Hand on Web Hacking

[31.10.2009] Hand on Web Hacking Ivan Markovic <ivan.markovic@netsec.rs>

Web Application Security Web aplikacije …- Zašto suopasne ?- Zaštita[sigurankod, firewall, enkripcija]- Gdenastaje problem ? - Uobičajnimetodinapada [Cross site scripting & SQL injection]- Uobičajnimetodizaštite[ugradjenefunkcije, magic_quotes, waf]

OWASP Webgoat OWASP(http://www.owasp.org/ )- OWASP Webgoat(http://www.owasp.org/index.php/Category:OWASP_WebGoat_Project)

OWASP Webgoat Sadržajkursa:* Code Quality Citanjevitalnihinformacijaizizvornogkodaaplikacije.* Cross Site Scripting (XSS) Ubacivanjemalicioznogkoda u okviru web stranica. * Injection Flaws (SQL injection, ...) Manipulacijaupitima ka bazipodataka. * Parameter Tampering Manipulacijaparametrimaizahtevima. * Access Control Flaws Eksploatacijaprivilegija. * AJAX Security SigurnostAJAX aplikacija.

STAY SECUREHand on Web Hacking Ivan Markovic <ivan.markovic@netsec.rs>

Hand on Web Hacking

Hand on Web Hacking

Presentation Transcript

Web hacking and the Internet user

Hacking Web Applications

Hacking Web Services

Web Hacking

Web Hacking

One-Way Hacking: Futility of Firewalls in Web Hacking

Hacking Web File Servers for iOS

Hacking on Locations

Hacking and Anti-hacking on Campus Networks

Ethical Hacking Penetrating Web 2.0 Security

Web Site Hacking

Crash Course in Web Hacking

Web Hacking

Web Hacking

Facts On Hand

Hacking on Glassfish!

Hacking Web

One-Way Hacking: Futility of Firewalls in Web Hacking

Web Hacking