SlideShare una empresa de Scribd logo

Mitigating Web 2.0 Threats

Kim Jensen
Kim Jensen

Mitigating Web 2.0 Threats - Good report on threats from Web 2.0 websites like Facebook, LinkedIn, MySpace, YouTube, Live.com and others

Tecnología
1 de 21
Descargar para leer sin conexión
Mitigating Web 2.0 Threats Or, “This isn’t your mother’s internet!” David Sherry CISSP CISM Chief Information Security Officer Sponsored By: Brown University
Security @ Brown •Security evangelism •Public Safety support •Incident Response Team •Human Resources support •Audit support •Records Management •Compliance and legal •Business Continuity standards •Disaster Recovery •Firewalls, IDS, IPS, VPN, •Copyright / DMCA agent sniffers, A/V, DNS, etc…. •Discipline Committee •Security audits and •Mandatory / elective training certifications •Awareness 2
Today’s Agenda (or is it a mashup?) • Our changing world of security • What is web 2.0? • Attack vectors and areas of concern • The evolution of the threats….they’re nothing new! • What should be focused on • Recommendations to reduce the threat
Our World is Changing May you live in interesting times….. Chinese Proverb • Compliance is a key competency of security pros • Identity Theft is fastest growing crime • President’s Cyber Security Initiative provides spotlight • Online underground economy has matured • National and global economy means “do more with less” • Threat evolution: • Infrastructure > web/messaging > DLP > Web 2.0
What is Web 2.0? Used with permission via Creative Commons: http://kosmar.de/archives/2005/11/11/the-huge-cloud-lens-bubble-map-web20/
What is Web 2.0? From Wikipedia: (which is, itself, a 2.0 phenomenon) "Web 2.0" refers to web development and web design that facilitates interactive information sharing, interoperability, user-centered design and collaboration on the World Wide Web. Examples of Web 2.0 include web-based communities, hosted services, web applications, social-networking sites, video-sharing sites, wikis, blogs, mashups and folksonomies. A Web 2.0 site allows its users to interact with other users or to change website content, in contrast to non-interactive websites where users are limited to the passive viewing of information that is provided to them.
Common Web 2.0 Descriptors • “User generated content” • “Mashups and web services” • “Consumer and enterprise convergence” • “Diversity of client software” • “Complexity and asynchronous operations”
The Enterprise Triple-Threat of 2.0 1. Loss of productivity 2. Vulnerable to data leaks 3. Increased security risks
Characteristics of Web 2.0 Security • Web filtering is no longer adequate • AJAX, SAML, XML create problems for detection • RSS and RIA can enter directly into networks • Non-static makes identification difficult • High bandwidth use can hinder availability • User generated content hard to contain
Web 2.0 Attack Vectors • Blogs • Social networks • Web portals • Mashups • Pop-ups • Anonymizing proxies • Spamdexing • Widgets
Web 2.0 Areas of Concern • Client side issues • Transparency and cross-domain communications; AJAX and JavaScript attacks on the rise • Protocols • New protocols on top of HTTP/S (SOAP, XML, etc) • Information sources • Concerns over integrity, transiency, and diversity • Information structures • Variations of data structures, injection attacks • Server side • Architecture, authorization, and authentication weaknesses
Evolution of the Threats in 2.0 • USB and auto-run malicious code • Insiders are a threat, but they don’t know it • Adobe PDFs and Flash replace Word and Excel • Worms travel through social spaces into offices • DOS attacks against social networks • Malware travels via all conduits • Pop-ups advertise seemingly legitimate services and take advantage of current events
So what do you focus on? From Secure Enterprise 2.0, the dangers come from: 1. Insufficient authentication controls 2. Cross-site scripting 3. Cross-site request forgery 4. Phishing 5. Information leakage 6. Injection flaws 7. Information integrity 8. Insufficient anti-automation www.secure-enterprise20.org
Recommendations for Web 2.0 Technical: • Experts recommend a three-tiered, integrated data protection approach: • Maintain vigilant anti-virus protection • Establish a robust anti-malware protection program • Utilize an AJAX-aware analysis platform • Use real-time content and security scanning • Make sure browsers and plug-ins are patched • Don’t just patch “high” rated patches! • Remember your end points • Use encryption as a key strategic defense
Recommendations for Web 2.0 Managerial: • Ensure that your policies are current and address 2.0 • Subjective policy setting • Group level access • Productivity based policies • Use a Data Loss Prevention as an essential teaching tool • Education and awareness must go beyond passwords • Ensure cross-functional response and participation • Speak with data!
Ensuring a Defensive Web 2.0 Policy • Revisit your Acceptable Use Policy • View the policy from a web 2.0 lens • Be sure to cover new technologies like anonymizing proxies • Include other groups for strength • Human Resources, Risk Management, Privacy, Physical Security, Audit, and Legal • Step up your training and awareness for Web 2.0 concerns
Support your policy through technology • IDS / IPS • Bandwidth shaping and throttling • Standard images • Group policy objects • Firewall rules • Anti-virus, spyware, and malware • Monitor for your good name!
Summary • We are living in a changing world, and Web 2.0 is part of it • 2.0 brings added challenges and characteristics to security professionals • There are technical and managerial solutions to reduce Web 2.0 concerns • Like all emerging technologies and their related threats, a holistic security approach is needed
There is never enough time; thank you for some of yours. David Sherry, CISSP CISM Chief Information Security Officer Brown University Campus Box 1885 Providence, RI 02912 401.863-7266 david_sherry@brown.edu
Thanks to our Sponsors Product trial download page Free Whitepaper: Reduce shopping cart abandonment. Increase revenue.

