AppSec California 2020, January 21-24 at the Annenberg Beach House, Santa Monica, CA
Thursday, January 23 • 10:55am - 11:45am
The State of Credential Stuffing and the Future of Account Takeovers

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
Credential Stuffing has existed since the first leaked password but has exploded in the past 3 years. Why? What has changed and where does it go from here?

The tools that enable credential stuffing attacks and other OWASP Automated Threats are converging on a single strategy, the complete imitation of user behavior and characteristics – real user behavior on real devices on real home networks. This level of extreme mimicry makes discerning good from bad difficult and the web is having a hard time keeping up.

This level of sophistication is not cheap and is only possible because the cost vs value of modern credential stuffing attacks is weighted dramatically in an attacker's favor.

After this session you'll:
- Understand the cost vs value of modern attacks and why the economics are driving greater sophistication.
- Learn how attacks have evolved and how attackers are bypassing all modern defenses.
- See how account takeover attacks are diversifying with other malware and why MFA is not a silver bullet.

avatar for Jarrod Overson

Jarrod Overson

Director, F5
Jarrod is a Director of Engineering at Shape Security where he led the development of Shape's Enterprise Defense. Jarrod is a frequent speaker on modern web threats and cybercrime and has been quoted by Forbes, the Wall Street Journal, CNET among others. He’s the co-author of O’Reilly’s... Read More →

Thursday January 23, 2020 10:55am - 11:45am PST
Club Room