townships use planning, partnerships to tackle road work on
TRANSCRIPT
The NeedSoftware Defect Vulnerabilities Tend To Be In 2 Categories Vendor Provided Software -> You will hopefully get a patch from the
vendor
Custom Application Code -> Developers are traditionally not good at writing secure code!
Prior to 2011 . . .MasterCard University’s Secure Code Course – online, self-paced and needed to be more interactive
If the priority is to protect MasterCard’s assets, we need a more impactful approach!
The Solution
DISRUPT: Born 2012
Created by Corporate Security and MasterCard Labs
Innovative and impactful approach to training
o 2-Day Challenge/Contest approach
o Highly interactive
The Solution
2-day “Capture the Flag “ contest
Training on types of code security vulnerabilities
Simulated MasterCard environment containing 2 contest applications
Participants compete to find application vulnerabilities to hack
Automated scoring system
The Solution
Trivia and door prizes
Wrap-upo Location of vulnerabilities
o How to fix vulnerabilities
Top 3 Winners named
Participants received cool event SWAG and information security education credits
The Solution2 Vulnerable Web Applications
o Insecure Walleto Hackbook
Types of Challengeso SQL Injectiono Cross-Site Scripting (XSS)o Cross-Site Request Forgery (CSRF)o Direct Object Referenceo Session Hijackingo Default username/password