Web Security Common security threats and hacking.

Slides:



Advertisements
Similar presentations
OWASP Application Security Verification Standard 2009
Advertisements

1
Copyright © 2003 Pearson Education, Inc. Slide 1 Computer Systems Organization & Architecture Chapters 8-12 John D. Carpinelli.
Chapter 1 The Study of Body Function Image PowerPoint
Copyright © 2011, Elsevier Inc. All rights reserved. Chapter 6 Author: Julia Richards and R. Scott Hawley.
Author: Julia Richards and R. Scott Hawley
1 Copyright © 2013 Elsevier Inc. All rights reserved. Chapter 3 CPUs.
1 Copyright © 2010, Elsevier Inc. All rights Reserved Fig 2.1 Chapter 2.
Properties Use, share, or modify this drill on mathematic properties. There is too much material for a single class, so you’ll have to select for your.
UNITED NATIONS Shipment Details Report – January 2006.
Business Transaction Management Software for Application Coordination 1 Business Processes and Coordination.
1 RA I Sub-Regional Training Seminar on CLIMAT&CLIMAT TEMP Reporting Casablanca, Morocco, 20 – 22 December 2005 Status of observing programmes in RA I.
Jeopardy Q 1 Q 6 Q 11 Q 16 Q 21 Q 2 Q 7 Q 12 Q 17 Q 22 Q 3 Q 8 Q 13
Jeopardy Q 1 Q 6 Q 11 Q 16 Q 21 Q 2 Q 7 Q 12 Q 17 Q 22 Q 3 Q 8 Q 13
Exit a Customer Chapter 8. Exit a Customer 8-2 Objectives Perform exit summary process consisting of the following steps: Review service records Close.
Create an Application Title 1A - Adult Chapter 3.
Custom Statutory Programs Chapter 3. Customary Statutory Programs and Titles 3-2 Objectives Add Local Statutory Programs Create Customer Application For.
DIVIDING INTEGERS 1. IF THE SIGNS ARE THE SAME THE ANSWER IS POSITIVE 2. IF THE SIGNS ARE DIFFERENT THE ANSWER IS NEGATIVE.
FACTORING ax2 + bx + c Think “unfoil” Work down, Show all steps.
40 Tips Leveraging the New APICS.org to the Benefit of Your Organization, Members, and Customers! 1.
1 Click here to End Presentation Software: Installation and Updates Internet Download CD release NACIS Updates.
1. 2 Objectives Become familiar with the purpose and features of Epsilen Learn to navigate the Epsilen environment Develop a professional ePortfolio on.
The OWASP Foundation Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under.
REVIEW: Arthropod ID. 1. Name the subphylum. 2. Name the subphylum. 3. Name the order.
© © QA Software Pty Ltd All rights reserved 1 Project Information Management Tools Inspection and Defects Management System for Projects By QA Software.
EU market situation for eggs and poultry Management Committee 20 October 2011.
Bright Futures Guidelines Priorities and Screening Tables
EIS Bridge Tool and Staging Tables September 1, 2009 Instructor: Way Poteat Slide: 1.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Mechelen - 06/02/2014 Telenet Security Day CYBER scrapings putting our 2 cents in.. Christian Van Heurck CERT.be coordinator CERT.be team.
VOORBLAD.
OWASP Secure Coding Practices Quick Reference Guide
Factor P 16 8(8-5ab) 4(d² + 4) 3rs(2r – s) 15cd(1 + 2cd) 8(4a² + 3b²)
Basel-ICU-Journal Challenge18/20/ Basel-ICU-Journal Challenge8/20/2014.
1..
© 2008 Security Compass inc. 1 Firefox Plug-ins for Application Penetration Testing Exploit-Me.
CONTROL VISION Set-up. Step 1 Step 2 Step 3 Step 5 Step 4.
© 2012 National Heart Foundation of Australia. Slide 2.
Services Course Windows Live SkyDrive Participant Guide.
Understanding Generalist Practice, 5e, Kirst-Ashman/Hull
GG Consulting, LLC I-SUITE. Source: TEA SHARS Frequently asked questions 2.
Addition 1’s to 20.
25 seconds left…...
Powered by Powered by Connecting Organizations, Building Community Michigan Cyber Range.
Week 1.
Analyzing Genes and Genomes
Prof.ir. Klaas H.J. Robers, 14 July Graduation: a process organised by YOU.
We will resume in: 25 Minutes.
©Brooks/Cole, 2001 Chapter 12 Derived Types-- Enumerated, Structure and Union.
Essential Cell Biology
Intracellular Compartments and Transport
PSSA Preparation.
Essential Cell Biology
Immunobiology: The Immune System in Health & Disease Sixth Edition
How Cells Obtain Energy from Food
Energy Generation in Mitochondria and Chlorplasts
Profile. 1.Open an Internet web browser and type into the web browser address bar. 2.You will see a web page similar to the one on.
What’s new in WebSpace Changes and improvements with Xythos 7.2 Effective June 24,

