Web Admin Blog Real Web Admins. Real World Experience.

Get Rich or Die Trying – OWASP AppSec NYC 2008

Unfortunately, the conference provided lunch today, but did not provide us time to eat it so I had to eat while listening to this talk.  It was by Trey Ford and Jeremiah Grossman from Whitehat Security and I'm pretty sure they've done it before.  You may even be able to download a copy of the presentation off of http://www.whitehatsec.com.  The gist of the presentation is that while you can use a web application vulnerability scanner to find things like SQL injection or cross-site scripting, there are still a lot of very serious business logic flaws that won't get caught by those tools.  A malicious person could exploit these business logic flaws for anything from helping a Chihuahua win a dog contest to making millions trading on insider information or running affiliate scams.  Some of the exploits presented were so easy that your mom could figure out how to do it and didn't require ANY technical skills.  While the presentation may have not been technical enough for the majority of the people attending this conference, I still give props to Whitehat for putting together a decent presentation on how hackers are using business logic flaws to make money on the web.  Be sure to e-mail Whitehat and ask to see the presentation.

About Josh

Josh graduated in 2002 from the University of Texas at Austin with a BS in Computer Science. He was formerly a member of the Internet Systems team at AMD, a Systems Administrator with BearingPoint, and worked on a contract for the US Army before becoming a member of the Web Systems team at National Instruments in January of 2007. He recently attained his CISSP certification and specializes in the area of web application security.