A Logo

Feel free to include my content in your page via my
RSS feed

Help Irongeek.com pay for
bandwidth and research equipment:

Search Irongeek.com:

Affiliates:
ISDPodcast Button
RootSecure Button
Social-engineer-training Button
Irongeek Button

Web Hosting:
Dreamhost Logo
Help Irongeek.com pay for bandwidth and research equipment:

paypalpixle


Crunching the Top 10,000 Websites' Password Policies and Controls - Steve Werby (BSides Las Vegas 2013) (Hacking Illustrated Series InfoSec Tutorial Videos)

Crunching the Top 10,000 Websites' Password Policies and Controls - Steve Werby

A detailed analysis of password policies and authentication controls for widely-used websites hadn't been conducted and seemed to be a daunting effort. To address this I supplemented automated and semi-automated data collection with the utilization of low-cost marketplaces like Amazon Mechanical Turk and the implementation of a system which allows volunteers to add, update, and modify data. I will cover my methodology, analysis of the collected data, challenges, lessons learned, and future plans.sites' Password Policies and Controls.

BIO: Steve Werby is an independent information security consultant and security architect for a Fortune 200 company. He previously led enterprise information security programs for 3 large organizations and has presented at conferences such as DerbyCon, SOURCE Seattle, Hack3rCon, SecTor, ShmooCon, and OWASP LASCON. He is proud of the fact that he hasn't signed his name the same way twice since 2009.

 

Back to BSides Las Vegas 2013 video list

Printable version of this article

15 most recent posts on Irongeek.com:


If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

Copyright 2014, IronGeek
Louisville / Kentuckiana Information Security Enthusiast