SlideShare uma empresa Scribd logo

Web security

Transferir como PPTX, PDF
Kaushal Bhavsar
Kaushal Bhavsar

This

Tecnologia
1 de 15
What, Why, How
“We have a firewall and our servers are patched. We don’t need security.”
 More than 200,000 Linkedin passwords were cracked in July 2012.  More than 400,000 Yahoo passwords were cracked in the same month.
It doesn’t happen overnight.
 Password Breach  Data Theft  Reputation Loss
Security for Websites Before Coding While Coding After Coding
Security for Websites Before Coding While Coding After Coding
 Make a Security Risk Analysis  Prepare a Threat Model  Educate(!) Developers
 Run Code Reviews  Perform White Box security testing
 Run a vulnerability assessment and penetration test.
 The real thing starts when your website is out for the world to taste!
 Deploy a web application firewall  Perform periodic penetration tests  Run proactive monitoring  Report Anomalies to Developers!
 Founded in 2009  Kaushal Bhavsar, pursuing PhD in Computer Security, is the founder & CEO  Team of background-checked enthusiastic security researchers with strong morals and ethics  Continuously researching…
 Web Application Firewall using Net Canine WAF  Proactive Website Monitoring using Net Canine Monitoring System  Security Consulting  Vulnerability Assessment and Penetration Testing Leave your security tension upon us 
For more details, contact kaushal@pratikar.com or our website www.pratikar.com

Recomendados

Web application security
Web application securityWeb application security
Web application securityAkash Mahajan
 
Web Application Security - DevFest + GDay George Town 2016
Web Application Security - DevFest + GDay George Town 2016Web Application Security - DevFest + GDay George Town 2016
Web Application Security - DevFest + GDay George Town 2016Gareth Davies
 
iOS Security - Secure-iOS-Guidelines - Apple | iOS | Swift
iOS Security - Secure-iOS-Guidelines - Apple | iOS | Swift iOS Security - Secure-iOS-Guidelines - Apple | iOS | Swift
iOS Security - Secure-iOS-Guidelines - Apple | iOS | Swift Bunty Madan
 
How secure is your website?
How secure is your website?How secure is your website?
How secure is your website?Ian Grey
 
Building secure android apps
Building secure android appsBuilding secure android apps
Building secure android appsKaushal Bhavsar
 
Internship brochure
Internship brochureInternship brochure
Internship brochureFixNix Inc.,
 
How to-become-secure-and-stay-secure
How to-become-secure-and-stay-secureHow to-become-secure-and-stay-secure
How to-become-secure-and-stay-secureIIMBNSRCEL
 
Layered API Security: What Hackers Don't Want You To Know
Layered API Security: What Hackers Don't Want You To KnowLayered API Security: What Hackers Don't Want You To Know
Layered API Security: What Hackers Don't Want You To KnowAaronLieberman5
 

Recomendados

Web application security
Web application securityWeb application security
Web application securityAkash Mahajan
 
Web Application Security - DevFest + GDay George Town 2016
Web Application Security - DevFest + GDay George Town 2016Web Application Security - DevFest + GDay George Town 2016
Web Application Security - DevFest + GDay George Town 2016Gareth Davies
 
iOS Security - Secure-iOS-Guidelines - Apple | iOS | Swift
iOS Security - Secure-iOS-Guidelines - Apple | iOS | Swift iOS Security - Secure-iOS-Guidelines - Apple | iOS | Swift
iOS Security - Secure-iOS-Guidelines - Apple | iOS | Swift Bunty Madan
 
How secure is your website?
How secure is your website?How secure is your website?
How secure is your website?Ian Grey
 
Building secure android apps
Building secure android appsBuilding secure android apps
Building secure android appsKaushal Bhavsar
 
Internship brochure
Internship brochureInternship brochure
Internship brochureFixNix Inc.,
 
How to-become-secure-and-stay-secure
How to-become-secure-and-stay-secureHow to-become-secure-and-stay-secure
How to-become-secure-and-stay-secureIIMBNSRCEL
 
