajman By Pakistani Call Girls in ...
 
Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$
Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$
Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$
 
✂️ 👅 Independent Andheri Escorts With Room Vashi Call Girls 💃 9004004663
✂️ 👅 Independent Andheri Escorts With Room Vashi Call Girls 💃 9004004663✂️ 👅 Independent Andheri Escorts With Room Vashi Call Girls 💃 9004004663
✂️ 👅 Independent Andheri Escorts With Room Vashi Call Girls 💃 9004004663
 
Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...
Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...
Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...
 
Rohini Sector 26 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
Rohini Sector 26 Call Girls Delhi 9999965857 @Sabina Saikh No AdvanceRohini Sector 26 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
Rohini Sector 26 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
 
Hot Call Girls |Delhi |Hauz Khas ☎ 9711199171 Book Your One night Stand
Hot Call Girls |Delhi |Hauz Khas ☎ 9711199171 Book Your One night StandHot Call Girls |Delhi |Hauz Khas ☎ 9711199171 Book Your One night Stand
Hot Call Girls |Delhi |Hauz Khas ☎ 9711199171 Book Your One night Stand
 
Call Girls In Pratap Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Pratap Nagar Delhi 💯Call Us 🔝8264348440🔝Call Girls In Pratap Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Pratap Nagar Delhi 💯Call Us 🔝8264348440🔝
 
Call Girls In Ashram Chowk Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Ashram Chowk Delhi 💯Call Us 🔝8264348440🔝Call Girls In Ashram Chowk Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Ashram Chowk Delhi 💯Call Us 🔝8264348440🔝
 
Call Now ☎ 8264348440 !! Call Girls in Sarai Rohilla Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Sarai Rohilla Escort Service Delhi N.C.R.Call Now ☎ 8264348440 !! Call Girls in Sarai Rohilla Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Sarai Rohilla Escort Service Delhi N.C.R.
 
Enjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort Service
Enjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort ServiceEnjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort Service
Enjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort Service
 
𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...
𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...
𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...
 
Best VIP Call Girls Noida Sector 75 Call Me: 8448380779
Best VIP Call Girls Noida Sector 75 Call Me: 8448380779Best VIP Call Girls Noida Sector 75 Call Me: 8448380779
Best VIP Call Girls Noida Sector 75 Call Me: 8448380779
 
AWS Community DAY Albertini-Ellan Cloud Security (1).pptx
AWS Community DAY Albertini-Ellan Cloud Security (1).pptxAWS Community DAY Albertini-Ellan Cloud Security (1).pptx
AWS Community DAY Albertini-Ellan Cloud Security (1).pptx
 
Nanded City ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready ...
Nanded City ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready ...Nanded City ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready ...
Nanded City ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready ...
 
CALL ON ➥8923113531 🔝Call Girls Lucknow Lucknow best sexual service Online
CALL ON ➥8923113531 🔝Call Girls Lucknow Lucknow best sexual service OnlineCALL ON ➥8923113531 🔝Call Girls Lucknow Lucknow best sexual service Online
CALL ON ➥8923113531 🔝Call Girls Lucknow Lucknow best sexual service Online
 
Call Now ☎ 8264348440 !! Call Girls in Green Park Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Green Park Escort Service Delhi N.C.R.Call Now ☎ 8264348440 !! Call Girls in Green Park Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Green Park Escort Service Delhi N.C.R.
 

