SlideShare uma empresa Scribd logo

Web Application Security

Transferir como PPTX, PDF
Nelsan Ellis
Nelsan Ellis
Tecnologia
1 de 13
Created By Cygnis Media http://www.cygnismedia.com/
 Web application security is a branch of Information Security that deals specifically with security of websites, web applications and web services.  At a high level, Web application security draws on the principles of application security but applies them specifically to Internet and Web systems. Typically web applications are developed using programming languages such as PHP, Java EE, Java, Python, Ruby, ASP.NET, C#, VB.NET or Classic ASP.
 Content-Security-Policy  X-Frame-Options  Anti-CSRF cryptographic nonces on all secure functions  DAL (data/database access layer)  Unwritable file system  Forensically secure logging  Secure credential/passwd/secret questions and answers storage  Security frameworks  autocomplete="off" and strong passwords
 We suggest you apply this with the notifying switched on, so that you can see what's splitting as your devs will work on it. It can be incredibly hard to develop into your website retroactively, because it usually includes either including so many whitelists that it's essentially useless, or having to go carefully through your website to make a large stock, expecting that you don't skip anything along the way. There is now a bookmarklet to help as well.
 (one time tokens tied to user sessions) into each type and verifying that to make sure that your site can't be compelled to execute activities. This can be a huge pain to retrofit because it means in contact with a data source or distributed storage on every hit — in addition to the rule that needs to be placed into each web page with a type and following operate to confirm the nonce.
 We suggest building nonces (one time tokens tied to user sessions) into each type and verifying that to make sure that your site can't be compelled to execute activities. This can be a large pain to retrofit because it means in contact with a data source or distributed storage on every hit in addition to the rule that needs to be placed into each web page with a type and following operate to confirm the nonce.
 DALs help to avoid SQLinjection. Few organizations know about them or use them properly, but by front side finishing all data source with an abstraction part many types of SQL hypodermic injection basically don't succeed because they are not properly established. DALs can be costly and incredibly complicated to retrofit because every individual data source contact needs adjustment and interpolation at the DAL part.
 Making the website rule and webserver configs on the computer file program unwritable by the web customer is a large protection benefits post- compromise. Almost no sites take this precautionary activity but it makes many types of exploitation nearly difficult. Retrofitting this is difficult to do later because plenty of things usually depend on local computer file program creates as the site advances over time, even though this type of style can be incredibly poor.
 Records that are sent off-host or are created otherwise not reachable by the web customer help avoid overwriting the computer file program, regional consist of strikes, eliminating the assailant's paths from the logs and so on. It's challenging to describe how useful it is to have untampered logs until after it's too delayed. It is challenging to retrofit because it usually needs creating different signing facilities and developing some way to duplicate or instantly transportation the logs.
 How many sites have we seen affected and all of the information is taken? In most situations it is either plaintext or badly hashed with an outdated hashing criteria, like MD5. Supposing that everything in the information source is duplicated off, the enemy still shouldn't have accessibility anything without investing loads of sources to break individual series. This can be extremely complicated to retrofit because many site features depend on current information source styles and the associated organized information.
 Collections for managing and sanitising or rejecting customer feedback (XSS, SQLi, Control hypodermic injection, etc...) significantly enhance your capability to proactively secure yourself when used consistently across the website. Collections like this usually need modifying many website features, and these frameworks therefore contact almost every feedback, so it can be a headache to develop after the fact.
 To secure your website from incredible power and from the latest allergy of protection problems in autocomplete, it is a wise decision to apply both of these. If your customers think the web browser will keep in mind their protection passwords for them it's going to be a headache when you convert autocomplete="off" later. If you convert it off beginning, they'll select poor protection passwords. So you really need both at the same time. You don't want the assistance expenses of all of your customers contacting you trying to determine how to get returning into their consideration.
Created By Cygnis Media: http://www.cygnismedia.com/Data Collect: itproportal.com

Recomendados

Why You Need A Web Application Firewall
Why You Need A Web Application FirewallWhy You Need A Web Application Firewall
Why You Need A Web Application FirewallPort80 Software
 
