SlideShare uma empresa Scribd logo

Security of internet

Transferir como PPTX, PDF
O
OWASPKerala

Presented by Rajesh Nair at Institution of Engineers on Dec 3 2014

Tecnologia
1 de 19
The OWASP Foundation http://www.owasp.org Security of the Internet Kerala 2014 Rajesh P Board Member OWASP Kerala Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify the document under the terms of the OWASP License
The OWASP Foundation http://www.owasp.org Computer Security Day Observed on November 30th Started in 1988 Help raise awareness of computer related security issues 2
The OWASP Foundation http://www.owasp.org Computer Security Day Activities • Change your password • Update anti-virus and Check for viruses • Cleanup up your computer and surroundings • Back-up your data • Verify your inventory of computer utilities and packaged software • Monitor Event Logs • Register and pay for all commercial software that is used on your computer 3
The OWASP Foundation http://www.owasp.org - Large-scale intelligence activities targeting Internet communication - Attempts to undermine cryptographic algorithms - People, companies and governments intentionally introduce defects or vulnerabilities (or secret back-doors) compromising the security, trust and integrity of software and applications Trends related to Security in Internet 4
The OWASP Foundation http://www.owasp.org - Deep Web - Firmware - Ransomware - POS Malware - Steganography Trends related to Security in Internet 5 Age of Application Security Age of Network Security Age of Anti- Virus • 3 out of 4 web sites are vulnerable to attacks (Source: Gartner) • 75% of Attacks at the Application Layer (Source: Gartner) • Important % of sales via the Web (Services, Shop On Line, Self-care)
The OWASP Foundation http://www.owasp.orgThe Numbers Cyber Crime: “Second cause of economic crime experienced by the financial services sector” – PwC “Globally, every second, 18 adults become victims of cybercrime” - Norton US - $20.7 billion – (direct losses) Globally 2012 - $110,000,000,000 – direct losses “556 million adults across the world have first-hand experience of cybercrime -- more than the entire population of the European Union.” 6
The OWASP Foundation http://www.owasp.org Target's December 19 disclosure 100+ million payment cards LoyaltyBuild November disclosure 1.5 million + records Snapchat: 4.6 million user records 7
The OWASP Foundation http://www.owasp.org Two weeks of ethical hacking Ten man-years of development An inconvenient truth 8
The OWASP Foundation http://www.owasp.org Make this more difficult: Lets change the application code once a month. 9
The OWASP Foundation http://www.owasp.org Application Code COTS (Commercial off the shelf Outsourced development Sub- Contractors Bespoke outsourced development Bespoke Internal development Third Party API’s Third Party Components & Systems Degrees of trust You may not let some of the people who have developed your code into your offices!! More LESS 10
The OWASP Foundation http://www.owasp.org 2012/13 Study of 31 popular open source libraries - 19.8 million (26%) of the library downloads have known vulnerabilities - Today's applications may use up to 30 or more libraries - 80% of the codebase Dependencies 11
The OWASP Foundation http://www.owasp.org The Open Web Application Security Project (OWASP) is dedicated to finding and fighting the causes of insecure software. The OWASP Foundation is a 501c3 not-for-profit charitable organization that ensures the on going availability and support for our work. Participation in OWASP is free and open to all. Everything here is free and open source and vendor neutral. Main objectives: producing tools, standards and documentations related to Web Application Security. Thousands active members, hundreds of local chapters in the world 12
The OWASP Foundation http://www.owasp.org 13 OWASP Mission To make application security "visible," so that people and organizations can make informed decisions about application security risks
The OWASP Foundation http://www.owasp.org Making Security Visible , through… Documentation Top Ten, Dev. Guide, Design Guide, Testing Guide, … Tools WebGoat, WebScarab, ESAPI, CSRF Guard, Zed Attack Proxy (ZAP), … Working Groups Browser Security, Industry Sectors, Education, Mobile Phone Security, Preventive Security, OWASP Governance Security Community and Awareness Local Chapters, Conferences, Mailing Lists 14 PROTECT DETECT LIFE CYCLE
The OWASP Foundation http://www.owasp.org Body of Knowledge Core Application Security Knowledge Base Acquiring and Building Secure Applications Verifying Application Security Managing Application Security Application Security Tools AppSec Education and CBT Research to Secure New Technologies Principles Threat Agents, Attacks, Vulnerabilities, Impacts, and Countermeasures OWASP Foundation 501c3 OWASP Community Platform (wiki, forums, mailing lists) Projects Chapters AppSecConferences Guide to Building Secure Web Applications and Web Services Guide to Application Security Testing and Guide to Application Security Code Review Tools for Scanning, Testing, Simulating, and Reporting Web Application Security Issues Web Based Learning Environment and Guide for Learning Application Security Guidance and Tools for Measuring and Managing Application Security Research Projects to Figure Out How to Secure the Use of New Technologies (like Ajax) 15
The OWASP Foundation http://www.owasp.org The OWASP Enterprise Security API Custom Enterprise Web Application Enterprise Security API Authenticator User AccessController AccessReferenceMap Validator Encoder HTTPUtilities Encryptor EncryptedProperties Randomizer ExceptionHandling Logger IntrusionDetector SecurityConfiguration Existing Enterprise Security Services/Libraries 16
The OWASP Foundation http://www.owasp.org 17
The OWASP Foundation http://www.owasp.org Please Help OWASP Grow Push us to do better! Be an active contributor Stub articles – wiki contributions New technologies to analyze Be an OWASP member Corporate Members Individual Members Please join us and share what you know! 18 9% 41% 50% OWASP Projects Code Tools Documentation
The OWASP Foundation http://www.owasp.org Thank you! rajesh.nair@owasp.or g https://www.facebook.com/OWASPKerala https://www.twitter.com/owasp_kerala

