SlideShare una empresa de Scribd logo

Seven Business Logic Flaws that put your Website at Risk - Harvard (07062008)

Jeremiah Grossman
Jeremiah Grossman

Session handling, credit card transactions, and password recovery are just a few examples of Web-enabled business logic processes that malicious hackers have abused to compromise major websites. These types of vulnerabilities are routinely overlooked during QA because the process is intended to test what a piece of code is supposed to do and not what it can be made to do. The other problem(s) with business logic flaws is scanners can’t identify them, IDS can’t detect them, and Web application firewalls can’t defend them. Plus, the more sophisticated and Web 2.0 feature-rich a website, the more prone it is to have flaws in business logic.

EmpresarialesTecnología
1 de 55
Descargar para leer sin conexión
Seven Business Logic Flaws that put your Website at Risk Jeremiah Grossman WhiteHat Security founder CTO © 2008 WhiteHat Security, Inc. 1
2 Jeremiah Grossman • WhiteHat Security Founder CTO • Technology R and industry evangelist (recently named to named to InfoWorld's CTO 25 List) • Frequent international conference speaker • Co-founder of the Web Application Security Consortium • Co-author: Cross-Site Scripting Attacks • Former Yahoo! information security officer © 2008 WhiteHat Security, Inc. 2
Seven Business Logic Flaws that put your Website at Risk - Harvard (07062008)
Seven Business Logic Flaws that put your Website at Risk - Harvard (07062008)
Seven Business Logic Flaws that put your Website at Risk - Harvard (07062008)
Seven Business Logic Flaws that put your Website at Risk - Harvard (07062008)
Seven Business Logic Flaws that put your Website at Risk - Harvard (07062008)
Seven Business Logic Flaws that put your Website at Risk - Harvard (07062008)
Seven Business Logic Flaws that put your Website at Risk - Harvard (07062008)
Seven Business Logic Flaws that put your Website at Risk - Harvard (07062008)
Seven Business Logic Flaws that put your Website at Risk - Harvard (07062008)
Seven Business Logic Flaws that put your Website at Risk - Harvard (07062008)
Seven Business Logic Flaws that put your Website at Risk - Harvard (07062008)
Seven Business Logic Flaws that put your Website at Risk - Harvard (07062008)
Seven Business Logic Flaws that put your Website at Risk - Harvard (07062008)
Seven Business Logic Flaws that put your Website at Risk - Harvard (07062008)
Seven Business Logic Flaws that put your Website at Risk - Harvard (07062008)
Seven Business Logic Flaws that put your Website at Risk - Harvard (07062008)
Seven Business Logic Flaws that put your Website at Risk - Harvard (07062008)
Seven Business Logic Flaws that put your Website at Risk - Harvard (07062008)
Seven Business Logic Flaws that put your Website at Risk - Harvard (07062008)
Seven Business Logic Flaws that put your Website at Risk - Harvard (07062008)
Seven Business Logic Flaws that put your Website at Risk - Harvard (07062008)
Seven Business Logic Flaws that put your Website at Risk - Harvard (07062008)
Seven Business Logic Flaws that put your Website at Risk - Harvard (07062008)
Seven Business Logic Flaws that put your Website at Risk - Harvard (07062008)
Seven Business Logic Flaws that put your Website at Risk - Harvard (07062008)
Seven Business Logic Flaws that put your Website at Risk - Harvard (07062008)
Seven Business Logic Flaws that put your Website at Risk - Harvard (07062008)
Seven Business Logic Flaws that put your Website at Risk - Harvard (07062008)
Seven Business Logic Flaws that put your Website at Risk - Harvard (07062008)
Seven Business Logic Flaws that put your Website at Risk - Harvard (07062008)
Seven Business Logic Flaws that put your Website at Risk - Harvard (07062008)
Seven Business Logic Flaws that put your Website at Risk - Harvard (07062008)
Seven Business Logic Flaws that put your Website at Risk - Harvard (07062008)
Seven Business Logic Flaws that put your Website at Risk - Harvard (07062008)
Seven Business Logic Flaws that put your Website at Risk - Harvard (07062008)
Seven Business Logic Flaws that put your Website at Risk - Harvard (07062008)
Seven Business Logic Flaws that put your Website at Risk - Harvard (07062008)
Seven Business Logic Flaws that put your Website at Risk - Harvard (07062008)
Seven Business Logic Flaws that put your Website at Risk - Harvard (07062008)
Seven Business Logic Flaws that put your Website at Risk - Harvard (07062008)
Seven Business Logic Flaws that put your Website at Risk - Harvard (07062008)
Seven Business Logic Flaws that put your Website at Risk - Harvard (07062008)
Seven Business Logic Flaws that put your Website at Risk - Harvard (07062008)
Seven Business Logic Flaws that put your Website at Risk - Harvard (07062008)
Seven Business Logic Flaws that put your Website at Risk - Harvard (07062008)
Seven Business Logic Flaws that put your Website at Risk - Harvard (07062008)
Seven Business Logic Flaws that put your Website at Risk - Harvard (07062008)
Seven Business Logic Flaws that put your Website at Risk - Harvard (07062008)
Seven Business Logic Flaws that put your Website at Risk - Harvard (07062008)
Seven Business Logic Flaws that put your Website at Risk - Harvard (07062008)
Seven Business Logic Flaws that put your Website at Risk - Harvard (07062008)
Seven Business Logic Flaws that put your Website at Risk - Harvard (07062008)
Seven Business Logic Flaws that put your Website at Risk - Harvard (07062008)

