Enviar pesquisa
Carregar
Starwest 2008
•
0 gostou
•
798 visualizações
C
Caleb Sima
Seguir
Tecnologia
Denunciar
Compartilhar
Denunciar
Compartilhar
1 de 40
Recomendados
A talk I gave for the OWASP UAE chapter in Dubai, explaining A3 from the OWASP Top 10 list: Cross Site Scripting.
Owasp Top 10 A3: Cross Site Scripting (XSS)
Owasp Top 10 A3: Cross Site Scripting (XSS)
Michael Hendrickx
Basic overview, testing, mitigation plan for popular web application vulnerabilities such as: XSS, CSRF, SQLi etc. Updated "Web Security - Introduction" presentation.
Web Security - Introduction v.1.3
Web Security - Introduction v.1.3
Oles Seheda
Cross-Site Request Forgery (CSRF in short) is a kind of a web application vulnerability which allows malicious website to send unauthorized requests to a vulnerable website using active session of its authorized users In simple words, it’s when an “evil” website posts a new status in your twitter account on your visit while the login session is active on twitter. For security reasons the same origin policy in browsers restricts access for browser-side programming languages such as Javascript to access a remote content. As the browsers configurations may be modified, the best way to protect web application against CSRF is to secure web application itself.
CROSS-SITE REQUEST FORGERY - IN-DEPTH ANALYSIS 2011
CROSS-SITE REQUEST FORGERY - IN-DEPTH ANALYSIS 2011
Samvel Gevorgyan
Web Hacking
Web Hacking
Information Technology
"Web Application Security is a vast topic and time is not enough to cover all kind of malicious attacks and techniques for avoiding them, so now we will focus on top 10 high level vulnerabilities. Web developers work in different ways using their custom libraries and intruder prevention systems and now we will see what they should do and should not do based on best practices." - Samvel Gevorgyan [ Presentation on Scribd ] http://www.scribd.com/doc/47157267
BEST PRACTICES OF WEB APPLICATION SECURITY By SAMVEL GEVORGYAN
BEST PRACTICES OF WEB APPLICATION SECURITY By SAMVEL GEVORGYAN
Samvel Gevorgyan
Your users are almost certainly vulnerable in one way or another. Mike North explores a series of common web app security pitfalls, first demonstrating how to exploit the vulnerability and then recommending a pragmatic and effective defense against the attack. Buckle up, because Mike's about to take some things you love and depend on and smash them to bits.
Web Security: A Primer for Developers
Web Security: A Primer for Developers
Mike North
All Topics Covers about Website hacking types of website type of web attacks type of tool & how it's working Hacking prevention
Website hacking and prevention (All Tools,Topics & Technique )
Website hacking and prevention (All Tools,Topics & Technique )
Jay Nagar
This talk walks through the basics of web security without focussing too much on the particular tools that you choose. The concepts are universal, although most examples will be in Perl. We'll also look at various attack vectors (SQL Injection, XSS, CSRF, and more) and see how you can avoid them. Whether you're an experienced web developer (we all need reminding) or just starting out, this talk can help avoid being the next easy harvest of The Bad Guys.
Web Security 101
Web Security 101
Michael Peters
Recomendados
A talk I gave for the OWASP UAE chapter in Dubai, explaining A3 from the OWASP Top 10 list: Cross Site Scripting.
Owasp Top 10 A3: Cross Site Scripting (XSS)
Owasp Top 10 A3: Cross Site Scripting (XSS)
Michael Hendrickx
Basic overview, testing, mitigation plan for popular web application vulnerabilities such as: XSS, CSRF, SQLi etc. Updated "Web Security - Introduction" presentation.
Web Security - Introduction v.1.3
Web Security - Introduction v.1.3
Oles Seheda
Cross-Site Request Forgery (CSRF in short) is a kind of a web application vulnerability which allows malicious website to send unauthorized requests to a vulnerable website using active session of its authorized users In simple words, it’s when an “evil” website posts a new status in your twitter account on your visit while the login session is active on twitter. For security reasons the same origin policy in browsers restricts access for browser-side programming languages such as Javascript to access a remote content. As the browsers configurations may be modified, the best way to protect web application against CSRF is to secure web application itself.
CROSS-SITE REQUEST FORGERY - IN-DEPTH ANALYSIS 2011
CROSS-SITE REQUEST FORGERY - IN-DEPTH ANALYSIS 2011
Samvel Gevorgyan
Web Hacking
Web Hacking
Information Technology
"Web Application Security is a vast topic and time is not enough to cover all kind of malicious attacks and techniques for avoiding them, so now we will focus on top 10 high level vulnerabilities. Web developers work in different ways using their custom libraries and intruder prevention systems and now we will see what they should do and should not do based on best practices." - Samvel Gevorgyan [ Presentation on Scribd ] http://www.scribd.com/doc/47157267
BEST PRACTICES OF WEB APPLICATION SECURITY By SAMVEL GEVORGYAN
BEST PRACTICES OF WEB APPLICATION SECURITY By SAMVEL GEVORGYAN
Samvel Gevorgyan
Your users are almost certainly vulnerable in one way or another. Mike North explores a series of common web app security pitfalls, first demonstrating how to exploit the vulnerability and then recommending a pragmatic and effective defense against the attack. Buckle up, because Mike's about to take some things you love and depend on and smash them to bits.