Recomendados

NormShieldBrochure
NormShieldBrochureNormShieldBrochure
NormShieldBrochureCandan BOLUKBAS
 
Application Security Trends and Issues
Application Security Trends and IssuesApplication Security Trends and Issues
Application Security Trends and IssuesDedi Dwianto
 
WhyNormShield
WhyNormShieldWhyNormShield
WhyNormShieldCandan BOLUKBAS
 
What's Hot In IT - Cybersecurity
What's Hot In IT - CybersecurityWhat's Hot In IT - Cybersecurity
What's Hot In IT - CybersecurityRow Murray
 
NATO Cyber Security Conference: Creating IT-Security Start-Ups
NATO Cyber Security Conference: Creating IT-Security Start-UpsNATO Cyber Security Conference: Creating IT-Security Start-Ups
NATO Cyber Security Conference: Creating IT-Security Start-UpsBenjamin Rohé
 
FINE-TUNE IPS TO DIAL UP SECURITY
FINE-TUNE IPS TO DIAL UP SECURITYFINE-TUNE IPS TO DIAL UP SECURITY
FINE-TUNE IPS TO DIAL UP SECURITYSecureData Europe
 
Exploring DarkWeb For Threat Intelligence (SACON May 2018)
Exploring DarkWeb For Threat Intelligence (SACON May 2018)Exploring DarkWeb For Threat Intelligence (SACON May 2018)
Exploring DarkWeb For Threat Intelligence (SACON May 2018)Priyanka Aash
 
Three trends in cybersecurity
Three trends in cybersecurityThree trends in cybersecurity
Three trends in cybersecurityAlexander Deucalion
 

Recomendados

NormShieldBrochure
NormShieldBrochureNormShieldBrochure
NormShieldBrochureCandan BOLUKBAS
 
Application Security Trends and Issues
Application Security Trends and IssuesApplication Security Trends and Issues
Application Security Trends and IssuesDedi Dwianto
 
WhyNormShield
WhyNormShieldWhyNormShield
WhyNormShieldCandan BOLUKBAS
 
What's Hot In IT - Cybersecurity
What's Hot In IT - CybersecurityWhat's Hot In IT - Cybersecurity
What's Hot In IT - CybersecurityRow Murray
 
NATO Cyber Security Conference: Creating IT-Security Start-Ups
NATO Cyber Security Conference: Creating IT-Security Start-UpsNATO Cyber Security Conference: Creating IT-Security Start-Ups
NATO Cyber Security Conference: Creating IT-Security Start-UpsBenjamin Rohé
 
FINE-TUNE IPS TO DIAL UP SECURITY
FINE-TUNE IPS TO DIAL UP SECURITYFINE-TUNE IPS TO DIAL UP SECURITY
FINE-TUNE IPS TO DIAL UP SECURITYSecureData Europe
 
Exploring DarkWeb For Threat Intelligence (SACON May 2018)
Exploring DarkWeb For Threat Intelligence (SACON May 2018)Exploring DarkWeb For Threat Intelligence (SACON May 2018)
Exploring DarkWeb For Threat Intelligence (SACON May 2018)Priyanka Aash
 
Three trends in cybersecurity
Three trends in cybersecurityThree trends in cybersecurity
Three trends in cybersecurityAlexander Deucalion
 
NTXISSACSC4 - Identity as a Threat Plane Leveraging UEBA and IdA
NTXISSACSC4 - Identity as a Threat Plane Leveraging UEBA and IdANTXISSACSC4 - Identity as a Threat Plane Leveraging UEBA and IdA
NTXISSACSC4 - Identity as a Threat Plane Leveraging UEBA and IdANorth Texas Chapter of the ISSA
 
