Hackers target security vulnerabilities

Alex Kayle
By Alex Kayle, Senior portals journalist
Johannesburg, 12 May 2009

Cyber criminals are exploiting security vulnerabilities in companies' systems to steal and make a profit from sensitive information.

This is according to WhiteHat Security founder and chief technology officer, Jeremiah Grossman, who will speak on security vulnerabilities at the ITWeb Security Summit being held at Vodaworld, Midrand from 26 to 28 May.

Grossman will reveal how marketing promotions are taken advantage of and how vulnerability scanners can identify SQL injection and cross-site scripting, which can lead to financial loss.

“Vulnerability scanners alone cannot identify every type of vulnerability and those they miss can be incredibly damaging - we call them business logic flaws,” says Grossman.

ITWeb Security Summit 2009

More information about the ITWeb Security Summit 2009 conference, which takes place from 26 to 28 May 2009 at Vodaworld is available online here.

He adds that overlooked vulnerabilities in an organisation's security system can be exploited and lead to cyber criminals taking advantage of those weaknesses for financial gain.

“Through real-world examples, it is important to understand what business logic flaws are and how they can be best defended against,” states Grossman.

Hacking made simple

According to Grossman, the general public mistakenly believe that cyber criminals who profit illicitly require sophisticated hacking skills. He points out that these days, almost anybody can hack into IT systems and steal confidential and sensitive information to sell to the underground criminal market.

“What is not well-known is that large sums of money can and have been pilfered from Web-based businesses using extremely simplistic methods as well.”

Grossman is the co-founder of the Web Application Security Consortium and was named one of InfoWorld's Top 25 CTOs for 2007. Prior to working at WhiteHat, Grossman was an information security officer at Yahoo.

Related stories:
Speakers reveal top security issues
Privacy not a guarantee
Is open source safer?
Information warfare rages
Hackers go underground
Cyber-crime takes off
Fraudsters cash out