SecTor 2025 | 5 Years of Attack Surface Analysis in Canada

Since 2019, the Hackfest community has led an ongoing initiative to analyze the public-facing attack surface of provincial governments in Quebec and Ontario, as well as federal and municipal systems. The objective: to objectively measure and report on the cybersecurity posture of our governments. In this session, we will present the findings of our fourth large-scale assessment and offer a candid discussion on the current state of government cybersecurity in Canada. Our analysis includes attack surface metrics, exposed legacy systems, insecure web applications, and the accessibility of critical infrastructure from the public internet. We will highlight basic security failures such as thousands of misconfigured HTTPS sites, 20-year-old legacy systems still in use, websites vulnerable to fundamental attacks like XSS and SQL injection, and more. These findings paint a clear picture: cybersecurity remains a low priority in the protection of citizens' data and critical infrastructures across multiple levels of government. Join us for an evidence-based dive into what the data reveals — and where we must go from here. By: Patrick Roy | Information Security Advisor, CISSP, Patrick Mathieu | Owner, Hackfest.ca & Product Security Leader, Hackfest Capt(ret) Steve Waterhouse | CEO and Founder, INFOSECSW https://ift.tt/EtdoKcy

source https://www.youtube.com/watch?v=XJsgBd3Hbes