Recomendados

Security Exploit of Business Logic Flaws, Business Logic Attacks
Security Exploit of Business Logic Flaws, Business Logic AttacksSecurity Exploit of Business Logic Flaws, Business Logic Attacks
Security Exploit of Business Logic Flaws, Business Logic AttacksMarco Morana
 
Web2 journalsmanuscripteditingmuenning
Web2 journalsmanuscripteditingmuenningWeb2 journalsmanuscripteditingmuenning
Web2 journalsmanuscripteditingmuenningSociety for Scholarly Publishing
 
BC OAG Maturity of Computer Controls in5slides
BC OAG Maturity of Computer Controls in5slidesBC OAG Maturity of Computer Controls in5slides
BC OAG Maturity of Computer Controls in5slidesTim Kirby
 
Best practices in website design
Best practices in website designBest practices in website design
Best practices in website designTabby Farney
 
Welcome in Czechoslovakia. Any startups here?
Welcome in Czechoslovakia. Any startups here?Welcome in Czechoslovakia. Any startups here?
Welcome in Czechoslovakia. Any startups here?Jan Horna
 
Measuring Web Content Readability & Consistency - with VisibleThread Clarity ...
Measuring Web Content Readability & Consistency - with VisibleThread Clarity ...Measuring Web Content Readability & Consistency - with VisibleThread Clarity ...
Measuring Web Content Readability & Consistency - with VisibleThread Clarity ...Clarity Grader
 
Content Maturity Model
Content Maturity ModelContent Maturity Model
Content Maturity ModelComBlu, Inc.
 
Measuring Marketing Governance Maturity
Measuring Marketing Governance MaturityMeasuring Marketing Governance Maturity
Measuring Marketing Governance MaturityDemand Metric
 

Recomendados

Security Exploit of Business Logic Flaws, Business Logic Attacks
Security Exploit of Business Logic Flaws, Business Logic AttacksSecurity Exploit of Business Logic Flaws, Business Logic Attacks
Security Exploit of Business Logic Flaws, Business Logic AttacksMarco Morana
 
Web2 journalsmanuscripteditingmuenning
Web2 journalsmanuscripteditingmuenningWeb2 journalsmanuscripteditingmuenning
Web2 journalsmanuscripteditingmuenningSociety for Scholarly Publishing
 
BC OAG Maturity of Computer Controls in5slides
BC OAG Maturity of Computer Controls in5slidesBC OAG Maturity of Computer Controls in5slides
BC OAG Maturity of Computer Controls in5slidesTim Kirby
 
Best practices in website design
Best practices in website designBest practices in website design
Best practices in website designTabby Farney
 
Welcome in Czechoslovakia. Any startups here?
Welcome in Czechoslovakia. Any startups here?Welcome in Czechoslovakia. Any startups here?
Welcome in Czechoslovakia. Any startups here?Jan Horna
 
Measuring Web Content Readability & Consistency - with VisibleThread Clarity ...
Measuring Web Content Readability & Consistency - with VisibleThread Clarity ...Measuring Web Content Readability & Consistency - with VisibleThread Clarity ...
Measuring Web Content Readability & Consistency - with VisibleThread Clarity ...Clarity Grader
 
Content Maturity Model
Content Maturity ModelContent Maturity Model
Content Maturity ModelComBlu, Inc.
 
Measuring Marketing Governance Maturity
Measuring Marketing Governance MaturityMeasuring Marketing Governance Maturity
Measuring Marketing Governance MaturityDemand Metric
 
Ret Barbosa
Ret BarbosaRet Barbosa
Ret Barbosakacdown
 
Sociální sítě - Workshop
Sociální sítě - WorkshopSociální sítě - Workshop
Sociální sítě - WorkshopJan Horna
 
The Case for a Web Audit: Your 360 Degree Performance Review
The Case for a Web Audit: Your 360 Degree Performance ReviewThe Case for a Web Audit: Your 360 Degree Performance Review
The Case for a Web Audit: Your 360 Degree Performance ReviewKathy McShea
 
Data Governance Maturity Model Thesis
Data Governance Maturity Model ThesisData Governance Maturity Model Thesis
Data Governance Maturity Model ThesisJan Merkus
 
Best Practices for Structuring Your Web Content
Best Practices for Structuring Your Web ContentBest Practices for Structuring Your Web Content
Best Practices for Structuring Your Web ContentBen MacNeill
 
WhiteHat Security Presentation
WhiteHat Security PresentationWhiteHat Security Presentation
WhiteHat Security Presentationmarkgmeyer
 
Implementing the Four Pillars of the SharePoint Governance Maturity Model
Implementing the Four Pillars of the SharePoint Governance Maturity ModelImplementing the Four Pillars of the SharePoint Governance Maturity Model
Implementing the Four Pillars of the SharePoint Governance Maturity ModelChristian Buckley
 
