Watchfire Web Application Security

Aug 10, 2012

320 likes | 415 Views

Share Presentation

Embed Code

Link

gerd

Download Presentation

Watchfire Web Application Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

1. Watchfire � Web Application Security John Burroughs, CISSP Sr. Security Architect � Watchfire Solutions jburroughs@uk.ibm.com

2. 2

Web Application Security

Web Application Security. Chris Edwards Quintin Cutts Steve McIntosh. http://xkcd.com/327/. SQL Injection . Example: Look up customer details, one at a time, via customer ID. $ mysqli = new mysqli ($host,$ dbuser ,$ dbpass , $ dbname ); $id= $_POST{'id'};

708 views • 41 slides

Web Application Security

Web Application Security. Presented by Jay Jaeger and Kevin Acker. Overview. Application vulnerabilities are serious: your data and infrastructure are at risk.

467 views • 24 slides

Web Application Security

Presented at: Nextbridge LHR C1 June 6, 2012. Web Application Security. Best Programming Practices. Topics we covered in previous session. What is Information What is Information Security What is Risk Corporate Security How we are linked with Corporate Security

507 views • 26 slides

Web Application Security

Web Application Security. There are three main security concerns your web apps need to address. Impersonation A client pretends to be someone else in order to gain access to your site Your site needs to authenticate clients to prevent this Upgrading

303 views • 16 slides

Web Application Security

Spring 2014. CS 155. Web Application Security. John Mitchell. Reported Web Vulnerabilities "In the Wild". Data from aggregator and validator of NVD-reported vulnerabilities. Three top web site vulnerabilites. SQL Injection Browser sends malicious input to server

1.24k views • 90 slides

Web Application Security

Web Application Security. Web server. App server. DB server. Firewall. Firewall. A pps. A pps. Database. Host. H ost. H ost. Web Application B ehaviour. HTTP is stateless and hence requests and responses to communicate between browser and server have no memory.

318 views • 14 slides

Web Application Security

CS 361S. Web Application Security. Vitaly Shmatikov (most slides from the Stanford Web security group). Reading Assignment. “Robust Defenses for Cross-Site Request Forgery” “Advanced SQL Injection” “Cross Site Scripting Explained” “Postcards from the Post-XSS World”. Web Applications.

2.15k views • 112 slides

Web Application Security

Lecture on. Web Application Security. How to build secure e-business applications. Walter Kriha. To understand Web application security, you have to understand Web applications. To understand Web applications, you have to understand how to design and build them.

527 views • 32 slides

Web Application Security

Web Application Security. Vulnerabilities, attacks, and countermeasures. Who Am I?. Marco Cova ( marco@cs.ucsb.edu ) PhD candidate UCSB Computer Science Dept. Computer Security Group Research focus Vulnerability analysis of web applications

925 views • 72 slides

Web Application Security

Web Application Security. There are three main security concerns your web apps need to address. Impersonation A client pretends to be someone else in order to gain access to your site Upgrading A client gains access to restricted aspects of your web app Eavesdropping

261 views • 16 slides

Web Application Security

Web Application Security. (and why it matters to YOU!) By Mark Bristow and Doug Wilson. Your presenters today. Doug Wilson Security Lead and Network/Systems Engineer for EMIB at NIH DougWilsonMoo@gmail.com Mark Bristow Application Security Engineer at GAO

440 views • 30 slides

Web Application Security

Web Application Security. An Introduction. OWASP Top Ten Exploits. *Unvalidated Input Broken Access Control Broken Authentication and Session Management *Cross Site Scripting (XSS) Flaws Buffer Overflows *Injection Flaws *Improper Error Handling *Insecure Storage *Denial of Service

650 views • 19 slides

Web application security

Web application security. Sebastian Lopienski & Marthe Engebretsen CERN Computer Security Team HEPiX Autumn 2009, LBL See also: http://indico.cern.ch/contributionDisplay.py?contribId=38&sessionId=13&confId=27391. Outline. Why Web applications Threats Web at CERN Possible solutions Tools

593 views • 28 slides

Web Application Security

Web Application Security. UTO Information Security Office Aug 25, 2010. Rev 1. Overall recommendations. Under the direction of the Information Security Office: Resolve lack of secure socket layer logins and missing digital security certificates on asu.edu academic and administrative sites

185 views • 5 slides

Web Application Security

Suma Soft’s Web Application Security solutions define threat and vulnerabilities. We offer a secured network infrastructure that consists of routers, firewalls, and switches. Web application security analyzes all user access to your business-critical web applications and protects your applications and their data from attacks. Get a risk free trial>>https://goo.gl/W8BD8h

153 views • 6 slides

Web Application Security

Web Application Security. Authentication and Authorization in IIS6 and ASP.NET. Outline. IIS 6 process model ASP.NET security contexts The HTTP pipeline Authentication Authorization Forms Authentication. IIS 6. IIS is not installed by default

410 views • 36 slides

Web Application Security

Web Application Security. Reading. Required: Stuttard and Pinto: Chapter 3 Recommended: Csilla Farkas, Michael N. Huhns: Securing Enterprise Applications: Service-Oriented Security (SOS). CEC/EEE 2008: 428-431. http://www.cse.sc.edu/~farkas/publications/SOS-cec.pdf. Key Problem Factors.

389 views • 34 slides

Web Application Security

Web Application Security. Introduction. Security is a process of authenticating users and controlling what a user can see or do. Server. Web. DB Server. 3-tier architecture. Web Browser. Some Internet Security Protocols. Application Layer Security Electronic mail security

278 views • 21 slides

Web Application Security

Web Application Security. James Walden Northern Kentucky University waldenj@nku.edu. Is your web site secure?. Is your web site secure?. Is your web site secure?. Yes, we deployed SSL, firewall, etc. Does SSL protect all communications? What about stored data?

429 views • 36 slides

More Related