On the 3rd day of Christmas the hackers gave to Johnny Insecure Direct Object Reference on a critical system that provided full admin access to the application because.... Johnny made a mistake and forget to add a rule to deny any to a obscure management port http://yourwebsite.com/secret/adminconsole:8050
On the 4th day of Christmas the hackers gave to Johnny.... A FREE .PDF Book on how to find application security flaws and the NEW video series from AppSecUSA 2013 (43) Videos and 32 hrs of content
On the 5th day of Christmas the malicious hackers parked in front of Johnnies favorite coffee shop and conducted a man-in-the-middle hot-spot honeypot -- then proved to Johnny that "Password1" is not a good password and how quickly a hash can be cracked
On the 6th day of Christmas the hackers gave to Johnny code snips of critical system code on the new secret internal project that they picked up from PasteBin
On the 7th day of Christmas a hacker breached Johnnies door using a "9999" cut bump key on door #1, a shim on the padlock that secured important information and placed a "boom" sign inside my top right desk draw that was locked to prove a point about my lame physical security... --- seems they also drank his 18 year old scotch too!
On the 8th day of Christmas the hackers returned to Johnny a bag of dumpster diving treasure to point out lack of cross-cut shreder that included bills from trusted vendors with account info, credit card carbons, internal printed emails, customer data and more...
On the 9th day of Christmas hackers hacked Johnny via an email aimed at his wife concerning a refund of a holiday purchase with targeted malware using a custom packer that bypassed my installed and updated corporate AV investment. After getting a remote shell they then popped Johnnies work laptop that was also connected to my home network that was unpatched due to the holiday freeze then exported the cert on the VPN client installed a keystroke logger on the computer that I use for business to capture the password.... ouch..
On the 10th day of Christmas the hackers gave to Johnnie a FREE audio blog to help educate him
On the 11th day of Christmas the hackers knocked down my e-commerce website during the busy online shopping season with a Denial of Service Tool
On the 12th day of Christmas hackers mailed a link... Johnny noticed his company was on the list of incidents involving the breach of personally identifying information (PII) and his information may have been in a dump of over 2M users due to his machine was infected with malware from Day #1
May all your Christmases be #FFFFFF