Website Governance: Tips for Defining a Successful Strategy
Website Governance: Tips for Defining a Successful StrategyWebsite Governance: Tips for Defining a Successful Strategy
Website Governance: Tips for Defining a Successful StrategyPercussion Software
 
Website Governance Document
Website Governance DocumentWebsite Governance Document
Website Governance DocumentDemand Metric
 
Governance Maturity Assessment Report
Governance Maturity Assessment ReportGovernance Maturity Assessment Report
Governance Maturity Assessment Reportsmcasas
 
A Practical Web Governance Framework
A Practical Web Governance FrameworkA Practical Web Governance Framework
A Practical Web Governance FrameworkShane Diffily
 
Small business consultant performance appraisal
Small business consultant performance appraisalSmall business consultant performance appraisal
Small business consultant performance appraisalmartinnick967
 
Content marketing maturity map & e-guide
Content marketing maturity map & e-guideContent marketing maturity map & e-guide
Content marketing maturity map & e-guideHind Al Nahedh
 
Risk Management Maturity Model (RMMM)
Risk Management Maturity Model (RMMM)Risk Management Maturity Model (RMMM)
Risk Management Maturity Model (RMMM)Adnan Naseem
 
Web Governance: Where Strategy Meets Structure
Web Governance: Where Strategy Meets StructureWeb Governance: Where Strategy Meets Structure
Web Governance: Where Strategy Meets StructurePeter Morville
 
Planning for Content Governance
Planning for Content GovernancePlanning for Content Governance
Planning for Content GovernanceRick Allen
 
Rethinking Website Design: Creating a Peak-Performing Website with Less Risk ...
Rethinking Website Design: Creating a Peak-Performing Website with Less Risk ...Rethinking Website Design: Creating a Peak-Performing Website with Less Risk ...
Rethinking Website Design: Creating a Peak-Performing Website with Less Risk ...HubSpot
 
It governance & cobit 5
It governance & cobit 5It governance & cobit 5
It governance & cobit 5Laddawan Rattanaruang
 
All these vulnerabilities, rarely matter
All these vulnerabilities, rarely matterAll these vulnerabilities, rarely matter
All these vulnerabilities, rarely matterJeremiah Grossman
 
How to Determine Your Attack Surface in the Healthcare Sector
How to Determine Your Attack Surface in the Healthcare SectorHow to Determine Your Attack Surface in the Healthcare Sector
How to Determine Your Attack Surface in the Healthcare SectorJeremiah Grossman
 
The Attack Surface of the Healthcare Industry
The Attack Surface of the Healthcare IndustryThe Attack Surface of the Healthcare Industry
The Attack Surface of the Healthcare IndustryJeremiah Grossman
 
Exploring the Psychological Mechanisms used in Ransomware Splash Screens
Exploring the Psychological Mechanisms used in Ransomware Splash ScreensExploring the Psychological Mechanisms used in Ransomware Splash Screens
Exploring the Psychological Mechanisms used in Ransomware Splash ScreensJeremiah Grossman
 

Más contenido relacionado

Destacado

Ret Barbosa
Ret BarbosaRet Barbosa
Ret Barbosakacdown
 
Sociální sítě - Workshop
Sociální sítě - WorkshopSociální sítě - Workshop
Sociální sítě - WorkshopJan Horna
 
The Case for a Web Audit: Your 360 Degree Performance Review
The Case for a Web Audit: Your 360 Degree Performance ReviewThe Case for a Web Audit: Your 360 Degree Performance Review
The Case for a Web Audit: Your 360 Degree Performance ReviewKathy McShea
 
Data Governance Maturity Model Thesis
Data Governance Maturity Model ThesisData Governance Maturity Model Thesis
Data Governance Maturity Model ThesisJan Merkus
 
Best Practices for Structuring Your Web Content
Best Practices for Structuring Your Web ContentBest Practices for Structuring Your Web Content
Best Practices for Structuring Your Web ContentBen MacNeill
 
WhiteHat Security Presentation
WhiteHat Security PresentationWhiteHat Security Presentation
WhiteHat Security Presentationmarkgmeyer
 
Implementing the Four Pillars of the SharePoint Governance Maturity Model
Implementing the Four Pillars of the SharePoint Governance Maturity ModelImplementing the Four Pillars of the SharePoint Governance Maturity Model
Implementing the Four Pillars of the SharePoint Governance Maturity ModelChristian Buckley
 
Website Governance: Tips for Defining a Successful Strategy
Website Governance: Tips for Defining a Successful StrategyWebsite Governance: Tips for Defining a Successful Strategy
Website Governance: Tips for Defining a Successful StrategyPercussion Software
 
Website Governance Document
Website Governance DocumentWebsite Governance Document
Website Governance DocumentDemand Metric
 
Governance Maturity Assessment Report
Governance Maturity Assessment ReportGovernance Maturity Assessment Report
Governance Maturity Assessment Reportsmcasas
 
A Practical Web Governance Framework
A Practical Web Governance FrameworkA Practical Web Governance Framework
A Practical Web Governance FrameworkShane Diffily
 