OWASP Serbia - A6 security misconfiguration
OWASP Serbia - A6 security misconfigurationOWASP Serbia - A6 security misconfiguration
OWASP Serbia - A6 security misconfigurationNikola Milosevic
 
Benefits of Web Application Firewall
Benefits of Web Application FirewallBenefits of Web Application Firewall
Benefits of Web Application Firewalldavidjohnrace
 
BEST PRACTICES OF WEB APPLICATION SECURITY By SAMVEL GEVORGYAN
BEST PRACTICES OF WEB APPLICATION SECURITY By SAMVEL GEVORGYANBEST PRACTICES OF WEB APPLICATION SECURITY By SAMVEL GEVORGYAN
BEST PRACTICES OF WEB APPLICATION SECURITY By SAMVEL GEVORGYANSamvel Gevorgyan
 
OWASP Serbia - A3 broken authentication and session management
OWASP Serbia - A3 broken authentication and session managementOWASP Serbia - A3 broken authentication and session management
OWASP Serbia - A3 broken authentication and session managementNikola Milosevic
 
CROSS-SITE REQUEST FORGERY - IN-DEPTH ANALYSIS 2011
CROSS-SITE REQUEST FORGERY - IN-DEPTH ANALYSIS 2011CROSS-SITE REQUEST FORGERY - IN-DEPTH ANALYSIS 2011
CROSS-SITE REQUEST FORGERY - IN-DEPTH ANALYSIS 2011Samvel Gevorgyan
 
OWASP Serbia - A5 cross-site request forgery
OWASP Serbia - A5 cross-site request forgeryOWASP Serbia - A5 cross-site request forgery
OWASP Serbia - A5 cross-site request forgeryNikola Milosevic
 
Web Application Firewall intro
Web Application Firewall introWeb Application Firewall intro
Web Application Firewall introRich Helton
 

Recomendados

Why You Need A Web Application Firewall
Why You Need A Web Application FirewallWhy You Need A Web Application Firewall
Why You Need A Web Application FirewallPort80 Software
 
OWASP Serbia - A6 security misconfiguration
OWASP Serbia - A6 security misconfigurationOWASP Serbia - A6 security misconfiguration
OWASP Serbia - A6 security misconfigurationNikola Milosevic
 
Benefits of Web Application Firewall
Benefits of Web Application FirewallBenefits of Web Application Firewall
Benefits of Web Application Firewalldavidjohnrace
 
BEST PRACTICES OF WEB APPLICATION SECURITY By SAMVEL GEVORGYAN
BEST PRACTICES OF WEB APPLICATION SECURITY By SAMVEL GEVORGYANBEST PRACTICES OF WEB APPLICATION SECURITY By SAMVEL GEVORGYAN
BEST PRACTICES OF WEB APPLICATION SECURITY By SAMVEL GEVORGYANSamvel Gevorgyan
 
OWASP Serbia - A3 broken authentication and session management
OWASP Serbia - A3 broken authentication and session managementOWASP Serbia - A3 broken authentication and session management
OWASP Serbia - A3 broken authentication and session managementNikola Milosevic
 
CROSS-SITE REQUEST FORGERY - IN-DEPTH ANALYSIS 2011
CROSS-SITE REQUEST FORGERY - IN-DEPTH ANALYSIS 2011CROSS-SITE REQUEST FORGERY - IN-DEPTH ANALYSIS 2011
CROSS-SITE REQUEST FORGERY - IN-DEPTH ANALYSIS 2011Samvel Gevorgyan
 
OWASP Serbia - A5 cross-site request forgery
OWASP Serbia - A5 cross-site request forgeryOWASP Serbia - A5 cross-site request forgery
OWASP Serbia - A5 cross-site request forgeryNikola Milosevic
 
Web Application Firewall intro
Web Application Firewall introWeb Application Firewall intro
Web Application Firewall introRich Helton
 
Top 10 Web Security Vulnerabilities (OWASP Top 10)
Top 10 Web Security Vulnerabilities (OWASP Top 10)Top 10 Web Security Vulnerabilities (OWASP Top 10)
Top 10 Web Security Vulnerabilities (OWASP Top 10)Brian Huff
 
