Enviar pesquisa
Carregar
Chaos Report - Web Security Version
•
Transferir como KEY, PDF
•
0 gostou
•
833 visualizações
Eduardo Bohrer
Seguir
Slides do Lightning Talk apresentado no Segundo TTLabs Summit em 11/11/2011.
Leia menos
Leia mais
Tecnologia
Denunciar
Compartilhar
Denunciar
Compartilhar
1 de 19
Baixar agora
Recomendados
Sophos introduces the Threat Landscape
Sophos introduces the Threat Landscape
Sophos Benelux
Malware self protection-matrix
Malware self protection-matrix
Cyphort
Virus Informáticos
Virus Informáticos
yaya2404
Mmw mac malware-mac
Mmw mac malware-mac
Cyphort
Asw clntg
Asw clntg
Madhu Priya
Cybersecurity 5 road_blocks
Cybersecurity 5 road_blocks
Cyphort
Malware's Most Wanted: Malvertising Attacks on Huffingtonpost, Yahoo, AOL
Malware's Most Wanted: Malvertising Attacks on Huffingtonpost, Yahoo, AOL
Cyphort
The Wannacry Effect - Provided by Raconteur
The Wannacry Effect - Provided by Raconteur
Gary Chambers
Recomendados
Sophos introduces the Threat Landscape
Sophos introduces the Threat Landscape
Sophos Benelux
Malware self protection-matrix
Malware self protection-matrix
Cyphort
Virus Informáticos
Virus Informáticos
yaya2404
Mmw mac malware-mac
Mmw mac malware-mac
Cyphort
Asw clntg
Asw clntg
Madhu Priya
Cybersecurity 5 road_blocks
Cybersecurity 5 road_blocks
Cyphort
Malware's Most Wanted: Malvertising Attacks on Huffingtonpost, Yahoo, AOL
Malware's Most Wanted: Malvertising Attacks on Huffingtonpost, Yahoo, AOL
Cyphort
The Wannacry Effect - Provided by Raconteur
The Wannacry Effect - Provided by Raconteur
Gary Chambers
Delitos informáticos
Delitos informáticos
Carlos Javier Sanbri
Most notable apt_ attacks_of_2015_and_2016 predictions
Most notable apt_ attacks_of_2015_and_2016 predictions
Cyphort
Malware's Most Wanted: Financial Trojans
Malware's Most Wanted: Financial Trojans
Cyphort
Malware's Most Wanted: The Many Faces of Malware
Malware's Most Wanted: The Many Faces of Malware
Cyphort
MMW June 2016: The Rise and Fall of Angler
MMW June 2016: The Rise and Fall of Angler
Marci Bontadelli
Antivirus weakness
Antivirus weakness
abdesslem amri
What? Why? Who? How? Of Application Security Testing
What? Why? Who? How? Of Application Security Testing
TEST Huddle
Today's malware aint what you think
Today's malware aint what you think
Nathan Winters
20160713 2016 the honeynet projct annual workshop focus and global trends
20160713 2016 the honeynet projct annual workshop focus and global trends
Yi-Lang Tsai
Sucuri website-hacked-report-2016 q1
Sucuri website-hacked-report-2016 q1
Roel Palmaers
The Dangers of Lapto
The Dangers of Lapto
Infosec Europe
2016 Bad Bot Report: Quantifying the Risk and Economic Impact of Bad Bots
2016 Bad Bot Report: Quantifying the Risk and Economic Impact of Bad Bots
Distil Networks
Quick heal threat_report_q3_2016
Quick heal threat_report_q3_2016
Andrey Apuhtin
Protect Yourself Against Today's Cybercriminals and Hackers
Protect Yourself Against Today's Cybercriminals and Hackers
Kaseya
Threats, Threat Modeling and Analysis
Threats, Threat Modeling and Analysis
Ian G
RSA Europe 2013 OWASP Training
RSA Europe 2013 OWASP Training
Jim Manico
En msft-scrty-cntnt-e book-cybersecurity
En msft-scrty-cntnt-e book-cybersecurity
Online Business
2016 Trends in Security
2016 Trends in Security
Ioannis Aligizakis, M.Sc.
