Presentation is loading. Please wait.

Presentation is loading. Please wait.

SUBMISSION TITLE Srinivas Munigala & Principal QA Engineer

Published byDouglas Lane Modified over 6 years ago

Similar presentations

Presentation on theme: "SUBMISSION TITLE Srinivas Munigala & Principal QA Engineer"— Presentation transcript:

1 SUBMISSION TITLE Srinivas Munigala & Principal QA Engineer
Progress Software Pvt Ltd

2 Abstract Information is an asset for today’s organizations and individuals. Information may be less or more important and very often has a monetary value. The disclosure, improper modification, or unavailability of information may incur expenses (loss) or missed profits for the organization or the individual. Therefore, most organizations and individuals protect information to a certain extent. User identity and Authentication are the main security processes working together to provide access to assets in a controlled manner. Security testing is most trending and happening subject in IT. It is very important aspect of testing and tricky thing. Authentication and Authorization plays an vital role in security testing. This session gives complete understanding of Authentication and Authorization mechanisms that are available in application security, challenges in managing user identity in distributed environments and techniques to test them thoroughly.

3 Presentation Body

4 Agenda Overview of Application Security
Importance of Authentication and Authorization Different threats to A & A Enterprise user Identification and Authentication Challenges Different techniques to secure your credentials Testing tips for Sensitive Data Exposure

5 Overview - History We are working on these slides

6 Overview - Now We are working on these slides

7 Overview - Cost of data breach

8 Overview – Security in different layers
We are working on these slides

9 Overview – Security Types
Application Security Identity Management Authentication Authorization Connection and Data Security Confidentiality Integrity Trust We are working on these slides

10 Authentication and Authorization
We are working on these slides

11 Importance of Authentication and Authorization

12 Evaluation of A & A password Hardware tokens Software Tokens
Single-sign-on Federated We are working on these slides

13 Enterprise user Identification and Authentication Challenges
Yet to prepare slides

14 Different threats to A & A
Bypassing Authentication Default Passwords Password Guessing Sniffing Credentials off the Network Replaying Authentication Session Hijacking Downgrading Authentication Strength

15 Different techniques to secure your credentials
Secret Algorithm Secret Key Protection Keys Data Encryption Standard (DES / 3DES) Advanced Encryption Standard (AES) RC4 RSA Encryption Algorithm Encryption Message Integrity Code (MIC) Message Authentication Code (MAC) Data Integrity Yet to prepare slides

16 Authentication Testing Techniques – Areas to look into
Data in rest and in transit Default credentials Lock out mechanism Bypassing authentication Remember password functionality Browser cache Password change /reset Yet to prepare slides

17 Use Case 1 - Sensitive Data Exposure
Threat Agents Data at rest Data in transit Data in browsers Attack Vectors Steal Keys Man-in-the-middle attacks Steal clear text Security Weakness Clear text Old / Weak algorithm Weak crypto keys Tools Wireshark Fiddler Yet to prepare slides

18 Wireshark sample output for sensitive data

19 Use Case 2 - Broken Authentication and Session Management
Threat Agents Anonymous Users with their accounts Attack Vectors Flaws in authentication Flaws in session management Security Weakness Log out Password management Timeouts Tools Burp Suite Jmeter Yet to prepare slides

20 References & Appendix

21 Author Biography Srinivas Munigala is a Principal Engineer at Progress Software Pvt Ltd, has working experience on different Progress products and has been associated with OpenEdge AppServer for last 7 years. He has good knowledge of Classic AppServer and its related Adapters (AIA, WSA, REST, sonicMQ and sonicESB), hands-on experience on developing ABL, REST and SOAP applications. His recent interests involve Security in AppServers and OpenEdge products where he did lot of exploration on SSL protocols, ciphers and authentication mechanisms.

22 Thank You!!!

Download ppt "SUBMISSION TITLE Srinivas Munigala & Principal QA Engineer"

Similar presentations

Chapter 1  Introduction 1 Chapter 1: Introduction.

Chapter 1  Introduction 1 Chapter 1: Introduction.
Building and Deploying Safe and Secure Android Apps for Enterprise Presented by Technology Consulting Group at Endeavour Software Technologies.

