Presentation is loading. Please wait.

Presentation is loading. Please wait.

Web Application Security

Published byJeremy Tucker Modified over 6 years ago

Similar presentations

Presentation on theme: "Web Application Security"— Presentation transcript:

1 Web Application Security
in the Real World Shahed Chowdhuri Sr. Technical Microsoft @shahedC WakeUpAndCode.com

2 Cross-Site Scripting (XSS) Data Exposure Next Steps Q&A
Agenda Overview SQL Injection Cross-Site Scripting (XSS) Data Exposure Next Steps Q&A Shahed Chowdhuri Web Application Security Overview SQL Injection Cross-Site Scripting (XSS) Data Exposure In the Real World Next Steps Q&A

3 Overview of Web Applications
Web Server Internet Database Users

4 SQL Injection Enter your username and password…
myusername ' or 1=1)# … but what if you can inject SQL code in the input field? Password Submit Enter your username and password…

5 SQL Injection Demo codebashing.com/sql_demo

6 SQL Injection in the Real World
Link 1 Link 2 Link 4 Link 3

7 Solutions for SQL Injection
Avoid SQL strings with parameters Encode user input in parameters Use framework-specific features

8 Cross-Site Scripting (XSS)
Enter text: Hello World! … but what if you could submit script code? Submit Text Submitted: Enter some text and submit it…

9 XSS Demo google.com/about/appsecurity/learning/xss/#BasicExampl e

10 Cross-Site Scripting in the Real World
Link 1 Link 2 Link 3

11 Solutions for XSS HTML-Encode <script> tags
Strip out <script> tags Use framework-specific features

12 Data Exposure Perform an action that causes an error…
Enter item: Error: servername.dbname in code file, line 21 New Item?!! … unnecessary information is displayed! Submit Text Submitted: Perform an action that causes an error…

13 Solutions for Data Exposure
Don’t display unnecessary details Log errors in a database Provide an error code for troubleshooting

14 Next Steps: OWASP Top 10 OWASP Top 10

15 HP WebInpsect & Fortify Tools

16 Gartner Magic Quadrant for AST

17 Q&A

18 Contact: SHAHED CHOWDHURI, Sr. Technical Evangelist @ Microsoft
To apply for the Microsoft Student Partners program: Go to: As an MSP, you will: build apps and demos demonstrate the newest technologies and host tech events on your campus acquire the tools and training to lead technology discussions on your campus build your global network with industry experts connect with like-minded students and faculty around the world attend trainings from Microsoft leaders to enhance your knowledge about cutting edge technologies be the one on your campus with insight and answers on Microsoft technologies Does this describe you? Passionate about technology! Tech-savvy! Thrilled to learn new skills! Actively involved with student orgs! You could be the Microsoft rock star on campus! Contact: SHAHED CHOWDHURI, Sr. Technical Microsoft

19 Contact Microsoft Personal Dev Blog: WakeUpAndCode.com

Download ppt "Web Application Security"

Similar presentations

Service Manager for MSPs

Service Manager for MSPs
HI-TEC 2011 SQL Injection. Client’s Browser HTTP or HTTPS Web Server Apache or IIS HTML Forms CGI Scripts Database SQL Server or Oracle or MySQL ODBC.

HI-TEC 2011 SQL Injection. Client’s Browser HTTP or HTTPS Web Server Apache or IIS HTML Forms CGI Scripts Database SQL Server or Oracle or MySQL ODBC.
Creating Stronger, Safer, Web Facing Code JPL IT Security Mary Rivera June 17, 2011.

Creating Stronger, Safer, Web Facing Code JPL IT Security Mary Rivera June 17, 2011.
DEV333. Describe each main attack Demo how the attack works Fix our poor vulnerable application! Why Script Kiddies, Why? Click to Hack.

DEV333. Describe each main attack Demo how the attack works Fix our poor vulnerable application! Why Script Kiddies, Why? Click to Hack.
WebGoat & WebScarab “What is computer security for $1000 Alex?”

WebGoat & WebScarab “What is computer security for $1000 Alex?”
Windows Windows Phone Azure … and WakeUpAndCode.com.

Windows Windows Phone Azure … and WakeUpAndCode.com.
-Ajay Babu.D y5cs022.. Contents Who is hacker? History of hacking Types of hacking Do You Know? What do hackers do? - Some Examples on Web application.

-Ajay Babu.D y5cs022.. Contents Who is hacker? History of hacking Types of hacking Do You Know? What do hackers do? - Some Examples on Web application.
Securing Enterprise Applications Rich Cole. Agenda Sample Enterprise Architecture Sample Enterprise Architecture Example of how University Apps uses Defense.

Securing Enterprise Applications Rich Cole. Agenda Sample Enterprise Architecture Sample Enterprise Architecture Example of how University Apps uses Defense.
Varun Sharma Security Engineer | ACE Team | Microsoft Information Security

Varun Sharma Security Engineer | ACE Team | Microsoft Information Security
+ Websites Vulnerabilities. + Content Expand of The Internet Use of the Internet Examples Importance of the Internet How to find Security Vulnerabilities.

+ Websites Vulnerabilities. + Content Expand of The Internet Use of the Internet Examples Importance of the Internet How to find Security Vulnerabilities.
Build Robust Web Apps in the Real WakeUpAndCode.com.

Build Robust Web Apps in the Real WakeUpAndCode.com.
Intro to Entity Framework By Shahed Chowdhuri Don’t drown in database design during WakeUpAndCode.com.

Intro to Entity Framework By Shahed Chowdhuri Don’t drown in database design during WakeUpAndCode.com.
Windows Web Xbox Mobile … and WakeUpAndCode.com.

Windows Web Xbox Mobile … and WakeUpAndCode.com.
Microsoft ASP.net Session Samar Samy Microsoft Student Partner.

Microsoft ASP.net Session Samar Samy Microsoft Student Partner.
Basic Developer Knowledge That Every SharePoint Admin Must Have Randy Williams, MVP MOSS Synergy Corporate Technologies

Basic Developer Knowledge That Every SharePoint Admin Must Have Randy Williams, MVP MOSS Synergy Corporate Technologies
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 1 RubyJax Brent Morris/

© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 1 RubyJax Brent Morris/
Introduction To Web Application Security in PHP. Security is Big And Often Difficult PHP doesn’t make it any easier.

Introduction To Web Application Security in PHP. Security is Big And Often Difficult PHP doesn’t make it any easier.
OWASP Top Ten #1 Unvalidated Input. Agenda What is the OWASP Top 10? Where can I find it? What is Unvalidated Input? What environments are effected? How.

OWASP Top Ten #1 Unvalidated Input. Agenda What is the OWASP Top 10? Where can I find it? What is Unvalidated Input? What environments are effected? How.
How* to Win the #BestMicrosoftHack Shahed Chowdhuri Sr. Technical WakeUpAndCode.com *Hint: Use the Cloud.

How* to Win the #BestMicrosoftHack Shahed Chowdhuri Sr. Technical WakeUpAndCode.com *Hint: Use the Cloud.
SharePoint in the Education Space Presented by: Daniel Petersen Director of Business Solutions Applied Tech.

SharePoint in the Education Space Presented by: Daniel Petersen Director of Business Solutions Applied Tech.

Similar presentations

Ads by Google