Recomendados

Cloud security Deep Dive 2011
Cloud security Deep Dive 2011Cloud security Deep Dive 2011
Cloud security Deep Dive 2011Kim Jensen
 
State of Internet 2H 2008
State of Internet 2H 2008State of Internet 2H 2008
State of Internet 2H 2008Kim Jensen
 
Cybersecurity
CybersecurityCybersecurity
CybersecurityNational LECET
 
Cloudifying threats-understanding-cloud-app-attacks-and-defenses joa-eng_0118
Cloudifying threats-understanding-cloud-app-attacks-and-defenses joa-eng_0118Cloudifying threats-understanding-cloud-app-attacks-and-defenses joa-eng_0118
Cloudifying threats-understanding-cloud-app-attacks-and-defenses joa-eng_0118AngelaHoltby
 
Managing and Securing Web 2.0
Managing and Securing Web 2.0Managing and Securing Web 2.0
Managing and Securing Web 2.0Jason Edelstein
 
Security and privacy
Security and privacySecurity and privacy
Security and privacyMohammed Adam
 
Tim Willoughby presentation to cloud workshop 2016
Tim Willoughby presentation to cloud workshop 2016Tim Willoughby presentation to cloud workshop 2016
Tim Willoughby presentation to cloud workshop 2016Tim Willoughby
 
Cyber Security College Workshop
Cyber Security College WorkshopCyber Security College Workshop
Cyber Security College WorkshopRahul Nayan
 

Recomendados

Cloud security Deep Dive 2011
Cloud security Deep Dive 2011Cloud security Deep Dive 2011
Cloud security Deep Dive 2011Kim Jensen
 
State of Internet 2H 2008
State of Internet 2H 2008State of Internet 2H 2008
State of Internet 2H 2008Kim Jensen
 
Cybersecurity
CybersecurityCybersecurity
CybersecurityNational LECET
 
Cloudifying threats-understanding-cloud-app-attacks-and-defenses joa-eng_0118
Cloudifying threats-understanding-cloud-app-attacks-and-defenses joa-eng_0118Cloudifying threats-understanding-cloud-app-attacks-and-defenses joa-eng_0118
Cloudifying threats-understanding-cloud-app-attacks-and-defenses joa-eng_0118AngelaHoltby
 
Managing and Securing Web 2.0
Managing and Securing Web 2.0Managing and Securing Web 2.0
Managing and Securing Web 2.0Jason Edelstein
 
Security and privacy
Security and privacySecurity and privacy
Security and privacyMohammed Adam
 
Tim Willoughby presentation to cloud workshop 2016
Tim Willoughby presentation to cloud workshop 2016Tim Willoughby presentation to cloud workshop 2016
Tim Willoughby presentation to cloud workshop 2016Tim Willoughby
 
Cyber Security College Workshop
Cyber Security College WorkshopCyber Security College Workshop
Cyber Security College WorkshopRahul Nayan
 
Cyber Resilience
Cyber ResilienceCyber Resilience
Cyber ResilienceIan-Edward Stafrace
 
Cyberskills shortage: Where is the cyber workforce of tomorrow
Cyberskills shortage: Where is the cyber workforce of tomorrowCyberskills shortage: Where is the cyber workforce of tomorrow
Cyberskills shortage: Where is the cyber workforce of tomorrowStephen Cobb
 
ACS Talk (Melbourne) - The future of security
ACS Talk (Melbourne) - The future of securityACS Talk (Melbourne) - The future of security
ACS Talk (Melbourne) - The future of securitysiswarren
 
INSECURE Magazine - 39
INSECURE Magazine - 39INSECURE Magazine - 39
INSECURE Magazine - 39Felipe Prado
 
Master Thesis Security in Distributed Databases- Ian Lee
Master Thesis Security in Distributed Databases- Ian LeeMaster Thesis Security in Distributed Databases- Ian Lee
Master Thesis Security in Distributed Databases- Ian LeeIan Lee
 
Network Security of Data Protection
Network Security of Data ProtectionNetwork Security of Data Protection
Network Security of Data ProtectionUthsoNandy
 
Akamai___WebSecurity_eBook_Final
Akamai___WebSecurity_eBook_FinalAkamai___WebSecurity_eBook_Final
Akamai___WebSecurity_eBook_FinalCheryl Goldberg
 
The importance of information security nowadays
The importance of information security nowadaysThe importance of information security nowadays
The importance of information security nowadaysPECB
 
How To Defeat Advanced Malware. New Tools for Protection and Forensics
How To Defeat Advanced Malware. New Tools for Protection and ForensicsHow To Defeat Advanced Malware. New Tools for Protection and Forensics
How To Defeat Advanced Malware. New Tools for Protection and ForensicsLondon School of Cyber Security
 
Ijnsa050215
Ijnsa050215Ijnsa050215
Ijnsa050215IJNSA Journal
 
Isolation Platform - Data Sheet
Isolation Platform - Data SheetIsolation Platform - Data Sheet
Isolation Platform - Data SheetSutedjo Tjahjadi
 
Cyber Security 101: Training, awareness, strategies for small to medium sized...
Cyber Security 101: Training, awareness, strategies for small to medium sized...Cyber Security 101: Training, awareness, strategies for small to medium sized...
Cyber Security 101: Training, awareness, strategies for small to medium sized...Stephen Cobb
 
Cybersecurity for the non-technical
Cybersecurity for the non-technicalCybersecurity for the non-technical
Cybersecurity for the non-technicalStephen Cobb
 
Bulletproof IT Security
Bulletproof IT SecurityBulletproof IT Security
Bulletproof IT SecurityLondon School of Cyber Security
 
Wk online trust solutions overview january 2012
Wk online trust solutions overview january 2012Wk online trust solutions overview january 2012
Wk online trust solutions overview january 2012Creus Moreira Carlos
 
Etude sur le marché de la cyber sécurité (2011)
Etude sur le marché de la cyber sécurité (2011) Etude sur le marché de la cyber sécurité (2011)
Etude sur le marché de la cyber sécurité (2011) PwC France
 
TECHNICAL WHITE PAPER▶ Symantec Website Security Threat Report
TECHNICAL WHITE PAPER▶ Symantec Website Security Threat ReportTECHNICAL WHITE PAPER▶ Symantec Website Security Threat Report
TECHNICAL WHITE PAPER▶ Symantec Website Security Threat ReportSymantec
 