Layered API Security: What Hackers Don't Want You To Know
Layered API Security: What Hackers Don't Want You To KnowLayered API Security: What Hackers Don't Want You To Know
Layered API Security: What Hackers Don't Want You To KnowAaronLieberman5
 
Your internet-exposure-that-makes-you-vulnerable
Your internet-exposure-that-makes-you-vulnerableYour internet-exposure-that-makes-you-vulnerable
Your internet-exposure-that-makes-you-vulnerableIIMBNSRCEL
 
Phishing past mail protection controls using azure information
Phishing past mail protection controls using azure informationPhishing past mail protection controls using azure information
Phishing past mail protection controls using azure informationOddvar Moe
 
How to get deeper administration insights into your tenant
How to get deeper administration insights into your tenantHow to get deeper administration insights into your tenant
How to get deeper administration insights into your tenantRobert Crane
 
ZeroNights2013 testing of password policy
ZeroNights2013 testing of password policyZeroNights2013 testing of password policy
ZeroNights2013 testing of password policyAnton Dedov
 
Windows Advance Threats - BSides Amman 2019
Windows Advance Threats - BSides Amman 2019Windows Advance Threats - BSides Amman 2019
Windows Advance Threats - BSides Amman 2019Ammar Hasayen
 
Where To Start When Your Environment is Fucked
Where To Start When Your Environment is FuckedWhere To Start When Your Environment is Fucked
Where To Start When Your Environment is FuckedAmanda Berlin
 
Web appsec and it’s 10 best SDLC practices
Web appsec and it’s 10 best SDLC practicesWeb appsec and it’s 10 best SDLC practices
Web appsec and it’s 10 best SDLC practicesPotato
 
Securely logging to Microsoft 365
Securely logging to Microsoft 365Securely logging to Microsoft 365
Securely logging to Microsoft 365Robert Crane
 
Mobile Application Security Code Reviews
Mobile Application Security Code ReviewsMobile Application Security Code Reviews
Mobile Application Security Code ReviewsDenim Group
 
Wizard UI Consulting Projects 2010
Wizard UI Consulting Projects 2010Wizard UI Consulting Projects 2010
Wizard UI Consulting Projects 2010Adi Mazor Kario
 
Security Risks & Vulnerabilities in Skype
Security Risks & Vulnerabilities in SkypeSecurity Risks & Vulnerabilities in Skype
Security Risks & Vulnerabilities in SkypeKelum Senanayake
 
Thr30117 - Securely logging to Microsoft 365
Thr30117 - Securely logging to Microsoft 365Thr30117 - Securely logging to Microsoft 365
Thr30117 - Securely logging to Microsoft 365Robert Crane
 
Securing Governing and Protecting Your Office 365 Investments
Securing Governing and Protecting Your Office 365 InvestmentsSecuring Governing and Protecting Your Office 365 Investments
Securing Governing and Protecting Your Office 365 InvestmentsChris Bortlik
 
Ca partner day - cloud e mobile security - milano
Ca partner day - cloud e mobile security - milanoCa partner day - cloud e mobile security - milano
Ca partner day - cloud e mobile security - milanoCA Technologies Italia
 
Privacy security
Privacy securityPrivacy security
Privacy securityhanjunxian
 
Inner Security Ltd
Inner Security LtdInner Security Ltd
Inner Security Ltdinnersecurity
 
Identity and Data protection with Enterprise Mobility Security in ottica GDPR
Identity and Data protection with Enterprise Mobility Security in ottica GDPRIdentity and Data protection with Enterprise Mobility Security in ottica GDPR
Identity and Data protection with Enterprise Mobility Security in ottica GDPRJürgen Ambrosi
 
Lacework Overview: Security Redefined for Cloud Scale
Lacework Overview: Security Redefined for Cloud ScaleLacework Overview: Security Redefined for Cloud Scale
Lacework Overview: Security Redefined for Cloud ScaleLacework
 
Protecting your online identity - Managing your passwords
Protecting your online identity - Managing your passwordsProtecting your online identity - Managing your passwords
Protecting your online identity - Managing your passwordsBunmi Sowande
 
