The highlights of the afternoon session of Day 1 were Vilaiporn Taweelappontong from PricewaterhouseCoopers, Bangkok giving her summary of the six different types of penetration testing (white-hat hacking) that can be used to test and then exploit the vulnerabilities of a network. She covered best practice and objectives of penetration testing, and cleverly advertised PwC's technology auditing services to boot.
This was followed by Joseph Chung from Citrix who continued on the theme of vulnerability of web apps.
We all know that web applications are becoming increasingly popular, but ironically they are the easiest to exploit (as mentioned by Vilaiporn) where standard network firewalls don't provide adequate protection. He gave a detailed summary of the main web app exploits, including cross-site scripting and SQL injection - and proceeded to introduce the need for application firewalls (from citrix, no less) that can dynamically learn and protect custom-built web applications.
There was also some interesting observations from ESET about user education being a major force in the fight against cyber crime.
by tobyonline
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment