A Logo

Feel free to include my content in your page via my
RSS feed

Help Irongeek.com pay for
bandwidth and research equipment:

Subscribestar or Patreon

Search Irongeek.com:

Affiliates:
Irongeek Button
Social-engineer-training Button

Help Irongeek.com pay for bandwidth and research equipment:

paypalpixle


Top Ten is Old Skool, Meet the New Age of AppSec - Andrew Leeth Derbycon 2015 (Hacking Illustrated Series InfoSec Tutorial Videos)

Top Ten is Old Skool, Meet the New Age of AppSec
Andrew Leeth
Derbycon 2015

While the OWASP Top Ten issues are as prevalent as ever, today's applications are vulnerable to a new bread of attack, which are often deadlier. Being able to identify and remediate these issues before the bad guys find them is a must. Some of the exploits discussed will include Server Side Request Forgery (SSRF), XML External Entity Processing (XXE), Clickjacking, Authentication Token Stealing, SSL Attacks, and many more. Many of these new aged vulnerabilities can easily be leveraged in the total compromise of a system. These vulnerabilities will be demonstrated and remediation strategies will be discussed.

Currently, Andrew Leeth works at Salesforce. His responsibilities include application security, penetration testing, threat modeling, remediation, defense protections, and security guidance to development teams throughout the Software Development Lifecycle (SDLC). Andrew works closely with developers to ensure that customers' assets are secure in the company's products. Before that, Andrew was a consultant that provided security services to a variety of businesses both large and small, and across many industry verticals. He helped many of these companies assess and manage the security risks involved with cloud vendors. While consulting, he reviewed the security of hundreds of cloud providers, from larger providers, like Amazon and Microsoft, to small start-up companies. Andrew attended Indiana University where he received his degree in Security Informatics. Andrew also holds various certifications including the CSSLP, GWAPT, CEH, CCSK, GMOB, CISSP, and many others.

@SecurityLeeth

Back to Derbycon 2015 video list

Printable version of this article

15 most recent posts on Irongeek.com:


If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

Copyright 2020, IronGeek
Louisville / Kentuckiana Information Security Enthusiast