Secure Your Cloud Migration - Secureworld 2019 Charlotte
Secure Your Cloud Migration - Secureworld 2019 CharlotteSecure Your Cloud Migration - Secureworld 2019 Charlotte
Secure Your Cloud Migration - Secureworld 2019 CharlotteMike Brannon
 
Barcamp presentation at Ahmedabad
Barcamp presentation at AhmedabadBarcamp presentation at Ahmedabad
Barcamp presentation at Ahmedabadpriyal parikh
 
Developing the Windows Phone User Experience
Developing the Windows Phone User ExperienceDeveloping the Windows Phone User Experience
Developing the Windows Phone User ExperienceKaushal Bhavsar
 

Mais conteúdo relacionado

Mais procurados

Your internet-exposure-that-makes-you-vulnerable
Your internet-exposure-that-makes-you-vulnerableYour internet-exposure-that-makes-you-vulnerable
Your internet-exposure-that-makes-you-vulnerableIIMBNSRCEL
 
Phishing past mail protection controls using azure information
Phishing past mail protection controls using azure informationPhishing past mail protection controls using azure information
Phishing past mail protection controls using azure informationOddvar Moe
 
How to get deeper administration insights into your tenant
How to get deeper administration insights into your tenantHow to get deeper administration insights into your tenant
How to get deeper administration insights into your tenantRobert Crane
 
ZeroNights2013 testing of password policy
ZeroNights2013 testing of password policyZeroNights2013 testing of password policy
ZeroNights2013 testing of password policyAnton Dedov
 
Windows Advance Threats - BSides Amman 2019
Windows Advance Threats - BSides Amman 2019Windows Advance Threats - BSides Amman 2019
Windows Advance Threats - BSides Amman 2019Ammar Hasayen
 
Where To Start When Your Environment is Fucked
Where To Start When Your Environment is FuckedWhere To Start When Your Environment is Fucked
Where To Start When Your Environment is FuckedAmanda Berlin
 
Web appsec and it’s 10 best SDLC practices
Web appsec and it’s 10 best SDLC practicesWeb appsec and it’s 10 best SDLC practices
Web appsec and it’s 10 best SDLC practicesPotato
 
Securely logging to Microsoft 365
Securely logging to Microsoft 365Securely logging to Microsoft 365
Securely logging to Microsoft 365Robert Crane
 
Mobile Application Security Code Reviews
Mobile Application Security Code ReviewsMobile Application Security Code Reviews
Mobile Application Security Code ReviewsDenim Group
 
Wizard UI Consulting Projects 2010
Wizard UI Consulting Projects 2010Wizard UI Consulting Projects 2010
Wizard UI Consulting Projects 2010Adi Mazor Kario
 
Security Risks & Vulnerabilities in Skype
Security Risks & Vulnerabilities in SkypeSecurity Risks & Vulnerabilities in Skype
Security Risks & Vulnerabilities in SkypeKelum Senanayake
 
Thr30117 - Securely logging to Microsoft 365
Thr30117 - Securely logging to Microsoft 365Thr30117 - Securely logging to Microsoft 365
Thr30117 - Securely logging to Microsoft 365Robert Crane
 
Securing Governing and Protecting Your Office 365 Investments
Securing Governing and Protecting Your Office 365 InvestmentsSecuring Governing and Protecting Your Office 365 Investments
Securing Governing and Protecting Your Office 365 InvestmentsChris Bortlik
 
Ca partner day - cloud e mobile security - milano
Ca partner day - cloud e mobile security - milanoCa partner day - cloud e mobile security - milano
Ca partner day - cloud e mobile security - milanoCA Technologies Italia
 
Privacy security
Privacy securityPrivacy security
Privacy securityhanjunxian
 
Identity and Data protection with Enterprise Mobility Security in ottica GDPR
Identity and Data protection with Enterprise Mobility Security in ottica GDPRIdentity and Data protection with Enterprise Mobility Security in ottica GDPR
Identity and Data protection with Enterprise Mobility Security in ottica GDPRJürgen Ambrosi
 
