Kevin is a Director leading Sikich’s cybersecurity teams responsible for penetration testing and DFIR. Kevin is the creator of the MiniPwner, a pocket-size penetration testing device used to gain remote access to a network. He’s also an author, instructor and frequent conference speaker. Kevin has a Master of Science Degree in Information Security Engineering from the SANS Institute and holds numerous industry certifications.
Many ecommerce sites work to reduce their card data breach risk and PCI compliance burden by using an iframe or redirect to an outsourced payment gateway. As a PCI forensic investigator, Kevin routinely investigates successful card breaches on websites using this payment model. This presentation will explain browser origin security controls and demonstrate common cross-site and cross-origin attacks that can allow card-data theft from iframe and redirect-based payment flows. Finally, the talk will provide guidance for website developers and security professionals to prevent and detect these weaknesses.
Yes, everybody registered will be emailed the recording copies.
At the moment, we’re planning on presenting S3CCON 2021 as a completely virtual event. If we decide to change and include some in person portions, we will let everybody know.
Please email firstname.lastname@example.org with details regarding your interest or complete one of the forms linked on the home page.
Email email@example.com your question.