Chapter1:information security overview
Chapter1:information security overview Chapter1:information security overview
Chapter1:information security overview Dr.Sami Khiami
 
Owasp top 10 security threats
Owasp top 10 security threatsOwasp top 10 security threats
Owasp top 10 security threatsVishal Kumar
 
Chapter 3: Vulnerabilities and threat models
Chapter 3: Vulnerabilities and threat modelsChapter 3: Vulnerabilities and threat models
Chapter 3: Vulnerabilities and threat modelsDr.Sami Khiami
 
Owasp 2017 oveview
Owasp 2017 oveviewOwasp 2017 oveview
Owasp 2017 oveviewShreyas N
 
t r
t rt r
t relectronicmingle01
 
Content Management System Security
Content Management System SecurityContent Management System Security
Content Management System SecuritySamvel Gevorgyan
 
Top 10 Web Application vulnerabilities
Top 10 Web Application vulnerabilitiesTop 10 Web Application vulnerabilities
Top 10 Web Application vulnerabilitiesTerrance Medina
 
Web Application Firewall (WAF) DAST/SAST combination
Web Application Firewall (WAF) DAST/SAST combinationWeb Application Firewall (WAF) DAST/SAST combination
Web Application Firewall (WAF) DAST/SAST combinationTjylen Veselyj
 
Security For Application Development
Security For Application DevelopmentSecurity For Application Development
Security For Application Development6502programmer
 
A5: Security Misconfiguration
A5: Security Misconfiguration A5: Security Misconfiguration
A5: Security Misconfiguration Tariq Islam
 
4 . future uni presentation
4 . future uni presentation4 . future uni presentation
4 . future uni presentationRashid Khatmey
 
Owasp top 10 2017
Owasp top 10 2017Owasp top 10 2017
Owasp top 10 2017ibrahimumer2
 
Chapter4:Be The Attacker
Chapter4:Be The Attacker Chapter4:Be The Attacker
Chapter4:Be The Attacker Dr.Sami Khiami
 
Chapter 6 : Attack Execution (2)
Chapter 6 : Attack Execution (2)Chapter 6 : Attack Execution (2)
Chapter 6 : Attack Execution (2)Dr.Sami Khiami
 
OWASP Top 10 - 2017
OWASP Top 10 - 2017OWASP Top 10 - 2017
OWASP Top 10 - 2017HackerOne
 
OWASP Top 10 2017 - New Vulnerabilities
OWASP Top 10 2017 - New VulnerabilitiesOWASP Top 10 2017 - New Vulnerabilities
OWASP Top 10 2017 - New VulnerabilitiesDilum Bandara
 
Owasp Top 10
Owasp Top 10Owasp Top 10
Owasp Top 10Shivam Porwal
 
Owasp first5 presentation
Owasp first5 presentationOwasp first5 presentation
Owasp first5 presentationAshwini Paranjpe
 
OWASP TOP TEN 2017 RC1
OWASP TOP TEN 2017 RC1OWASP TOP TEN 2017 RC1
OWASP TOP TEN 2017 RC1Telefónica
 
Advocacy for pride of teachers
Advocacy for pride of teachersAdvocacy for pride of teachers
Advocacy for pride of teachersKUMAR RAJESH
 
Akiu prieziuros patarimai paaugliams
Akiu prieziuros patarimai paaugliamsAkiu prieziuros patarimai paaugliams
Akiu prieziuros patarimai paaugliamsinfolesiai
 

Mais conteúdo relacionado

Mais procurados

Top 10 Web Security Vulnerabilities (OWASP Top 10)
Top 10 Web Security Vulnerabilities (OWASP Top 10)Top 10 Web Security Vulnerabilities (OWASP Top 10)
Top 10 Web Security Vulnerabilities (OWASP Top 10)Brian Huff
 
Chapter1:information security overview
Chapter1:information security overview Chapter1:information security overview
Chapter1:information security overview Dr.Sami Khiami
 
Owasp top 10 security threats
Owasp top 10 security threatsOwasp top 10 security threats
Owasp top 10 security threatsVishal Kumar
 