Small business consultant performance appraisal
Small business consultant performance appraisalSmall business consultant performance appraisal
Small business consultant performance appraisalmartinnick967
 
Content marketing maturity map & e-guide
Content marketing maturity map & e-guideContent marketing maturity map & e-guide
Content marketing maturity map & e-guideHind Al Nahedh
 
Risk Management Maturity Model (RMMM)
Risk Management Maturity Model (RMMM)Risk Management Maturity Model (RMMM)
Risk Management Maturity Model (RMMM)Adnan Naseem
 
Web Governance: Where Strategy Meets Structure
Web Governance: Where Strategy Meets StructureWeb Governance: Where Strategy Meets Structure
Web Governance: Where Strategy Meets StructurePeter Morville
 
Planning for Content Governance
Planning for Content GovernancePlanning for Content Governance
Planning for Content GovernanceRick Allen
 
Rethinking Website Design: Creating a Peak-Performing Website with Less Risk ...
Rethinking Website Design: Creating a Peak-Performing Website with Less Risk ...Rethinking Website Design: Creating a Peak-Performing Website with Less Risk ...
Rethinking Website Design: Creating a Peak-Performing Website with Less Risk ...HubSpot
 

Destacado (18)

Ret Barbosa
Ret BarbosaRet Barbosa
Ret Barbosa
 
Sociální sítě - Workshop
Sociální sítě - WorkshopSociální sítě - Workshop
Sociální sítě - Workshop
 
The Case for a Web Audit: Your 360 Degree Performance Review
The Case for a Web Audit: Your 360 Degree Performance ReviewThe Case for a Web Audit: Your 360 Degree Performance Review
The Case for a Web Audit: Your 360 Degree Performance Review
 
Data Governance Maturity Model Thesis
Data Governance Maturity Model ThesisData Governance Maturity Model Thesis
Data Governance Maturity Model Thesis
 
Best Practices for Structuring Your Web Content
Best Practices for Structuring Your Web ContentBest Practices for Structuring Your Web Content
Best Practices for Structuring Your Web Content
 
WhiteHat Security Presentation
WhiteHat Security PresentationWhiteHat Security Presentation
WhiteHat Security Presentation
 
Implementing the Four Pillars of the SharePoint Governance Maturity Model
Implementing the Four Pillars of the SharePoint Governance Maturity ModelImplementing the Four Pillars of the SharePoint Governance Maturity Model
Implementing the Four Pillars of the SharePoint Governance Maturity Model
 
Website Governance: Tips for Defining a Successful Strategy
Website Governance: Tips for Defining a Successful StrategyWebsite Governance: Tips for Defining a Successful Strategy
Website Governance: Tips for Defining a Successful Strategy
 
Website Governance Document
Website Governance DocumentWebsite Governance Document
Website Governance Document
 
Governance Maturity Assessment Report
Governance Maturity Assessment ReportGovernance Maturity Assessment Report
Governance Maturity Assessment Report
 
A Practical Web Governance Framework
A Practical Web Governance FrameworkA Practical Web Governance Framework
A Practical Web Governance Framework
 
Small business consultant performance appraisal
Small business consultant performance appraisalSmall business consultant performance appraisal
Small business consultant performance appraisal
 
Content marketing maturity map & e-guide
Content marketing maturity map & e-guideContent marketing maturity map & e-guide
Content marketing maturity map & e-guide
 
Risk Management Maturity Model (RMMM)
Risk Management Maturity Model (RMMM)Risk Management Maturity Model (RMMM)
Risk Management Maturity Model (RMMM)
 
Web Governance: Where Strategy Meets Structure
Web Governance: Where Strategy Meets StructureWeb Governance: Where Strategy Meets Structure
Web Governance: Where Strategy Meets Structure
 
Planning for Content Governance
Planning for Content GovernancePlanning for Content Governance
Planning for Content Governance
 
Rethinking Website Design: Creating a Peak-Performing Website with Less Risk ...
Rethinking Website Design: Creating a Peak-Performing Website with Less Risk ...Rethinking Website Design: Creating a Peak-Performing Website with Less Risk ...
Rethinking Website Design: Creating a Peak-Performing Website with Less Risk ...
 
It governance & cobit 5
It governance & cobit 5It governance & cobit 5
It governance & cobit 5
 

Más de Jeremiah Grossman

All these vulnerabilities, rarely matter
All these vulnerabilities, rarely matterAll these vulnerabilities, rarely matter
All these vulnerabilities, rarely matterJeremiah Grossman
 
How to Determine Your Attack Surface in the Healthcare Sector
How to Determine Your Attack Surface in the Healthcare SectorHow to Determine Your Attack Surface in the Healthcare Sector
How to Determine Your Attack Surface in the Healthcare SectorJeremiah Grossman
 
The Attack Surface of the Healthcare Industry
The Attack Surface of the Healthcare IndustryThe Attack Surface of the Healthcare Industry
The Attack Surface of the Healthcare IndustryJeremiah Grossman
 
Exploring the Psychological Mechanisms used in Ransomware Splash Screens
Exploring the Psychological Mechanisms used in Ransomware Splash ScreensExploring the Psychological Mechanisms used in Ransomware Splash Screens
Exploring the Psychological Mechanisms used in Ransomware Splash ScreensJeremiah Grossman
 
