Presentation is loading. Please wait.

Presentation is loading. Please wait.

Security (Keep your site secure at extension level) Sergey Gorstka Fastw3b.

Published byAmberlynn Griffith Modified over 9 years ago

Similar presentations

Presentation on theme: "Security (Keep your site secure at extension level) Sergey Gorstka Fastw3b."— Presentation transcript:

1 Security (Keep your site secure at extension level) Sergey Gorstka Fastw3b

2 What is security? Security is the degree of protection against danger, damage, loss, and crime. Security as a form of protection are structures and processes that provide or improve security as a condition. Computer security is a branch of computer technology known as Information Security as applied to computers and networks. The objective of computer security includes protection of information and property from theft, corruption, or natural disaster, while allowing the information and property to remain accessible and productive to its intended users. Application security encompasses measures taken throughout the application's life-cycle to prevent exceptions in the security policy of an application or the underlying system (vulnerabilities) through flaws in the design, development, deployment, upgrade, or maintenance of the application.

3 Security Concepts Assurance Countermeasure Defense in depth Exploit Risk Threat Vulnerability

4 Methodology Knowing your threats. Securing the network, host and application. Incorporating security into your software development process.

5 Top 5 Extensions Vulnerabilities Cross-site scripting (XSS) attacks. SQL injection Cross-site Request Forgery (XSRF) File inclusion PHP file upload

6 How to keep your extension secure Process (secure) the input Cast the types Use tokens TEST! TEST! TEST!

7 General Security Notes Validate input boxes Check HTML editors Hide/remove release notes Use SEF links Set server settings Set file permissions

8 Choosing secure extension How complex is the extension? Does the extension read or write files to your server? Does the extension interact with other programs on your system? Does the extension validate all user input, such as in form fields and in the URL? When was the last version released? What kind of release is it? (Stable, Release Candidate (RC), Beta, Alpha) Does the extension have a history of good security practices? Is there a support community for this extension? Is the extension generally bug free?

9 Thank you for your attention! Special thanks to Fastw3b team You can always reach me at ceo@fastw3b.net ceo@fastw3b.net Please send your questions/comments/ideas!

Download ppt "Security (Keep your site secure at extension level) Sergey Gorstka Fastw3b."

Similar presentations

Nick Feamster CS 6262 Spring 2009

Nick Feamster CS 6262 Spring 2009
Designed-in Security Some Major Challenges Security Group Department of Computer Science University of California, Santa Barbara Trustworthy.

Designed-in Security Some Major Challenges Security Group Department of Computer Science University of California, Santa Barbara Trustworthy.
Managing Information Systems Information Systems Security and Control Part 1 Dr. Stephania Loizidou Himona ACSC 345.

Managing Information Systems Information Systems Security and Control Part 1 Dr. Stephania Loizidou Himona ACSC 345.
Introduction to PHP Sergey Gorstka Fastw3b. What does PHP stand for? Partnership for Peace People Helping People Power Hybrid Package Hypertext Processor.

Introduction to PHP Sergey Gorstka Fastw3b. What does PHP stand for? Partnership for Peace People Helping People Power Hybrid Package Hypertext Processor.
Information Networking Security and Assurance Lab National Chung Cheng University 1 Top Vulnerabilities in Web Applications (I) Unvalidated Input:  Information.

Information Networking Security and Assurance Lab National Chung Cheng University 1 Top Vulnerabilities in Web Applications (I) Unvalidated Input:  Information.
CS 290C: Formal Models for Web Software Lecture 1: Introduction Instructor: Tevfik Bultan.

CS 290C: Formal Models for Web Software Lecture 1: Introduction Instructor: Tevfik Bultan.
Security Issues Steve Lovaas, ACNS IAC, 22 April 2008 Colorado State University1.

Security Issues Steve Lovaas, ACNS IAC, 22 April 2008 Colorado State University1.
Computer Security and Penetration Testing

Computer Security and Penetration Testing
Patching MIT SUS Services IS&T Network Infrastructure Services Team.

Patching MIT SUS Services IS&T Network Infrastructure Services Team.
BUILDING A SECURE STANDARD LIBRARY Information Assurance Project I MN121051 Tajuddin hj. Tappe Supervisor Mdm. Rasimah Che Mohd Yusoff ASP.NET TECHNOLOGY.

BUILDING A SECURE STANDARD LIBRARY Information Assurance Project I MN Tajuddin hj. Tappe Supervisor Mdm. Rasimah Che Mohd Yusoff ASP.NET TECHNOLOGY.
Injection Attacks by Example SQL Injection and XSS Adam Forsythe Thomas Hollingsworth.

Injection Attacks by Example SQL Injection and XSS Adam Forsythe Thomas Hollingsworth.
Lab 3 Cookie Stealing using XSS Kara James, Chelsea Collins, Trevor Norwood, David Johnson.

Lab 3 Cookie Stealing using XSS Kara James, Chelsea Collins, Trevor Norwood, David Johnson.
By: Razieh Rezaei Saleh.  Security Evaluation The examination of a system to determine its degree of compliance with a stated security model, security.

By: Razieh Rezaei Saleh.  Security Evaluation The examination of a system to determine its degree of compliance with a stated security model, security.
Web Security Demystified Justin C. Klein Keane Sr. InfoSec Specialist University of Pennsylvania School of Arts and Sciences Information Security and Unix.

Web Security Demystified Justin C. Klein Keane Sr. InfoSec Specialist University of Pennsylvania School of Arts and Sciences Information Security and Unix.
Cross-Site Scripting Vulnerabilities Adam Doupé 11/24/2014.

Cross-Site Scripting Vulnerabilities Adam Doupé 11/24/2014.
Drupal Security Securing your Configuration Justin C. Klein Keane University of Pennsylvania School of Arts and Sciences Information Security and Unix.

Drupal Security Securing your Configuration Justin C. Klein Keane University of Pennsylvania School of Arts and Sciences Information Security and Unix.
Prevent Cross-Site Scripting (XSS) attack

Prevent Cross-Site Scripting (XSS) attack
Lecture 14 – Web Security SFDV3011 – Advanced Web Development 1.

Lecture 14 – Web Security SFDV3011 – Advanced Web Development 1.
Web Application Access to Databases. Logistics Test 2: May 1 st (24 hours) Extra office hours: Friday 2:30 – 4:00 pm Tuesday May 5 th – you can review.

Web Application Access to Databases. Logistics Test 2: May 1 st (24 hours) Extra office hours: Friday 2:30 – 4:00 pm Tuesday May 5 th – you can review.
1-Vulnerabilities 2-Hackers 3-Categories of attacks 4-What a malicious hacker do? 5-Security mechanisms 6-HTTP Web Servers 7-Web applications attacks.

1-Vulnerabilities 2-Hackers 3-Categories of attacks 4-What a malicious hacker do? 5-Security mechanisms 6-HTTP Web Servers 7-Web applications attacks.

Similar presentations

Ads by Google