You Are The Weakest Link presented at OWASP FROC 2010

by Chris Nickerson (Lares),

Tags: Social Engineering

URL : http://www.owasp.org/index.php/FROC2010_Abstract_Nickerson

Summary : Had enough SQLi,CSRF,XSS, and other code talk today? There is an EASIER and FASTER way. Throw away the fuzzers, drop the massive toolset and hours of beating your head against the wall. Ignore the scanners and let your whitehat/greyhat methodology have a rest. In this talk, we will talk about the path of least resistance, the people. Do you REALLY think that attackers are gonna send a TON of traffic at your app and fuzz it al day long? NOPE! They are gonna go after the source. Not the source code, the DEVELOPERS. We will go through how to profile developers, track them, and find out what REALLY goes on behind the curtain.

Chris Nickerson: Chris Nickerson is a (CISSP) whose main area of expertise is focused on Red Team Testing and Infosec Testing. In order to help companies better defend and protect their critical data and key information systems, he has created a blended methodology to assess, implement, and manage information security realistically and effectively. At Lares, Chris leads a team of security consultants who conduct Security Risk Assessments, which can cover everything from penetration testing, Application Testing and vulnerability assessments, to policy design, computer forensics, Social Engineering, Red Team Testing and regulatory compliance. Prior to starting Lares, Chris was Director of Security Services at Alternative Technology, a Sr. IT compliance at KPMG, Sr. Security Architect and Compliance Manager at Sprint Corporate Security, and developed an enterprise security design as network engineer for an international law firm. Chris is a member of OWASP, ISACA Denver and is also a featured member of TruTV's Tiger Team, a 30 minute reality television program showing the activities of actual Red Team tests and active assessments. Chris is also the co host of the Exotic liability Podcast.