Lacework Overview: Security Redefined for Cloud Scale
Lacework Overview: Security Redefined for Cloud ScaleLacework Overview: Security Redefined for Cloud Scale
Lacework Overview: Security Redefined for Cloud ScaleLacework
 
Protecting your online identity - Managing your passwords
Protecting your online identity - Managing your passwordsProtecting your online identity - Managing your passwords
Protecting your online identity - Managing your passwordsBunmi Sowande
 
Secure Your Cloud Migration - Secureworld 2019 Charlotte
Secure Your Cloud Migration - Secureworld 2019 CharlotteSecure Your Cloud Migration - Secureworld 2019 Charlotte
Secure Your Cloud Migration - Secureworld 2019 CharlotteMike Brannon
 

Mais procurados (20)

Your internet-exposure-that-makes-you-vulnerable
Your internet-exposure-that-makes-you-vulnerableYour internet-exposure-that-makes-you-vulnerable
Your internet-exposure-that-makes-you-vulnerable
 
Phishing past mail protection controls using azure information
Phishing past mail protection controls using azure informationPhishing past mail protection controls using azure information
Phishing past mail protection controls using azure information
 
How to get deeper administration insights into your tenant
How to get deeper administration insights into your tenantHow to get deeper administration insights into your tenant
How to get deeper administration insights into your tenant
 
ZeroNights2013 testing of password policy
ZeroNights2013 testing of password policyZeroNights2013 testing of password policy
ZeroNights2013 testing of password policy
 
Windows Advance Threats - BSides Amman 2019
Windows Advance Threats - BSides Amman 2019Windows Advance Threats - BSides Amman 2019
Windows Advance Threats - BSides Amman 2019
 
Where To Start When Your Environment is Fucked
Where To Start When Your Environment is FuckedWhere To Start When Your Environment is Fucked
Where To Start When Your Environment is Fucked
 
Web appsec and it’s 10 best SDLC practices
Web appsec and it’s 10 best SDLC practicesWeb appsec and it’s 10 best SDLC practices
Web appsec and it’s 10 best SDLC practices
 
Securely logging to Microsoft 365
Securely logging to Microsoft 365Securely logging to Microsoft 365
Securely logging to Microsoft 365
 
Mobile Application Security Code Reviews
Mobile Application Security Code ReviewsMobile Application Security Code Reviews
Mobile Application Security Code Reviews
 
Wizard UI Consulting Projects 2010
Wizard UI Consulting Projects 2010Wizard UI Consulting Projects 2010
Wizard UI Consulting Projects 2010
 
Security Risks & Vulnerabilities in Skype
Security Risks & Vulnerabilities in SkypeSecurity Risks & Vulnerabilities in Skype
Security Risks & Vulnerabilities in Skype
 
Thr30117 - Securely logging to Microsoft 365
Thr30117 - Securely logging to Microsoft 365Thr30117 - Securely logging to Microsoft 365
Thr30117 - Securely logging to Microsoft 365
 
Securing Governing and Protecting Your Office 365 Investments
Securing Governing and Protecting Your Office 365 InvestmentsSecuring Governing and Protecting Your Office 365 Investments
Securing Governing and Protecting Your Office 365 Investments
 
Ca partner day - cloud e mobile security - milano
Ca partner day - cloud e mobile security - milanoCa partner day - cloud e mobile security - milano
Ca partner day - cloud e mobile security - milano
 
Privacy security
Privacy securityPrivacy security
Privacy security
 
Inner Security Ltd
Inner Security LtdInner Security Ltd
Inner Security Ltd
 
Identity and Data protection with Enterprise Mobility Security in ottica GDPR
Identity and Data protection with Enterprise Mobility Security in ottica GDPRIdentity and Data protection with Enterprise Mobility Security in ottica GDPR
Identity and Data protection with Enterprise Mobility Security in ottica GDPR
 
Lacework Overview: Security Redefined for Cloud Scale
Lacework Overview: Security Redefined for Cloud ScaleLacework Overview: Security Redefined for Cloud Scale
Lacework Overview: Security Redefined for Cloud Scale
 
Protecting your online identity - Managing your passwords
Protecting your online identity - Managing your passwordsProtecting your online identity - Managing your passwords
Protecting your online identity - Managing your passwords
 
