Hackers Are Evolving - Your Security Must Evolve too!

Quotium Hackers are Evolving -Your Security must Evolve too! Don't let yourself be the Hackers' next Lunch! Quotium Technologies is the pioneer of Runtime Code & Data Security analysis and provide solutions for highly secured and robust applications. Quotium's Seeker is an innovative solution developed to pinpoint security flaws throughout the application development lifecycle. Entirely automated, the process requires no security expertise for its operation. ANCIENT TIMES security history Hackers • Mostly inexistent, low budget, unorganized, little government support. • Early Nineties- most of the talk still revolves around non application. • Hacking application security experts start to emerge mostly inexistent, low budget, unorganized, little government support. {/} first html source code written 1990 first release of the Intel lanches pentium processor 1993 Mosaic web browser Javascript HTML2.0 and Php 1.0, Apache and IIS 1.0, Mysql 1995 Amazon.com sold its first book Java released by sun 1996 45 million people using the internet Hackers vandalize CIA homepage www 1997 1 million website Go gle RainForest Puppy write the article called "NT Web Google launch Technology Vulnerabilities" for Phrack 54. It is the first timethis SQL. Injection term was announce to the public 1998 New york times hack (website defacment) Political hackers hits 300 website the year where reflected XSS was recognised. The first commercial Web Application Firewalls (AppShield) were shipped 1999 First web security scanner Whisker (open source). MIDDLEAGE security history Hackers • Govarment pass acts and regulation • Security experts atrt OWASP. WASC talks security in the SDLC. • Application security begins to gain momentum. • More companies are founded • Hackers form anonymous and get organized. • Idealistic & hacktivistic. start to focus on money. more organized and more targeted http:// 20,000,000 domain registered 2X since begining of the year Large scale denial of service attack against major website like Yahoo, Ebay, CNN, Amazon 2000 The Open Web Application Security Project was founded as a community effort to improve raise awareness of Webapplication security Agile Manifesto 2001 640 million people using the internet The free Web Application Firewall, ModSecurity, became a viable alternative for commercial products You Tube Asp net v1 release 2002 in W Launch of Myspace, Linkedin, Youtube, Wordpress Owasp testing guide The OWASP Top Ten was released to highlight and describe the most prevalent and criticalWeb application security vulnerabilities 2003 SQL slammer worm The Payment Card Industry Security Standards Council (PCI SSC) was formed, and on 2004 15 2004 and released the Launch of Facebook Payment Card Industry Data Security Standard (PCI DSS). EARLY MODERN AGE O security history Hackers • Hackers become pop culture not sub culture • Government, crime organization, and individuals motivated by ideals, money or fame. • Government and crime organisation have extensive training programs. Appsec is trendy- goverments & buisiness °dedicated more resources Entreprise have either already established or are establishing application security testing teams. Experts talk about change management. Agile development security and ongoing testing. AJAX MySpace - The Samy Worm, the first major XSS worm, infected over 1 million MySpace profiles in under 24 hours causing an outage on the largest social network. The incident highlighted the need for more ecure Web application software Launch of AJAX Web 2.0 2005 NIST federal cyber security standard Card systems solutions - breached by SQL injections- 40 million credit card accounts exposed. CSS, one of the top payment processors for Visa, MasterCard, American Express is ultimately forced into acquisition. AOL - Data on more than 20 million web inquiries. from more than 650,000 users, including shopping and banking data were posted publicly on a web site. I First widelų accessible cloud 2006 infrastructure Amazon EC2 TJ MAXX hacker takes off with Bank hit by "biggest ever" hack. Swedish Bank, Nordea recorded nearly $1 Million has been stolen in three months from 250 over 94 million credit cards exposed. 2007 kindle customer Iphone, Android and Kindle Heartland Payment Systems- 134 million credit cards exposed through SQL injection to install spyware on Heartland's data systems. 2008 SGL 2009 No SQL MODERN AGE O security history Hackers • Application security shifting to mobile and cyber. • Some entreprise talks about advance persistent threats. other fail to create effective application security testing process. • Hackers turn to mobile and Cyber. • 2011 : starting the year of the big hacks • Part of global cyber war organized (Anonymous. Lulzsec, government and crime org) advanced and persistent more sophisticated hacktivism affected by arab spring. Sony's PlayStation Network- 77 million PlayStation Network accounts hacked; Sony is said to have lost millions while the HTML5 2011 A splinter group of Anonymous called Lulzsec appeared and went on what they termed '50 Days of Lulz' where they hacked a wide rangeof sites just for laughs. site wasdown for a month. Largest financial crime in history Group stole 160 millioncredit cards and over hundreds of millions in criminal loot. The hacks in question began in 2005 and continued through 2007. The ring was first busted back in 2008. Heartland Payment Systems, Nasdaq 7-Eleven, Inc. 2012 7 billion people using the internet New York Times and associated press Twitter hacked by Syrian group. Ever note hack: 50 million users forced to reset passwords. 2013 Adobe admits 2.9M customer Revised accounts have been compromised. New PCI-DSS new OWASP Top 10 Quotium