“Revenge of the Geeks, Hacking Fantasy Football Sites”

By   ISBuzz Team
Writer , Information Security Buzz | Nov 14, 2013 01:48 am PST

NT OBJECTives CTO Dan Kuykendall to Present “Revenge of the Geeks, Hacking Fantasy Football Sites” at AppSec USA 

NT OBJECTives (NTO), provider of the most automated, comprehensive and accurate web application security software announced today that company co-CEO and CTO Dan Kuykendall will present “Revenge of the Geeks, Hacking Fantasy Football Sites,” at the AppSec USA Conference taking place November 18-21 in New York City.

AppSec USA, an OWASP Foundation event, is a world-class software security conference for technologists, auditors, risk managers and entrepreneurs and features the world’s top practitioners sharing the latest research and practices.  In his presentation, “Revenge of the Geeks, Hacking Fantasy Football Sites,” Kuykendall will walk attendees through the anatomy of a hack against popular fantasy football and baseball mobile applications showing every “sneak play” required to control the application and win the Big Game. The tools and techniques used in this hack can be applied against any mobile application as these applications leverage rich new formats like JSON and REST to deliver a rich user experience found in today’s mobile applications, and not surprisingly, are exposing the same familiar vulnerabilities like SQL and command injection.

Kuykendall will go on to explain how mistakes with the application’s session management can allow would-be hackers to break down the nested communication formats and inject targeted payloads to manipulate team lineups. He will also share how hackers could also post false comments on the message board from the victims account.

After Kuykendall takes attendees through the hack, he will abstract these techniques, tie them directly to best practices, and apply them to other mobile applications so participants will walk away with specific tools and techniques to better understand mobile back-end hacking.  The best practices discussed, 7 Characteristics of a Secure Mobile App, have been featured as part of a series of AppSec USA presentation preview pieces currently being published on CSO, a leading online news site.

AppSec USA will take place November 18-21 from 9:00 a.m. to 4:00 p.m. at the New York Marriott Marquis. The full agenda can be found at: http://appsecusa.org/2013/schedule/.

WHAT: Session: Revenge of the Geeks, Hacking Fantasy Football Sites

WHEN: Wednesday, November 20, 2013, 2:00 p.m

WHO: Dan Kuykendall, co-CEO and CTO, NT OBJECTives

WHERE: AppSec USA, Marriott Marquis, New York City

Click to Tweet: @dan_kuykendall to present “Revenge of the Geeks, Hacking Fantasy Football Sites” at @appsecusa on 11.20. Join Us! http://bit.ly/19KxV6u

About NT OBJECTives, Inc.

NT OBJECTives, Inc. (NTO) is a provider of most automated, comprehensive and accurate web application security software, services and SaaS. NTO’s customizable suite of solutions includes application security testing, SaaS scanning and in-depth consulting services to help companies build the most comprehensive, efficient and accurate web application security program. NT OBJECTives is privately held with headquarters in Irvine, CA. For more information, visit www.ntobjectives.com or follow us on Twitter at @ntobjectives or @dan_kuykendall.