Chapter 3: Vulnerabilities and threat models
Chapter 3: Vulnerabilities and threat modelsChapter 3: Vulnerabilities and threat models
Chapter 3: Vulnerabilities and threat modelsDr.Sami Khiami
 
Owasp 2017 oveview
Owasp 2017 oveviewOwasp 2017 oveview
Owasp 2017 oveviewShreyas N
 
Content Management System Security
Content Management System SecurityContent Management System Security
Content Management System SecuritySamvel Gevorgyan
 
Top 10 Web Application vulnerabilities
Top 10 Web Application vulnerabilitiesTop 10 Web Application vulnerabilities
Top 10 Web Application vulnerabilitiesTerrance Medina
 
Web Application Firewall (WAF) DAST/SAST combination
Web Application Firewall (WAF) DAST/SAST combinationWeb Application Firewall (WAF) DAST/SAST combination
Web Application Firewall (WAF) DAST/SAST combinationTjylen Veselyj
 
Security For Application Development
Security For Application DevelopmentSecurity For Application Development
Security For Application Development6502programmer
 
A5: Security Misconfiguration
A5: Security Misconfiguration A5: Security Misconfiguration
A5: Security Misconfiguration Tariq Islam
 
4 . future uni presentation
4 . future uni presentation4 . future uni presentation
4 . future uni presentationRashid Khatmey
 
Chapter4:Be The Attacker
Chapter4:Be The Attacker Chapter4:Be The Attacker
Chapter4:Be The Attacker Dr.Sami Khiami
 
Chapter 6 : Attack Execution (2)
Chapter 6 : Attack Execution (2)Chapter 6 : Attack Execution (2)
Chapter 6 : Attack Execution (2)Dr.Sami Khiami
 
OWASP Top 10 - 2017
OWASP Top 10 - 2017OWASP Top 10 - 2017
OWASP Top 10 - 2017HackerOne
 
OWASP Top 10 2017 - New Vulnerabilities
OWASP Top 10 2017 - New VulnerabilitiesOWASP Top 10 2017 - New Vulnerabilities
OWASP Top 10 2017 - New VulnerabilitiesDilum Bandara
 
OWASP TOP TEN 2017 RC1
OWASP TOP TEN 2017 RC1OWASP TOP TEN 2017 RC1
OWASP TOP TEN 2017 RC1Telefónica
 

Mais procurados (20)

Top 10 Web Security Vulnerabilities (OWASP Top 10)
Top 10 Web Security Vulnerabilities (OWASP Top 10)Top 10 Web Security Vulnerabilities (OWASP Top 10)
Top 10 Web Security Vulnerabilities (OWASP Top 10)
 
Chapter1:information security overview
Chapter1:information security overview Chapter1:information security overview
Chapter1:information security overview
 
Owasp top 10 security threats
Owasp top 10 security threatsOwasp top 10 security threats
Owasp top 10 security threats
 
Chapter 3: Vulnerabilities and threat models
Chapter 3: Vulnerabilities and threat modelsChapter 3: Vulnerabilities and threat models
Chapter 3: Vulnerabilities and threat models
 
Owasp 2017 oveview
Owasp 2017 oveviewOwasp 2017 oveview
Owasp 2017 oveview
 
t r
t rt r
t r
 
Content Management System Security
Content Management System SecurityContent Management System Security
Content Management System Security
 
Top 10 Web Application vulnerabilities
Top 10 Web Application vulnerabilitiesTop 10 Web Application vulnerabilities
Top 10 Web Application vulnerabilities
 
Web Application Firewall (WAF) DAST/SAST combination
Web Application Firewall (WAF) DAST/SAST combinationWeb Application Firewall (WAF) DAST/SAST combination
Web Application Firewall (WAF) DAST/SAST combination
 
Security For Application Development
Security For Application DevelopmentSecurity For Application Development
Security For Application Development
 
A5: Security Misconfiguration
A5: Security Misconfiguration A5: Security Misconfiguration
A5: Security Misconfiguration
 
4 . future uni presentation
4 . future uni presentation4 . future uni presentation
4 . future uni presentation
 