The Cyber Attack Risk
The Cyber Attack RiskThe Cyber Attack Risk
The Cyber Attack RiskSkyport Systems
 
Why security is the kidney not the tail of the dog v3
Why security is the kidney not the tail of the dog v3Why security is the kidney not the tail of the dog v3
Why security is the kidney not the tail of the dog v3Ernest Staats
 
Tackling today's cyber security challenges - WISER Services & Solutions
Tackling today's cyber security challenges - WISER Services & SolutionsTackling today's cyber security challenges - WISER Services & Solutions
Tackling today's cyber security challenges - WISER Services & SolutionsCYBERWISER .eu
 
Security Kung Fu: Active Directory Changes
Security Kung Fu: Active Directory ChangesSecurity Kung Fu: Active Directory Changes
Security Kung Fu: Active Directory ChangesJoshua Berman
 
Webinar: A deep dive on ransomware
Webinar: A deep dive on ransomwareWebinar: A deep dive on ransomware
Webinar: A deep dive on ransomwareCyren, Inc
 
Drainware Corporate
Drainware CorporateDrainware Corporate
Drainware CorporateJose Palanco
 
kill-chain-presentation-v3
kill-chain-presentation-v3kill-chain-presentation-v3
kill-chain-presentation-v3Shawn Croswell
 
Web appsec and it’s 10 best SDLC practices
Web appsec and it’s 10 best SDLC practicesWeb appsec and it’s 10 best SDLC practices
Web appsec and it’s 10 best SDLC practicesPotato
 
IT Security Awareness - How to?
IT Security Awareness - How to?IT Security Awareness - How to?
IT Security Awareness - How to?Narinrit Prem-apiwathanokul
 
Protect Yourself Against Today's Cybercriminals and Hackers
Protect Yourself Against Today's Cybercriminals and HackersProtect Yourself Against Today's Cybercriminals and Hackers
Protect Yourself Against Today's Cybercriminals and HackersKaseya
 
Active Directory: Modern Threats, Medieval Protection
Active Directory: Modern Threats, Medieval ProtectionActive Directory: Modern Threats, Medieval Protection
Active Directory: Modern Threats, Medieval ProtectionSkyport Systems
 
Scalar Customer Case Study: Toronto 2015 Pan Am/Parapan Am Games
Scalar Customer Case Study: Toronto 2015 Pan Am/Parapan Am GamesScalar Customer Case Study: Toronto 2015 Pan Am/Parapan Am Games
Scalar Customer Case Study: Toronto 2015 Pan Am/Parapan Am GamesScalar Decisions
 
The Current ICS Threat Landscape
The Current ICS Threat LandscapeThe Current ICS Threat Landscape
The Current ICS Threat LandscapeDragos, Inc.
 
Robert Hurlbut - Threat Modeling for Secure Software Design
Robert Hurlbut - Threat Modeling for Secure Software DesignRobert Hurlbut - Threat Modeling for Secure Software Design
Robert Hurlbut - Threat Modeling for Secure Software Designcentralohioissa
 
Securing Medical Devices Using Adaptive Testing Methodologies
Securing Medical Devices Using Adaptive Testing MethodologiesSecuring Medical Devices Using Adaptive Testing Methodologies
Securing Medical Devices Using Adaptive Testing MethodologiesDaniel Miessler
 
Boosting IoT Protection: An Enterprise Risk Imperative
Boosting IoT Protection: An Enterprise Risk ImperativeBoosting IoT Protection: An Enterprise Risk Imperative
Boosting IoT Protection: An Enterprise Risk ImperativeNational Retail Federation
 
Cyber kill chain
Cyber kill chainCyber kill chain
Cyber kill chainAnkita Ganguly
 
FERMA presentation at Parima conference
FERMA presentation at Parima conferenceFERMA presentation at Parima conference
FERMA presentation at Parima conferenceFERMA
 
Information Security Risk Management
Information Security Risk ManagementInformation Security Risk Management
Information Security Risk Managementipspat
 
Observation & interview
Observation & interviewObservation & interview
Observation & interviewleash_
 
Town and Country Meeting Planner Workbook
Town and Country Meeting Planner WorkbookTown and Country Meeting Planner Workbook
Town and Country Meeting Planner WorkbookKristin Warnken
 

Mais conteúdo relacionado

Mais procurados

NTXISSACSC4 - Identity as a Threat Plane Leveraging UEBA and IdA
NTXISSACSC4 - Identity as a Threat Plane Leveraging UEBA and IdANTXISSACSC4 - Identity as a Threat Plane Leveraging UEBA and IdA
NTXISSACSC4 - Identity as a Threat Plane Leveraging UEBA and IdANorth Texas Chapter of the ISSA
 
