Hacker-Powered Data: The Most Common Security Weaknesses and How to Avoid Them
As software dependence grows and data volumes swell to new highs, security teams often see a deluge of incoming vulnerabilities from scanners, pen tests, and bug bounty programs. Using eight years of never before seen data from 1,800+ bug bounty programs and over 160,000 valid vulnerabilities found, this talk offers a focus for security teams based on analysis of what hackers actually exploit in the wild and what companies actually value. Attendees will discover common weaknesses such as Violation of Secure Design Principles, Information Disclosure, Denial of Service, VPN and Cryptographic Issues, and how attackers could exploit these prevalent vulnerabilities. Walk away with insights into the most common security weaknesses to better defend against them.