Owasp top 10 2017
Owasp top 10 2017Owasp top 10 2017
Owasp top 10 2017
 
Chapter4:Be The Attacker
Chapter4:Be The Attacker Chapter4:Be The Attacker
Chapter4:Be The Attacker
 
Chapter 6 : Attack Execution (2)
Chapter 6 : Attack Execution (2)Chapter 6 : Attack Execution (2)
Chapter 6 : Attack Execution (2)
 
OWASP Top 10 - 2017
OWASP Top 10 - 2017OWASP Top 10 - 2017
OWASP Top 10 - 2017
 
OWASP Top 10 2017 - New Vulnerabilities
OWASP Top 10 2017 - New VulnerabilitiesOWASP Top 10 2017 - New Vulnerabilities
OWASP Top 10 2017 - New Vulnerabilities
 
Owasp Top 10
Owasp Top 10Owasp Top 10
Owasp Top 10
 
Owasp first5 presentation
Owasp first5 presentationOwasp first5 presentation
Owasp first5 presentation
 
OWASP TOP TEN 2017 RC1
OWASP TOP TEN 2017 RC1OWASP TOP TEN 2017 RC1
OWASP TOP TEN 2017 RC1
 

Destaque

Advocacy for pride of teachers
Advocacy for pride of teachersAdvocacy for pride of teachers
Advocacy for pride of teachersKUMAR RAJESH
 
Akiu prieziuros patarimai paaugliams
Akiu prieziuros patarimai paaugliamsAkiu prieziuros patarimai paaugliams
Akiu prieziuros patarimai paaugliamsinfolesiai
 
Showcase of pikslme's data august2013
Showcase of pikslme's data august2013Showcase of pikslme's data august2013
Showcase of pikslme's data august2013Pikslme
 
Our global reach
Our global reachOur global reach
Our global reachKonnexions
 
Top 10 Social Media Websites
Top 10 Social Media WebsitesTop 10 Social Media Websites
Top 10 Social Media WebsitesNelsan Ellis
 
Take it home design thinking application
Take it home design thinking applicationTake it home design thinking application
Take it home design thinking applicationjgulli
 
Marketing trends to watch in 2013
Marketing trends to watch in 2013Marketing trends to watch in 2013
Marketing trends to watch in 2013Nelsan Ellis
 
Facebook help to grow business
Facebook help to grow businessFacebook help to grow business
Facebook help to grow businessNelsan Ellis
 
Design challenge brief empathize and define
Design challenge brief empathize and defineDesign challenge brief empathize and define
Design challenge brief empathize and definejgulli
 
How to learn chinese correctly
How to learn chinese correctlyHow to learn chinese correctly
How to learn chinese correctlyPing He
 
Maayan Cidade Jardim
Maayan Cidade JardimMaayan Cidade Jardim
Maayan Cidade JardimRJZCyrela
 

Destaque (15)

Advocacy for pride of teachers
Advocacy for pride of teachersAdvocacy for pride of teachers
Advocacy for pride of teachers
 
Akiu prieziuros patarimai paaugliams
Akiu prieziuros patarimai paaugliamsAkiu prieziuros patarimai paaugliams
Akiu prieziuros patarimai paaugliams
 
Showcase of pikslme's data august2013
Showcase of pikslme's data august2013Showcase of pikslme's data august2013
Showcase of pikslme's data august2013
 
Our global reach
Our global reachOur global reach
Our global reach
 
Top 10 Social Media Websites
Top 10 Social Media WebsitesTop 10 Social Media Websites
Top 10 Social Media Websites
 
Take it home design thinking application
Take it home design thinking applicationTake it home design thinking application
Take it home design thinking application
 
Marketing trends to watch in 2013
Marketing trends to watch in 2013Marketing trends to watch in 2013
Marketing trends to watch in 2013
 
Facebook help to grow business
Facebook help to grow businessFacebook help to grow business
Facebook help to grow business
 
Design challenge brief empathize and define
Design challenge brief empathize and defineDesign challenge brief empathize and define
Design challenge brief empathize and define
 
MI GRAN FAMILIA
MI GRAN FAMILIAMI GRAN FAMILIA
MI GRAN FAMILIA
 
Prototype and test
Prototype and testPrototype and test
Prototype and test
 
How to learn chinese correctly
How to learn chinese correctlyHow to learn chinese correctly
How to learn chinese correctly
 
