Enviar pesquisa
Carregar
AOEconf17: Application Security
•
3 gostaram
•
847 visualizações
AOE
Seguir
AOEconf17 talk "Application Security" by Bastian Ike.
Leia menos
Leia mais
Software
Denunciar
Compartilhar
Denunciar
Compartilhar
1 de 42
Baixar agora
Baixar para ler offline
Recomendados
Join Stormpath Developer Evangelist, Robert Damphousse, to dive deep into browser security. Robert will explain how Session IDs, Man in the Middle (MITM), Cross-Site Scripting (XSS), and Cross-Site Request Forgery (CSRF) attacks work, and how to use cookies to support security best practices. Topics Covered: - Security concerns for modern web apps - Cookies, the right way - MITM, XSS, and CSRF attacks - Session ID problems - Examples in an Angular app
Browser Security 101
Browser Security 101
Stormpath
This AtlasCamp, we're talking a lot about Atlassian Connect and the new Confluence REST API. This session will bring it all together with an overview on building a Connect add-on with Confluence. We will cover best practices when writing complex dynamic macros with respect to security, performance and maintainability.
AtlasCamp 2014: Writing Connect Add-ons for Confluence
AtlasCamp 2014: Writing Connect Add-ons for Confluence
Atlassian
Using Controls, calling Launchers. IsolatedStorages and Local DataBase samples
Using Controls, calling Launchers. IsolatedStorages and Local DataBase samples
Rashad Aliyev
If you're a JavaScript developer, you can't miss this session. Atlassian Connect presents some challenges that might be new to JavaScript developers, like third-party cookie policy, window.postMessage, and sending data between multiple iframes, just to name a few. This session will address these challenges and offer practical tips from the trenches of building new add-ons with Atlassian Connect.
AtlasCamp 2014: 10 Things a Front End Developer Should Know About Connect
AtlasCamp 2014: 10 Things a Front End Developer Should Know About Connect
Atlassian
To make add-ons in Atlassian OnDemand successful with Atlassian Connect, they have to be secure. Learn what security features Connect provides and why. This session will include: • Fun security brain teasers! • Tips on avoiding common pitfalls when Connect add-ons • A sneak peak at future security features we will introduce for Connect
AtlasCamp 2014: Connect Security
AtlasCamp 2014: Connect Security
Atlassian
In this presentation, Java Developer Evangelist Micah Silverman demystifies HTTP Authentication and explains how the Next Big Thing - Token Authentication - can be used to secure web applications on the JVM, REST APIs, and 'unsafe' clients while supporting security best practices and even improving your application's performance and scale. Topics Covered: Security Concerns for Modern Web Apps Cross-Site Scripting Prevention Working with 'Untrusted Clients' Securing API endpoints Cookies Man in the Middle (MitM) Attacks Cross-Site Request Forgery Session ID Problems Token Authentication JWTs Working with the JJWT library End-to-end example with Spring Boot
Securing Web Applications with Token Authentication
Securing Web Applications with Token Authentication
Stormpath
0xdec0de01
«How to start in web application penetration testing» by Maxim Dzhalamaga
«How to start in web application penetration testing» by Maxim Dzhalamaga
0xdec0de
As a part of the software industry, it is a basic necessity to create a secure application/product. Security testing is not only about hacking, and can be approached in a structured manner. This presentation will help you understand how to incorporate security in different phases and aspects of software development.
An approach to app security - For beginners
An approach to app security - For beginners
vodQA
Recomendados
Join Stormpath Developer Evangelist, Robert Damphousse, to dive deep into browser security. Robert will explain how Session IDs, Man in the Middle (MITM), Cross-Site Scripting (XSS), and Cross-Site Request Forgery (CSRF) attacks work, and how to use cookies to support security best practices. Topics Covered: - Security concerns for modern web apps - Cookies, the right way - MITM, XSS, and CSRF attacks - Session ID problems - Examples in an Angular app
Browser Security 101
Browser Security 101
Stormpath
This AtlasCamp, we're talking a lot about Atlassian Connect and the new Confluence REST API. This session will bring it all together with an overview on building a Connect add-on with Confluence. We will cover best practices when writing complex dynamic macros with respect to security, performance and maintainability.
