An Introduction to Web Application Security

Slides:



Advertisements
Similar presentations
Hands on Demonstration for Testing Security in Web Applications
Advertisements

A Demo of and Preventing XSS in.NET Applications.
Some general principles in computer security Tomasz Bilski Chair of Control, Robotics and Computer Science Poznań University.
Security Engineering II. Problem Sources 1.Requirements definitions, omissions, and mistakes 2.System design flaws 3.Hardware implementation flaws, such.
Software Engineering Institute Carnegie Mellon University Pittsburgh, PA Sponsored by the U.S. Department of Defense © 2000 by Carnegie Mellon.
Software Security Course Course Outline Course Overview Introduction to Software Security Common Attacks and Vulnerabilities Overview of Security.
Adversaries in Clouds: Protecting Data in Cloud-Based Applications Nick Feamster Georgia Tech.
Telenet for Business Mobile & Security? Brice Mees Security Services Operations Manager.
User Group 2015 Security Best Practices. Presenters Steve Kelley, COO 31 years experience building and managing operations and service delivery organizations.
SOFTWARE SECURITY EDUCATION WHAT NEXT???? Submitted by Srinath Viswanathan Srinivas Gudisagar
INSERT GRAPHIC SQUARE HERE World Wide Web EPC Network DNS Authoritative system that routes requests for Web sites and ONS Authoritative record of.
Copyright 2007 © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Internet of Things Top Ten. Agenda -Introduction -Misconception -Considerations -The OWASP Internet of Things Top 10 Project -The Top 10 Walkthrough.
Engineering Secure Software. A Ubiquitous Concern  You can make a security mistake at every step of the development lifecycle  Requirements that allow.
An Ad Hoc Writable Rule Language for White-Box Security Scanners Author:Sebastian Schinzel Referent:Prof. Dr. Alexander del Pino Korreferent:Prof. Dr.
12 Steps to Cloud Security A guide to securing your Cloud Deployment Vishnu Vettrivel Principal Engineering Lead,
nd Joint Workshop between Security Research Labs in JAPAN and KOREA Marking Scheme for Semantic- aware Web Application Security HPC.
COMP9321 Web Application Engineering Semester 2, 2015 Dr. Amin Beheshti Service Oriented Computing Group, CSE, UNSW Australia Week 9 1COMP9321, 15s2, Week.
OWASP Building Secure Web Applications And the OWASP top 10 vulnerabilities.
Implementing Server Security on Windows 2000 and Windows Server 2003 Fabrizio Grossi.
Copyright © The OWASP Foundation This work is available under the Creative Commons SA 2.5 license The OWASP Foundation OWASP Denver February 2012.
ASP.NET 2.0 Security Alex Mackman CM Group Ltd
Engineering Secure Software. A Ubiquitous Concern  You can make a security mistake at every step of the development lifecycle  Requirements that allow.
SECURE DEVELOPMENT. SEI CERT TOP 10 SECURE CODING PRACTICES Validate input Use strict compiler settings and resolve warnings Architect and design for.
Lecture 19 Page 1 CS 236 Online 6. Application Software Security Why it’s important: –Security flaws in applications are increasingly the attacker’s entry.
Unvalidated Redirects & Forwards
Enhancing Network Security
COMP9321 Web Application Engineering Semester 2, 2017
An Introduction to Web Application Security
CSCE 548 Student Presentation By Manasa Suthram
Day 34- Identifying People With Data The Cost of Free
Web Application Vulnerabilities, Detection Mechanisms, and Defenses
Securing Your Web Application in Azure with a WAF
Security: Exploits & Countermeasures
Security: Exploits & Countermeasures
Configuring Windows Firewall with Advanced Security
Strategies & Tactics for Data Security
Chapter 17 Risks, Security and Disaster Recovery
Finding and Fighting the Causes of Insecure Applications
Marking Scheme for Semantic-aware Web Application Security
Relevance of the OWASP Top 10
Welcome To : Group 1 VC Presentation
Information Security: Risk Management or Business Enablement?
HTML Level II (CyberAdvantage)
Azure AD Deployment Are you maximising your Azure AD investment?
Research for Cyber Security Warwick University Industry Day 2018
مراجعه النظم Information Systems Audit
How are we keeping our company & clients safe?
Validating Your Information Security Program (ISP 3 of 3)
An Introduction to Web Application Security
Oklahoma City.
Kerberos Kerberos is an authentication protocol for trusted hosts on untrusted networks.
Virtual Patching “A security policy enforcement layer which prevents the exploitation of a known vulnerability”
AppExchange Security Certification
How to Mitigate the Consequences What are the Countermeasures?
Agenda About OWASP Upcoming Events
Finding and Fighting the Causes of Insecure Applications
BACHELOR’S THESIS DEFENSE
Security: Exploits & Countermeasures
Security: Exploits & Countermeasures
Security: Exploits & Countermeasures
CS 575 – Drexel University – Fall 2007
6. Application Software Security
Security: Attacks & Countermeasures
Security in the Real World – Plenary Day One
Session 1 – Introduction to Information Security
A snapshot into current Web Application vulnerabilities
Cloud Computing for Wireless Networks
Presentation transcript:

An Introduction to Web Application Security Class 1: Introduction to AppSec December 15th 2014 Daniel Somerfield Lead Consulting Developer ThoughtWorks

This Week’s Agenda December 15th: Introduction to AppSec December 16th: Injection December 17th: Vulnerable Authentication & Session Management December 18th: Cross-Site Scripting December 19th: Secure Development Process

Why is AppSec Important?

Sidebar: The Sky is Falling

Why is this difficult? Increasingly sophisticated adversary Complexity of software requirements Speed of technology evolution Lack of focus and under- standing in product organizations Challenges in cost / benefit analysis Technologies that simply were not designed with security in mind

Aspects of Application Security Operational / IT Security e.g. Firewall Configuration e.g. Network partitioning e.g. Password management e.g. Key management

Aspects of Application Security Security Policy & Governance e.g. Data retention e.g. Password expiration e.g. Encryption standards

Aspects of Application Security Engineering Practice and Process e.g. Secure coding e.g. Functional security concerns e.g. AppSec automation

The AppSec Roles Builder Defender Breaker

Sidebar: The Fortress & the Casino

Principals of Secure Coding Trusted & Untrusted Data Defense in Depth Positive Modeling Least Privilege

AppSec Anti-patterns Security Checkbox Compliance as Security Roll-your-own encryption and protocols Security through obscurity / complexity

OWASP “OWASP is an open community dedicated to enabling organizations to conceive, develop, acquire, operate, and maintain applications that can be trusted.” OWASP Top 10 OWASP Tools and Projects AppSec Conferences

References OWASP. https://www.owasp.org/ Krebs on Security. http://krebsonsecurity.com/

This Week’s Agenda December 15th: Introduction to AppSec December 16th: Injection December 17th: Vulnerable Authentication & Session Management December 18th: Cross-Site Scripting December 19th: Secure Development Process

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.