The Web Hacking Incidents Database Annual
The Web Hacking Incidents Database Annual
guest376352
DevSecCon London 2019: Are Open Source Developers Security’s New Front Line?
DevSecCon London 2019: Are Open Source Developers Security’s New Front Line?
DevSecCon
Web Application Security
Web Application Security
sudip pudasaini
Indiancybercrimescene
Indiancybercrimescene
Rahul Mohandas
Mais conteúdo relacionado
Mais procurados
Delitos informáticos
Delitos informáticos
Carlos Javier Sanbri
Most notable apt_ attacks_of_2015_and_2016 predictions
Most notable apt_ attacks_of_2015_and_2016 predictions
Cyphort
Malware's Most Wanted: Financial Trojans
Malware's Most Wanted: Financial Trojans
Cyphort
Malware's Most Wanted: The Many Faces of Malware
Malware's Most Wanted: The Many Faces of Malware
Cyphort
MMW June 2016: The Rise and Fall of Angler
MMW June 2016: The Rise and Fall of Angler
Marci Bontadelli
Antivirus weakness
Antivirus weakness
abdesslem amri
Mais procurados
(6)
Delitos informáticos
Delitos informáticos
Most notable apt_ attacks_of_2015_and_2016 predictions
Most notable apt_ attacks_of_2015_and_2016 predictions
Malware's Most Wanted: Financial Trojans
Malware's Most Wanted: Financial Trojans
Malware's Most Wanted: The Many Faces of Malware
Malware's Most Wanted: The Many Faces of Malware
MMW June 2016: The Rise and Fall of Angler
MMW June 2016: The Rise and Fall of Angler
Antivirus weakness
Antivirus weakness
Semelhante a Chaos Report - Web Security Version
What? Why? Who? How? Of Application Security Testing
What? Why? Who? How? Of Application Security Testing
TEST Huddle
Today's malware aint what you think
Today's malware aint what you think
Nathan Winters
20160713 2016 the honeynet projct annual workshop focus and global trends
20160713 2016 the honeynet projct annual workshop focus and global trends
Yi-Lang Tsai
Sucuri website-hacked-report-2016 q1
Sucuri website-hacked-report-2016 q1
Roel Palmaers
The Dangers of Lapto
The Dangers of Lapto
Infosec Europe
2016 Bad Bot Report: Quantifying the Risk and Economic Impact of Bad Bots
2016 Bad Bot Report: Quantifying the Risk and Economic Impact of Bad Bots
Distil Networks
Quick heal threat_report_q3_2016
Quick heal threat_report_q3_2016
Andrey Apuhtin
Protect Yourself Against Today's Cybercriminals and Hackers
Protect Yourself Against Today's Cybercriminals and Hackers
Kaseya
Threats, Threat Modeling and Analysis
Threats, Threat Modeling and Analysis
Ian G
RSA Europe 2013 OWASP Training
RSA Europe 2013 OWASP Training
Jim Manico
En msft-scrty-cntnt-e book-cybersecurity
En msft-scrty-cntnt-e book-cybersecurity
Online Business
2016 Trends in Security
2016 Trends in Security
Ioannis Aligizakis, M.Sc.
The Web Hacking Incidents Database Annual
The Web Hacking Incidents Database Annual
guest376352
DevSecCon London 2019: Are Open Source Developers Security’s New Front Line?
DevSecCon London 2019: Are Open Source Developers Security’s New Front Line?