Prototype
PrototypePrototype
Prototype
 
No go tell april
No go tell aprilNo go tell april
No go tell april
 
Maayan Cidade Jardim
Maayan Cidade JardimMaayan Cidade Jardim
Maayan Cidade Jardim
 

Semelhante a Web Application Security

OWASP Portland - OWASP Top 10 For JavaScript Developers
OWASP Portland - OWASP Top 10 For JavaScript DevelopersOWASP Portland - OWASP Top 10 For JavaScript Developers
OWASP Portland - OWASP Top 10 For JavaScript DevelopersLewis Ardern
 
A security note for web developers
A security note for web developersA security note for web developers
A security note for web developersJohn Ombagi
 
Injecting Security into Web apps at Runtime Whitepaper
Injecting Security into Web apps at Runtime WhitepaperInjecting Security into Web apps at Runtime Whitepaper
Injecting Security into Web apps at Runtime WhitepaperAjin Abraham
 
Owasp web application security trends
Owasp web application security trendsOwasp web application security trends
Owasp web application security trendsbeched
 
[2.1] Web application Security Trends - Omar Ganiev
[2.1] Web application Security Trends - Omar Ganiev[2.1] Web application Security Trends - Omar Ganiev
[2.1] Web application Security Trends - Omar GanievOWASP Russia
 
CMS Website Security Threat Protection Oriented Analyzer System
CMS Website Security Threat Protection Oriented Analyzer SystemCMS Website Security Threat Protection Oriented Analyzer System
CMS Website Security Threat Protection Oriented Analyzer SystemEditor IJCATR
 
Java Application Development Vulnerabilities
Java Application Development VulnerabilitiesJava Application Development Vulnerabilities
Java Application Development VulnerabilitiesNarola Infotech
 
Security, more important than ever!
Security, more important than ever!Security, more important than ever!
Security, more important than ever!Marko Heijnen
 
Tips for web security
Tips for web securityTips for web security
Tips for web securitykareowebtech
 
Tips for web security
Tips for web securityTips for web security
Tips for web securitykareowebtech
 
Web application framework
Web application frameworkWeb application framework
Web application frameworkPankaj Chand
 
Website Security
Website SecurityWebsite Security
Website SecurityCarlos Z
 
Website Security
Website SecurityWebsite Security
Website SecurityMODxpo
 
Securing the e marketing site
Securing the e marketing siteSecuring the e marketing site
Securing the e marketing sitegaurav jain
 
Web Speed And Scalability
Web Speed And ScalabilityWeb Speed And Scalability
Web Speed And ScalabilityJason Ragsdale
 
Advanced security - Seccom Global
Advanced security - Seccom Global Advanced security - Seccom Global
Advanced security - Seccom Global Kim Tu
 
How to Secure Web Apps — A Web App Security Checklist
How to Secure Web Apps — A Web App Security ChecklistHow to Secure Web Apps — A Web App Security Checklist
How to Secure Web Apps — A Web App Security ChecklistPixel Crayons
 
10 server security hacks to secure your web servers
10 server security hacks to secure your web servers10 server security hacks to secure your web servers
10 server security hacks to secure your web serversTemok IT Services
 

Semelhante a Web Application Security (20)

OWASP Portland - OWASP Top 10 For JavaScript Developers
OWASP Portland - OWASP Top 10 For JavaScript DevelopersOWASP Portland - OWASP Top 10 For JavaScript Developers
OWASP Portland - OWASP Top 10 For JavaScript Developers
 
A security note for web developers
A security note for web developersA security note for web developers
A security note for web developers
 
Injecting Security into Web apps at Runtime Whitepaper
Injecting Security into Web apps at Runtime WhitepaperInjecting Security into Web apps at Runtime Whitepaper
Injecting Security into Web apps at Runtime Whitepaper
 
Owasp web application security trends
Owasp web application security trendsOwasp web application security trends
Owasp web application security trends
 