Why security is the kidney not the tail of the dog v3
Why security is the kidney not the tail of the dog v3Why security is the kidney not the tail of the dog v3
Why security is the kidney not the tail of the dog v3Ernest Staats
 
Tackling today's cyber security challenges - WISER Services & Solutions
Tackling today's cyber security challenges - WISER Services & SolutionsTackling today's cyber security challenges - WISER Services & Solutions
Tackling today's cyber security challenges - WISER Services & SolutionsCYBERWISER .eu
 
Security Kung Fu: Active Directory Changes
Security Kung Fu: Active Directory ChangesSecurity Kung Fu: Active Directory Changes
Security Kung Fu: Active Directory ChangesJoshua Berman
 
Webinar: A deep dive on ransomware
Webinar: A deep dive on ransomwareWebinar: A deep dive on ransomware
Webinar: A deep dive on ransomwareCyren, Inc
 
Drainware Corporate
Drainware CorporateDrainware Corporate
Drainware CorporateJose Palanco
 
kill-chain-presentation-v3
kill-chain-presentation-v3kill-chain-presentation-v3
kill-chain-presentation-v3Shawn Croswell
 
Web appsec and it’s 10 best SDLC practices
Web appsec and it’s 10 best SDLC practicesWeb appsec and it’s 10 best SDLC practices
Web appsec and it’s 10 best SDLC practicesPotato
 
Protect Yourself Against Today's Cybercriminals and Hackers
Protect Yourself Against Today's Cybercriminals and HackersProtect Yourself Against Today's Cybercriminals and Hackers
Protect Yourself Against Today's Cybercriminals and HackersKaseya
 
Active Directory: Modern Threats, Medieval Protection
Active Directory: Modern Threats, Medieval ProtectionActive Directory: Modern Threats, Medieval Protection
Active Directory: Modern Threats, Medieval ProtectionSkyport Systems
 
Scalar Customer Case Study: Toronto 2015 Pan Am/Parapan Am Games
Scalar Customer Case Study: Toronto 2015 Pan Am/Parapan Am GamesScalar Customer Case Study: Toronto 2015 Pan Am/Parapan Am Games
Scalar Customer Case Study: Toronto 2015 Pan Am/Parapan Am GamesScalar Decisions
 
The Current ICS Threat Landscape
The Current ICS Threat LandscapeThe Current ICS Threat Landscape
The Current ICS Threat LandscapeDragos, Inc.
 
Robert Hurlbut - Threat Modeling for Secure Software Design
Robert Hurlbut - Threat Modeling for Secure Software DesignRobert Hurlbut - Threat Modeling for Secure Software Design
Robert Hurlbut - Threat Modeling for Secure Software Designcentralohioissa
 
Securing Medical Devices Using Adaptive Testing Methodologies
Securing Medical Devices Using Adaptive Testing MethodologiesSecuring Medical Devices Using Adaptive Testing Methodologies
Securing Medical Devices Using Adaptive Testing MethodologiesDaniel Miessler
 
Boosting IoT Protection: An Enterprise Risk Imperative
Boosting IoT Protection: An Enterprise Risk ImperativeBoosting IoT Protection: An Enterprise Risk Imperative
Boosting IoT Protection: An Enterprise Risk ImperativeNational Retail Federation
 
FERMA presentation at Parima conference
FERMA presentation at Parima conferenceFERMA presentation at Parima conference
FERMA presentation at Parima conferenceFERMA
 
Information Security Risk Management
Information Security Risk ManagementInformation Security Risk Management
Information Security Risk Managementipspat
 

Mais procurados (20)

NTXISSACSC4 - Identity as a Threat Plane Leveraging UEBA and IdA
NTXISSACSC4 - Identity as a Threat Plane Leveraging UEBA and IdANTXISSACSC4 - Identity as a Threat Plane Leveraging UEBA and IdA
NTXISSACSC4 - Identity as a Threat Plane Leveraging UEBA and IdA
 
The Cyber Attack Risk
The Cyber Attack RiskThe Cyber Attack Risk
The Cyber Attack Risk
 
Why security is the kidney not the tail of the dog v3
Why security is the kidney not the tail of the dog v3Why security is the kidney not the tail of the dog v3
Why security is the kidney not the tail of the dog v3
 
Tackling today's cyber security challenges - WISER Services & Solutions
Tackling today's cyber security challenges - WISER Services & SolutionsTackling today's cyber security challenges - WISER Services & Solutions
Tackling today's cyber security challenges - WISER Services & Solutions
 