Secure Your Cloud Migration - Secureworld 2019 Charlotte
Secure Your Cloud Migration - Secureworld 2019 CharlotteSecure Your Cloud Migration - Secureworld 2019 Charlotte
Secure Your Cloud Migration - Secureworld 2019 Charlotte
 

Destaque

Barcamp presentation at Ahmedabad
Barcamp presentation at AhmedabadBarcamp presentation at Ahmedabad
Barcamp presentation at Ahmedabadpriyal parikh
 
Developing the Windows Phone User Experience
Developing the Windows Phone User ExperienceDeveloping the Windows Phone User Experience
Developing the Windows Phone User ExperienceKaushal Bhavsar
 
The vibrant startup challenge entry by Pratikar
The vibrant startup challenge entry by PratikarThe vibrant startup challenge entry by Pratikar
The vibrant startup challenge entry by PratikarKaushal Bhavsar
 
Landing page optimization techniques
Landing page optimization techniquesLanding page optimization techniques
Landing page optimization techniquespriyal parikh
 
Instagram extension setup in Magento framework
Instagram extension setup in Magento frameworkInstagram extension setup in Magento framework
Instagram extension setup in Magento frameworkKetan Raval
 
Html5 Offline Applications
Html5 Offline Applications Html5 Offline Applications
Html5 Offline Applications Sunny Sharma
 
Attacking Web Applications
Attacking Web ApplicationsAttacking Web Applications
Attacking Web ApplicationsSasha Goldshtein
 
Why? A meditative PPT for Entrepreneurs..
Why? A meditative PPT for Entrepreneurs..Why? A meditative PPT for Entrepreneurs..
Why? A meditative PPT for Entrepreneurs..Alok Rodinhood Kejriwal
 
Keynote - Devfest 2015 organized by GDG Ahmedabad
Keynote - Devfest 2015 organized by GDG AhmedabadKeynote - Devfest 2015 organized by GDG Ahmedabad
Keynote - Devfest 2015 organized by GDG AhmedabadKetan Raval
 
How Linkedin uses Gamification to improve its Business!
How Linkedin uses Gamification to improve its Business!How Linkedin uses Gamification to improve its Business!
How Linkedin uses Gamification to improve its Business!Alok Rodinhood Kejriwal
 
Java Presentation
Java PresentationJava Presentation
Java Presentationaitrichtech
 
Exploring erp and gis integration
Exploring erp and gis integrationExploring erp and gis integration
Exploring erp and gis integrationJinal Patel
 

Destaque (20)

Barcamp presentation at Ahmedabad
Barcamp presentation at AhmedabadBarcamp presentation at Ahmedabad
Barcamp presentation at Ahmedabad
 
Developing the Windows Phone User Experience
Developing the Windows Phone User ExperienceDeveloping the Windows Phone User Experience
Developing the Windows Phone User Experience
 
Beautiful data
Beautiful dataBeautiful data
Beautiful data
 
Net canine
Net canineNet canine
Net canine
 
The vibrant startup challenge entry by Pratikar
The vibrant startup challenge entry by PratikarThe vibrant startup challenge entry by Pratikar
The vibrant startup challenge entry by Pratikar
 
Requirements for IoT platform technology
Requirements for IoT platform technologyRequirements for IoT platform technology
Requirements for IoT platform technology
 
Education 2.0
Education 2.0Education 2.0
Education 2.0
 
Landing page optimization techniques
Landing page optimization techniquesLanding page optimization techniques
Landing page optimization techniques
 
Instagram extension setup in Magento framework
Instagram extension setup in Magento frameworkInstagram extension setup in Magento framework
Instagram extension setup in Magento framework
 
Womens report final_for_print
Womens report final_for_printWomens report final_for_print
Womens report final_for_print
 
Html5 Offline Applications
Html5 Offline Applications Html5 Offline Applications
Html5 Offline Applications
 
The Copycat Monkeys
The Copycat MonkeysThe Copycat Monkeys
The Copycat Monkeys
 
Attacking Web Applications
Attacking Web ApplicationsAttacking Web Applications
Attacking Web Applications
 
Why? A meditative PPT for Entrepreneurs..
Why? A meditative PPT for Entrepreneurs..Why? A meditative PPT for Entrepreneurs..
Why? A meditative PPT for Entrepreneurs..
 
