Presentation is loading. Please wait.

Presentation is loading. Please wait.

Security on Web 2.0 Krasznay Csaba. Google Search Trends.

Similar presentations


Presentation on theme: "Security on Web 2.0 Krasznay Csaba. Google Search Trends."— Presentation transcript:

1 Security on Web 2.0 Krasznay Csaba

2 Google Search Trends

3 Press Trends

4 malware deface data breach gossip phishing death lynching anti-privacy child porn data retention Media Image of Web 2.0

5 What really is Web 2.0?

6 ThreatsexploitVulnerabilitiescauseIncidentsdamageAssetshaveImpactsonOwner Risk Assessment

7 Hacker attack Malware infection Data loss No traces Copyright violation Software errors Data leaks Infection and downtime Data leaks Legal prosecution Productivity loss Resource waste Reputation damage Botnets Financial losses Identity theft Harassment Age verification threats Spam Hiding of origin Resource consumption Information fraud Inaccuracies of data Web 2.0 threats

8 Injection Attacks Cross-Site scripting Cross-Domain Attacks Malicious scripts Framework vulnerabilities Access, Authentication, Authorisation Development Process Issues Knowledge and Information Management vulnerabilities End-user Related problems General Software and Scripting Vulnerabilities Web 2.0 vulnerabilities

9 Target: the Person Think about Cyber-bullying and cyber-stalking Threats: Identity theft, Harassment, Age verification threats Vulnerabilities: Access, Authentication, Authorization; End-user Related problems Incident:the story of Megan Meier And think about what happened with Lori Drew… Asset: Private information, personal reputation, Physical security Impact: lethal…

10 Target: the Company Think about the Twitter account hacks Threats: Identity theft, Harassment, Spam, Information fraud Vulnerabilities: : Access, Authentication, Authorization; Knowledge and Information Management vulnerabilities Incident: celebrity Twitter hacks Asset: Corporate and personal reputation, Corporate secrets Impact: high

11 Target: the Country Think about WikiLeaks Threat: Data leak Vulnerabilities: Access, Authentication, Authorisation; Development Process Issues; Knowledge and Information Management vulnerabilities; End-user Related problems; General Software and Scripting Vulnerabilities Incident: Afghan War Diary Impact: high (maybe lethal?)

12 Target: the Computer Think about the Web 2.0 worms Threats: Botnets, Financial losses, Identity theft, Spam, Hiding of origin, Resource consumption Vulnerabilities: Access, Authentication, Authorisation; Development Process Issues; End-user Related problems; General Software and Scripting Vulnerabilities Incident: the KOOBFACE worm Impact: high

13 Conclusions Nothing has changed in our behavior for centuries, but we have new tools and broader audience Web 2.0 services are generally more secure in traditional technical aspect than other type of web services, but preventive controls are not enough We have to deal with the problem between the keyboard and the chair…

14 Maslow's hierarchy of needs Web 2.0 realizes three layers of human needs So people needs safety and security – but maybe we didn’t realize it yet If Web 2.0 can be lethal, do we also need the physiological layer?

15 Countermeasures Technical countermeasures: – Preventive controls focusing on information (DLP) – Detective controls (log management) – Secure applications (WAF, application controls) Administrative countermeasures – New security policy approach – New legal background – Broad awareness training – Communication, communication, communication Mathematical countermeasures – The more information we have the less value they have

16 THANK YOU! Web: Facebook: Twitter:


Download ppt "Security on Web 2.0 Krasznay Csaba. Google Search Trends."

Similar presentations


Ads by Google