What the Kidnapping & Ransom Economy Teaches Us About Ransomware
What the Kidnapping & Ransom Economy Teaches Us About RansomwareWhat the Kidnapping & Ransom Economy Teaches Us About Ransomware
What the Kidnapping & Ransom Economy Teaches Us About RansomwareJeremiah Grossman
 
What the Kidnapping & Ransom Economy Teaches Us About Ransomware
What the Kidnapping & Ransom Economy Teaches Us About RansomwareWhat the Kidnapping & Ransom Economy Teaches Us About Ransomware
What the Kidnapping & Ransom Economy Teaches Us About RansomwareJeremiah Grossman
 
Next Generation Endpoint Prtection Buyers Guide
Next Generation Endpoint Prtection Buyers GuideNext Generation Endpoint Prtection Buyers Guide
Next Generation Endpoint Prtection Buyers GuideJeremiah Grossman
 
Can Ransomware Ever Be Defeated?
Can Ransomware Ever Be Defeated?Can Ransomware Ever Be Defeated?
Can Ransomware Ever Be Defeated?Jeremiah Grossman
 
Ransomware is Here: Fundamentals Everyone Needs to Know
Ransomware is Here: Fundamentals Everyone Needs to KnowRansomware is Here: Fundamentals Everyone Needs to Know
Ransomware is Here: Fundamentals Everyone Needs to KnowJeremiah Grossman
 
Web Application Security Statistics Report 2016
Web Application Security Statistics Report 2016Web Application Security Statistics Report 2016
Web Application Security Statistics Report 2016Jeremiah Grossman
 
15 Years of Web Security: The Rebellious Teenage Years
15 Years of Web Security: The Rebellious Teenage Years15 Years of Web Security: The Rebellious Teenage Years
15 Years of Web Security: The Rebellious Teenage YearsJeremiah Grossman
 
15 Years of Web Security: The Rebellious Teenage Years
15 Years of Web Security: The Rebellious Teenage Years15 Years of Web Security: The Rebellious Teenage Years
15 Years of Web Security: The Rebellious Teenage YearsJeremiah Grossman
 
Where Flow Charts Don’t Go -- Website Security Statistics Report (2015)
Where Flow Charts Don’t Go -- Website Security Statistics Report (2015)Where Flow Charts Don’t Go -- Website Security Statistics Report (2015)
Where Flow Charts Don’t Go -- Website Security Statistics Report (2015)Jeremiah Grossman
 
WhiteHat’s Website Security Statistics Report 2015
WhiteHat’s Website Security Statistics Report 2015WhiteHat’s Website Security Statistics Report 2015
WhiteHat’s Website Security Statistics Report 2015Jeremiah Grossman
 
No More Snake Oil: Why InfoSec Needs Security Guarantees
No More Snake Oil: Why InfoSec Needs Security GuaranteesNo More Snake Oil: Why InfoSec Needs Security Guarantees
No More Snake Oil: Why InfoSec Needs Security GuaranteesJeremiah Grossman
 
WhiteHat Security 2014 Statistics Report Explained
WhiteHat Security 2014 Statistics Report ExplainedWhiteHat Security 2014 Statistics Report Explained
WhiteHat Security 2014 Statistics Report ExplainedJeremiah Grossman
 
WhiteHat 2014 Website Security Statistics Report
WhiteHat 2014 Website Security Statistics ReportWhiteHat 2014 Website Security Statistics Report
WhiteHat 2014 Website Security Statistics ReportJeremiah Grossman
 
WhiteHat Security Website Statistics [Full Report] (2013)
WhiteHat Security Website Statistics [Full Report] (2013)WhiteHat Security Website Statistics [Full Report] (2013)
WhiteHat Security Website Statistics [Full Report] (2013)Jeremiah Grossman
 
Top Ten Web Hacking Techniques of 2012
Top Ten Web Hacking Techniques of 2012Top Ten Web Hacking Techniques of 2012
Top Ten Web Hacking Techniques of 2012Jeremiah Grossman
 

Más de Jeremiah Grossman (20)

All these vulnerabilities, rarely matter
All these vulnerabilities, rarely matterAll these vulnerabilities, rarely matter
All these vulnerabilities, rarely matter
 
How to Determine Your Attack Surface in the Healthcare Sector
How to Determine Your Attack Surface in the Healthcare SectorHow to Determine Your Attack Surface in the Healthcare Sector
How to Determine Your Attack Surface in the Healthcare Sector
 
The Attack Surface of the Healthcare Industry
The Attack Surface of the Healthcare IndustryThe Attack Surface of the Healthcare Industry
The Attack Surface of the Healthcare Industry
 
Exploring the Psychological Mechanisms used in Ransomware Splash Screens
Exploring the Psychological Mechanisms used in Ransomware Splash ScreensExploring the Psychological Mechanisms used in Ransomware Splash Screens
Exploring the Psychological Mechanisms used in Ransomware Splash Screens
 