Security Kung Fu: Active Directory Changes
Security Kung Fu: Active Directory ChangesSecurity Kung Fu: Active Directory Changes
Security Kung Fu: Active Directory Changes
 
Webinar: A deep dive on ransomware
Webinar: A deep dive on ransomwareWebinar: A deep dive on ransomware
Webinar: A deep dive on ransomware
 
Drainware Corporate
Drainware CorporateDrainware Corporate
Drainware Corporate
 
kill-chain-presentation-v3
kill-chain-presentation-v3kill-chain-presentation-v3
kill-chain-presentation-v3
 
Web appsec and it’s 10 best SDLC practices
Web appsec and it’s 10 best SDLC practicesWeb appsec and it’s 10 best SDLC practices
Web appsec and it’s 10 best SDLC practices
 
IT Security Awareness - How to?
IT Security Awareness - How to?IT Security Awareness - How to?
IT Security Awareness - How to?
 
Protect Yourself Against Today's Cybercriminals and Hackers
Protect Yourself Against Today's Cybercriminals and HackersProtect Yourself Against Today's Cybercriminals and Hackers
Protect Yourself Against Today's Cybercriminals and Hackers
 
Active Directory: Modern Threats, Medieval Protection
Active Directory: Modern Threats, Medieval ProtectionActive Directory: Modern Threats, Medieval Protection
Active Directory: Modern Threats, Medieval Protection
 
Scalar Customer Case Study: Toronto 2015 Pan Am/Parapan Am Games
Scalar Customer Case Study: Toronto 2015 Pan Am/Parapan Am GamesScalar Customer Case Study: Toronto 2015 Pan Am/Parapan Am Games
Scalar Customer Case Study: Toronto 2015 Pan Am/Parapan Am Games
 
The Current ICS Threat Landscape
The Current ICS Threat LandscapeThe Current ICS Threat Landscape
The Current ICS Threat Landscape
 
Robert Hurlbut - Threat Modeling for Secure Software Design
Robert Hurlbut - Threat Modeling for Secure Software DesignRobert Hurlbut - Threat Modeling for Secure Software Design
Robert Hurlbut - Threat Modeling for Secure Software Design
 
Securing Medical Devices Using Adaptive Testing Methodologies
Securing Medical Devices Using Adaptive Testing MethodologiesSecuring Medical Devices Using Adaptive Testing Methodologies
Securing Medical Devices Using Adaptive Testing Methodologies
 
Boosting IoT Protection: An Enterprise Risk Imperative
Boosting IoT Protection: An Enterprise Risk ImperativeBoosting IoT Protection: An Enterprise Risk Imperative
Boosting IoT Protection: An Enterprise Risk Imperative
 
Cyber kill chain
Cyber kill chainCyber kill chain
Cyber kill chain
 
FERMA presentation at Parima conference
FERMA presentation at Parima conferenceFERMA presentation at Parima conference
FERMA presentation at Parima conference
 
Information Security Risk Management
Information Security Risk ManagementInformation Security Risk Management
Information Security Risk Management
 

Destaque

Observation & interview
Observation & interviewObservation & interview
Observation & interviewleash_
 
Town and Country Meeting Planner Workbook
Town and Country Meeting Planner WorkbookTown and Country Meeting Planner Workbook
Town and Country Meeting Planner WorkbookKristin Warnken
 
Mistakes learners make
Mistakes learners makeMistakes learners make
Mistakes learners makeTony Peroukas
 
Introduction to OWASP & Web Application Security
Introduction to OWASP & Web Application SecurityIntroduction to OWASP & Web Application Security
Introduction to OWASP & Web Application SecurityOWASPKerala
 
Java Secure Coding Practices
Java Secure Coding PracticesJava Secure Coding Practices
Java Secure Coding PracticesOWASPKerala
 
Comment démarrer sa startup
Comment démarrer sa startupComment démarrer sa startup
Comment démarrer sa startupYoussef Ghalem
 
Android pen test basics
Android pen test basicsAndroid pen test basics
Android pen test basicsOWASPKerala
 

Destaque (7)

Observation & interview
Observation & interviewObservation & interview
Observation & interview
 
Town and Country Meeting Planner Workbook
Town and Country Meeting Planner WorkbookTown and Country Meeting Planner Workbook
Town and Country Meeting Planner Workbook
 
Mistakes learners make
Mistakes learners makeMistakes learners make
Mistakes learners make
 
Introduction to OWASP & Web Application Security
Introduction to OWASP & Web Application SecurityIntroduction to OWASP & Web Application Security
Introduction to OWASP & Web Application Security
 
Java Secure Coding Practices
Java Secure Coding PracticesJava Secure Coding Practices
Java Secure Coding Practices
 
Comment démarrer sa startup
Comment démarrer sa startupComment démarrer sa startup
Comment démarrer sa startup
 
Android pen test basics
Android pen test basicsAndroid pen test basics
Android pen test basics
 

Semelhante a Security of internet

Protección web con ESAPI y AppSensor [GuadalajaraCON 2013]
Protección web con ESAPI y AppSensor [GuadalajaraCON 2013]Protección web con ESAPI y AppSensor [GuadalajaraCON 2013]
Protección web con ESAPI y AppSensor [GuadalajaraCON 2013]Websec México, S.C.
 