AtlasCamp 2014: Writing Connect Add-ons for Confluence
AtlasCamp 2014: Writing Connect Add-ons for Confluence
Atlassian
Using Controls, calling Launchers. IsolatedStorages and Local DataBase samples
Using Controls, calling Launchers. IsolatedStorages and Local DataBase samples
Rashad Aliyev
If you're a JavaScript developer, you can't miss this session. Atlassian Connect presents some challenges that might be new to JavaScript developers, like third-party cookie policy, window.postMessage, and sending data between multiple iframes, just to name a few. This session will address these challenges and offer practical tips from the trenches of building new add-ons with Atlassian Connect.
AtlasCamp 2014: 10 Things a Front End Developer Should Know About Connect
AtlasCamp 2014: 10 Things a Front End Developer Should Know About Connect
Atlassian
To make add-ons in Atlassian OnDemand successful with Atlassian Connect, they have to be secure. Learn what security features Connect provides and why. This session will include: • Fun security brain teasers! • Tips on avoiding common pitfalls when Connect add-ons • A sneak peak at future security features we will introduce for Connect
AtlasCamp 2014: Connect Security
AtlasCamp 2014: Connect Security
Atlassian
In this presentation, Java Developer Evangelist Micah Silverman demystifies HTTP Authentication and explains how the Next Big Thing - Token Authentication - can be used to secure web applications on the JVM, REST APIs, and 'unsafe' clients while supporting security best practices and even improving your application's performance and scale. Topics Covered: Security Concerns for Modern Web Apps Cross-Site Scripting Prevention Working with 'Untrusted Clients' Securing API endpoints Cookies Man in the Middle (MitM) Attacks Cross-Site Request Forgery Session ID Problems Token Authentication JWTs Working with the JJWT library End-to-end example with Spring Boot
Securing Web Applications with Token Authentication
Securing Web Applications with Token Authentication
Stormpath
0xdec0de01
«How to start in web application penetration testing» by Maxim Dzhalamaga
«How to start in web application penetration testing» by Maxim Dzhalamaga
0xdec0de
As a part of the software industry, it is a basic necessity to create a secure application/product. Security testing is not only about hacking, and can be approached in a structured manner. This presentation will help you understand how to incorporate security in different phases and aspects of software development.
An approach to app security - For beginners
An approach to app security - For beginners
vodQA
REST+JSON APIs are great - but you still need to communicate with them from your code. Wouldn't you prefer to interact with clean and intuitive Java objects instead of messing with HTTP requests, HTTP status codes and JSON parsing? Wouldn't you prefer to work with type-safe objects specific to your API? In this presentation, Les Hazlewood - Stormpath CTO and Apache Shiro PMC Chair - will share all of the golden nuggets learned while designing, implementing and supporting multiple clients purpose-built for a real-world REST+JSON API. Further reading: http://www.stormpath.com/blog Stormpath is a user management and authentication service for developers. By offloading user management and authentication to Stormpath, developers can bring applications to market faster, reduce development costs, and protect their users. Easy and secure, the flexible cloud service can manage millions of users with a scalable pricing model.
Build A Killer Client For Your REST+JSON API
Build A Killer Client For Your REST+JSON API
Stormpath
PPT on Adobe CQ introduction, it's benefits, architecture. To get a detailed description please go through: https://www.youtube.com/watch?v=h_S8hCLzlMU
Introdcution to Adobe CQ
Introdcution to Adobe CQ
Rest West
Four major attacks are covered here: -Bypass Authentication Via Authentication Token Manipulation. -Session hijacking. -Brute forcing login pages using burp. -HTTP parameter pollution.