Web Security: A Primer for Developers
Web Security: A Primer for Developers
Mike North
All Topics Covers about Website hacking types of website type of web attacks type of tool & how it's working Hacking prevention
Website hacking and prevention (All Tools,Topics & Technique )
Website hacking and prevention (All Tools,Topics & Technique )
Jay Nagar
This talk walks through the basics of web security without focussing too much on the particular tools that you choose. The concepts are universal, although most examples will be in Perl. We'll also look at various attack vectors (SQL Injection, XSS, CSRF, and more) and see how you can avoid them. Whether you're an experienced web developer (we all need reminding) or just starting out, this talk can help avoid being the next easy harvest of The Bad Guys.
Web Security 101
Web Security 101
Michael Peters
Slides used to introduce some basic concepts used in web hacking.
Hacking the Web
Hacking the Web
Mike Crabb
My presentation at JSFoo Chennai 2012, IIT Madras Research Park
JSFoo Chennai 2012
JSFoo Chennai 2012
Krishna T
Many notable and new web hacking techniques, discoveries and compromises were uncovered in 2008. During his session, the top 10 vulnerabilities present in 2008, as well as some of the prevalent security issues emerging in 2009. Attendees will virtually be able to walk through the vulnerabilities appearing on today’s corporate websites, learning real-world solutions to today’s web application security issues. Moderator: Mike Stephenson, SC lab manager, SC Magazine - Jeremiah Grossman, founder and chief technology officer, WhiteHat Security
Top Ten Web Hacking Techniques – 2008
Top Ten Web Hacking Techniques – 2008
Jeremiah Grossman
The Hidden XSS - Attacking the Desktop & Mobile Platforms
The Hidden XSS - Attacking the Desktop & Mobile Platforms
kosborn
Rich Web App Security - Keeping your application safe
Rich Web App Security - Keeping your application safe
Jeremiah Grossman
Phishing with Super Bait Jeremiah Grossman, Founder and CTO, WhiteHat Security The use of phishing/cross-site scripting (XSS) hybrid attacks for financial gain is spreading. ItÕs imperative that security professionals familiarize themselves with these new threats to protect their websites and confidential corporate information. This isn't just another presentation about phishing scams or cross-site scripting. WeÕre all very familiar with each of those issues. Instead, weÕll discuss the potential impact when the two are combined to form new attack techniques. Phishers are beginning to exploit these techniques, creating new phishing attacks that are virtually impervious to conventional security measures. Secure sockets layer (SSL), blacklists, token-based authentication, browser same-origin policy, and monitoring / take-down services offer little protection. Even eyeballing the authenticity of a URL is unlikely to help. By leveraging cross-site scripting, the next level of phishing scams will be launched not from look-alike web pages, but instead from legitimate websites! This presentation will demonstrate how these types of attacks are being achieved. We'll also demonstrate the cutting edge exploits that can effectively turn your browser into spyware with several lines of JavaScript. And, we'll give you the steps you need to take to protect your websites from these attacks.
Phishing with Super Bait
Phishing with Super Bait
Jeremiah Grossman
Overview of hacking techniques used to attack modern web applications focused on application layer. Cross Site Scripting, SQL Injection, Buffer Overflow, Phishing attacks presented.
Hacking A Web Site And Secure Web Server Techniques Used
Hacking A Web Site And Secure Web Server Techniques Used
Siddharth Bhattacharya
5th slide deck covering Cross-site Scripting, encoding and prevention
04. xss and encoding
04. xss and encoding
Eoin Keary
Electron is a framework to create the desktop application on Windows,OS X, Linux easily, and it has been used to develop the popular applications such as Atom Editor, Visual Studio Code, and Slack. Although Electron includes Chromium and node.js and allow the web application developers to be able to develop the desktop application with accustomed methods, it contains a lot of security problems such as it allows arbitrary code execution if even one DOM-based XSS exist in the application. In fact, a lot of vulnerabilities which is able to load arbitrary code in applications made with Electron have been detected and reported. In this talk, I focus on organize and understand the security problems which tend to occur on development using Electron. --- Yosuke Hasegawa Secure Sky Technology Inc, Technical Adviser. Known for finding numerous vulnerablities in Internet Explorer、Mozilla Firefox and other web applications.He has also presented at Black Hat Japan 2008, South Korea POC 2008, 2010 and others. OWASP Kansai Chapter Leader, OWASP Japan Board member.
[CB16] Electron - Build cross platform desktop XSS, it’s easier than you thin...
[CB16] Electron - Build cross platform desktop XSS, it’s easier than you thin...
CODE BLUE
Cross Site Request Forgery Vulnerabilities
Cross Site Request Forgery Vulnerabilities
Marco Morana
A Cross Site Request Forgery (CSRF) – the “sleeping giant”!
A8 cross site request forgery (csrf) it 6873 presentation
A8 cross site request forgery (csrf) it 6873 presentation
Albena Asenova-Belal
Clickjacking DevCon2011
Clickjacking DevCon2011
Krishna T
* Django is a Web Application Framework, written in Python * Allows rapid, secure and agile web development. * Write better web applications in less time & effort.
Django (Web Applications that are Secure by Default )