Sizing the Cyber Skills Gap
Sizing the Cyber Skills GapSizing the Cyber Skills Gap
Sizing the Cyber Skills GapStephen Cobb
 
Password and Account Management Strategies - April 2019
Password and Account Management Strategies - April 2019Password and Account Management Strategies - April 2019
Password and Account Management Strategies - April 2019Kimberley Dray
 
Overview of Information Security & Privacy
Overview of Information Security & PrivacyOverview of Information Security & Privacy
Overview of Information Security & PrivacyNawanan Theera-Ampornpunt
 
The next generation - by Stuart Ntlathi
The next generation - by Stuart NtlathiThe next generation - by Stuart Ntlathi
The next generation - by Stuart NtlathiRAMP Group
 
Ave Maria en Kathedraal de Gaudi
Ave Maria en Kathedraal de GaudiAve Maria en Kathedraal de Gaudi
Ave Maria en Kathedraal de GaudiLuiz Carlos Dias
 

Más contenido relacionado

La actualidad más candente

Cyberskills shortage: Where is the cyber workforce of tomorrow
Cyberskills shortage: Where is the cyber workforce of tomorrowCyberskills shortage: Where is the cyber workforce of tomorrow
Cyberskills shortage: Where is the cyber workforce of tomorrowStephen Cobb
 
ACS Talk (Melbourne) - The future of security
ACS Talk (Melbourne) - The future of securityACS Talk (Melbourne) - The future of security
ACS Talk (Melbourne) - The future of securitysiswarren
 
INSECURE Magazine - 39
INSECURE Magazine - 39INSECURE Magazine - 39
INSECURE Magazine - 39Felipe Prado
 
Master Thesis Security in Distributed Databases- Ian Lee
Master Thesis Security in Distributed Databases- Ian LeeMaster Thesis Security in Distributed Databases- Ian Lee
Master Thesis Security in Distributed Databases- Ian LeeIan Lee
 
Network Security of Data Protection
Network Security of Data ProtectionNetwork Security of Data Protection
Network Security of Data ProtectionUthsoNandy
 
Akamai___WebSecurity_eBook_Final
Akamai___WebSecurity_eBook_FinalAkamai___WebSecurity_eBook_Final
Akamai___WebSecurity_eBook_FinalCheryl Goldberg
 
The importance of information security nowadays
The importance of information security nowadaysThe importance of information security nowadays
The importance of information security nowadaysPECB
 
How To Defeat Advanced Malware. New Tools for Protection and Forensics
How To Defeat Advanced Malware. New Tools for Protection and ForensicsHow To Defeat Advanced Malware. New Tools for Protection and Forensics
How To Defeat Advanced Malware. New Tools for Protection and ForensicsLondon School of Cyber Security
 
Isolation Platform - Data Sheet
Isolation Platform - Data SheetIsolation Platform - Data Sheet
Isolation Platform - Data SheetSutedjo Tjahjadi
 
Cyber Security 101: Training, awareness, strategies for small to medium sized...
Cyber Security 101: Training, awareness, strategies for small to medium sized...Cyber Security 101: Training, awareness, strategies for small to medium sized...
Cyber Security 101: Training, awareness, strategies for small to medium sized...Stephen Cobb
 
Cybersecurity for the non-technical
Cybersecurity for the non-technicalCybersecurity for the non-technical
Cybersecurity for the non-technicalStephen Cobb
 
Wk online trust solutions overview january 2012
Wk online trust solutions overview january 2012Wk online trust solutions overview january 2012
Wk online trust solutions overview january 2012Creus Moreira Carlos
 
Etude sur le marché de la cyber sécurité (2011)
Etude sur le marché de la cyber sécurité (2011) Etude sur le marché de la cyber sécurité (2011)
Etude sur le marché de la cyber sécurité (2011) PwC France
 
TECHNICAL WHITE PAPER▶ Symantec Website Security Threat Report
TECHNICAL WHITE PAPER▶ Symantec Website Security Threat ReportTECHNICAL WHITE PAPER▶ Symantec Website Security Threat Report
TECHNICAL WHITE PAPER▶ Symantec Website Security Threat ReportSymantec
 
Sizing the Cyber Skills Gap
Sizing the Cyber Skills GapSizing the Cyber Skills Gap
Sizing the Cyber Skills GapStephen Cobb
 
Password and Account Management Strategies - April 2019
Password and Account Management Strategies - April 2019Password and Account Management Strategies - April 2019
Password and Account Management Strategies - April 2019Kimberley Dray
 

La actualidad más candente (20)

Cyber Resilience
Cyber ResilienceCyber Resilience
Cyber Resilience
 
Cyberskills shortage: Where is the cyber workforce of tomorrow
Cyberskills shortage: Where is the cyber workforce of tomorrowCyberskills shortage: Where is the cyber workforce of tomorrow
Cyberskills shortage: Where is the cyber workforce of tomorrow
 
ACS Talk (Melbourne) - The future of security
ACS Talk (Melbourne) - The future of securityACS Talk (Melbourne) - The future of security
ACS Talk (Melbourne) - The future of security
 
INSECURE Magazine - 39
INSECURE Magazine - 39INSECURE Magazine - 39
INSECURE Magazine - 39
 
Master Thesis Security in Distributed Databases- Ian Lee
Master Thesis Security in Distributed Databases- Ian LeeMaster Thesis Security in Distributed Databases- Ian Lee
Master Thesis Security in Distributed Databases- Ian Lee
 
Network Security of Data Protection
Network Security of Data ProtectionNetwork Security of Data Protection
Network Security of Data Protection
 
Akamai___WebSecurity_eBook_Final
Akamai___WebSecurity_eBook_FinalAkamai___WebSecurity_eBook_Final
Akamai___WebSecurity_eBook_Final
 
The importance of information security nowadays
The importance of information security nowadaysThe importance of information security nowadays
The importance of information security nowadays
 
How To Defeat Advanced Malware. New Tools for Protection and Forensics
How To Defeat Advanced Malware. New Tools for Protection and ForensicsHow To Defeat Advanced Malware. New Tools for Protection and Forensics
How To Defeat Advanced Malware. New Tools for Protection and Forensics
 
Ijnsa050215
Ijnsa050215Ijnsa050215
Ijnsa050215
 
Isolation Platform - Data Sheet
Isolation Platform - Data SheetIsolation Platform - Data Sheet
Isolation Platform - Data Sheet
 
Cyber Security 101: Training, awareness, strategies for small to medium sized...
Cyber Security 101: Training, awareness, strategies for small to medium sized...Cyber Security 101: Training, awareness, strategies for small to medium sized...
Cyber Security 101: Training, awareness, strategies for small to medium sized...
 