Web Hacking series part 2
Web Hacking series part 2
Aditya Kamat
Niyaz Abbasov (NEATS) Digər proqramlaşdırma dillərində Android platforması üçün proqramlaşdırma
Digər proqramlaşdırma dillərində Android platforması üçün proqramlaşdırma
Digər proqramlaşdırma dillərində Android platforması üçün proqramlaşdırma
Rashad Aliyev
SOURCE Barcelona 2011 - Ofer Shezaf
Securty Testing For RESTful Applications
Securty Testing For RESTful Applications
Source Conference
11. tehničko predavanje u sklopu Software StartUp Academy Osijek - Ivan Marković 'ASP.NET'
ASP.NET - Ivan Marković
ASP.NET - Ivan Marković
Software StartUp Academy Osijek
Brief explanation on the advantages of using an in-house WordPress framework over a commercial framework. Big Red can be downloaded from http://wordpress.org/extend/themes/big-red-framework
Using an in-house WordPress framework
Using an in-house WordPress framework
peterwilsoncc
Slides for a college course based on "The Web Application Hacker's Handbook", 2nd Ed. Teacher: Sam Bowne Twitter: @sambowne Website: https://samsclass.info/129S/129S_F16.shtml
CNIT 129S: 12: Attacking Users: Cross-Site Scripting (Part 1 of 2)
CNIT 129S: 12: Attacking Users: Cross-Site Scripting (Part 1 of 2)
Sam Bowne
We already showed you how to build a Beautiful REST+JSON API(http://www.slideshare.net/stormpath/rest-jsonapis), but how do you secure your API? At Stormpath we spent 18 months researching best practices, implementing them in the Stormpath API, and figuring out what works. Here’s our playbook on how to secure a REST API.
Secure Your REST API (The Right Way)
Secure Your REST API (The Right Way)
Stormpath
Authentication: Cookies vs JWTs and why you’re doing it wrong
Authentication: Cookies vs JWTs and why you’re doing it wrong
Derek Perkins
What keeps IT managers awake at night? Worrying whether their website is protected against security vulnerabilities and exploits. In this presentation, Ash Prasad, Director of Engineering at DNN, gives IT managers suggestions on how to secure their .NET websites. Ash shares the tools and techniques he employs to harden the security of websites. If you’re managing .NET websites, this presentation will arm you with tips you can apply right away.
How to Harden the Security of Your .NET Website
How to Harden the Security of Your .NET Website
DNN
Introduction to Adobe CQ5 for Developers.
Adobe CQ5 for Developers - Introduction
Adobe CQ5 for Developers - Introduction
Tekno Point
How to Use OWASP ESAPI and Microsoft Web Protection Libraries Against Cross-Site Scripting
OWASP ESAPI and Microsoft Web Libraries in Cross-Site Scripting
OWASP ESAPI and Microsoft Web Libraries in Cross-Site Scripting
Denim Group
In this slide you will learn about CSS. It is stand for Cascading Style sheets. We use this technology to design and decorate the HTML Documents.
Learn css step by step online course
Learn css step by step online course
Naeem Hussain
Exploiting axis2 and apache tomcat to get a shell with basic privileges.
Exploiting a vulnerability to gain a shell
Exploiting a vulnerability to gain a shell
Aditya Kamat
Slides for a college course based on "The Web Application Hacker's Handbook", 2nd Ed. Teacher: Sam Bowne Twitter: @sambowne Website: https://samsclass.info/129S/129S_F16.shtml
CNIT 129S: Ch 5: Bypassing Client-Side Controls
CNIT 129S: Ch 5: Bypassing Client-Side Controls
Sam Bowne
All ivanti is a secure workspace - Bsides Delft 2018
All ivanti is a secure workspace - Bsides Delft 2018
All ivanti is a secure workspace - Bsides Delft 2018
Johanna Curiel
Slides for a college course based on "The Web Application Hacker's Handbook", 2nd Ed. Teacher: Sam Bowne Twitter: @sambowne Website: https://samsclass.info/129S/129S_F16.shtml
CNIT 129S: 13: Attacking Users: Other Techniques (Part 1 of 2)
CNIT 129S: 13: Attacking Users: Other Techniques (Part 1 of 2)
Sam Bowne
Slides for a college course based on "The Web Application Hacker's Handbook", 2nd Ed. Teacher: Sam Bowne Twitter: @sambowne Website: https://samsclass.info/129S/129S_F16.shtml
CNIT 129S: 13: Attacking Users: Other Techniques (Part 2 of 2)
CNIT 129S: 13: Attacking Users: Other Techniques (Part 2 of 2)
Sam Bowne
A case study of security features inside the popular python-based web framework, Django. Made by Mohammed ALDOUB (@Voulnet)
Case Study of Django: Web Frameworks that are Secure by Default
Case Study of Django: Web Frameworks that are Secure by Default
Mohammed ALDOUB
Mr. Mohammed Aldoub - A case study of django web applications that are secur...
