AppSecUSA 2015 has ended
AppSecUSA 2015 - Buy ticket at http://2015.appsecusa.org/buy/
Back To Schedule
Friday, September 25 • 11:30am - 12:25pm
The State of Web Application Security in SCADA Web Human Machine Interfaces (HMIs) !

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Human Machine Interfaces (HMIs) are the subsets of the Supervisory Control and Data Acquisition (SCADA) systems. HMIs are control panels that provide interfaces for humans to interact with machines and to manage operations of various types of SCADA systems. HMIs have direct access to SCADA databases including critical software programs. The majority of SCADA systems have web-based HMIs that allow the humans to control the SCADA operations remotely through Internet.
This talk discusses the insecure development practices followed by SCADA developers while designing web HMIs that lead to inherent application level vulnerabilities. This talk digs deeper into the design models of various SCADA systems to highlight security deficiencies in the existing SCADA HMI deployments from application security point of view. In this talk, several real time case studies will be discussed to highlight the state of application security in the field of SCADA. This talk unveils various flavors of vulnerabilities in web-based SCADA HMIs including but not limited to remote or local file inclusions, insecure authentication through clients, weak, insecure web-services, weak cryptographic design, cross-site request forgery, and many others. The research is driven with a motivation to secure SCADA devices and to build more intelligent solutions by hunting vulnerabilities in SCADA HMIs. A number of vulnerabilities will be demonstrated in SCADA web HMIs. In addition, this talk also discusses how OWASP standards can be used by SCADA developers as baselines to develop robust SCADA web HMIs to defend application layer attacks

avatar for Aditya K Sood

Aditya K Sood

Director, Symantec
Dr. Sood is an information security practitioner and researcher by profession. Dr. Sood has research interests in malware automation and analysis, cloud security, secure software design and cybersecurity. He is also a founder of SecNiche Security Labs, an independent web portal for... Read More →

Friday September 25, 2015 11:30am - 12:25pm PDT
Room D