[2.1] Web application Security Trends - Omar Ganiev
[2.1] Web application Security Trends - Omar Ganiev[2.1] Web application Security Trends - Omar Ganiev
[2.1] Web application Security Trends - Omar Ganiev
 
CMS Website Security Threat Protection Oriented Analyzer System
CMS Website Security Threat Protection Oriented Analyzer SystemCMS Website Security Threat Protection Oriented Analyzer System
CMS Website Security Threat Protection Oriented Analyzer System
 
Java Application Development Vulnerabilities
Java Application Development VulnerabilitiesJava Application Development Vulnerabilities
Java Application Development Vulnerabilities
 
Security, more important than ever!
Security, more important than ever!Security, more important than ever!
Security, more important than ever!
 
Tips for web security
Tips for web securityTips for web security
Tips for web security
 
Tips for web security
Tips for web securityTips for web security
Tips for web security
 
Web application framework
Web application frameworkWeb application framework
Web application framework
 
Isset Presentation @ EECI2009
Isset Presentation @ EECI2009Isset Presentation @ EECI2009
Isset Presentation @ EECI2009
 
Website Security
Website SecurityWebsite Security
Website Security
 
Website Security
Website SecurityWebsite Security
Website Security
 
Cyber ppt
Cyber pptCyber ppt
Cyber ppt
 
Securing the e marketing site
Securing the e marketing siteSecuring the e marketing site
Securing the e marketing site
 
Web Speed And Scalability
Web Speed And ScalabilityWeb Speed And Scalability
Web Speed And Scalability
 
Advanced security - Seccom Global
Advanced security - Seccom Global Advanced security - Seccom Global
Advanced security - Seccom Global
 
How to Secure Web Apps — A Web App Security Checklist
How to Secure Web Apps — A Web App Security ChecklistHow to Secure Web Apps — A Web App Security Checklist
How to Secure Web Apps — A Web App Security Checklist
 
10 server security hacks to secure your web servers
10 server security hacks to secure your web servers10 server security hacks to secure your web servers
10 server security hacks to secure your web servers
 

Mais de Nelsan Ellis

Social media marketing trends for 2014
Social media marketing trends for 2014Social media marketing trends for 2014
Social media marketing trends for 2014Nelsan Ellis
 
The modern marketer
The modern marketerThe modern marketer
The modern marketerNelsan Ellis
 
Marketing campaign ideas
Marketing campaign ideasMarketing campaign ideas
Marketing campaign ideasNelsan Ellis
 
Social media trends 2013
Social media trends 2013Social media trends 2013
Social media trends 2013Nelsan Ellis
 
Application Development Tools For Android
Application Development Tools For AndroidApplication Development Tools For Android
Application Development Tools For AndroidNelsan Ellis
 
Social Media Strategy For 2013
Social Media Strategy For 2013Social Media Strategy For 2013
Social Media Strategy For 2013Nelsan Ellis
 
Android App Marketing
Android App MarketingAndroid App Marketing
Android App MarketingNelsan Ellis
 
Social Media Marketing
Social Media MarketingSocial Media Marketing
Social Media MarketingNelsan Ellis
 
Facebook vs google+
Facebook vs google+Facebook vs google+
Facebook vs google+Nelsan Ellis
 

Mais de Nelsan Ellis (10)

Social media marketing trends for 2014
Social media marketing trends for 2014Social media marketing trends for 2014
Social media marketing trends for 2014
 
The modern marketer
The modern marketerThe modern marketer
The modern marketer
 
Marketing campaign ideas
Marketing campaign ideasMarketing campaign ideas
Marketing campaign ideas
 
Social media trends 2013
Social media trends 2013Social media trends 2013
Social media trends 2013
 
Application Development Tools For Android
Application Development Tools For AndroidApplication Development Tools For Android
Application Development Tools For Android
 
Social Media Strategy For 2013
Social Media Strategy For 2013Social Media Strategy For 2013
Social Media Strategy For 2013
 
Android App Marketing
Android App MarketingAndroid App Marketing
Android App Marketing
 
Iphone vs android
Iphone vs androidIphone vs android
Iphone vs android
 
Social Media Marketing
Social Media MarketingSocial Media Marketing
Social Media Marketing
 