Mr. Mohammed Aldoub - A case study of django web applications that are secur...
nooralmousa
Insecure software undermines our infrastructure and puts our organizations at risk. Whether you’re a new developer, a designer who is beginning to experiment with programming, or a seasoned developer looking for a refresher, join us as we discuss why attacks happen, go over the most common vulnerabilities and techniques you can use to code defensively. This hands-on workshop will feature real-world hacking exercises that correspond to each of the Open Web Application Security Project (OWASP) top 10 vulnerabilities, helping to hone your skills as a security ninja!
Become a Security Ninja
Become a Security Ninja
Paul Gilzow
Mais conteúdo relacionado
Mais procurados
REST+JSON APIs are great - but you still need to communicate with them from your code. Wouldn't you prefer to interact with clean and intuitive Java objects instead of messing with HTTP requests, HTTP status codes and JSON parsing? Wouldn't you prefer to work with type-safe objects specific to your API? In this presentation, Les Hazlewood - Stormpath CTO and Apache Shiro PMC Chair - will share all of the golden nuggets learned while designing, implementing and supporting multiple clients purpose-built for a real-world REST+JSON API. Further reading: http://www.stormpath.com/blog Stormpath is a user management and authentication service for developers. By offloading user management and authentication to Stormpath, developers can bring applications to market faster, reduce development costs, and protect their users. Easy and secure, the flexible cloud service can manage millions of users with a scalable pricing model.
Build A Killer Client For Your REST+JSON API
Build A Killer Client For Your REST+JSON API
Stormpath
PPT on Adobe CQ introduction, it's benefits, architecture. To get a detailed description please go through: https://www.youtube.com/watch?v=h_S8hCLzlMU
Introdcution to Adobe CQ
Introdcution to Adobe CQ
Rest West
Four major attacks are covered here: -Bypass Authentication Via Authentication Token Manipulation. -Session hijacking. -Brute forcing login pages using burp. -HTTP parameter pollution.
Web Hacking series part 2
Web Hacking series part 2
Aditya Kamat
Niyaz Abbasov (NEATS) Digər proqramlaşdırma dillərində Android platforması üçün proqramlaşdırma
Digər proqramlaşdırma dillərində Android platforması üçün proqramlaşdırma
Digər proqramlaşdırma dillərində Android platforması üçün proqramlaşdırma
Rashad Aliyev
SOURCE Barcelona 2011 - Ofer Shezaf
Securty Testing For RESTful Applications
Securty Testing For RESTful Applications
Source Conference
11. tehničko predavanje u sklopu Software StartUp Academy Osijek - Ivan Marković 'ASP.NET'
ASP.NET - Ivan Marković
ASP.NET - Ivan Marković
Software StartUp Academy Osijek
Brief explanation on the advantages of using an in-house WordPress framework over a commercial framework. Big Red can be downloaded from http://wordpress.org/extend/themes/big-red-framework
Using an in-house WordPress framework
Using an in-house WordPress framework
peterwilsoncc
Slides for a college course based on "The Web Application Hacker's Handbook", 2nd Ed. Teacher: Sam Bowne Twitter: @sambowne Website: https://samsclass.info/129S/129S_F16.shtml
CNIT 129S: 12: Attacking Users: Cross-Site Scripting (Part 1 of 2)
CNIT 129S: 12: Attacking Users: Cross-Site Scripting (Part 1 of 2)
Sam Bowne
We already showed you how to build a Beautiful REST+JSON API(http://www.slideshare.net/stormpath/rest-jsonapis), but how do you secure your API? At Stormpath we spent 18 months researching best practices, implementing them in the Stormpath API, and figuring out what works. Here’s our playbook on how to secure a REST API.