Cybersecurity for the non-technical
Cybersecurity for the non-technicalCybersecurity for the non-technical
Cybersecurity for the non-technical
 
Bulletproof IT Security
Bulletproof IT SecurityBulletproof IT Security
Bulletproof IT Security
 
Wk online trust solutions overview january 2012
Wk online trust solutions overview january 2012Wk online trust solutions overview january 2012
Wk online trust solutions overview january 2012
 
Etude sur le marché de la cyber sécurité (2011)
Etude sur le marché de la cyber sécurité (2011) Etude sur le marché de la cyber sécurité (2011)
Etude sur le marché de la cyber sécurité (2011)
 
TECHNICAL WHITE PAPER▶ Symantec Website Security Threat Report
TECHNICAL WHITE PAPER▶ Symantec Website Security Threat ReportTECHNICAL WHITE PAPER▶ Symantec Website Security Threat Report
TECHNICAL WHITE PAPER▶ Symantec Website Security Threat Report
 
Sizing the Cyber Skills Gap
Sizing the Cyber Skills GapSizing the Cyber Skills Gap
Sizing the Cyber Skills Gap
 
Password and Account Management Strategies - April 2019
Password and Account Management Strategies - April 2019Password and Account Management Strategies - April 2019
Password and Account Management Strategies - April 2019
 
Overview of Information Security & Privacy
Overview of Information Security & PrivacyOverview of Information Security & Privacy
Overview of Information Security & Privacy
 

Destacado

The next generation - by Stuart Ntlathi
The next generation - by Stuart NtlathiThe next generation - by Stuart Ntlathi
The next generation - by Stuart NtlathiRAMP Group
 
Ave Maria en Kathedraal de Gaudi
Ave Maria en Kathedraal de GaudiAve Maria en Kathedraal de Gaudi
Ave Maria en Kathedraal de GaudiLuiz Carlos Dias
 
Czytam, więc wiem
Czytam, więc wiemCzytam, więc wiem
Czytam, więc wiemporanny24
 
Otoño en la Patagonia argentina
Otoño en la Patagonia argentinaOtoño en la Patagonia argentina
Otoño en la Patagonia argentinaLuiz Carlos Dias
 
Henk Kleynhans
Henk KleynhansHenk Kleynhans
Henk KleynhansRAMP Group
 
Spam & Spyware Legal Study 2009
Spam & Spyware Legal Study 2009Spam & Spyware Legal Study 2009
Spam & Spyware Legal Study 2009Kim Jensen
 

Destacado (6)

The next generation - by Stuart Ntlathi
The next generation - by Stuart NtlathiThe next generation - by Stuart Ntlathi
The next generation - by Stuart Ntlathi
 
Ave Maria en Kathedraal de Gaudi
Ave Maria en Kathedraal de GaudiAve Maria en Kathedraal de Gaudi
Ave Maria en Kathedraal de Gaudi
 
Czytam, więc wiem
Czytam, więc wiemCzytam, więc wiem
Czytam, więc wiem
 
Otoño en la Patagonia argentina
Otoño en la Patagonia argentinaOtoño en la Patagonia argentina
Otoño en la Patagonia argentina
 
Henk Kleynhans
Henk KleynhansHenk Kleynhans
Henk Kleynhans
 
Spam & Spyware Legal Study 2009
Spam & Spyware Legal Study 2009Spam & Spyware Legal Study 2009
Spam & Spyware Legal Study 2009
 

Similar a Mitigating Web 2.0 Threats

Automating Critical Security Controls for Threat Remediation and Compliance
Automating Critical Security Controls for Threat Remediation and ComplianceAutomating Critical Security Controls for Threat Remediation and Compliance
Automating Critical Security Controls for Threat Remediation and ComplianceQualys
 
Information security - what is going on 2016
Information security - what is going on 2016Information security - what is going on 2016
Information security - what is going on 2016Tomppa Järvinen
 
Community IT Webinar - Crafting IT Security Policy Apr 2015
Community IT Webinar - Crafting IT Security Policy Apr 2015Community IT Webinar - Crafting IT Security Policy Apr 2015
Community IT Webinar - Crafting IT Security Policy Apr 2015Community IT Innovators
 
Cerdant Security State of the Union
Cerdant Security State of the UnionCerdant Security State of the Union
Cerdant Security State of the UnionDavid Perkins
 
Cybersecurity
Cybersecurity Cybersecurity
Cybersecurity nado-web
 
Threat Modeling In 2021
Threat Modeling In 2021Threat Modeling In 2021
Threat Modeling In 2021Adam Shostack
 
Cloud Security: A matter of trust?
Cloud Security: A matter of trust?Cloud Security: A matter of trust?
Cloud Security: A matter of trust?Mark Williams
 
Journey to the Cloud: Securing Your AWS Applications - April 2015
Journey to the Cloud: Securing Your AWS Applications - April 2015Journey to the Cloud: Securing Your AWS Applications - April 2015
Journey to the Cloud: Securing Your AWS Applications - April 2015Alert Logic
 
Top Application Security Trends of 2012
Top Application Security Trends of 2012Top Application Security Trends of 2012
Top Application Security Trends of 2012DaveEdwards12
 