Facebook vs google+
Facebook vs google+Facebook vs google+
Facebook vs google+
 

Último

Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...HostedbyConfluent
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Google AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAGGoogle AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAGSujit Pal
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 

Último (20)

Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Google AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAGGoogle AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAG
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 

Web Application Security

  • 1. Created By Cygnis Media http://www.cygnismedia.com/
  • 2.  Web application security is a branch of Information Security that deals specifically with security of websites, web applications and web services.  At a high level, Web application security draws on the principles of application security but applies them specifically to Internet and Web systems. Typically web applications are developed using programming languages such as PHP, Java EE, Java, Python, Ruby, ASP.NET, C#, VB.NET or Classic ASP.
  • 3.  Content-Security-Policy  X-Frame-Options  Anti-CSRF cryptographic nonces on all secure functions  DAL (data/database access layer)  Unwritable file system  Forensically secure logging  Secure credential/passwd/secret questions and answers storage  Security frameworks  autocomplete="off" and strong passwords
  • 4.  We suggest you apply this with the notifying switched on, so that you can see what's splitting as your devs will work on it. It can be incredibly hard to develop into your website retroactively, because it usually includes either including so many whitelists that it's essentially useless, or having to go carefully through your website to make a large stock, expecting that you don't skip anything along the way. There is now a bookmarklet to help as well.
  • 5.  (one time tokens tied to user sessions) into each type and verifying that to make sure that your site can't be compelled to execute activities. This can be a huge pain to retrofit because it means in contact with a data source or distributed storage on every hit — in addition to the rule that needs to be placed into each web page with a type and following operate to confirm the nonce.
  • 6.  We suggest building nonces (one time tokens tied to user sessions) into each type and verifying that to make sure that your site can't be compelled to execute activities. This can be a large pain to retrofit because it means in contact with a data source or distributed storage on every hit in addition to the rule that needs to be placed into each web page with a type and following operate to confirm the nonce.
  • 7.  DALs help to avoid SQLinjection. Few organizations know about them or use them properly, but by front side finishing all data source with an abstraction part many types of SQL hypodermic injection basically don't succeed because they are not properly established. DALs can be costly and incredibly complicated to retrofit because every individual data source contact needs adjustment and interpolation at the DAL part.
  • 8.  Making the website rule and webserver configs on the computer file program unwritable by the web customer is a large protection benefits post- compromise. Almost no sites take this precautionary activity but it makes many types of exploitation nearly difficult. Retrofitting this is difficult to do later because plenty of things usually depend on local computer file program creates as the site advances over time, even though this type of style can be incredibly poor.
  • 9.  Records that are sent off-host or are created otherwise not reachable by the web customer help avoid overwriting the computer file program, regional consist of strikes, eliminating the assailant's paths from the logs and so on. It's challenging to describe how useful it is to have untampered logs until after it's too delayed. It is challenging to retrofit because it usually needs creating different signing facilities and developing some way to duplicate or instantly transportation the logs.
  • 10.  How many sites have we seen affected and all of the information is taken? In most situations it is either plaintext or badly hashed with an outdated hashing criteria, like MD5. Supposing that everything in the information source is duplicated off, the enemy still shouldn't have accessibility anything without investing loads of sources to break individual series. This can be extremely complicated to retrofit because many site features depend on current information source styles and the associated organized information.
  • 11.  Collections for managing and sanitising or rejecting customer feedback (XSS, SQLi, Control hypodermic injection, etc...) significantly enhance your capability to proactively secure yourself when used consistently across the website. Collections like this usually need modifying many website features, and these frameworks therefore contact almost every feedback, so it can be a headache to develop after the fact.
  • 12.  To secure your website from incredible power and from the latest allergy of protection problems in autocomplete, it is a wise decision to apply both of these. If your customers think the web browser will keep in mind their protection passwords for them it's going to be a headache when you convert autocomplete="off" later. If you convert it off beginning, they'll select poor protection passwords. So you really need both at the same time. You don't want the assistance expenses of all of your customers contacting you trying to determine how to get returning into their consideration.
  • 13. Created By Cygnis Media: http://www.cygnismedia.com/Data Collect: itproportal.com