RSA Europe 2013 OWASP Training
RSA Europe 2013 OWASP TrainingRSA Europe 2013 OWASP Training
RSA Europe 2013 OWASP TrainingJim Manico
 
Looking Forward… and Beyond - Distinctiveness Through Security Excellence
Looking Forward… and Beyond - Distinctiveness Through Security ExcellenceLooking Forward… and Beyond - Distinctiveness Through Security Excellence
Looking Forward… and Beyond - Distinctiveness Through Security ExcellenceLudovic Petit
 
Introduction To OWASP
Introduction To OWASPIntroduction To OWASP
Introduction To OWASPMarco Morana
 
Chirita ionel owasp europe tour
Chirita ionel owasp europe tourChirita ionel owasp europe tour
Chirita ionel owasp europe tourChirita Ionel
 
OWASP, the life and the universe
OWASP, the life and the universeOWASP, the life and the universe
OWASP, the life and the universeSébastien GIORIA
 
Web Application Security
Web Application SecurityWeb Application Security
Web Application Securitysudip pudasaini
 
What are the top 10 web security risks?
What are the top 10 web security risks?What are the top 10 web security risks?
What are the top 10 web security risks?Jacklin Berry
 
[1.1] Почему вам стоит поучаствовать в жизни OWASP Russia - Александр Антух
[1.1] Почему вам стоит поучаствовать в жизни OWASP Russia - Александр Антух[1.1] Почему вам стоит поучаствовать в жизни OWASP Russia - Александр Антух
[1.1] Почему вам стоит поучаствовать в жизни OWASP Russia - Александр АнтухOWASP Russia
 
Owasp top 10-2017
Owasp top 10-2017Owasp top 10-2017
Owasp top 10-2017malvvv
 
Owasp top 10 2017 (en)
Owasp top 10 2017 (en)Owasp top 10 2017 (en)
Owasp top 10 2017 (en)PrashantDhakol
 
OWASP_Top_10-2017_(en).pdf.pdf
OWASP_Top_10-2017_(en).pdf.pdfOWASP_Top_10-2017_(en).pdf.pdf
OWASP_Top_10-2017_(en).pdf.pdfSamSepiolRhodes
 
ISACA 2016 Annual Conference SA_State of Risk_Tunde Ogunkoya_DeltaGRiC_Consul...
ISACA 2016 Annual Conference SA_State of Risk_Tunde Ogunkoya_DeltaGRiC_Consul...ISACA 2016 Annual Conference SA_State of Risk_Tunde Ogunkoya_DeltaGRiC_Consul...
ISACA 2016 Annual Conference SA_State of Risk_Tunde Ogunkoya_DeltaGRiC_Consul...Tunde Ogunkoya
 
20160713 2016 the honeynet projct annual workshop focus and global trends
20160713 2016 the honeynet projct annual workshop focus and global trends20160713 2016 the honeynet projct annual workshop focus and global trends
20160713 2016 the honeynet projct annual workshop focus and global trendsYi-Lang Tsai
 
OWASP Free Training - SF2014 - Keary and Manico
OWASP Free Training - SF2014 - Keary and ManicoOWASP Free Training - SF2014 - Keary and Manico
OWASP Free Training - SF2014 - Keary and ManicoEoin Keary
 

Semelhante a Security of internet (20)

Protección web con ESAPI y AppSensor [GuadalajaraCON 2013]
Protección web con ESAPI y AppSensor [GuadalajaraCON 2013]Protección web con ESAPI y AppSensor [GuadalajaraCON 2013]
Protección web con ESAPI y AppSensor [GuadalajaraCON 2013]
 
Owasp Serbia overview
Owasp Serbia overviewOwasp Serbia overview
Owasp Serbia overview
 
RSA Europe 2013 OWASP Training
RSA Europe 2013 OWASP TrainingRSA Europe 2013 OWASP Training
RSA Europe 2013 OWASP Training
 
2014 09-04-pj
2014 09-04-pj2014 09-04-pj
2014 09-04-pj
 
Looking Forward… and Beyond - Distinctiveness Through Security Excellence
Looking Forward… and Beyond - Distinctiveness Through Security ExcellenceLooking Forward… and Beyond - Distinctiveness Through Security Excellence
Looking Forward… and Beyond - Distinctiveness Through Security Excellence
 
Do You... Legal?
Do You... Legal?Do You... Legal?
Do You... Legal?
 