CompTIA_Security_plus_SY0-701_course_content.pdf
CompTIA_Security_plus_SY0-701_course_content.pdfCompTIA_Security_plus_SY0-701_course_content.pdf
CompTIA_Security_plus_SY0-701_course_content.pdfInfosec train
 
CompTIA_Security_plus_SY0-701_course_content.pdf
CompTIA_Security_plus_SY0-701_course_content.pdfCompTIA_Security_plus_SY0-701_course_content.pdf
CompTIA_Security_plus_SY0-701_course_content.pdfpriyanshamadhwal2
 
𝐋𝐚𝐭𝐞𝐬𝐭 𝐂𝐨𝐦𝐩𝐓𝐈𝐀 𝐒𝐞𝐜𝐮𝐫𝐢𝐭𝐲+ 𝐒𝐘𝟎-𝟕𝟎𝟏 𝐄𝐱𝐚𝐦
𝐋𝐚𝐭𝐞𝐬𝐭 𝐂𝐨𝐦𝐩𝐓𝐈𝐀 𝐒𝐞𝐜𝐮𝐫𝐢𝐭𝐲+ 𝐒𝐘𝟎-𝟕𝟎𝟏 𝐄𝐱𝐚𝐦𝐋𝐚𝐭𝐞𝐬𝐭 𝐂𝐨𝐦𝐩𝐓𝐈𝐀 𝐒𝐞𝐜𝐮𝐫𝐢𝐭𝐲+ 𝐒𝐘𝟎-𝟕𝟎𝟏 𝐄𝐱𝐚𝐦
𝐋𝐚𝐭𝐞𝐬𝐭 𝐂𝐨𝐦𝐩𝐓𝐈𝐀 𝐒𝐞𝐜𝐮𝐫𝐢𝐭𝐲+ 𝐒𝐘𝟎-𝟕𝟎𝟏 𝐄𝐱𝐚𝐦Infosec train
 
𝐋𝐚𝐭𝐞𝐬𝐭 𝐂𝐨𝐦𝐩𝐓𝐈𝐀 𝐒𝐞𝐜𝐮𝐫𝐢𝐭𝐲+ 𝐒𝐘𝟎-𝟕𝟎𝟏 𝐄𝐱𝐚𝐦
𝐋𝐚𝐭𝐞𝐬𝐭 𝐂𝐨𝐦𝐩𝐓𝐈𝐀 𝐒𝐞𝐜𝐮𝐫𝐢𝐭𝐲+ 𝐒𝐘𝟎-𝟕𝟎𝟏 𝐄𝐱𝐚𝐦𝐋𝐚𝐭𝐞𝐬𝐭 𝐂𝐨𝐦𝐩𝐓𝐈𝐀 𝐒𝐞𝐜𝐮𝐫𝐢𝐭𝐲+ 𝐒𝐘𝟎-𝟕𝟎𝟏 𝐄𝐱𝐚𝐦
𝐋𝐚𝐭𝐞𝐬𝐭 𝐂𝐨𝐦𝐩𝐓𝐈𝐀 𝐒𝐞𝐜𝐮𝐫𝐢𝐭𝐲+ 𝐒𝐘𝟎-𝟕𝟎𝟏 𝐄𝐱𝐚𝐦priyanshamadhwal2
 
Security+ SY0-701 CERTIFICATION TRAINING.pdf
Security+ SY0-701 CERTIFICATION TRAINING.pdfSecurity+ SY0-701 CERTIFICATION TRAINING.pdf
Security+ SY0-701 CERTIFICATION TRAINING.pdfinfosecTrain
 
CompTIA Security+ (Plus) Certification Training Course
CompTIA Security+ (Plus) Certification Training CourseCompTIA Security+ (Plus) Certification Training Course
CompTIA Security+ (Plus) Certification Training CourseInfosecTrain Education
 
Application Security-Understanding The Horizon
Application Security-Understanding The HorizonApplication Security-Understanding The Horizon
Application Security-Understanding The HorizonLalit Kale
 
Ethical Hacking and Cybersecurity – Key Trends in 2022
Ethical Hacking and Cybersecurity – Key Trends in 2022Ethical Hacking and Cybersecurity – Key Trends in 2022
Ethical Hacking and Cybersecurity – Key Trends in 2022PECB
 
Cybersecurity.pptx
Cybersecurity.pptxCybersecurity.pptx
Cybersecurity.pptxJohn Donahue
 

Similar a Mitigating Web 2.0 Threats (20)

Automating Critical Security Controls for Threat Remediation and Compliance
Automating Critical Security Controls for Threat Remediation and ComplianceAutomating Critical Security Controls for Threat Remediation and Compliance
Automating Critical Security Controls for Threat Remediation and Compliance
 
Information security - what is going on 2016
Information security - what is going on 2016Information security - what is going on 2016
Information security - what is going on 2016
 
Community IT Webinar - Crafting IT Security Policy Apr 2015
Community IT Webinar - Crafting IT Security Policy Apr 2015Community IT Webinar - Crafting IT Security Policy Apr 2015
Community IT Webinar - Crafting IT Security Policy Apr 2015
 
Cerdant Security State of the Union
Cerdant Security State of the UnionCerdant Security State of the Union
Cerdant Security State of the Union
 
Cybersecurity
Cybersecurity Cybersecurity
Cybersecurity
 
Threat Modeling In 2021
Threat Modeling In 2021Threat Modeling In 2021
Threat Modeling In 2021
 
Cloud Security: A matter of trust?
Cloud Security: A matter of trust?Cloud Security: A matter of trust?
Cloud Security: A matter of trust?
 
