Chapter 17– Attacking Application Architecture Hareesh Lingareddy.

Slides:

Advertisements

Similar presentations

Application Security Best Practices At Microsoft Ensuring the lowest possible exposure and vulnerability to attacks Published: January 2003.

Advertisements

Internet of Things Security Architecture

SPEAKER BLITZ ERIC BROWN Senior Systems Engineer NICK JAVANOVIC DoD Regional Sales Manager.

Chapter 4 McGraw-Hill/Irwin Copyright © 2011 by The McGraw-Hill Companies, Inc. All rights reserved. Ethics and Information Security.

Secure Design Principles  secure the weakest link  reduce the attack surface  practice defense in depth  minimize privilege  compartmentalize  fail.

Submitted by- Mr. Avinash Sadaphule 20 November 2009 Management Trainee, MKCL.

Simulation and Analysis of DDos Attacks Poongothai, M Department of Information Technology,Institute of Road and Transport Technology, Erode Tamilnadu,

1 Steve Chenoweth Friday, 10/21/11 Week 7, Day 4 Right – Good or bad policy? – Asking the user what to do next! From malware.net/how-to-remove-protection-system-

Web Services, SOA and Security May 11, 2009 Michael Burnett.

Chapter 12 Network Security.

Dr. Sarbari Gupta Electrosoft Services Tel: (703) Security Characteristics of Cryptographic.

© 2008 Prentice Hall Business Publishing Accounting Information Systems, 11/e Romney/Steinbart1 of 222 C HAPTER 7 Information Systems Controls for Systems.

CMSC 414 Computer and Network Security Lecture 15 Jonathan Katz.

MITP 458 Application Layer Security By Techjocks.

Information Networking Security and Assurance Lab National Chung Cheng University 1 Top Vulnerabilities in Web Applications (I) Unvalidated Input:  Information.

Chapter 12 USING TECHNOLOGY TO ENHANCE BUSINESS PROCESSES.

Chapter 12 USING TECHNOLOGY TO ENHANCE BUSINESS PROCESSES.

Deploying an Application on the Cloud Chapter 4. Topics Your experience with Google App Engine and mine with Pop!World Web application Architecture Machine.

Henric Johnson1 Network Security /. 2 Outline Attacks, services and mechanisms Security attacks Security services Methods of Defense A model for Internetwork.

Security in SQL Jon Holmes CIS 407 Fall Outline Surface Area Connection Strings Authenticating Permissions Data Storage Injections.

Securing Enterprise Applications Rich Cole. Agenda Sample Enterprise Architecture Sample Enterprise Architecture Example of how University Apps uses Defense.

Sujeeth Narayan1 Smartphones Security CS 691 Sujeeth Narayan.

Database Security By Bei Yuan. Why do we need DB Security? Make data arranged and secret Secure other’s DB.

Network Security. Trust Relationships (Trust Zones) High trust (internal) = f c (once you gain access); g p Low trust ( ) = more controls; fewer privileges.

Web Application Vulnerabilities Checklist. EC-Council Parameter Checklist  URL request  URL encoding  Query string  Header  Cookie  Form field 

Chapter 3 Ethics, Privacy & Security

©2012 Check Point Software Technologies Ltd. Cloud Security Tamir Zegman Architect.

Cloud Computing Cloud Security– an overview Keke Chen.

Storage Security and Management: Security Framework

ISEC0511 Programming for Information System Security

BUS1MIS Management Information Systems Semester 1, 2012 Week 7 Lecture 1.

Drupal Security Securing your Configuration Justin C. Klein Keane University of Pennsylvania School of Arts and Sciences Information Security and Unix.

Author: Bill Buchanan. Work Schedule Author: Bill Buchanan.

Passwords Breaches, Storage, Attacks OWASP AppSec USA 2013.

Csci5233 Computer Security1 Bishop: Chapter 27 System Security.