NoSQL Basics and MongDB
NoSQL Basics and MongDBNoSQL Basics and MongDB
NoSQL Basics and MongDB
 
Keynote - Devfest 2015 organized by GDG Ahmedabad
Keynote - Devfest 2015 organized by GDG AhmedabadKeynote - Devfest 2015 organized by GDG Ahmedabad
Keynote - Devfest 2015 organized by GDG Ahmedabad
 
CBArchitect
CBArchitectCBArchitect
CBArchitect
 
How Linkedin uses Gamification to improve its Business!
How Linkedin uses Gamification to improve its Business!How Linkedin uses Gamification to improve its Business!
How Linkedin uses Gamification to improve its Business!
 
Java Presentation
Java PresentationJava Presentation
Java Presentation
 
Exploring erp and gis integration
Exploring erp and gis integrationExploring erp and gis integration
Exploring erp and gis integration
 

Semelhante a Web security

Web application security
Web application securityWeb application security
Web application securityAkash Mahajan
 
Web application security
Web application securityWeb application security
Web application securityAkash Mahajan
 
Mitigating Web 2.0 Threats
Mitigating Web 2.0 ThreatsMitigating Web 2.0 Threats
Mitigating Web 2.0 ThreatsKim Jensen
 
Top Application Security Trends of 2012
Top Application Security Trends of 2012Top Application Security Trends of 2012
Top Application Security Trends of 2012DaveEdwards12
 
Testing Application Security: The Hacker Psyche Exposed
Testing Application Security: The Hacker Psyche ExposedTesting Application Security: The Hacker Psyche Exposed
Testing Application Security: The Hacker Psyche ExposedTechWell
 
Become a Security Ninja
Become a Security NinjaBecome a Security Ninja
Become a Security NinjaPaul Gilzow
 
ONE Conference: Vulnerabilities in Web Applications
ONE Conference: Vulnerabilities in Web ApplicationsONE Conference: Vulnerabilities in Web Applications
ONE Conference: Vulnerabilities in Web ApplicationsNetcetera
 
Vikas Jain Past Work
Vikas Jain Past WorkVikas Jain Past Work
Vikas Jain Past WorkVikas Jain
 
DevOps on AWS: Deep Dive on Continuous Delivery and the AWS Developer Tools
DevOps on AWS: Deep Dive on Continuous Delivery and the AWS Developer ToolsDevOps on AWS: Deep Dive on Continuous Delivery and the AWS Developer Tools
DevOps on AWS: Deep Dive on Continuous Delivery and the AWS Developer ToolsAmazon Web Services
 
Workshop content adams
Workshop content adamsWorkshop content adams
Workshop content adamsSiddharth
 
Why 'positive security' is a software security game changer
Why 'positive security' is a software security game changerWhy 'positive security' is a software security game changer
Why 'positive security' is a software security game changerJaap Karan Singh
 
DevOps on AWS: Deep Dive on Continuous Delivery and the AWS Developer Tools
DevOps on AWS: Deep Dive on Continuous Delivery and the AWS Developer ToolsDevOps on AWS: Deep Dive on Continuous Delivery and the AWS Developer Tools
DevOps on AWS: Deep Dive on Continuous Delivery and the AWS Developer ToolsAmazon Web Services
 
Web Application Firewall (WAF) DAST/SAST combination
Web Application Firewall (WAF) DAST/SAST combinationWeb Application Firewall (WAF) DAST/SAST combination
Web Application Firewall (WAF) DAST/SAST combinationTjylen Veselyj
 
Surviving the lions den - how to sell SaaS services to security oriented cust...
Surviving the lions den - how to sell SaaS services to security oriented cust...Surviving the lions den - how to sell SaaS services to security oriented cust...
Surviving the lions den - how to sell SaaS services to security oriented cust...Moshe Ferber
 
Web 2.0 security woes
Web 2.0 security woesWeb 2.0 security woes
Web 2.0 security woesSensePost
 
Detection and Analysis of 0-Day Threats
Detection and Analysis of 0-Day ThreatsDetection and Analysis of 0-Day Threats
Detection and Analysis of 0-Day ThreatsInvincea, Inc.
 
