Hackers  Are Ready.  Are You?
 
September 20 - 25, 2009 Miami, Florida
   
Trey Ford | WhiteHat Security

Director

Trey Ford is the director of solutions architecture at WhiteHat Security, providing strategic guidance to WhiteHat customers and prospects on their website security program. Trey spearheads WhiteHat's participation in the PCI Community and aids customers in maintaining compliance by measuring threat and managing risk to websites.
 
Mr. Ford is also a frequent speaker at industry events, including CSI 2008, the OWASP NYC AppSec 2008 Conference and ITW 2008. He is a Certified Information Security Professional (CISSP), Qualified Data Security Professional (QDSP), Qualified Security Assesor (QSA) and is a member of the PCI Qualified Security Assessor Network

Topic:
 
Leaving the Front Door Unlocked – Why Even the Most Advanced Website Security Schemes Are Still Vulnerable

Many experts still mistakenly believe that it requires elite, ninja-level hacking skills to wreak havoc and cash-in on publicly-facing websites.  As the enterprise wraps itself in traditional web security blankets – “managing risk” with high-priced consultants and automated scanners and code reviews – hackers are constantly changing their attack strategies and tactics, pushing the envelope of what’s possible in the ever-changing Web security landscape.

In this presentation, Ford will discuss how many corporate websites have misguided testing practices, inaccurate perceptions of the strategies and skill sets of potential hackers, and gaping holes in their overall risk management strategies.  Rather than focusing on specific, code-intensive attacks like Cross-Site Scripting and SQL Injection, Ford will demonstrate how all you need is a Web browser and basic analytical skills to exploit vulnerabilities in even the most advanced website security schemes.  This session will open the eyes of PCI and compliance-minded security professionals, illustrating how simple, lucrative and nearly invisible logic attacks are exploiting the holes in their website security strategies.  Ford will also provide recommended steps and tactics the audience can use to re-evaluate their website security posture and mitigate these unseen, “undetectable” risks.