Journey to the Cloud: Securing Your AWS Applications - April 2015
Journey to the Cloud: Securing Your AWS Applications - April 2015Journey to the Cloud: Securing Your AWS Applications - April 2015
Journey to the Cloud: Securing Your AWS Applications - April 2015
 
Top Application Security Trends of 2012
Top Application Security Trends of 2012Top Application Security Trends of 2012
Top Application Security Trends of 2012
 
CompTIA_Security_plus_SY0-701_course_content.pdf
CompTIA_Security_plus_SY0-701_course_content.pdfCompTIA_Security_plus_SY0-701_course_content.pdf
CompTIA_Security_plus_SY0-701_course_content.pdf
 
CompTIA_Security_plus_SY0-701_course_content.pdf
CompTIA_Security_plus_SY0-701_course_content.pdfCompTIA_Security_plus_SY0-701_course_content.pdf
CompTIA_Security_plus_SY0-701_course_content.pdf
 
𝐋𝐚𝐭𝐞𝐬𝐭 𝐂𝐨𝐦𝐩𝐓𝐈𝐀 𝐒𝐞𝐜𝐮𝐫𝐢𝐭𝐲+ 𝐒𝐘𝟎-𝟕𝟎𝟏 𝐄𝐱𝐚𝐦
𝐋𝐚𝐭𝐞𝐬𝐭 𝐂𝐨𝐦𝐩𝐓𝐈𝐀 𝐒𝐞𝐜𝐮𝐫𝐢𝐭𝐲+ 𝐒𝐘𝟎-𝟕𝟎𝟏 𝐄𝐱𝐚𝐦𝐋𝐚𝐭𝐞𝐬𝐭 𝐂𝐨𝐦𝐩𝐓𝐈𝐀 𝐒𝐞𝐜𝐮𝐫𝐢𝐭𝐲+ 𝐒𝐘𝟎-𝟕𝟎𝟏 𝐄𝐱𝐚𝐦
𝐋𝐚𝐭𝐞𝐬𝐭 𝐂𝐨𝐦𝐩𝐓𝐈𝐀 𝐒𝐞𝐜𝐮𝐫𝐢𝐭𝐲+ 𝐒𝐘𝟎-𝟕𝟎𝟏 𝐄𝐱𝐚𝐦
 
𝐋𝐚𝐭𝐞𝐬𝐭 𝐂𝐨𝐦𝐩𝐓𝐈𝐀 𝐒𝐞𝐜𝐮𝐫𝐢𝐭𝐲+ 𝐒𝐘𝟎-𝟕𝟎𝟏 𝐄𝐱𝐚𝐦
𝐋𝐚𝐭𝐞𝐬𝐭 𝐂𝐨𝐦𝐩𝐓𝐈𝐀 𝐒𝐞𝐜𝐮𝐫𝐢𝐭𝐲+ 𝐒𝐘𝟎-𝟕𝟎𝟏 𝐄𝐱𝐚𝐦𝐋𝐚𝐭𝐞𝐬𝐭 𝐂𝐨𝐦𝐩𝐓𝐈𝐀 𝐒𝐞𝐜𝐮𝐫𝐢𝐭𝐲+ 𝐒𝐘𝟎-𝟕𝟎𝟏 𝐄𝐱𝐚𝐦
𝐋𝐚𝐭𝐞𝐬𝐭 𝐂𝐨𝐦𝐩𝐓𝐈𝐀 𝐒𝐞𝐜𝐮𝐫𝐢𝐭𝐲+ 𝐒𝐘𝟎-𝟕𝟎𝟏 𝐄𝐱𝐚𝐦
 
Security+ SY0-701 CERTIFICATION TRAINING.pdf
Security+ SY0-701 CERTIFICATION TRAINING.pdfSecurity+ SY0-701 CERTIFICATION TRAINING.pdf
Security+ SY0-701 CERTIFICATION TRAINING.pdf
 
CompTIA Security+ (Plus) Certification Training Course
CompTIA Security+ (Plus) Certification Training CourseCompTIA Security+ (Plus) Certification Training Course
CompTIA Security+ (Plus) Certification Training Course
 
Application Security-Understanding The Horizon
Application Security-Understanding The HorizonApplication Security-Understanding The Horizon
Application Security-Understanding The Horizon
 
Cybersecurity update 12
Cybersecurity update 12Cybersecurity update 12
Cybersecurity update 12
 
Ethical Hacking and Cybersecurity – Key Trends in 2022
Ethical Hacking and Cybersecurity – Key Trends in 2022Ethical Hacking and Cybersecurity – Key Trends in 2022
Ethical Hacking and Cybersecurity – Key Trends in 2022
 
Cybersecurity.pptx
Cybersecurity.pptxCybersecurity.pptx
Cybersecurity.pptx
 
Web security 2012
Web security 2012Web security 2012
Web security 2012
 

Más de Kim Jensen

Forcepoint Whitepaper 2016 Security Predictions
Forcepoint Whitepaper 2016 Security PredictionsForcepoint Whitepaper 2016 Security Predictions
Forcepoint Whitepaper 2016 Security PredictionsKim Jensen
 
OpenDNS presenter pack
OpenDNS presenter packOpenDNS presenter pack
OpenDNS presenter packKim Jensen
 
Infoworld deep dive - Mobile Security2015 updated
Infoworld deep dive - Mobile Security2015 updatedInfoworld deep dive - Mobile Security2015 updated
Infoworld deep dive - Mobile Security2015 updatedKim Jensen
 
Hewlett-Packard Enterprise- State of Security Operations 2015
Hewlett-Packard Enterprise- State of Security Operations 2015Hewlett-Packard Enterprise- State of Security Operations 2015
Hewlett-Packard Enterprise- State of Security Operations 2015Kim Jensen
 
5 things needed to know migrating Windows Server 2003
5 things needed to know migrating Windows Server 20035 things needed to know migrating Windows Server 2003
5 things needed to know migrating Windows Server 2003Kim Jensen
 
Secunia Vulnerability Review 2014
Secunia Vulnerability Review 2014Secunia Vulnerability Review 2014
Secunia Vulnerability Review 2014Kim Jensen
 
Cisco 2013 Annual Security Report
Cisco 2013 Annual Security ReportCisco 2013 Annual Security Report
Cisco 2013 Annual Security ReportKim Jensen
 
