Web Application Security

Slides:



Advertisements
Similar presentations
Service Manager for MSPs
Advertisements

HI-TEC 2011 SQL Injection. Client’s Browser HTTP or HTTPS Web Server Apache or IIS HTML Forms CGI Scripts Database SQL Server or Oracle or MySQL ODBC.
Creating Stronger, Safer, Web Facing Code JPL IT Security Mary Rivera June 17, 2011.
DEV333. Describe each main attack Demo how the attack works Fix our poor vulnerable application! Why Script Kiddies, Why? Click to Hack.
WebGoat & WebScarab “What is computer security for $1000 Alex?”
Windows Windows Phone Azure … and WakeUpAndCode.com.
-Ajay Babu.D y5cs022.. Contents Who is hacker? History of hacking Types of hacking Do You Know? What do hackers do? - Some Examples on Web application.
Securing Enterprise Applications Rich Cole. Agenda Sample Enterprise Architecture Sample Enterprise Architecture Example of how University Apps uses Defense.
Varun Sharma Security Engineer | ACE Team | Microsoft Information Security
+ Websites Vulnerabilities. + Content Expand of The Internet Use of the Internet Examples Importance of the Internet How to find Security Vulnerabilities.
Build Robust Web Apps in the Real WakeUpAndCode.com.
Intro to Entity Framework By Shahed Chowdhuri Don’t drown in database design during WakeUpAndCode.com.
Windows Web Xbox Mobile … and WakeUpAndCode.com.
Microsoft ASP.net Session Samar Samy Microsoft Student Partner.
Basic Developer Knowledge That Every SharePoint Admin Must Have Randy Williams, MVP MOSS Synergy Corporate Technologies
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 1 RubyJax Brent Morris/
Introduction To Web Application Security in PHP. Security is Big And Often Difficult PHP doesn’t make it any easier.
OWASP Top Ten #1 Unvalidated Input. Agenda What is the OWASP Top 10? Where can I find it? What is Unvalidated Input? What environments are effected? How.
How* to Win the #BestMicrosoftHack Shahed Chowdhuri Sr. Technical WakeUpAndCode.com *Hint: Use the Cloud.
SharePoint in the Education Space Presented by: Daniel Petersen Director of Business Solutions Applied Tech.
Windows iOS Android … and WakeUpAndCode.com.
Build Robust Web Apps in the Real WakeUpAndCode.com.
INFO 344 Web Tools And Development CK Wang University of Washington Spring 2014.
Example – SQL Injection MySQL & PHP code: // The next instruction prompts the user is to supply an ID $personID = getIDstringFromUser(); $sqlQuery = "SELECT.
SharePoint 2007 Business Intelligence October 23 th, 2008 Neil Iversen - Inetium.
Building web applications with the Windows Azure Platform Ido Flatow | Senior Architect | Sela | This session.
ASP.NET Core* Shahed Chowdhuri Sr. Technical WakeUpAndCode.com A Quick Overview of ASP.NET Core * aka ASP.NET 5 before.
ASP.NET Core* Shahed Chowdhuri Sr. Technical WakeUpAndCode.com A Quick Overview of ASP.NET Core RC2 * aka ASP.NET 5 before.
ASP.NET Core* 1.0 The Future of Web Apps Shahed Chowdhuri
Your Host & Speaker Shahed Chowdhuri Sr. Technical Microsoft Technology Areas Enterprise Web/Software Development Game Development Mobile.
Xbox One Dev Mode Shahed Chowdhuri Sr. Technical WakeUpAndCode.com Visual Studio, Unity, Construct 2, etc Dave Voyles Sr.
Your Host & Speaker Shahed Chowdhuri Sr. Technical Microsoft Technology Areas Enterprise Web/Software Development Game Development Mobile.
ASP.NET Core* Shahed Chowdhuri Sr. Technical WakeUpAndCode.com A Quick Overview of ASP.NET Core * aka ASP.NET 5 before.
Build Robust Web Apps in the Real WakeUpAndCode.com * aka ASP.NET 5 before RC1.
Intro to HoloLens Development Shahed Chowdhuri Sr. Technical WakeUpAndCode.com A new era of mixed reality.
ASP.NET Core* Shahed Chowdhuri Sr. Technical WakeUpAndCode.com Deploying Your Web Apps * aka ASP.NET 5 before RC1.
ASP.NET Core* in 2017 The Future of Web Apps Shahed Chowdhuri
PHP Assignment Help BookMyEssay. What is PHP PHP is a scripting language generally used on web servers. It is an open source language and embedded code.
SharePoint 2007 Business Intelligence
An Introduction to Web Application Security
Build and connect intelligent bots
Intro to HoloLens Development
Web Application Vulnerabilities, Detection Mechanisms, and Defenses
Unity 5 JumpStart Part 4: Sound Effects Shahed Chowdhuri
API Security Auditing Be Aware,Be Safe
Active Server Pages Computer Science 40S.
Solving the Hard Problems
Your Host & Speaker Shahed Chowdhuri
ASP.NET Core* 1.0 The Future of Web Apps Shahed Chowdhuri
Build and connect intelligent bots
Entity Framework Core*
Security of web applications.
Featuring: Microsoft Student Partners
Developing on a Mac For C# Developers Shahed Chowdhuri
A Quick Overview of ASP.NET Core 1.0
Unity 5 JumpStart Part 2: Ammo Collisions Shahed Chowdhuri
Part 3: Damage From Objects
Ace it!SM Tutoring Teacher Training
Part 1: Player Selection & Scores
ASP.NET Core* MVC and Web API Shahed Chowdhuri
Tech for Startups By Shahed Chowdhuri Sr. Technical Evangelist
Game Development with Unity and C#
Azure Mobile Services in the Cloud
Capturing Your Audience with Kinect
Deploy Your Web Site/App on Azure
Universal Apps For Windows 10 Shahed Chowdhuri
Unit 32 Every class minute counts! 2 assignments 3 tasks/assignment
Intro to HoloLens Development
ASP.NET Core 2.0 The Future of Web Apps Shahed Chowdhuri
Intro to HoloLens Development
Presentation transcript:

Web Application Security in the Real World Shahed Chowdhuri Sr. Technical Evangelist @ Microsoft @shahedC WakeUpAndCode.com

Cross-Site Scripting (XSS) Data Exposure Next Steps Q&A Agenda Overview SQL Injection Cross-Site Scripting (XSS) Data Exposure Next Steps Q&A Shahed Chowdhuri Web Application Security Overview SQL Injection Cross-Site Scripting (XSS) Data Exposure In the Real World Next Steps Q&A

Overview of Web Applications Web Server Internet Database Users

SQL Injection Enter your username and password… myusername ' or 1=1)# … but what if you can inject SQL code in the input field? Password Submit Enter your username and password…

SQL Injection Demo codebashing.com/sql_demo

SQL Injection in the Real World Link 1 Link 2 Link 4 Link 3

Solutions for SQL Injection Avoid SQL strings with parameters Encode user input in parameters Use framework-specific features

Cross-Site Scripting (XSS) Enter text: Hello World! … but what if you could submit script code? Submit Text Submitted: Enter some text and submit it…

XSS Demo google.com/about/appsecurity/learning/xss/#BasicExampl e

Cross-Site Scripting in the Real World Link 1 Link 2 Link 3

Solutions for XSS HTML-Encode <script> tags Strip out <script> tags Use framework-specific features

Data Exposure Perform an action that causes an error… Enter item: Error: servername.dbname in code file, line 21 New Item?!! … unnecessary information is displayed! Submit Text Submitted: Perform an action that causes an error…

Solutions for Data Exposure Don’t display unnecessary details Log errors in a database Provide an error code for troubleshooting

Next Steps: OWASP Top 10 OWASP Top 10

HP WebInpsect & Fortify Tools http://hp.com/go/fortify

Gartner Magic Quadrant for AST http://www.gartner.com/doc/reprints?id=1-2KU6OUB&ct=150806&st=sb

Q&A

Contact: SHAHED CHOWDHURI, Sr. Technical Evangelist @ Microsoft To apply for the Microsoft Student Partners program: Go to: http://aka.ms/mspapply2016 As an MSP, you will: build apps and demos demonstrate the newest technologies and host tech events on your campus acquire the tools and training to lead technology discussions on your campus build your global network with industry experts connect with like-minded students and faculty around the world attend trainings from Microsoft leaders to enhance your knowledge about cutting edge technologies be the one on your campus with insight and answers on Microsoft technologies   Does this describe you? Passionate about technology! Tech-savvy! Thrilled to learn new skills! Actively involved with student orgs! You could be the Microsoft rock star on campus! Contact: SHAHED CHOWDHURI, Sr. Technical Evangelist @ Microsoft shchowd@microsoft.com • http://WakeUpAndCode.com/msp

Contact Microsoft email: shchowd@microsoft.com Personal Twitter: @shahedC Dev Blog: WakeUpAndCode.com Email: shchowd@microsoft.com  Twitter: @shahedC

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.