security hole #18 - security matters
TRANSCRIPT
![Page 1: Security Hole #18 - Security Matters](https://reader035.vdocuments.mx/reader035/viewer/2022062523/5870e3881a28abcf288b53c3/html5/thumbnails/1.jpg)
dddd
![Page 2: Security Hole #18 - Security Matters](https://reader035.vdocuments.mx/reader035/viewer/2022062523/5870e3881a28abcf288b53c3/html5/thumbnails/2.jpg)
![Page 3: Security Hole #18 - Security Matters](https://reader035.vdocuments.mx/reader035/viewer/2022062523/5870e3881a28abcf288b53c3/html5/thumbnails/3.jpg)
We are small company
We don’t have anything important
We don’t have payments
Nobody would hack us
![Page 4: Security Hole #18 - Security Matters](https://reader035.vdocuments.mx/reader035/viewer/2022062523/5870e3881a28abcf288b53c3/html5/thumbnails/4.jpg)
All about money
The question is not IF hackedThe Question is WHEN
![Page 5: Security Hole #18 - Security Matters](https://reader035.vdocuments.mx/reader035/viewer/2022062523/5870e3881a28abcf288b53c3/html5/thumbnails/5.jpg)
Consequences of Security FAILURE
TrustMoney
Datastolen
Timeto recover
Penaltiesfor
incident
Customers
Reputation
![Page 6: Security Hole #18 - Security Matters](https://reader035.vdocuments.mx/reader035/viewer/2022062523/5870e3881a28abcf288b53c3/html5/thumbnails/6.jpg)
![Page 7: Security Hole #18 - Security Matters](https://reader035.vdocuments.mx/reader035/viewer/2022062523/5870e3881a28abcf288b53c3/html5/thumbnails/7.jpg)
Let’s go deeper
![Page 8: Security Hole #18 - Security Matters](https://reader035.vdocuments.mx/reader035/viewer/2022062523/5870e3881a28abcf288b53c3/html5/thumbnails/8.jpg)
Non-critical application
![Page 9: Security Hole #18 - Security Matters](https://reader035.vdocuments.mx/reader035/viewer/2022062523/5870e3881a28abcf288b53c3/html5/thumbnails/9.jpg)
Scanners win!
![Page 10: Security Hole #18 - Security Matters](https://reader035.vdocuments.mx/reader035/viewer/2022062523/5870e3881a28abcf288b53c3/html5/thumbnails/10.jpg)
Or no?
![Page 11: Security Hole #18 - Security Matters](https://reader035.vdocuments.mx/reader035/viewer/2022062523/5870e3881a28abcf288b53c3/html5/thumbnails/11.jpg)
Restrictions
![Page 12: Security Hole #18 - Security Matters](https://reader035.vdocuments.mx/reader035/viewer/2022062523/5870e3881a28abcf288b53c3/html5/thumbnails/12.jpg)
But…let’s come back to registration page
![Page 13: Security Hole #18 - Security Matters](https://reader035.vdocuments.mx/reader035/viewer/2022062523/5870e3881a28abcf288b53c3/html5/thumbnails/13.jpg)
But…let’s come back to registration page
![Page 14: Security Hole #18 - Security Matters](https://reader035.vdocuments.mx/reader035/viewer/2022062523/5870e3881a28abcf288b53c3/html5/thumbnails/14.jpg)
Clientside restrictions bypass
![Page 15: Security Hole #18 - Security Matters](https://reader035.vdocuments.mx/reader035/viewer/2022062523/5870e3881a28abcf288b53c3/html5/thumbnails/15.jpg)
Clientside restrictions bypass
![Page 16: Security Hole #18 - Security Matters](https://reader035.vdocuments.mx/reader035/viewer/2022062523/5870e3881a28abcf288b53c3/html5/thumbnails/16.jpg)
alert(‘win’)
![Page 17: Security Hole #18 - Security Matters](https://reader035.vdocuments.mx/reader035/viewer/2022062523/5870e3881a28abcf288b53c3/html5/thumbnails/17.jpg)
XSS can do more
![Page 18: Security Hole #18 - Security Matters](https://reader035.vdocuments.mx/reader035/viewer/2022062523/5870e3881a28abcf288b53c3/html5/thumbnails/18.jpg)
XSS can do more
![Page 19: Security Hole #18 - Security Matters](https://reader035.vdocuments.mx/reader035/viewer/2022062523/5870e3881a28abcf288b53c3/html5/thumbnails/19.jpg)
and even more
![Page 20: Security Hole #18 - Security Matters](https://reader035.vdocuments.mx/reader035/viewer/2022062523/5870e3881a28abcf288b53c3/html5/thumbnails/20.jpg)
And the most interesting part
![Page 21: Security Hole #18 - Security Matters](https://reader035.vdocuments.mx/reader035/viewer/2022062523/5870e3881a28abcf288b53c3/html5/thumbnails/21.jpg)
Database access
![Page 22: Security Hole #18 - Security Matters](https://reader035.vdocuments.mx/reader035/viewer/2022062523/5870e3881a28abcf288b53c3/html5/thumbnails/22.jpg)
Changing admin password
![Page 23: Security Hole #18 - Security Matters](https://reader035.vdocuments.mx/reader035/viewer/2022062523/5870e3881a28abcf288b53c3/html5/thumbnails/23.jpg)
Skype: ghost-bel
![Page 24: Security Hole #18 - Security Matters](https://reader035.vdocuments.mx/reader035/viewer/2022062523/5870e3881a28abcf288b53c3/html5/thumbnails/24.jpg)
OWASP Lviv Team