Get Ready for Web Application Security Testing
Get Ready for Web Application Security TestingGet Ready for Web Application Security Testing
Get Ready for Web Application Security TestingAlan Kan
 
How Does a Data Breach Happen?
How Does a Data Breach Happen? How Does a Data Breach Happen?
How Does a Data Breach Happen? Claranet UK
 
Passwords are passé. WebAuthn is simpler, stronger and ready to go
Passwords are passé. WebAuthn is simpler, stronger and ready to goPasswords are passé. WebAuthn is simpler, stronger and ready to go
Passwords are passé. WebAuthn is simpler, stronger and ready to goMichael Furman
 

Semelhante a Web security (20)

Web application security
Web application securityWeb application security
Web application security
 
Web application security
Web application securityWeb application security
Web application security
 
Mitigating Web 2.0 Threats
Mitigating Web 2.0 ThreatsMitigating Web 2.0 Threats
Mitigating Web 2.0 Threats
 
Top Application Security Trends of 2012
Top Application Security Trends of 2012Top Application Security Trends of 2012
Top Application Security Trends of 2012
 
Testing Application Security: The Hacker Psyche Exposed
Testing Application Security: The Hacker Psyche ExposedTesting Application Security: The Hacker Psyche Exposed
Testing Application Security: The Hacker Psyche Exposed
 
Become a Security Ninja
Become a Security NinjaBecome a Security Ninja
Become a Security Ninja
 
ONE Conference: Vulnerabilities in Web Applications
ONE Conference: Vulnerabilities in Web ApplicationsONE Conference: Vulnerabilities in Web Applications
ONE Conference: Vulnerabilities in Web Applications
 
Vikas Jain Past Work
Vikas Jain Past WorkVikas Jain Past Work
Vikas Jain Past Work
 
DevOps on AWS: Deep Dive on Continuous Delivery and the AWS Developer Tools
DevOps on AWS: Deep Dive on Continuous Delivery and the AWS Developer ToolsDevOps on AWS: Deep Dive on Continuous Delivery and the AWS Developer Tools
DevOps on AWS: Deep Dive on Continuous Delivery and the AWS Developer Tools
 
Workshop content adams
Workshop content adamsWorkshop content adams
Workshop content adams
 
Javacro 2014 Spring Security 3 Speech
Javacro 2014 Spring Security 3 SpeechJavacro 2014 Spring Security 3 Speech
Javacro 2014 Spring Security 3 Speech
 
Why 'positive security' is a software security game changer
Why 'positive security' is a software security game changerWhy 'positive security' is a software security game changer
Why 'positive security' is a software security game changer
 
DevOps on AWS: Deep Dive on Continuous Delivery and the AWS Developer Tools
DevOps on AWS: Deep Dive on Continuous Delivery and the AWS Developer ToolsDevOps on AWS: Deep Dive on Continuous Delivery and the AWS Developer Tools
DevOps on AWS: Deep Dive on Continuous Delivery and the AWS Developer Tools
 
Web Application Firewall (WAF) DAST/SAST combination
Web Application Firewall (WAF) DAST/SAST combinationWeb Application Firewall (WAF) DAST/SAST combination
Web Application Firewall (WAF) DAST/SAST combination
 
Surviving the lions den - how to sell SaaS services to security oriented cust...
Surviving the lions den - how to sell SaaS services to security oriented cust...Surviving the lions den - how to sell SaaS services to security oriented cust...
Surviving the lions den - how to sell SaaS services to security oriented cust...
 