Websense 2013 Threat Report
Websense 2013 Threat ReportWebsense 2013 Threat Report
Websense 2013 Threat ReportKim Jensen
 
Security Survey 2013 UK
Security Survey 2013 UKSecurity Survey 2013 UK
Security Survey 2013 UKKim Jensen
 
Miercom Security Effectiveness Test Report
Miercom Security Effectiveness Test Report Miercom Security Effectiveness Test Report
Miercom Security Effectiveness Test Report Kim Jensen
 
DK Cert Trend Rapport 2012
DK Cert Trend Rapport 2012DK Cert Trend Rapport 2012
DK Cert Trend Rapport 2012Kim Jensen
 
Bliv klar til cloud med Citrix Netscaler (pdf)
Bliv klar til cloud med Citrix Netscaler (pdf)Bliv klar til cloud med Citrix Netscaler (pdf)
Bliv klar til cloud med Citrix Netscaler (pdf)Kim Jensen
 
Data Breach Investigations Report 2012
Data Breach Investigations Report 2012Data Breach Investigations Report 2012
Data Breach Investigations Report 2012Kim Jensen
 
State of Web Q3 2011
State of Web Q3 2011State of Web Q3 2011
State of Web Q3 2011Kim Jensen
 
Wave mobile collaboration Q3 2011
Wave mobile collaboration Q3 2011Wave mobile collaboration Q3 2011
Wave mobile collaboration Q3 2011Kim Jensen
 
Corporate Web Security
Corporate Web SecurityCorporate Web Security
Corporate Web SecurityKim Jensen
 
Cloud rambøll mgmt - briefing d. 28. januar 2011
Cloud rambøll mgmt - briefing d. 28. januar 2011Cloud rambøll mgmt - briefing d. 28. januar 2011
Cloud rambøll mgmt - briefing d. 28. januar 2011Kim Jensen
 
Cloud security deep dive infoworld jan 2011
Cloud security deep dive infoworld jan 2011Cloud security deep dive infoworld jan 2011
Cloud security deep dive infoworld jan 2011Kim Jensen
 
Cloud services deep dive infoworld july 2010
Cloud services deep dive infoworld july 2010Cloud services deep dive infoworld july 2010
Cloud services deep dive infoworld july 2010Kim Jensen
 
Sådan kommer du i gang med skyen (pdf)
Sådan kommer du i gang med skyen (pdf)Sådan kommer du i gang med skyen (pdf)
Sådan kommer du i gang med skyen (pdf)Kim Jensen
 

Más de Kim Jensen (20)

Forcepoint Whitepaper 2016 Security Predictions
Forcepoint Whitepaper 2016 Security PredictionsForcepoint Whitepaper 2016 Security Predictions
Forcepoint Whitepaper 2016 Security Predictions
 
OpenDNS presenter pack
OpenDNS presenter packOpenDNS presenter pack
OpenDNS presenter pack
 
Infoworld deep dive - Mobile Security2015 updated
Infoworld deep dive - Mobile Security2015 updatedInfoworld deep dive - Mobile Security2015 updated
Infoworld deep dive - Mobile Security2015 updated
 
Hewlett-Packard Enterprise- State of Security Operations 2015
Hewlett-Packard Enterprise- State of Security Operations 2015Hewlett-Packard Enterprise- State of Security Operations 2015
Hewlett-Packard Enterprise- State of Security Operations 2015
 
5 things needed to know migrating Windows Server 2003
5 things needed to know migrating Windows Server 20035 things needed to know migrating Windows Server 2003
5 things needed to know migrating Windows Server 2003
 
Secunia Vulnerability Review 2014
Secunia Vulnerability Review 2014Secunia Vulnerability Review 2014
Secunia Vulnerability Review 2014
 
Cisco 2013 Annual Security Report
Cisco 2013 Annual Security ReportCisco 2013 Annual Security Report
Cisco 2013 Annual Security Report
 
Websense 2013 Threat Report
Websense 2013 Threat ReportWebsense 2013 Threat Report
Websense 2013 Threat Report
 
Security Survey 2013 UK
Security Survey 2013 UKSecurity Survey 2013 UK
Security Survey 2013 UK
 
Miercom Security Effectiveness Test Report
Miercom Security Effectiveness Test Report Miercom Security Effectiveness Test Report
Miercom Security Effectiveness Test Report
 
DK Cert Trend Rapport 2012
DK Cert Trend Rapport 2012DK Cert Trend Rapport 2012
DK Cert Trend Rapport 2012
 
Bliv klar til cloud med Citrix Netscaler (pdf)
Bliv klar til cloud med Citrix Netscaler (pdf)Bliv klar til cloud med Citrix Netscaler (pdf)
Bliv klar til cloud med Citrix Netscaler (pdf)
 
Data Breach Investigations Report 2012
Data Breach Investigations Report 2012Data Breach Investigations Report 2012
Data Breach Investigations Report 2012
 
State of Web Q3 2011
State of Web Q3 2011State of Web Q3 2011
State of Web Q3 2011
 
Wave mobile collaboration Q3 2011
Wave mobile collaboration Q3 2011Wave mobile collaboration Q3 2011
Wave mobile collaboration Q3 2011
 
Corporate Web Security
Corporate Web SecurityCorporate Web Security
Corporate Web Security
 
Cloud rambøll mgmt - briefing d. 28. januar 2011
Cloud rambøll mgmt - briefing d. 28. januar 2011Cloud rambøll mgmt - briefing d. 28. januar 2011
Cloud rambøll mgmt - briefing d. 28. januar 2011
 
Cloud security deep dive infoworld jan 2011
Cloud security deep dive infoworld jan 2011Cloud security deep dive infoworld jan 2011
Cloud security deep dive infoworld jan 2011
 
Cloud services deep dive infoworld july 2010
Cloud services deep dive infoworld july 2010Cloud services deep dive infoworld july 2010
Cloud services deep dive infoworld july 2010
 