DevSecCon
Web Application Security
Web Application Security
sudip pudasaini
Indiancybercrimescene
Indiancybercrimescene
Rahul Mohandas
Vinoo thomas rahul_mohandas__indian_cybercrime_scene - ClubHack2009
Vinoo thomas rahul_mohandas__indian_cybercrime_scene - ClubHack2009
ClubHack
Cisco Web and Email Security Overview
Cisco Web and Email Security Overview
Cisco Security
Renaud Bido & Mohammad Shams - Hijacking web servers & clients
Renaud Bido & Mohammad Shams - Hijacking web servers & clients
nooralmousa
Threat Check for Struts Released, Equifax Breach Dominates News
Threat Check for Struts Released, Equifax Breach Dominates News
Black Duck by Synopsys
Semelhante a Chaos Report - Web Security Version
(20)
What? Why? Who? How? Of Application Security Testing
What? Why? Who? How? Of Application Security Testing
Today's malware aint what you think
Today's malware aint what you think
20160713 2016 the honeynet projct annual workshop focus and global trends
20160713 2016 the honeynet projct annual workshop focus and global trends
Sucuri website-hacked-report-2016 q1
Sucuri website-hacked-report-2016 q1
The Dangers of Lapto
The Dangers of Lapto
2016 Bad Bot Report: Quantifying the Risk and Economic Impact of Bad Bots
2016 Bad Bot Report: Quantifying the Risk and Economic Impact of Bad Bots
Quick heal threat_report_q3_2016
Quick heal threat_report_q3_2016
Protect Yourself Against Today's Cybercriminals and Hackers
Protect Yourself Against Today's Cybercriminals and Hackers
Threats, Threat Modeling and Analysis
Threats, Threat Modeling and Analysis
RSA Europe 2013 OWASP Training
RSA Europe 2013 OWASP Training
En msft-scrty-cntnt-e book-cybersecurity
En msft-scrty-cntnt-e book-cybersecurity
2016 Trends in Security
2016 Trends in Security
The Web Hacking Incidents Database Annual
The Web Hacking Incidents Database Annual
DevSecCon London 2019: Are Open Source Developers Security’s New Front Line?
DevSecCon London 2019: Are Open Source Developers Security’s New Front Line?
Web Application Security
Web Application Security
Indiancybercrimescene
Indiancybercrimescene
Vinoo thomas rahul_mohandas__indian_cybercrime_scene - ClubHack2009
Vinoo thomas rahul_mohandas__indian_cybercrime_scene - ClubHack2009
Cisco Web and Email Security Overview
Cisco Web and Email Security Overview
Renaud Bido & Mohammad Shams - Hijacking web servers & clients
Renaud Bido & Mohammad Shams - Hijacking web servers & clients
Threat Check for Struts Released, Equifax Breach Dominates News
Threat Check for Struts Released, Equifax Breach Dominates News
Mais de Eduardo Bohrer
Monitorando sistemas distribuidos
Monitorando sistemas distribuidos
Eduardo Bohrer
Kubernetes - ThoughtWorks Tech Radar 18
Kubernetes - ThoughtWorks Tech Radar 18
Eduardo Bohrer
Refatoração - XPConfBR 2015
Refatoração - XPConfBR 2015
Eduardo Bohrer
Node.JS - Workshop do básico ao avançado
Node.JS - Workshop do básico ao avançado
Eduardo Bohrer
Builds e Pipelines - A arte de automatizar a entrega de software!
Builds e Pipelines - A arte de automatizar a entrega de software!
Eduardo Bohrer
Git para quem gosta de git
Git para quem gosta de git
Eduardo Bohrer
NoSQL and AWS Dynamodb
NoSQL and AWS Dynamodb
Eduardo Bohrer
uMov.me API - Do básico ao avançado
uMov.me API - Do básico ao avançado
Eduardo Bohrer
XSS (Cross site scripting)
XSS (Cross site scripting)
Eduardo Bohrer
Memória e Garbage Collection na JVM
Memória e Garbage Collection na JVM
Eduardo Bohrer
Mais de Eduardo Bohrer
(10)
Monitorando sistemas distribuidos
Monitorando sistemas distribuidos
Kubernetes - ThoughtWorks Tech Radar 18
Kubernetes - ThoughtWorks Tech Radar 18
Refatoração - XPConfBR 2015
Refatoração - XPConfBR 2015
Node.JS - Workshop do básico ao avançado
Node.JS - Workshop do básico ao avançado
Builds e Pipelines - A arte de automatizar a entrega de software!
Builds e Pipelines - A arte de automatizar a entrega de software!