Online Security and Privacy Issues

  • 1. Presented by ebusinessmantra at Online Security and Privacy Issues www.ebusinessmantra.com Presented by ebusinessmantra at ecommerce Conference at Umass Dartmouth, MA April 19, 2013
  • 2. Agenda  (In)Security Landscape  It’s all business  What is your identity worth?  How does it work on the web?  Does it matter to SMB? Problem www.ebusinessmantra.com  Does it matter to SMB?  Myths about security  Vulnerability Exploits (Hacking 101) Demo  SQL Injection, XSS, Google Hacking  How do you minimize the risk?  Security Tools - Demo  Discussions ProblemSolution
  • 3. About ebusinessmantra  WebApplication Security Consultants  Assess and recommend security solutions  Through partnerships, we offer:  WebApplication Security Scanner  WebApplication Firewalls www.ebusinessmantra.com  WebApplication Firewalls  Database Firewalls  File Systems Monitoring  Training and eLearning (in process)  Customers: *.mil, *.gov, *edu , *.org, *.com  Web Site Design and Development (past)
  • 4. (In)Security Landscape  Number of incidents of data breaches reaches new record in 2012 www.ebusinessmantra.com
  • 6. (In)Security Landscape Web + Hacking = 37% of all incidents www.ebusinessmantra.com
  • 7. Top 10 security breaches of 2012  Wyndham Hotels – 600,000 credit cards #s stored in plain text, $10.5 billion in fraudulent transactions  Yahoo – 400,000 passwords stored in plain text (SQL injection)  Apple – 11 million Unique Device Identifiers - access user names, devices names, cell phone numbers and addresses  Global Payments – 1.5 million credit card numbers withTrack 2 data used www.ebusinessmantra.com  Global Payments – 1.5 million credit card numbers withTrack 2 data used to clone credit cards  Ghostshell - Hactivist Group stole account information for 1.6 government and contractors  LinkedIn – 6.5 million (hashed) passwords – published on web  Nationwide and Allied Insurance Co. – 1.1 million applicants’ info  South Carolina DOR – 3.8 million tax records  Zappos – 24 million customer data  Government Sector – 94 million Personal Identifiable Information (PII)
  • 10. Cybercrime is on the rise www.ebusinessmantra.com
  • 12. Business of cybercrime  Cybercrime is a highly organized, well run profitable business  Hierarchal structure - specialists  Programmer, Hackers, Distributors, Hosting Providers, Money Mule, Cashiers,Tellers (FBI classification) www.ebusinessmantra.com Mule, Cashiers,Tellers (FBI classification)
  • 14. Fraudulent tax returns  Alabama: 1000 false returns for $1.7 million  LA County: 65 false returns for $358,000 www.ebusinessmantra.com  Fort Lauderdale: 2000 false tax returns were filed from 10/2010 - 6/2012 for $11 million.
  • 15. Your identity @ bargain price… Fullz Info USAType A package # of records Price/record Full Name Email address + password PhysicalAddress Phone Number 1- 499 0.25 500 - 4999 0.22 5000 - 9999 0.18 www.ebusinessmantra.com Phone Number DOB, SSN, DL Numbers Bank Name,Account number + routing number Employer's name + # years of employment 10000 - 16499 0.16 Fullz Info USAType B package includes mother’s maiden name. Web site claims to have 99 to 100% of people in US in their database and have most upto date database.
  • 16. Typical Offers on Black Market - Price List Products Price Credit card details $2 - $90 Physical credit cards $190 + cost of details Card cloners $200 - $1000 Bank credentials $80 to $700 (with guaranteed balance) www.ebusinessmantra.com Bank credentials $80 to $700 (with guaranteed balance) Bank transfers and cashing checks from 10% to 40% of total Online stores and pay platforms $80 - $1500 with guaranteed balance
  • 17. (In)Security Landscape  Pretty grim, sobering landscape!  Notable web sites have been hacked (Govt., security firms, banks)  Many are not reported and many more do not know they are being hacked. Your web site might www.ebusinessmantra.com know they are being hacked. Your web site might have been hacked and you may be unaware of it.  Organized crimes, blackmail/extortion, defraud IRS  High costs to remediate: $90 - $300 per record, plus lost business, tangible and intangible losses
  • 18. How does it work on the web?  Hackers exploit vulnerabilities in the code  to steal data  to make you, web site users, do things that you did not intend to  to distribute and install malware, ransom-ware, in general, bad- ware www.ebusinessmantra.com ware  Monitor your activities on the computer, web site and report data
  • 19. We are Small Business, it does not matter to us…  S&M are most vulnerable because they don’t have resources that large organizations have.  Your site could be used to launch or distribute malware www.ebusinessmantra.com Your site could be used to launch or distribute malware  You may not think you are at risk – but actually you could be – usingWordPress or some other platform which may be vulnerable  Google search for vulnerabilities inWordPress site.
  • 20. We don’t have anything of value on our web site…  Even if you don’t believe you have anything of value on your website, it could be used as a means for malicious acts. Here are some negative side- effects:  Credibility www.ebusinessmantra.com  Block -Your business website could be blocked by your Internet service provider or even Google, Bing, and other search engines.  http://www.google.com/safebrowsing/diagnostic?site=domainname  Blacklisting -Your email address or entire domain could be blacklisted by spam filtering services.  http://www.spamhaus.org: Track internet spam senders and spam services and provide real-time anti- spam protection and to identify and pursue spammers worldwide  Time and money - remediation
