2014: The Year of Branding your Vulnerabilities

April 3, 2015 | Kate Brew
X

Get the latest security news in your inbox.

Subscribe via Email

No thanks. Close this now.

Matt Johansen, Manager of the Threat Research Center at WhiteHat Security, gave a very interesting talk to a packed room at the Austin OWASP chapter meeting on 3/31.

Matt and Johnathan Kuskos conducted a research project involving having people nominate web hacks from 2014. These were then judged by a panel of judges – Jeff Williams, Zane Lackey, Daniel Messler, Troy Hunt, Giorgio Maone, Peleus Uhley and Rohit Sethi – into the list of the top 10.

Key takeaways:

  • Web hacks own headlines; cool branding increases notoriety of hacks
  • The fact that everybody’s data is on the web makes it increasingly attractive as a target
  • Some hacks are dastardly but very simple; some require lots of crazy hard work
  • Transport layer remains a tasty target

And the “winner” is Heartbleed!

Heartbleed has the additional “feature” of being undetectable – there is not way to see if you’ve been attacked.

With ShellShock, AKA bashdoor in second place. Matt described it as “stupid easy” and talked about it having been around in bash for 25 years before detection.

The complete video of Matt’s presentation is here https://vimeo.com/channels/owaspaustin

Matt and Johnathan's slides are here https://twitter.com/mattjay/status/583063734605631488

On Twitter:

Kate Brew

About the Author: Kate Brew
Kate has over 15 years experience in product management and marketing, primarily in information security.
Read more posts from Kate Brew ›

‹ BACK TO ALL BLOGS

Watch a Demo ›
Get Price Free Trial