You are viewing content from a past/completed QCon

Presentation: How Much Does It Cost to Attack You?

Track: Trust, Safety, & Security

Location: Soho Complex, 7th fl.

Duration: 5:25pm - 6:15pm

Day of week: Tuesday

Share this on:

This presentation is now available to view on InfoQ.com

Watch video with transcript

Abstract

How much does it cost to attack you and what are attackers getting out of it?   Attacks, breaches, exploits, and malware are nearly a daily occurrence. Why aren’t billion-dollar products solving the problems we’ve had for decades? The problem is two-fold, attacks are getting cheaper to perform and the value of an attack is increasing daily. This is leading to increasingly sophisticated tools attacking platforms that have not kept up.  

In this session, Jarrod will describe the cost vs value justification of an attack, how it shifts over time, and why it means that silver bullets just don’t exist. We’ll walk through the evolution of one of the cheapest modern attacks, credential stuffing, and see what attackers do after they have data and access.

Attackers are clever fraudsters, when you see how cheap it is to exploit you and how much value they wring out of your data it will help you prioritize better protection for yourself and in the software you write.

Speaker: Jarrod Overson

Software Engineer @ShapeSecurity

Jarrod is a Director of Engineering at Shape Security where he led the development of Shape's Enterprise Defense. Jarrod is a frequent speaker on modern web threats and cybercrime and has been quoted by Forbes, the Wall Street Journal, CNET among others. He’s the co-author of O’Reilly’s Developing Web Components, creator of Plato, a static analysis tool for web applications, and frequently writes and records topics about reverse engineering and automation.

Find Jarrod Overson at

Tracks

  • Devex & Teams

    Explore how to reduce developer friction between teams and stakeholders.

  • Blameless Culture

    Absorb the lessons learned from failures and outages in a human-centric process.

  • Modern CS in the Real World

    Learn how companies are applying recent CS research to tackle concurrency, distributed data, and coordination.

  • Architectures You’ve Always Wondered About

    Next-gen architectures from the most admired companies in software.

  • Bare Knuckle Performance

    Learn from practitioners on the challenges and benefits of architecting for performance and much more.

  • Java - The Interesting Bits

    Learn the new features in the recent and near-future releases of Java and the JVM and what they offer.

  • Ethical Considerations in Consciously Designed Software

    Design considerations for various contexts, locations, security and privacy requirements.

  • Operating Microservices

    Learn from practitioners operating and evolving systems in performance demanding environments.

  • Security

    Learn how to make security an inherent part of the software development process.

  • Native Compilation Is Back (A Look at Non-Vm Compilation Targets)

    Issues with native compilation for in browser-based and server-side environments

  • Trouble-Shooting in Production

    Learn debugging strategies for complex and high stakes environments where standard debuggers and profilers fail.

  • Predictive Architectures and ML

    Explore the systems and designs covering the full loop from machine learning to inferencing.

  • Data Engineering on the Bleeding Edge

    Explore the latest trends in data engineering that help improve the life of the developer

  • Production Readiness

    Observability, emergency response, capacity planning, release processes, and SLOs for availability and latency.

  • Humane Leadership

    A look at leadership with an emphasis on empathy, taking chances and building other leaders within organizations and teams