Building and Deploying Safe and Secure Android Apps for Enterprise Presented by Technology Consulting Group at Endeavour Software Technologies.
Introduction to PKI, Certificates & Public Key Cryptography Erwan Lemonnier.

Introduction to PKI, Certificates & Public Key Cryptography Erwan Lemonnier.
Kerberos Jean-Anne Fitzpatrick Jennifer English. What is Kerberos? Network authentication protocol Developed at MIT in the mid 1980s Available as open.

Kerberos Jean-Anne Fitzpatrick Jennifer English. What is Kerberos? Network authentication protocol Developed at MIT in the mid 1980s Available as open.
Security+ Guide to Network Security Fundamentals

Security+ Guide to Network Security Fundamentals
Security Overview Hofstra University University College for Continuing Education - Advanced Java Programming Lecturer: Engin Yalt May 24, 2006.

Security Overview Hofstra University University College for Continuing Education - Advanced Java Programming Lecturer: Engin Yalt May 24, 2006.
WiFi Security. What is WiFi ? Originally, Wi-Fi was a marketing term. The Wi-Fi certified logo means that the product has passed interoperability tests.

WiFi Security. What is WiFi ? Originally, Wi-Fi was a marketing term. The Wi-Fi certified logo means that the product has passed interoperability tests.
Wireless LAN Security Jerry Usery CS 522 December 6 th, 2006.

Wireless LAN Security Jerry Usery CS 522 December 6 th, 2006.
1 Enhancing Wireless Security with WPA CS-265 Project Section: 2 (11:30 – 12:20) Shefali Jariwala Student ID 001790660.

1 Enhancing Wireless Security with WPA CS-265 Project Section: 2 (11:30 – 12:20) Shefali Jariwala Student ID
Wireless Encryption By: Kara Dolansky Network Management Spring 2009.

Wireless Encryption By: Kara Dolansky Network Management Spring 2009.
Securing Data Storage Protecting Data at Rest Advanced Systems Group Dell Computer Asia Ltd.

Securing Data Storage Protecting Data at Rest Advanced Systems Group Dell Computer Asia Ltd.
Assessing the Threat How much money is lost due to cyber crimes? –Estimates range from $100 million to $100s billions –Why the discrepancy? Companies don’t.

Assessing the Threat How much money is lost due to cyber crimes? –Estimates range from $100 million to $100s billions –Why the discrepancy? Companies don’t.
Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.

Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.
COEN 350 Mobile Security. Wireless Security Wireless offers additional challenges: Physical media can easily be sniffed. War Driving Legal? U.S. federal.

COEN 350 Mobile Security. Wireless Security Wireless offers additional challenges: Physical media can easily be sniffed. War Driving Legal? U.S. federal.
Lecture 23 Internet Authentication Applications modified from slides of Lawrie Brown.

Lecture 23 Internet Authentication Applications modified from slides of Lawrie Brown.
Network Security Lecture 9 Presented by: Dr. Munam Ali Shah.

Network Security Lecture 9 Presented by: Dr. Munam Ali Shah.
Practices in Security Bruhadeshwar Bezawada. Key Management Set of techniques and procedures supporting the establishment and maintenance of keying relationships.

Practices in Security Bruhadeshwar Bezawada. Key Management Set of techniques and procedures supporting the establishment and maintenance of keying relationships.
SSL, Single Sign On, and External Authentication Presented By Jeff Kelley April 12, 2005.

SSL, Single Sign On, and External Authentication Presented By Jeff Kelley April 12, 2005.
© Oxford University Press 2011 DISTRIBUTED COMPUTING Sunita Mahajan Sunita Mahajan, Principal, Institute of Computer Science, MET League of Colleges, Mumbai.

© Oxford University Press 2011 DISTRIBUTED COMPUTING Sunita Mahajan Sunita Mahajan, Principal, Institute of Computer Science, MET League of Colleges, Mumbai.
Chapter 21 Distributed System Security Copyright © 2008.

Chapter 21 Distributed System Security Copyright © 2008.

Similar presentations

Ads by Google