YoVDO

Why the LinkedIn Hack Could Be Your Biggest AppSec Threat

Offered By: LASCON via YouTube

Tags

LASCON Courses Cybersecurity Courses Threat Intelligence Courses Anomaly Detection Courses Application Security (AppSec) Courses Web Security Courses Rate Limiting Courses

Course Description

Overview

Explore the critical issue of account takeover (ATO) attacks in this 47-minute LASCON conference talk. Delve into the long-term impact of hacks like the 2012 LinkedIn breach, which resulted in a two-phase attack spanning years. Learn about the collection and compromise phases of ATO attacks, and how hackers use bots to exploit stolen data across multiple networks. Discover various approaches to combat ATO, including threat intelligence, rate limiting, and anomaly detection. Gain insights from IMMUNIO CTO Mike Milner on attacker tactics, such as evading rate limits and bypassing CAPTCHA protection. Understand the financial implications of ATO attacks and the importance of maintaining user trust. Examine different security measures, from strong login processes to U2F and phone apps, and explore the balance between security and user experience. Get introduced to a new tool for experimenting with Credential Stuffing attacks and learn how to build better defenses by understanding attacker methodologies.

Syllabus

Intro
Password manager poll
Why hackers are interested in this
Financial fraud theft
Account takeover
Virtual currency
Spam
Twitter
Other breaches
Techniques
Credential stuffing
Adobe breach
Great website hack
Username database
Credentials
Email verification
Password dump
Code level vulnerabilities
Password managers
Ways to protect yourself
Strong login process
U2F
Phone apps
Brute force attacks
Balancing act
Rate limiting
Threat intelligence
Volume of attempts
JavaScript
Browser Fingerprint
User profiles
Sentry mba
Netflix
Spotify
CAPTCHAs
WTF
Local deployment
Credential dump database
Credential dump files
Resources


Taught by

LASCON

Related Courses

AWS SimuLearn: Edge Protection
Amazon Web Services via AWS Skill Builder
Securing API Servers - Key Concepts and Best Practices
freeCodeCamp
Securing your Network with Cloud Armor
Google via Google Cloud Skills Boost
Rate Limiting with Cloud Armor
Google Cloud via Coursera
Securing and Rate Limiting API calls using API Gateway
Google Cloud via Coursera