4. History
• Fun pranks
• Earlyattacks: host/network intrusion
• Now: web application vulnerabilities
5. Now
• OWASP Top 10
– XSS
– SQLi
– CSRF
– OS Command injection
– Etc..
6. Why?
• Mature network/host layer security
• All business logicis/has moved to the web
– alongwith the data…
• Web apps are THE remaining open door
• More people understandthereis « value »
– General awareness
7. Motivations
• Money
• Political/Ideological grounds
• Fame, fun, curiosity
• Industrial espionage
• Supporting other forms of organized crime
• State / Corporate surveillance
• Randomness
10. Do you feel motivated now?
792 Euro = 1’051 CAD
4 yearsoperation = 14m$ 3.5m/year
3.5m / 7 people 500’000 CAD/year 31’320
Euro/month 40 times the avg. income
22. Threat Horizon
Cryptography in Web Applications
Code Sharing
Backdoored Code on Repositories
Mobile Application backends
Data leaks / Password leaks
Clickjacking / Redressing