1 / 10

Current web security challenges in Latvia

Ēriks Dobelis, RTU RBS, BITI, eriks . dobelis @ biti . lv. Current web security challenges in Latvia. Contents. Identity theft Code quality Single layer of control Lack of monitoring Decreasing importance of perimeter Impact of consumerisation and device specialization

sorcha
Download Presentation

Current web security challenges in Latvia

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Ēriks Dobelis, RTU RBS, BITI, eriks . dobelis @ biti . lv Current web security challenges in Latvia

  2. Contents • Identity theft • Code quality • Single layer of control • Lack of monitoring • Decreasing importance of perimeter • Impact of consumerisation and device specialization • Other long term trends

  3. Identity theft • Most popular authentication methods: • User/password • Code card • Code calculator • MobileID • Internetbank as authentication provider

  4. Identity theft (cont.) • Risks • Insecure storage (esp. password, code card) • Phishing • Solutions • More secure authentication methods • User education

  5. Code quality • Secure code development not part of typical curriculum • A lot of vulnerable code • Solutions • Training and education • Penetration testing • Architecture

  6. Single layer of control • Most web applications put 100% of security controls in code • Mistake by one developer may lead to huge impact • Solutions • Application level security proxy • Usage of frameworks

  7. Lack of monitoring • Most organizations cannot afford dedicated security professionals • Most IDS systems fail to identify large sets of attacks • Solutions • Application level security proxy • Regular log analysis

  8. Decreasing role of perimeter • False sense of security from firewall • Increasing number of business partners • Increased use of hosted applications • Solutions • Access control centralization • Security policy

  9. Impact of consumerisation and device specialization • Consumers using increasing range of devices to connect to web applications • Impossible to restrict browser versions and platforms • Browser vulnerabilities • Solutions • Platform independent standards based development

  10. Other long term trends • HTML5 new funcionality • WebSockets • Offline applications • Local data storage and access to files • Concurrency • Move to cloud • Increasing power of large vendors

More Related