The State of Credential Stuffing and the Future of Account Takeovers
Offered By: OWASP Foundation via YouTube
Course Description
Overview
Explore the current landscape of credential stuffing attacks and the evolving nature of account takeovers in this comprehensive conference talk. Delve into the economics of these attacks, including costs, distribution methods, and return on investment. Learn about combo lists, various defense mechanisms like IP rate limiting and CAPTCHAs, and the challenges posed by dynamic sites. Examine techniques used to identify bots, including browser fingerprinting and non-human behavior detection. Discover how attackers bypass multifactor authentication and explore advanced fraud techniques such as resident scripts and browser extensions. Gain insights into emerging threats beyond credential stuffing, including Genesis marketplaces and advanced malware. Understand the importance of risk scoring and collaborative efforts in combating fraud.
Syllabus
Introduction
How Much Does It Cost
Distribute Globally
Cost
Rate Of Return
How To Start
What Are Combo Lists
IP Rate Limiting
CAPTCHAs
Dynamic Sites
Host Header Order
Consumer Browsers
Browser fingerprinting
Fraudfox
Identifying Bots
NonHuman Behavior
Browser Automation Studio
Browser Consistency Check
Browser Fingerprints
Emulation
Multifactor authentication does not stop credential stuffing
How to bypass multifactor authentication
Logging into your bank
Resident script
Browser extensions
Exploit a developer machine
What is beyond credential stuffing
We are raising the cost
Genesis
One Unit
Known Resources
Fingerprints
Risk Scores
Dont Screw Your Buddies
Advanced Malware
Fraud Problems
Taught by
OWASP Foundation
Related Courses
Building Geospatial Apps on Postgres, PostGIS, & Citus at Large ScaleMicrosoft via YouTube Unlocking the Power of ML for Your JavaScript Applications with TensorFlow.js
TensorFlow via YouTube Managing the Reactive World with RxJava - Jake Wharton
ChariotSolutions via YouTube What's New in Grails 2.0
ChariotSolutions via YouTube Performance Analysis of Apache Spark and Presto in Cloud Environments
Databricks via YouTube