When we think of our apps being hacked, we typically think of the common acronyms that cover technical vulnerabilities: XSS, CSRF, SQLi, etc. (Cross-Site Scripting, Cross-Site Request Forgery, SQL Injection, etc). While these vulnerabilities are important and we do need to be aware of how to avoid them, they aren’t the only threat we need to consider. We also need to consider the human vulnerabilities, the weaknesses that target the human between the keyboard and chair.
We will look at recent examples of social engineering, such as the attack of Twitter in 2020, and the many stories of cryptocurrency vaults being plundered through SIM-swapping. We’ll also look at password reuse, brute force attacks, and credential stuffing, and even some hardware hacks that fool victims the old-fashioned way. The common thread in all of these cases… The vulnerability existed between a keyboard and chair.