Kevin Bong

Kevin is a Director leading Sikich’s cybersecurity teams responsible for penetration testing and DFIR. Kevin is the creator of the MiniPwner, a pocket-size penetration testing device used to gain remote access to a network. He’s also an author, instructor and frequent conference speaker. Kevin has a Master of Science Degree in Information Security Engineering from the SANS Institute and holds numerous industry certifications.

Session Topic:

Stealing credit cards from iframe and redirect-based ecommerce applications

Many ecommerce sites work to reduce their card data breach risk and PCI compliance burden by using an iframe or redirect to an outsourced payment gateway. As a PCI forensic investigator, Kevin routinely investigates successful card breaches on websites using this payment model. This presentation will explain browser origin security controls and demonstrate common cross-site and cross-origin attacks that can allow card-data theft from iframe and redirect-based payment flows. Finally, the talk will provide guidance for website developers and security professionals to prevent and detect these weaknesses.

Kevin Bong Headshot




Will the recordings be available after the event?

Yes, everybody registered will be emailed the recording copies.

can i attend the event in person?

At the moment, we’re planning on presenting S3CCON 2021 as a completely virtual event. If we decide to change and include some in person portions, we will let everybody know.

I'm interested in being a s3ccon partner or speaker. What should I do?

Please email with details regarding your interest or complete one of the forms linked on the home page.

my question wasn't listed here.

Email your question.