Introduction To OWASP
Introduction To OWASPIntroduction To OWASP
Introduction To OWASP
 
Chirita ionel owasp europe tour
Chirita ionel owasp europe tourChirita ionel owasp europe tour
Chirita ionel owasp europe tour
 
OWASP, the life and the universe
OWASP, the life and the universeOWASP, the life and the universe
OWASP, the life and the universe
 
Web Application Security
Web Application SecurityWeb Application Security
Web Application Security
 
What are the top 10 web security risks?
What are the top 10 web security risks?What are the top 10 web security risks?
What are the top 10 web security risks?
 
[1.1] Почему вам стоит поучаствовать в жизни OWASP Russia - Александр Антух
[1.1] Почему вам стоит поучаствовать в жизни OWASP Russia - Александр Антух[1.1] Почему вам стоит поучаствовать в жизни OWASP Russia - Александр Антух
[1.1] Почему вам стоит поучаствовать в жизни OWASP Russia - Александр Антух
 
Owasp top 10-2017
Owasp top 10-2017Owasp top 10-2017
Owasp top 10-2017
 
Owasp top 10 2017 (en)
Owasp top 10 2017 (en)Owasp top 10 2017 (en)
Owasp top 10 2017 (en)
 
OWASP_Top_10-2017_(en).pdf.pdf
OWASP_Top_10-2017_(en).pdf.pdfOWASP_Top_10-2017_(en).pdf.pdf
OWASP_Top_10-2017_(en).pdf.pdf
 
ISACA 2016 Annual Conference SA_State of Risk_Tunde Ogunkoya_DeltaGRiC_Consul...
ISACA 2016 Annual Conference SA_State of Risk_Tunde Ogunkoya_DeltaGRiC_Consul...ISACA 2016 Annual Conference SA_State of Risk_Tunde Ogunkoya_DeltaGRiC_Consul...
ISACA 2016 Annual Conference SA_State of Risk_Tunde Ogunkoya_DeltaGRiC_Consul...
 
20160713 2016 the honeynet projct annual workshop focus and global trends
20160713 2016 the honeynet projct annual workshop focus and global trends20160713 2016 the honeynet projct annual workshop focus and global trends
20160713 2016 the honeynet projct annual workshop focus and global trends
 
OWASP Free Training - SF2014 - Keary and Manico
OWASP Free Training - SF2014 - Keary and ManicoOWASP Free Training - SF2014 - Keary and Manico
OWASP Free Training - SF2014 - Keary and Manico
 
OWASP an Introduction
OWASP an Introduction OWASP an Introduction
OWASP an Introduction
 
ION Costa Rica Opening Slides
ION Costa Rica Opening SlidesION Costa Rica Opening Slides
ION Costa Rica Opening Slides
 

Último

AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAndrey Devyatkin
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDropbox
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistandanishmna97
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024The Digital Insurer
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesrafiqahmad00786416
 
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot ModelMcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot ModelDeepika Singh
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...apidays
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWERMadyBayot
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Victor Rentea
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...apidays
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingEdi Saputra
 
WSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering DevelopersWSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering DevelopersWSO2
 
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​Bhuvaneswari Subramani
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodJuan lago vázquez
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdfSandro Moreira
 
Vector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptxVector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptxRemote DBA Services
 

Último (20)

Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistan
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot ModelMcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
WSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering DevelopersWSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering Developers
 
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf
 
Vector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptxVector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptx
 

