Web Portals, Gateway To Information Or A Hole In Our Perimeter Defenses

No ratings

Presented at ShmooCon 2008 by

If web portals can be used to aggregate information and resources from multiple locations, and deliver it to users at a single point of access. Could an attacker use these same functions and features to gain access into unauthorized internal systems? In this presentation we will explore using a web portal interface to query resources behind the firewall by tunneling request through the portal services using a cross-site-scripting (XSS) like vulnerabilities. Bio: Deral Heiland CISSP Serves as a Senior Information Security Analyst for a fortune 500 company. In addition Deral is the founder of Layered Defense Research and co-founded of Ohio Information Security Forum a non-profit organization focused on information security training and education. With over 15 years of work in the Information Technology field, Deral has held prior positions including: Senior Network Analyst, Network Administrator, Database Manager, and Financial Systems Manager.