Updated Posts :

  • The Post "Attacker Classes and Pyramid " has been updated to the third iteration. The post was updated in terms of coherency but I also added my OWASP BENELUX presentation entitled "The Rise of the Vulnerability Markets - History, Impacts and Mitigations". The presentation underlines the rationale behind the Attacker centric concept and the proposed Attacker Triad.
Slide Deck :
 

Notable excerpts : 
The analysis of 54 exploit kits (mapped to the Opportunitsts/Mass-market class) lead to the following results:
Results : In order to protect against all tracked exploit-kits you had to patch 19 vulnerabilities in 2009, 24 in 2010 and 4 in 2011. That should be hardly a challenge and confirms the sophistication put forward in the Attacker Triad.

 The analysis of 54 exploit kits (Source: Contagio) lead to the following results:


1 comments

EAP-TTLS said... @ 11 December, 2012 12:14

There is a perception that WPA and WPA2, using TKIP and AES, make the wireless network secure, and they do - as long as these solutions are deployed correctly. WPA and WPA2 deployed using pre-shared keys (personal mode) do not make the wireless network more secure than using WEP encryption. Weak passwords that users typically employ are vulnerable to password cracking attacks, and the same passwords are often used indefinitely.

Post a Comment