Atlanta, GA (PRWEB) August 27, 2013
With a range of new software and web-based threats regularly exploited by nation-state hackers, organized crime, and sophisticated hacktivist groups, Hacker Halted USA, a leading information security conference in the US is hosting a range of advanced technical talks on new threats that enterprises need to consider. Hacker Halted USA runs from September 19-21 in Atlanta.
“This year’s conference covers a variety of looming threats for the enterprise, from new mobile-based attacks, cloud vulnerabilities, SCADA exploits, encryption threats - and, perhaps most importantly, software and web-based attacks,” said Eric Lopez, director of conferences and events at EC-Council. “Several leading researchers in these fields will be presenting their findings at Hacker Halted USA - from browser botnets to IPv6.”
Here are a few highlighted talks at this year’s Hacker Halted USA:
• Adventures in Large Scale HTTP Header Abuse - Zach Wolff, LogRhythm - While the technique of sending malicious data through HTTP Header fields is not new, there is a conspicuous lack of information on the topic. This presentation explores research and testing results of random auditing of 1.6 million websites. The speaker will address the history of HTTP Header attacks, the logic that went into the creation of an HTTP Header Audit tool, and most interestingly, the findings of the test run. How many vulnerable websites were discovered? What attacks were they most susceptible to? Which Header fields are most likely to be vulnerable? Finally, the presentation will discuss defensive techniques around HTTP header abuse and how to efficiently audit a sites HTTP Header fields for vulnerabilities.
• The State of SAP Security 2013 - Dmitry Chastuchin, ERPScan - ERP Systems based on SAP are the heart of any large company, so it is necessary to increase awareness in this area, especially after the Anonymous attack on Greece Government where, probably, 0-day SAP vulnerability was used (however this information was neither proven nor refuted). ERP systems enable all the critical business processes from procurement, payment to human resources and financial planning. All the data stored in ERP systems is of great importance and any illegal access can mean enormous losses probably even termination of business processes.
• Wassup MOM? Owning the Message-Oriented Middleware - Gursev Kalra, Foundstone - Message Oriented Middleware (MOM) allows disparate applications to communicate with each other by exchanging information in the form of messages. A MOM and its clients create an enterprise messaging application that forms the transactional backbone of several large organizations worldwide. Security is therefore an important aspect of these applications. This research analyzes enterprise messaging security from three different perspectives: (1) The first perspective derives from the fact that most of the enterprise messaging products support the vendor-agnostic Java Messaging Service (JMS) API and therefore, focuses on the offensive uses of the JMS API to attack an enterprise messaging application. (2) The second perspective revolves around a JMS compliant message broker (or MOM) as message brokers form the core of the enterprise messaging.