“Copyright © 2001 John Wiley & Sons, Inc. All rights reserved. Reproduction or translation of this work beyond that permitted in Section 117 of the 1976.

Advanced Web Forms with Databases Programming Right from the Start with Visual Basic.NET 1/e 13.

IST 210 Web Application Security. IST 210 Introduction Security is a process of authenticating users and controlling what a user can see or do.

Publication and Protection of Site Sensitive Information in Grids Shreyas Cholia NERSC Division, Lawrence Berkeley Lab Open Source Grid.

© 2001 by Carnegie Mellon University SS5 -1 OCTAVE SM Process 5 Background on Vulnerability Evaluations Software Engineering Institute Carnegie Mellon.

Office of Campus Information Security Driving a Security Architecture by Assessing Risk Stefan Wahe Sr. Information Security Analyst.

Network Security Principles & Practices By Saadat Malik Cisco Press 2003.

1 Vulnerability Assessment Elisa Heymann Computer Architecture and Operating Systems Department Universitat Autònoma de Barcelona

“ Vulnerabilities in SNMP Implementations ” CSCI Web Security Instructor: Dr. Andrew Yang Presented By: Harini Varatharajan.

Security and Assurance in IT organization Name: Mai Hoang Nguyen Class: INFO 609 Professor: T. Rohm.

CCCognos Connection RSReport Studio ASAnalysis Studio QSQuery Studio ESEvent Studio CSContent Store FWM Framework.

Security E-Learning Chapter 08. Security Control access to your web site –3 Techinques for Identifying users Giving users access to your site Securing.

April 20022/CS/3XWHN 1 Database Design Where next? John Wordsworth Department of Computer Science The University of Reading Room.

LINUX Presented By Parvathy Subramanian. April 23, 2008LINUX, By Parvathy Subramanian2 Agenda ► Introduction ► Standard design for security systems ►

Architectural Patterns For The Cloud Brian H. Prince | Microsoft.

ASHRAY PATEL Securing Public Web Servers. Roadmap Web server security problems Steps to secure public web servers Securing web servers and contents Implementing.

CSE 5810 Biomedical Informatics and Cloud Computing Zhitong Fei Computer Science & Engineering Department The University of Connecticut CSE5810: Introduction.

Advanced Accounting Information Systems Day 24 Application Security October 19, 2009.

Security Architecture and Design Chapter 4 Part 4 Pages 377 to 416.

BY S.S.SUDHEER VARMA (13NT1D5816)

Cloud Security– an overview Keke Chen

Some Methods Phishing Database & Password Exploits Social Engineering & Networking Weak Controls Default Accounts & Passwords Dated Software & Patch.

Advanced Security Architecture System Engineer Cisco: practice-questions.html.

practice-questions.html If you Are Thinking about your dumps? Introduction:

OWASP Secure Coding Practices Quick Reference Guide

Company Overview & Strategy

Computer-Based Processing: Developing an Audit Assessment Approach

GSBS IT Resources and Security

Understanding Security Layers

Data Security for Microsoft Azure

An Introduction to Cloud Computing

From Passwords to Public keys Chapter 10 ~ Chapter 12

Hardware Sizing, Placement, & Capacity Planning

Session 1 – Introduction to Information Security

Presentation transcript:

Chapter 17– Attacking Application Architecture Hareesh Lingareddy

 Tiered Architectures  Attacking Tiered  Securing Tiered  Cloud  Attacking Cloud  Securing Cloud

 Multitier architecture common 3-tier architecture  Advantages Reuse Parallel work

 Exploiting Trust Relationships Application tier Programming errors  Subverting Other Tiers Using file read access to extract MySQL data  Limited Compromise

 Minimize Trust Relationships Role-based access controls Usage of various accounts  Segregate Different Components Limited access to files Filtered network level access  All Defense in Depth Encrypting sensitive data

 Possible sections of attack Governance Data Architecture Applications Assurance  Token based access  Web storage

 Secure Customer Access Robust authentication Privilege based access  Segregate Customer Functionality