Secure Your REST API (The Right Way)
Secure Your REST API (The Right Way)
Stormpath
Authentication: Cookies vs JWTs and why you’re doing it wrong
Authentication: Cookies vs JWTs and why you’re doing it wrong
Derek Perkins
What keeps IT managers awake at night? Worrying whether their website is protected against security vulnerabilities and exploits. In this presentation, Ash Prasad, Director of Engineering at DNN, gives IT managers suggestions on how to secure their .NET websites. Ash shares the tools and techniques he employs to harden the security of websites. If you’re managing .NET websites, this presentation will arm you with tips you can apply right away.
How to Harden the Security of Your .NET Website
How to Harden the Security of Your .NET Website
DNN
Introduction to Adobe CQ5 for Developers.
Adobe CQ5 for Developers - Introduction
Adobe CQ5 for Developers - Introduction
Tekno Point
How to Use OWASP ESAPI and Microsoft Web Protection Libraries Against Cross-Site Scripting
OWASP ESAPI and Microsoft Web Libraries in Cross-Site Scripting
OWASP ESAPI and Microsoft Web Libraries in Cross-Site Scripting
Denim Group
In this slide you will learn about CSS. It is stand for Cascading Style sheets. We use this technology to design and decorate the HTML Documents.
Learn css step by step online course
Learn css step by step online course
Naeem Hussain
Exploiting axis2 and apache tomcat to get a shell with basic privileges.
Exploiting a vulnerability to gain a shell
Exploiting a vulnerability to gain a shell
Aditya Kamat
Slides for a college course based on "The Web Application Hacker's Handbook", 2nd Ed. Teacher: Sam Bowne Twitter: @sambowne Website: https://samsclass.info/129S/129S_F16.shtml
CNIT 129S: Ch 5: Bypassing Client-Side Controls
CNIT 129S: Ch 5: Bypassing Client-Side Controls
Sam Bowne
All ivanti is a secure workspace - Bsides Delft 2018
All ivanti is a secure workspace - Bsides Delft 2018
All ivanti is a secure workspace - Bsides Delft 2018
Johanna Curiel
Slides for a college course based on "The Web Application Hacker's Handbook", 2nd Ed. Teacher: Sam Bowne Twitter: @sambowne Website: https://samsclass.info/129S/129S_F16.shtml
CNIT 129S: 13: Attacking Users: Other Techniques (Part 1 of 2)
CNIT 129S: 13: Attacking Users: Other Techniques (Part 1 of 2)
Sam Bowne
Slides for a college course based on "The Web Application Hacker's Handbook", 2nd Ed. Teacher: Sam Bowne Twitter: @sambowne Website: https://samsclass.info/129S/129S_F16.shtml
CNIT 129S: 13: Attacking Users: Other Techniques (Part 2 of 2)
CNIT 129S: 13: Attacking Users: Other Techniques (Part 2 of 2)
Sam Bowne
Mais procurados
(19)
Build A Killer Client For Your REST+JSON API
Build A Killer Client For Your REST+JSON API
Introdcution to Adobe CQ
Introdcution to Adobe CQ
Web Hacking series part 2
Web Hacking series part 2
Digər proqramlaşdırma dillərində Android platforması üçün proqramlaşdırma
Digər proqramlaşdırma dillərində Android platforması üçün proqramlaşdırma
Securty Testing For RESTful Applications
Securty Testing For RESTful Applications
ASP.NET - Ivan Marković
ASP.NET - Ivan Marković
Using an in-house WordPress framework
Using an in-house WordPress framework
CNIT 129S: 12: Attacking Users: Cross-Site Scripting (Part 1 of 2)
CNIT 129S: 12: Attacking Users: Cross-Site Scripting (Part 1 of 2)
Secure Your REST API (The Right Way)
Secure Your REST API (The Right Way)
Authentication: Cookies vs JWTs and why you’re doing it wrong
Authentication: Cookies vs JWTs and why you’re doing it wrong
How to Harden the Security of Your .NET Website
How to Harden the Security of Your .NET Website
Adobe CQ5 for Developers - Introduction
Adobe CQ5 for Developers - Introduction
