Abstract: As the vulnerability landscape evolves, the threat agent changes with it. Where network level vulnerabilities once ruled, the application layer has become one of the most popular and fruitful surfaces to attack. But most breaches are the result of a multi-faceted effort which combines some level of technical hacking with social engineering.

During this session, learn how these blurred lines intersect, how vectors of one paradigm often relate to another. In a talk that approaches the social engineering aspect from a different angle, we’ll discuss the OWASP Top 10 list from 2013 and how these attacks can be mapped from web application security to be used to hack the human element. The vulnerabilities found in this Top 10 list are significant in terms of web application security but with the creativity of a composite attacker, learn how they can be used in the physical world and aimed at the weakest link in the security chain, the people, to cause damage or infiltrate an organization. This is a 45 minute presentation built around stories of real world examples, with a 15 minute Q&A or open discussion. This advanced session is aimed at penetration testers, management, and workers on the front lines who might fall prey to social engineering attacks as they interface with the public or an organization’s customer base.

Back to Circle City Con 2014 Videos list