What the Kidnapping & Ransom Economy Teaches Us About Ransomware
What the Kidnapping & Ransom Economy Teaches Us About RansomwareWhat the Kidnapping & Ransom Economy Teaches Us About Ransomware
What the Kidnapping & Ransom Economy Teaches Us About Ransomware
 
What the Kidnapping & Ransom Economy Teaches Us About Ransomware
What the Kidnapping & Ransom Economy Teaches Us About RansomwareWhat the Kidnapping & Ransom Economy Teaches Us About Ransomware
What the Kidnapping & Ransom Economy Teaches Us About Ransomware
 
Next Generation Endpoint Prtection Buyers Guide
Next Generation Endpoint Prtection Buyers GuideNext Generation Endpoint Prtection Buyers Guide
Next Generation Endpoint Prtection Buyers Guide
 
Can Ransomware Ever Be Defeated?
Can Ransomware Ever Be Defeated?Can Ransomware Ever Be Defeated?
Can Ransomware Ever Be Defeated?
 
Ransomware is Here: Fundamentals Everyone Needs to Know
Ransomware is Here: Fundamentals Everyone Needs to KnowRansomware is Here: Fundamentals Everyone Needs to Know
Ransomware is Here: Fundamentals Everyone Needs to Know
 
Web Application Security Statistics Report 2016
Web Application Security Statistics Report 2016Web Application Security Statistics Report 2016
Web Application Security Statistics Report 2016
 
15 Years of Web Security: The Rebellious Teenage Years
15 Years of Web Security: The Rebellious Teenage Years15 Years of Web Security: The Rebellious Teenage Years
15 Years of Web Security: The Rebellious Teenage Years
 
15 Years of Web Security: The Rebellious Teenage Years
15 Years of Web Security: The Rebellious Teenage Years15 Years of Web Security: The Rebellious Teenage Years
15 Years of Web Security: The Rebellious Teenage Years
 
Where Flow Charts Don’t Go -- Website Security Statistics Report (2015)
Where Flow Charts Don’t Go -- Website Security Statistics Report (2015)Where Flow Charts Don’t Go -- Website Security Statistics Report (2015)
Where Flow Charts Don’t Go -- Website Security Statistics Report (2015)
 
WhiteHat’s Website Security Statistics Report 2015
WhiteHat’s Website Security Statistics Report 2015WhiteHat’s Website Security Statistics Report 2015
WhiteHat’s Website Security Statistics Report 2015
 
No More Snake Oil: Why InfoSec Needs Security Guarantees
No More Snake Oil: Why InfoSec Needs Security GuaranteesNo More Snake Oil: Why InfoSec Needs Security Guarantees
No More Snake Oil: Why InfoSec Needs Security Guarantees
 
WhiteHat Security 2014 Statistics Report Explained
WhiteHat Security 2014 Statistics Report ExplainedWhiteHat Security 2014 Statistics Report Explained
WhiteHat Security 2014 Statistics Report Explained
 
WhiteHat 2014 Website Security Statistics Report
WhiteHat 2014 Website Security Statistics ReportWhiteHat 2014 Website Security Statistics Report
WhiteHat 2014 Website Security Statistics Report
 
Million Browser Botnet
Million Browser BotnetMillion Browser Botnet
Million Browser Botnet
 
WhiteHat Security Website Statistics [Full Report] (2013)
WhiteHat Security Website Statistics [Full Report] (2013)WhiteHat Security Website Statistics [Full Report] (2013)
WhiteHat Security Website Statistics [Full Report] (2013)
 
Top Ten Web Hacking Techniques of 2012
Top Ten Web Hacking Techniques of 2012Top Ten Web Hacking Techniques of 2012
Top Ten Web Hacking Techniques of 2012
 

Último

Call Girls Electronic City Just Call 👗 7737669865 👗 Top Class Call Girl Servi...
Call Girls Electronic City Just Call 👗 7737669865 👗 Top Class Call Girl Servi...Call Girls Electronic City Just Call 👗 7737669865 👗 Top Class Call Girl Servi...
Call Girls Electronic City Just Call 👗 7737669865 👗 Top Class Call Girl Servi...amitlee9823
 
Call Girls Hebbal Just Call 👗 7737669865 👗 Top Class Call Girl Service Bangalore
Call Girls Hebbal Just Call 👗 7737669865 👗 Top Class Call Girl Service BangaloreCall Girls Hebbal Just Call 👗 7737669865 👗 Top Class Call Girl Service Bangalore
Call Girls Hebbal Just Call 👗 7737669865 👗 Top Class Call Girl Service Bangaloreamitlee9823
 
Cheap Rate Call Girls In Noida Sector 62 Metro 959961乂3876
Cheap Rate Call Girls In Noida Sector 62 Metro 959961乂3876Cheap Rate Call Girls In Noida Sector 62 Metro 959961乂3876
Cheap Rate Call Girls In Noida Sector 62 Metro 959961乂3876dlhescort
 
Value Proposition canvas- Customer needs and pains
Value Proposition canvas- Customer needs and painsValue Proposition canvas- Customer needs and pains
Value Proposition canvas- Customer needs and painsP&CO
 
Business Model Canvas (BMC)- A new venture concept
Business Model Canvas (BMC)- A new venture conceptBusiness Model Canvas (BMC)- A new venture concept
Business Model Canvas (BMC)- A new venture conceptP&CO
 