  • 21. Myths about security  We have SSL (https) on my web site  Our network has firewalls  Our site is password protected  Our developers will deal with security www.ebusinessmantra.com  Our developers will deal with security  Our OS and software are upto date and patched  These are essential but none of these protect your web site from being hacked.
  • 22. Are you chasing the mice or protecting the cheese? www.ebusinessmantra.com
  • 23. Web Application Model www.ebusinessmantra.com • Attack passes as normal traffic through ports 80 & 443 • SSL, Network, OS securities cannot protect web applications
  • 24. Vulnerability Exploits - Hacking 101  Demo  SQL Injection  Cross Site Scripting  Google Hacking www.ebusinessmantra.com
  • 25. Injection Attack  Very widely used by hackers and is one of the top 10 vulnerabilities in web applications  SQL Injection Attack Demo www.ebusinessmantra.com
  • 26. Cross Site Scripting Attack  Another very frequently used attack method - Demo www.ebusinessmantra.com
  • 27. Google hacking demo  Have you Googled yourself or your business?  Advance Google search –  Demo  inurl:admin intext:username=AND email=AND password= OR pass= filetype:xls www.ebusinessmantra.com filetype:xls  "your password is" filetype:txt  Tools that can do the search for you - demo
  • 28. How do you minimize risk?  Awareness  All stakeholders must recognize the risks and work towards mitigation  Culture within the organization, mandate from the management  Examples – IT (network security), coders (perplexed), management (state of denial), users (unsafe browsing, cool sites!)  Develop security strategy  Secure Coding Practices during SDLC  Developers need to understand the threats; write secure code; follow www.ebusinessmantra.com  Developers need to understand the threats; write secure code; follow published guidelines  Resource Intensive: time and $ - training, coding, testing  QA  During all stages of application development life cycle  At regular intervals while in production  Web Application Scanning, static code analysis  Monitoring  Web Application Scanning (demo)  Web Application Firewall  Database Firewall  Compliance
  • 29. Security Strategy  Web Site Scanning  Snapshot of vulnerabilities (new vulnerabilities), fix vulnerabilities, and install patches  Web Application Firewall  Real time, continuous  Set policies to alerts and/or block attacks www.ebusinessmantra.com  Set policies to alerts and/or block attacks  Virtual patch from scanning results  Block traffic from certain region  Database Firewall  Data Protection  Set policies to alert and/or block attacks  (Prevent) Internal and external threats  Secured Hosting
  • 30. PCI Requirements for Credit Cards www.ebusinessmantra.com
  • 31. OWASP Top 10 vulnerabilities – set by worldwide security experts www.ebusinessmantra.com
  • 32. Section 6 of PCI DSS www.ebusinessmantra.com
  • 33. PCI DSS Requirements – web related www.ebusinessmantra.com
  • 34. Security Tools  WebApplication Scanner  WebApplication Firewall  Database Firewall www.ebusinessmantra.com  Database Firewall  Secured Hosting
  • 35. Demo – Vulnerability Scanning www.ebusinessmantra.com
  • 36. How can we help…  Security Assessment  Develop a strategy  Implement strategy  Training www.ebusinessmantra.com  Training
  • 37. Take away  Web presence and doing business on web is essential  Security should also be part of the web strategy  Internal and external threats  Develop a strategy for securing data www.ebusinessmantra.com  Develop a strategy for securing data  Take action  Call us if you need help with securing your digital assests.
  • 39. References  2012-DataBreachQuickView by Risk Based Security  The Cyber Crime Black Market – by Panda Security  Web Sites:  http://www.crn.com/slide-shows/security/240144596/the-top-10-security-breaches-of-2012.htm  http://www.esecurityplanet.com/network-security/salem-state-university-suffers-security-breach.html  http://datalossdb.org/incident_highlights/58-nothing-is-certain-but-death-taxes-and-identity-theft  http://www.securityweek.com/economic-update-cybercrime-economy-current-prices-black-market http://www.sbnonline.com/2012/01/your-personally-identifiable-information-it%E2%80%99s-valuable- www.ebusinessmantra.com  http://www.sbnonline.com/2012/01/your-personally-identifiable-information-it%E2%80%99s-valuable- to-someone/  http://it.toolbox.com/blogs/managing-infosec/google-hacking-master-list-28302  http://stopbadware.org  http://www.ncbi.nlm.nih.gov/pmc/articles/PMC1761937/  http://www.howcast.com/guides/593-How-to-Maintain-Internet-Security-and-Privacy  http://www.ftc.gov/bcp/menus/consumer/tech/privacy.shtm  http://www.whitehouse.gov/files/documents/cyber/National%20Cyber%20Security%20Alliance%20- %20Harris+Online+Security+and+Privacy+Study.pdf
  • 40. Resources  OWASP www.owasp.org  Dataloss www.dataloss.org  Calculate your risk: https://databreachcalculator.com  Ebusinessmantra www.ebusinessmantra.com www.ebusinessmantra.com  Ebusinessmantra www.ebusinessmantra.com