Sådan kommer du i gang med skyen (pdf)
Sådan kommer du i gang med skyen (pdf)Sådan kommer du i gang med skyen (pdf)
Sådan kommer du i gang med skyen (pdf)
 

Último

Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Google AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAGGoogle AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAGSujit Pal
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 

Último (20)

Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Google AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAGGoogle AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAG
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 

Mitigating Web 2.0 Threats

  • 1. Mitigating Web 2.0 Threats Or, “This isn’t your mother’s internet!” David Sherry CISSP CISM Chief Information Security Officer Sponsored By: Brown University
  • 2. Security @ Brown •Security evangelism •Public Safety support •Incident Response Team •Human Resources support •Audit support •Records Management •Compliance and legal •Business Continuity standards •Disaster Recovery •Firewalls, IDS, IPS, VPN, •Copyright / DMCA agent sniffers, A/V, DNS, etc…. •Discipline Committee •Security audits and •Mandatory / elective training certifications •Awareness 2
  • 3. Today’s Agenda (or is it a mashup?) • Our changing world of security • What is web 2.0? • Attack vectors and areas of concern • The evolution of the threats….they’re nothing new! • What should be focused on • Recommendations to reduce the threat
  • 4. Our World is Changing May you live in interesting times….. Chinese Proverb • Compliance is a key competency of security pros • Identity Theft is fastest growing crime • President’s Cyber Security Initiative provides spotlight • Online underground economy has matured • National and global economy means “do more with less” • Threat evolution: • Infrastructure > web/messaging > DLP > Web 2.0
  • 5. What is Web 2.0? Used with permission via Creative Commons: http://kosmar.de/archives/2005/11/11/the-huge-cloud-lens-bubble-map-web20/
  • 6.
  • 7. What is Web 2.0? From Wikipedia: (which is, itself, a 2.0 phenomenon) "Web 2.0" refers to web development and web design that facilitates interactive information sharing, interoperability, user-centered design and collaboration on the World Wide Web. Examples of Web 2.0 include web-based communities, hosted services, web applications, social-networking sites, video-sharing sites, wikis, blogs, mashups and folksonomies. A Web 2.0 site allows its users to interact with other users or to change website content, in contrast to non-interactive websites where users are limited to the passive viewing of information that is provided to them.
  • 8. Common Web 2.0 Descriptors • “User generated content” • “Mashups and web services” • “Consumer and enterprise convergence” • “Diversity of client software” • “Complexity and asynchronous operations”
  • 9. The Enterprise Triple-Threat of 2.0 1. Loss of productivity 2. Vulnerable to data leaks 3. Increased security risks
  • 10. Characteristics of Web 2.0 Security • Web filtering is no longer adequate • AJAX, SAML, XML create problems for detection • RSS and RIA can enter directly into networks • Non-static makes identification difficult • High bandwidth use can hinder availability • User generated content hard to contain
  • 11. Web 2.0 Attack Vectors • Blogs • Social networks • Web portals • Mashups • Pop-ups • Anonymizing proxies • Spamdexing • Widgets
  • 12. Web 2.0 Areas of Concern • Client side issues • Transparency and cross-domain communications; AJAX and JavaScript attacks on the rise • Protocols • New protocols on top of HTTP/S (SOAP, XML, etc) • Information sources • Concerns over integrity, transiency, and diversity • Information structures • Variations of data structures, injection attacks • Server side • Architecture, authorization, and authentication weaknesses
  • 13. Evolution of the Threats in 2.0 • USB and auto-run malicious code • Insiders are a threat, but they don’t know it • Adobe PDFs and Flash replace Word and Excel • Worms travel through social spaces into offices • DOS attacks against social networks • Malware travels via all conduits • Pop-ups advertise seemingly legitimate services and take advantage of current events
  • 14. So what do you focus on? From Secure Enterprise 2.0, the dangers come from: 1. Insufficient authentication controls 2. Cross-site scripting 3. Cross-site request forgery 4. Phishing 5. Information leakage 6. Injection flaws 7. Information integrity 8. Insufficient anti-automation www.secure-enterprise20.org
  • 15. Recommendations for Web 2.0 Technical: • Experts recommend a three-tiered, integrated data protection approach: • Maintain vigilant anti-virus protection • Establish a robust anti-malware protection program • Utilize an AJAX-aware analysis platform • Use real-time content and security scanning • Make sure browsers and plug-ins are patched • Don’t just patch “high” rated patches! • Remember your end points • Use encryption as a key strategic defense
  • 16. Recommendations for Web 2.0 Managerial: • Ensure that your policies are current and address 2.0 • Subjective policy setting • Group level access • Productivity based policies • Use a Data Loss Prevention as an essential teaching tool • Education and awareness must go beyond passwords • Ensure cross-functional response and participation • Speak with data!
  • 17. Ensuring a Defensive Web 2.0 Policy • Revisit your Acceptable Use Policy • View the policy from a web 2.0 lens • Be sure to cover new technologies like anonymizing proxies • Include other groups for strength • Human Resources, Risk Management, Privacy, Physical Security, Audit, and Legal • Step up your training and awareness for Web 2.0 concerns
  • 18. Support your policy through technology • IDS / IPS • Bandwidth shaping and throttling • Standard images • Group policy objects • Firewall rules • Anti-virus, spyware, and malware • Monitor for your good name!
  • 19. Summary • We are living in a changing world, and Web 2.0 is part of it • 2.0 brings added challenges and characteristics to security professionals • There are technical and managerial solutions to reduce Web 2.0 concerns • Like all emerging technologies and their related threats, a holistic security approach is needed
  • 20. There is never enough time; thank you for some of yours. David Sherry, CISSP CISM Chief Information Security Officer Brown University Campus Box 1885 Providence, RI 02912 401.863-7266 david_sherry@brown.edu
  • 21. Thanks to our Sponsors Product trial download page Free Whitepaper: Reduce shopping cart abandonment. Increase revenue.