If you can't read please download the document

London Web - Web Application Security

Embed Size (px)

Citation preview

Web Application Security

Web Application SecurityLightning Talk : London web Thames Cruise 2011Ben Haines [email protected] basicsApplicationInput ValidationFormsURLsSQLAuthentication, Authorisation & Passwords

InfrastructurePatching Servers (less of an issue if using PaaS hosting)Configuration (dont run services as root, iptables, least info possible, etc.)

Quick winsApplication Frameworks often use industry best practicePasswordsSession HandlingDBSubscribe to OWASP Youtube VideosUse security libraries where possible e.g. .Net AntiXSS libraryLogging anybody?Finally, dont roll your own (unless you know what you are doing, even then DONT!)Great (free) ResourcesEducationOWASP.org (Open Web Application Security Project)SANS, SAFECode (e.g. Fund. Practices for Secure Software Dev)ToolsVega, OSS web application security scanner (subgraph.com)Metasploit, testing frameworkBlogsBruce SchneierFull-Disclosure, BugTraqQuestionsNo, BASE64 is not appropriate for encrypting/hashing passwords ;)


Web$Security: Web$Application$Security ... CSE$484$/$CSE$M$584:$Computer$Security$and$Privacy$ $ Web$Security:

Web$Security: Web$Application$Security ... CSE$484$/$CSE$M$584:$Computer$Security$and$Privacy$ $ Web$Security:

Documents
SANS Critical Security Controls Summit London 2013

SANS Critical Security Controls Summit London 2013

Documents
Articles & Tutorials by Scratchmedia, London web designers London web designers

Articles & Tutorials by Scratchmedia, London web designers London web designers

Documents
London Web Task

London Web Task

Education
SplunkLive! London Enterprise Security & UBA

SplunkLive! London Enterprise Security & UBA

Technology
Web Video Production London

Web Video Production London

Documents
SECURITY ASPECTS OF THE 2012 LONDON OLYMPICS .SECURITY ASPECTS OF THE 2012 LONDON OLYMPICS IRM RISK

SECURITY ASPECTS OF THE 2012 LONDON OLYMPICS .SECURITY ASPECTS OF THE 2012 LONDON OLYMPICS IRM RISK

Documents
18 December 2003ISACA London Chapter 1 SECURITY Allan

18 December 2003ISACA London Chapter 1 SECURITY Allan

Documents
The discourse of Olympic security: London 2012

The discourse of Olympic security: London 2012

Documents
Cyber Security at CTX15, London

Cyber Security at CTX15, London

Technology
London web perfug_performancefocused_devops_feb2014

London web perfug_performancefocused_devops_feb2014

Documents
Web design london

Web design london

Internet
Web Security New Browser Security Technologies 3 Web Security – New Browser Security Technologies

Web Security New Browser Security Technologies 3 Web Security – New Browser Security Technologies

Documents
Security in Semantic Web Services : Role of Security, Authorization, Privacy and Trust in Semantic Web Nima Dokoohaki OASIS Adoption Forum London 2006

Security in Semantic Web Services : Role of Security, Authorization, Privacy and Trust in Semantic Web Nima Dokoohaki OASIS Adoption Forum London 2006

Documents
Security company-london-uk

Security company-london-uk

Business
Best Security Company London UK

Best Security Company London UK

Business
Web - Web security

Web - Web security

Technology
Upgrade Instructions: Web Security Gateway Instructions: Web Security Gateway 2 Websense Web Security

Upgrade Instructions: Web Security Gateway Instructions: Web Security Gateway 2 Websense Web Security

Documents
Web Security: Web Application Security [continued] Web Security: Web Application Security [continued]

Web Security: Web Application Security [continued] Web Security: Web Application Security [continued]

Documents
Web Services Security with SOAP Security Proxies - .Web Services Security with SOAP Security Proxies

Web Services Security with SOAP Security Proxies - .Web Services Security with SOAP Security Proxies

Documents
Doing Drupal security right from Drupalcon London

Doing Drupal security right from Drupalcon London

Technology
1 WEB SECURITY - ... 5.2 Web security threats, web traffic security approaches, Introduction to Secure

1 WEB SECURITY - ... 5.2 Web security threats, web traffic security approaches, Introduction to Secure

Documents
London web design

London web design

Documents
44CON London 2015 - Software Defined Networking (SDN) Security

44CON London 2015 - Software Defined Networking (SDN) Security

Technology
London sponsorship packages web

London sponsorship packages web

Documents
IT Security Forum London ballintrae 240913 final

IT Security Forum London ballintrae 240913 final

Technology
Web Application Security and OWASP Testing Guide Web Application Security... Web Application Security

Web Application Security and OWASP Testing Guide Web Application Security... Web Application Security

Documents
Dog Handlers London - Security Dog Unit UK

Dog Handlers London - Security Dog Unit UK

Documents
London | Cybertrust Security SECURED SfTأٹ . Title: London | Expedia.com.sg Author: Glamdering Created

London | Cybertrust Security SECURED SfTأٹ . Title: London | Expedia.com.sg Author: Glamdering Created

Documents
Security Council Study Guide - Rotaract MUN 2014 London

Security Council Study Guide - Rotaract MUN 2014 London

Documents