Security of internet

  • 1. The OWASP Foundation http://www.owasp.org Security of the Internet Kerala 2014 Rajesh P Board Member OWASP Kerala Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify the document under the terms of the OWASP License
  • 2. The OWASP Foundation http://www.owasp.org Computer Security Day Observed on November 30th Started in 1988 Help raise awareness of computer related security issues 2
  • 3. The OWASP Foundation http://www.owasp.org Computer Security Day Activities • Change your password • Update anti-virus and Check for viruses • Cleanup up your computer and surroundings • Back-up your data • Verify your inventory of computer utilities and packaged software • Monitor Event Logs • Register and pay for all commercial software that is used on your computer 3
  • 4. The OWASP Foundation http://www.owasp.org - Large-scale intelligence activities targeting Internet communication - Attempts to undermine cryptographic algorithms - People, companies and governments intentionally introduce defects or vulnerabilities (or secret back-doors) compromising the security, trust and integrity of software and applications Trends related to Security in Internet 4
  • 5. The OWASP Foundation http://www.owasp.org - Deep Web - Firmware - Ransomware - POS Malware - Steganography Trends related to Security in Internet 5 Age of Application Security Age of Network Security Age of Anti- Virus • 3 out of 4 web sites are vulnerable to attacks (Source: Gartner) • 75% of Attacks at the Application Layer (Source: Gartner) • Important % of sales via the Web (Services, Shop On Line, Self-care)
  • 6. The OWASP Foundation http://www.owasp.orgThe Numbers Cyber Crime: “Second cause of economic crime experienced by the financial services sector” – PwC “Globally, every second, 18 adults become victims of cybercrime” - Norton US - $20.7 billion – (direct losses) Globally 2012 - $110,000,000,000 – direct losses “556 million adults across the world have first-hand experience of cybercrime -- more than the entire population of the European Union.” 6
  • 7. The OWASP Foundation http://www.owasp.org Target's December 19 disclosure 100+ million payment cards LoyaltyBuild November disclosure 1.5 million + records Snapchat: 4.6 million user records 7
  • 8. The OWASP Foundation http://www.owasp.org Two weeks of ethical hacking Ten man-years of development An inconvenient truth 8
  • 9. The OWASP Foundation http://www.owasp.org Make this more difficult: Lets change the application code once a month. 9
  • 10. The OWASP Foundation http://www.owasp.org Application Code COTS (Commercial off the shelf Outsourced development Sub- Contractors Bespoke outsourced development Bespoke Internal development Third Party API’s Third Party Components & Systems Degrees of trust You may not let some of the people who have developed your code into your offices!! More LESS 10
  • 11. The OWASP Foundation http://www.owasp.org 2012/13 Study of 31 popular open source libraries - 19.8 million (26%) of the library downloads have known vulnerabilities - Today's applications may use up to 30 or more libraries - 80% of the codebase Dependencies 11
  • 12. The OWASP Foundation http://www.owasp.org The Open Web Application Security Project (OWASP) is dedicated to finding and fighting the causes of insecure software. The OWASP Foundation is a 501c3 not-for-profit charitable organization that ensures the on going availability and support for our work. Participation in OWASP is free and open to all. Everything here is free and open source and vendor neutral. Main objectives: producing tools, standards and documentations related to Web Application Security. Thousands active members, hundreds of local chapters in the world 12
  • 13. The OWASP Foundation http://www.owasp.org 13 OWASP Mission To make application security "visible," so that people and organizations can make informed decisions about application security risks
  • 14. The OWASP Foundation http://www.owasp.org Making Security Visible , through… Documentation Top Ten, Dev. Guide, Design Guide, Testing Guide, … Tools WebGoat, WebScarab, ESAPI, CSRF Guard, Zed Attack Proxy (ZAP), … Working Groups Browser Security, Industry Sectors, Education, Mobile Phone Security, Preventive Security, OWASP Governance Security Community and Awareness Local Chapters, Conferences, Mailing Lists 14 PROTECT DETECT LIFE CYCLE
  • 15. The OWASP Foundation http://www.owasp.org Body of Knowledge Core Application Security Knowledge Base Acquiring and Building Secure Applications Verifying Application Security Managing Application Security Application Security Tools AppSec Education and CBT Research to Secure New Technologies Principles Threat Agents, Attacks, Vulnerabilities, Impacts, and Countermeasures OWASP Foundation 501c3 OWASP Community Platform (wiki, forums, mailing lists) Projects Chapters AppSecConferences Guide to Building Secure Web Applications and Web Services Guide to Application Security Testing and Guide to Application Security Code Review Tools for Scanning, Testing, Simulating, and Reporting Web Application Security Issues Web Based Learning Environment and Guide for Learning Application Security Guidance and Tools for Measuring and Managing Application Security Research Projects to Figure Out How to Secure the Use of New Technologies (like Ajax) 15
  • 16. The OWASP Foundation http://www.owasp.org The OWASP Enterprise Security API Custom Enterprise Web Application Enterprise Security API Authenticator User AccessController AccessReferenceMap Validator Encoder HTTPUtilities Encryptor EncryptedProperties Randomizer ExceptionHandling Logger IntrusionDetector SecurityConfiguration Existing Enterprise Security Services/Libraries 16
  • 18. The OWASP Foundation http://www.owasp.org Please Help OWASP Grow Push us to do better! Be an active contributor Stub articles – wiki contributions New technologies to analyze Be an OWASP member Corporate Members Individual Members Please join us and share what you know! 18 9% 41% 50% OWASP Projects Code Tools Documentation
  • 19. The OWASP Foundation http://www.owasp.org Thank you! rajesh.nair@owasp.or g https://www.facebook.com/OWASPKerala https://www.twitter.com/owasp_kerala