2 whoami The OWASP Foundation Nahidul Kibria Co-Leader, OWASP Bangladesh, Senior Software Engineer, KAZ Software Ltd.
Copyright © The OWASP Foundation This work is available under the Creative Commons SA 2.5 license The OWASP Foundation OWASP BeNeLux 2010
“The cost of cybercrime is greater than the combined effect on the global economy of trafficking in marijuana, heroin and cocaine”|
Can your team outwit, outplay and outlast your opponents to be the ultimate CyberSurvivor?
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Getting Started with OWASP The Top 10, ASVS, and the Guides Dave Wichers COO, Aspect Security OWASP Board Member OWASP Top 10 and ASVS Projects Lead.
Copyright © The OWASP Foundation This work is available under the Creative Commons SA 2.5 license The OWASP Foundation OWASP Denver February 2012.
Cyber Defence Intelligence
OWASP in favor of a more secure world
Presentation transcript:

Web Security Common security threats and hacking

The OWASP Foundation Nahidul Kibria Co-Leader, OWASP Bangladesh, Senior Software Engineer, KAZ Software Ltd. Writing code for fun and food. And security enthusiastic

The OWASP Foundation Shahee Mirza # Certified Ethical Hacker (C|EH). # Microsoft® Certified Systems Administrator. #Information Security Consultant, Nexus IT Zone. FB:

Why should we care?

5

6 Most sites are not secure! Attacker can access unauthorized data! They use your web site to attack your users!

7 Historically the web wasn’t designed to be secure Built for static, read only pages Almost no intrinsic security A few security features were “bolted-on” later

8 What does that mean? Cookie based sessions can be hijacked No separation of logic and data All client supplied data cannot be trusted

9 The vast majority of web applications have serious security vulnerabilities! Most developers not aware of the issues.

10

11

Web Application threat surface 12 XSS CSRF Click jacking Parameter tempering /sniffing FORGED TOKEN Directory Traversal DIRECT OBJECT REFERENCE SQL Injection XML Injection

13 Ajax Flash Silverlight Applets The attack surface is growing!

Some incident example 14

INSECURE-Mag-31 Study: Global cybercrime costs more than illegal drugs Global drug trade—about $288 billion

Common question is I’m inocent why should I will be target? 16 I don’t have any sensitive data. I’m not even serve any important data. I have no enemy

Answer is You have resource... May be a Multi-core processor...Bandwidth Attacker weaponize your pc to attack other or use you resource Turn your pc to zombie

Botnet-Just in brief 18

19 This is a problem

Network security and others 20

But developers 21

22

Quick Resource Guide 23

About OWASP OWASP’s mission is “to make application security visible, so that people and organizations can make informed decisions about true application” Attacker not use black art to exploit your application

220 Chapters 25

The OWASP Foundation OWASP Bangladesh Chapter Bangladeshi community of Security professional Globally recognized Open for all Free for all What do we have to offer? Monthly Meetings Mailing List Presentations & Groups Open Forums for Discussion Vendor Neutral Environments

(2010 Edition) OWASP Top 10 Web Application Security Risks (2010 Edition)

Application Developers 28 New attacks/ defense guideline Cheat Sheets Web Goat-emulator-designed to teach web application security lessons

The OWASP Enterprise Security API 29 Custom Enterprise Web Application Enterprise Security API Authenticator User AccessController AccessReferenceMap Validator Encoder HTTPUtilities Encryptor EncryptedProperties Randomizer Exception Handling Logger IntrusionDetector SecurityConfiguration Existing Enterprise Security Services/Libraries

Application Testers and Quality Assurance 30 Tools Testing guide/pentester Application Security Verification Standard Project

OWASP ZAP Proxy/ WebScarab 31

OWASP CSRFTester 32

Application Project Management and Staff 33 Define the process SDLC Code Review

OWASP Code Review Project Code review tool

OWASP Testing Framework 4.2 Information Gathering 4.3 Configuration Management Testing 4.4 Business logic testing 4.5 Authentication Testing 4.6 Authorization Testing 4.7 Session Management Testing 4.8 Data Validation Testing 4.9 Testing for Denial of Service 4.10 Web Services Testing 4.11 Ajax Testing

36 Myth- “The developer will provide me with a secure solution without me asking”

Download Get OWASP Books

38 Coolest Jobs in Information Security #1 Information Security Crime Investigator/Forensics Expert #2 System, Network, and/or Web Penetration Tester #3 Forensic Analyst #4 Incident Responder #5 Security Architect #6 Malware Analyst #7 Network Security Engineer #8 Security Analyst #9 Computer Crime Investigator #10 CISO/ISO or Director of Security #11 Application Penetration Tester #12 Security Operations Center Analyst #13 Prosecutor Specializing in Information Security Crime #14 Technical Director and Deputy CISO #15 Intrusion Analyst #16 Vulnerability Researcher/ Exploit Developer #17 Security Auditor #18 Security-savvy Software Developer #19 Security Maven in an Application Developer Organization #20 Disaster Recovery/Business Continuity Analyst/Manager

39 Subscribe mailing list Keep up to date!

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.