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service Available
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service AvailableCall Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service Available
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service AvailableSeo
 
Dr. Admir Softic_ presentation_Green Club_ENG.pdf
Dr. Admir Softic_ presentation_Green Club_ENG.pdfDr. Admir Softic_ presentation_Green Club_ENG.pdf
Dr. Admir Softic_ presentation_Green Club_ENG.pdfAdmir Softic
 
Call Girls From Pari Chowk Greater Noida ❤️8448577510 ⊹Best Escorts Service I...
Call Girls From Pari Chowk Greater Noida ❤️8448577510 ⊹Best Escorts Service I...Call Girls From Pari Chowk Greater Noida ❤️8448577510 ⊹Best Escorts Service I...
Call Girls From Pari Chowk Greater Noida ❤️8448577510 ⊹Best Escorts Service I...lizamodels9
 
Falcon Invoice Discounting: The best investment platform in india for investors
Falcon Invoice Discounting: The best investment platform in india for investorsFalcon Invoice Discounting: The best investment platform in india for investors
Falcon Invoice Discounting: The best investment platform in india for investorsFalcon Invoice Discounting
 
The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...
The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...
The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...Aggregage
 
Call Girls From Raj Nagar Extension Ghaziabad❤️8448577510 ⊹Best Escorts Servi...
Call Girls From Raj Nagar Extension Ghaziabad❤️8448577510 ⊹Best Escorts Servi...Call Girls From Raj Nagar Extension Ghaziabad❤️8448577510 ⊹Best Escorts Servi...
Call Girls From Raj Nagar Extension Ghaziabad❤️8448577510 ⊹Best Escorts Servi...lizamodels9
 
Call Girls In Noida 959961⊹3876 Independent Escort Service Noida
Call Girls In Noida 959961⊹3876 Independent Escort Service NoidaCall Girls In Noida 959961⊹3876 Independent Escort Service Noida
Call Girls In Noida 959961⊹3876 Independent Escort Service Noidadlhescort
 
Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...
Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...
Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...amitlee9823
 
Phases of Negotiation .pptx
Phases of Negotiation .pptx Phases of Negotiation .pptx
Phases of Negotiation .pptxnandhinijagan9867
 
Whitefield CALL GIRL IN 98274*61493 ❤CALL GIRLS IN ESCORT SERVICE❤CALL GIRL
Whitefield CALL GIRL IN 98274*61493 ❤CALL GIRLS IN ESCORT SERVICE❤CALL GIRLWhitefield CALL GIRL IN 98274*61493 ❤CALL GIRLS IN ESCORT SERVICE❤CALL GIRL
Whitefield CALL GIRL IN 98274*61493 ❤CALL GIRLS IN ESCORT SERVICE❤CALL GIRLkapoorjyoti4444
 
Falcon's Invoice Discounting: Your Path to Prosperity
Falcon's Invoice Discounting: Your Path to ProsperityFalcon's Invoice Discounting: Your Path to Prosperity
Falcon's Invoice Discounting: Your Path to Prosperityhemanthkumar470700
 
Russian Call Girls In Gurgaon ❤️8448577510 ⊹Best Escorts Service In 24/7 Delh...
Russian Call Girls In Gurgaon ❤️8448577510 ⊹Best Escorts Service In 24/7 Delh...Russian Call Girls In Gurgaon ❤️8448577510 ⊹Best Escorts Service In 24/7 Delh...
Russian Call Girls In Gurgaon ❤️8448577510 ⊹Best Escorts Service In 24/7 Delh...lizamodels9
 
Lundin Gold - Q1 2024 Conference Call Presentation (Revised)
Lundin Gold - Q1 2024 Conference Call Presentation (Revised)Lundin Gold - Q1 2024 Conference Call Presentation (Revised)
Lundin Gold - Q1 2024 Conference Call Presentation (Revised)Adnet Communications
 
Famous Olympic Siblings from the 21st Century
Famous Olympic Siblings from the 21st CenturyFamous Olympic Siblings from the 21st Century
Famous Olympic Siblings from the 21st Centuryrwgiffor
 

Último (20)

Call Girls Electronic City Just Call 👗 7737669865 👗 Top Class Call Girl Servi...
Call Girls Electronic City Just Call 👗 7737669865 👗 Top Class Call Girl Servi...Call Girls Electronic City Just Call 👗 7737669865 👗 Top Class Call Girl Servi...
Call Girls Electronic City Just Call 👗 7737669865 👗 Top Class Call Girl Servi...
 