Git para quem gosta de git
Git para quem gosta de git
NoSQL and AWS Dynamodb
NoSQL and AWS Dynamodb
uMov.me API - Do básico ao avançado
uMov.me API - Do básico ao avançado
XSS (Cross site scripting)
XSS (Cross site scripting)
Memória e Garbage Collection na JVM
Memória e Garbage Collection na JVM
Último
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
Stephanie Beckett
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
Fwdays
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
Memoori
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
hariprasad279825
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
BookNet Canada
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
Dubai Multi Commodity Centre
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Safe Software
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
null - The Open Security Community
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
Fwdays
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
NavinnSomaal
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Zilliz
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clash
charlottematthew16
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering Tips
Miki Katsuragi
The Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdf
SeasiaInfotech2
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
Slibray Presentation
Training state-of-the-art general text embedding
Training state-of-the-art general text embedding
Zilliz
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
Lorenzo Miniero
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
Enterprise Knowledge
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
Fwdays
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Wonjun Hwang
Último
(20)
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clash
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering Tips
The Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdf
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
Training state-of-the-art general text embedding
Training state-of-the-art general text embedding
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Chaos Report - Web Security Version
1.
The Chaos
Report Web Security Version Eduardo Bohrer - @nbluis eduardobohrer.com.br
2.
Você tem tido
o devido cuidado?
3.
O nosso inimigo
está armado e parapetado!
4.
Os números de
2010
5.
Os números de
2010 93% mais ataques web 15~20 milhões de ataques por dia 1+ milhão bots 42% mais ataques mobile 260+ milhões novos malwares Brasil 4 colocado em atividade maliciosa Fonte: Symantec Security Threat Report Volume 16
6.
7.
6
8.
30 vulnerabilidades mais
recorrentes. 84% websites do mundo são susceptíveis. Fonte: Whitehat website security statistics report 2011. 6
9.
30 vulnerabilidades 84% websites
do mundo Fonte: Whitehat website security statistics report 2011. 6
10.
11.
Quem poderá nos
defender?
12.
Sem fins lucrativos
13.
Diversos apoiadores
14.
Muitos projetos e
material de estudo
15.
Muitos projetos e
material de estudo OWASP Top 10 OWASP Testing Guide ESAPI Web Goat WebScarab OWASP Development Guide
16.
Grupo de discussão; Organização
de eventos; Fez a organização do AppSec Latin America 2011.
17.
18.
Referencias http://www.symantec.com/business/threatreport/ https://www.whitehatsec.com/assets/WPstats_winter11_11th.pdf https://www.owasp.org/index.php/Main_Page https://www.owasp.org/index.php/Category:OWASP_Project https://www.owasp.org/index.php/Porto_Alegre https://www.owasp.org/index.php/Category:OWASP_WebScarab_Project https://www.owasp.org/index.php/Category:OWASP_Guide_Project https://www.owasp.org/index.php/Category:OWASP_Testing_Project https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project https://www.owasp.org/index.php/Category:OWASP_WebGoat_Project https://www.owasp.org/index.php/Category:OWASP_Enterprise_Security_API
19.
Imagens http://3.bp.blogspot.com/_Na4CPVnGtCk/TT8o77X2PxI/AAAAAAAAZ6c/xfQtTtZxM_w/s400/ apontando_o_dedo.jpg http://1.bp.blogspot.com/_TBFrVWg5uOM/TF_9R41sK7I/AAAAAAAAB1U/elW_A1ning8/s1600/chapolin.jpg http://www.yaboukir.com/wp-content/uploads/2011/09/owasp.png https://www.owasp.org/images/c/c1/Owasp-poa-eng.png http://wallpapergravity.com/wallpapers2/650/650912.jpg http://i277.photobucket.com/albums/kk65/darinaldi/fuuu.png http://fak3r.com/wp-content/blogs.dir/12/files/ challenge_accepted_Amazing_Feats_Fails_WIns_Lolz_and_A_Contest-s325x265-158648-535.png http://osprofanos.com/wp-content/uploads/2011/02/
Notas do Editor
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
Baixar agora