OWASP ESAPI and Microsoft Web Libraries in Cross-Site Scripting
OWASP ESAPI and Microsoft Web Libraries in Cross-Site Scripting
Learn css step by step online course
Learn css step by step online course
Exploiting a vulnerability to gain a shell
Exploiting a vulnerability to gain a shell
CNIT 129S: Ch 5: Bypassing Client-Side Controls
CNIT 129S: Ch 5: Bypassing Client-Side Controls
All ivanti is a secure workspace - Bsides Delft 2018
All ivanti is a secure workspace - Bsides Delft 2018
CNIT 129S: 13: Attacking Users: Other Techniques (Part 1 of 2)
CNIT 129S: 13: Attacking Users: Other Techniques (Part 1 of 2)
CNIT 129S: 13: Attacking Users: Other Techniques (Part 2 of 2)
CNIT 129S: 13: Attacking Users: Other Techniques (Part 2 of 2)
Semelhante a AOEconf17: Application Security
A case study of security features inside the popular python-based web framework, Django. Made by Mohammed ALDOUB (@Voulnet)
Case Study of Django: Web Frameworks that are Secure by Default
Case Study of Django: Web Frameworks that are Secure by Default
Mohammed ALDOUB
Mr. Mohammed Aldoub - A case study of django web applications that are secur...
Mr. Mohammed Aldoub - A case study of django web applications that are secur...
nooralmousa
Insecure software undermines our infrastructure and puts our organizations at risk. Whether you’re a new developer, a designer who is beginning to experiment with programming, or a seasoned developer looking for a refresher, join us as we discuss why attacks happen, go over the most common vulnerabilities and techniques you can use to code defensively. This hands-on workshop will feature real-world hacking exercises that correspond to each of the Open Web Application Security Project (OWASP) top 10 vulnerabilities, helping to hone your skills as a security ninja!
Become a Security Ninja
Become a Security Ninja
Paul Gilzow
Same-origin policy is an important security concept of the modern browser languages like JavaScript but becomes an obstacle for developers when building complex client-side apps. Over time there have been lots of ingenious workarounds using JSON-P, IFRAME and proxies. As of January 2013 the well known Cross Origin Resource Sharing (CORS) comes as proposed standard by W3C and has now native support by all major browsers.
Going Beyond Cross Domain Boundaries (jQuery Bulgaria)
Going Beyond Cross Domain Boundaries (jQuery Bulgaria)
Ivo Andreev
Attendees will learn the best web application security practices used by major US government entities. The presentation will cover network configuration, caching, replication, common web application vulnerabilities, and how making these changes will result in better web site performance and user satisfaction. The five most common types of web application attacks will be explained, along with simple ways to prevent them.
Do you lose sleep at night?
Do you lose sleep at night?
Nathan Van Gheem
2013 OWASP Top 10 presentation, slightly modified for a presentation I did at the Lasso Developer Conference in Niagara Falls.
2013 OWASP Top 10
2013 OWASP Top 10
bilcorry
It is a presentation of the work done in a Research and Development Project on the Zed Attack Proxy Tool.
The OWASP Zed Attack Proxy
The OWASP Zed Attack Proxy
Aditya Gupta
Web Security
Web Security
Web Security
KHOANGUYNNGANH
By Adam Goodman, Principal Security Architect at Duo Security
Making Web Development "Secure By Default"
Making Web Development "Secure By Default"
Duo Security
* Django is a Web Application Framework, written in Python * Allows rapid, secure and agile web development. * Write better web applications in less time & effort.
Django (Web Applications that are Secure by Default )