Call Girls Hebbal Just Call 👗 7737669865 👗 Top Class Call Girl Service Bangalore
Call Girls Hebbal Just Call 👗 7737669865 👗 Top Class Call Girl Service BangaloreCall Girls Hebbal Just Call 👗 7737669865 👗 Top Class Call Girl Service Bangalore
Call Girls Hebbal Just Call 👗 7737669865 👗 Top Class Call Girl Service Bangalore
 
Cheap Rate Call Girls In Noida Sector 62 Metro 959961乂3876
Cheap Rate Call Girls In Noida Sector 62 Metro 959961乂3876Cheap Rate Call Girls In Noida Sector 62 Metro 959961乂3876
Cheap Rate Call Girls In Noida Sector 62 Metro 959961乂3876
 
Value Proposition canvas- Customer needs and pains
Value Proposition canvas- Customer needs and painsValue Proposition canvas- Customer needs and pains
Value Proposition canvas- Customer needs and pains
 
Business Model Canvas (BMC)- A new venture concept
Business Model Canvas (BMC)- A new venture conceptBusiness Model Canvas (BMC)- A new venture concept
Business Model Canvas (BMC)- A new venture concept
 
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service Available
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service AvailableCall Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service Available
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service Available
 
Dr. Admir Softic_ presentation_Green Club_ENG.pdf
Dr. Admir Softic_ presentation_Green Club_ENG.pdfDr. Admir Softic_ presentation_Green Club_ENG.pdf
Dr. Admir Softic_ presentation_Green Club_ENG.pdf
 
Call Girls From Pari Chowk Greater Noida ❤️8448577510 ⊹Best Escorts Service I...
Call Girls From Pari Chowk Greater Noida ❤️8448577510 ⊹Best Escorts Service I...Call Girls From Pari Chowk Greater Noida ❤️8448577510 ⊹Best Escorts Service I...
Call Girls From Pari Chowk Greater Noida ❤️8448577510 ⊹Best Escorts Service I...
 
Falcon Invoice Discounting: The best investment platform in india for investors
Falcon Invoice Discounting: The best investment platform in india for investorsFalcon Invoice Discounting: The best investment platform in india for investors
Falcon Invoice Discounting: The best investment platform in india for investors
 
The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...
The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...
The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...
 
Call Girls From Raj Nagar Extension Ghaziabad❤️8448577510 ⊹Best Escorts Servi...
Call Girls From Raj Nagar Extension Ghaziabad❤️8448577510 ⊹Best Escorts Servi...Call Girls From Raj Nagar Extension Ghaziabad❤️8448577510 ⊹Best Escorts Servi...
Call Girls From Raj Nagar Extension Ghaziabad❤️8448577510 ⊹Best Escorts Servi...
 
Call Girls In Noida 959961⊹3876 Independent Escort Service Noida
Call Girls In Noida 959961⊹3876 Independent Escort Service NoidaCall Girls In Noida 959961⊹3876 Independent Escort Service Noida
Call Girls In Noida 959961⊹3876 Independent Escort Service Noida
 
Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...
Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...
Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...
 
Phases of Negotiation .pptx
Phases of Negotiation .pptx Phases of Negotiation .pptx
Phases of Negotiation .pptx
 
Whitefield CALL GIRL IN 98274*61493 ❤CALL GIRLS IN ESCORT SERVICE❤CALL GIRL
Whitefield CALL GIRL IN 98274*61493 ❤CALL GIRLS IN ESCORT SERVICE❤CALL GIRLWhitefield CALL GIRL IN 98274*61493 ❤CALL GIRLS IN ESCORT SERVICE❤CALL GIRL
Whitefield CALL GIRL IN 98274*61493 ❤CALL GIRLS IN ESCORT SERVICE❤CALL GIRL
 
Falcon's Invoice Discounting: Your Path to Prosperity
Falcon's Invoice Discounting: Your Path to ProsperityFalcon's Invoice Discounting: Your Path to Prosperity
Falcon's Invoice Discounting: Your Path to Prosperity
 
Falcon Invoice Discounting platform in india
Falcon Invoice Discounting platform in indiaFalcon Invoice Discounting platform in india
Falcon Invoice Discounting platform in india
 
Russian Call Girls In Gurgaon ❤️8448577510 ⊹Best Escorts Service In 24/7 Delh...
Russian Call Girls In Gurgaon ❤️8448577510 ⊹Best Escorts Service In 24/7 Delh...Russian Call Girls In Gurgaon ❤️8448577510 ⊹Best Escorts Service In 24/7 Delh...
Russian Call Girls In Gurgaon ❤️8448577510 ⊹Best Escorts Service In 24/7 Delh...
 
Lundin Gold - Q1 2024 Conference Call Presentation (Revised)
Lundin Gold - Q1 2024 Conference Call Presentation (Revised)Lundin Gold - Q1 2024 Conference Call Presentation (Revised)
Lundin Gold - Q1 2024 Conference Call Presentation (Revised)
 
Famous Olympic Siblings from the 21st Century
Famous Olympic Siblings from the 21st CenturyFamous Olympic Siblings from the 21st Century
Famous Olympic Siblings from the 21st Century
 

Seven Business Logic Flaws that put your Website at Risk - Harvard (07062008)

  • 1. Seven Business Logic Flaws that put your Website at Risk Jeremiah Grossman WhiteHat Security founder CTO © 2008 WhiteHat Security, Inc. 1
  • 2. 2 Jeremiah Grossman • WhiteHat Security Founder CTO • Technology R and industry evangelist (recently named to named to InfoWorld's CTO 25 List) • Frequent international conference speaker • Co-founder of the Web Application Security Consortium • Co-author: Cross-Site Scripting Attacks • Former Yahoo! information security officer © 2008 WhiteHat Security, Inc. 2