Web 2.0 security woes
Web 2.0 security woesWeb 2.0 security woes
Web 2.0 security woes
 
Detection and Analysis of 0-Day Threats
Detection and Analysis of 0-Day ThreatsDetection and Analysis of 0-Day Threats
Detection and Analysis of 0-Day Threats
 
Get Ready for Web Application Security Testing
Get Ready for Web Application Security TestingGet Ready for Web Application Security Testing
Get Ready for Web Application Security Testing
 
How Does a Data Breach Happen?
How Does a Data Breach Happen? How Does a Data Breach Happen?
How Does a Data Breach Happen?
 
Passwords are passé. WebAuthn is simpler, stronger and ready to go
Passwords are passé. WebAuthn is simpler, stronger and ready to goPasswords are passé. WebAuthn is simpler, stronger and ready to go
Passwords are passé. WebAuthn is simpler, stronger and ready to go
 

Mais de Kaushal Bhavsar

Introduction to IP telephony & VoIP
Introduction to IP telephony & VoIP Introduction to IP telephony & VoIP
Introduction to IP telephony & VoIP Kaushal Bhavsar
 
Introduction to Cloud Computing and Windows Azure
Introduction to Cloud Computing and Windows AzureIntroduction to Cloud Computing and Windows Azure
Introduction to Cloud Computing and Windows AzureKaushal Bhavsar
 
Marketing 2.0 - Targeting mobile users using QR codes
Marketing 2.0 - Targeting mobile users using QR codesMarketing 2.0 - Targeting mobile users using QR codes
Marketing 2.0 - Targeting mobile users using QR codesKaushal Bhavsar
 
Effective Search via Google.
Effective Search via Google. Effective Search via Google.
Effective Search via Google. Kaushal Bhavsar
 

Mais de Kaushal Bhavsar (7)

Introduction to IP telephony & VoIP
Introduction to IP telephony & VoIP Introduction to IP telephony & VoIP
Introduction to IP telephony & VoIP
 
Introduction to Cloud Computing and Windows Azure
Introduction to Cloud Computing and Windows AzureIntroduction to Cloud Computing and Windows Azure
Introduction to Cloud Computing and Windows Azure
 
Satark
SatarkSatark
Satark
 
Azure mobile services
Azure mobile servicesAzure mobile services
Azure mobile services
 
Presentation zen
Presentation zenPresentation zen
Presentation zen
 
Marketing 2.0 - Targeting mobile users using QR codes
Marketing 2.0 - Targeting mobile users using QR codesMarketing 2.0 - Targeting mobile users using QR codes
Marketing 2.0 - Targeting mobile users using QR codes
 
Effective Search via Google.
Effective Search via Google. Effective Search via Google.
Effective Search via Google.
 

Último

TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfLoriGlavin3
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionDilum Bandara
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxLoriGlavin3
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxLoriGlavin3
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxLoriGlavin3
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersRaghuram Pandurangan
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxunit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxBkGupta21
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 

Último (20)

TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdf
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An Introduction
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information Developers
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxunit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptx
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 

Web security

  • 2. “We have a firewall and our servers are patched. We don’t need security.”
  • 3.  More than 200,000 Linkedin passwords were cracked in July 2012.  More than 400,000 Yahoo passwords were cracked in the same month.
  • 4. It doesn’t happen overnight.
  • 5.  Password Breach  Data Theft  Reputation Loss
  • 6. Security for Websites Before Coding While Coding After Coding
  • 7. Security for Websites Before Coding While Coding After Coding
  • 8.  Make a Security Risk Analysis  Prepare a Threat Model  Educate(!) Developers
  • 9.  Run Code Reviews  Perform White Box security testing
  • 10.  Run a vulnerability assessment and penetration test.
  • 11.  The real thing starts when your website is out for the world to taste!
  • 12. Deploy a web application firewall  Perform periodic penetration tests  Run proactive monitoring  Report Anomalies to Developers!
  • 13.  Founded in 2009  Kaushal Bhavsar, pursuing PhD in Computer Security, is the founder & CEO  Team of background-checked enthusiastic security researchers with strong morals and ethics  Continuously researching…
  • 14.  Web Application Firewall using Net Canine WAF  Proactive Website Monitoring using Net Canine Monitoring System  Security Consulting  Vulnerability Assessment and Penetration Testing Leave your security tension upon us 
  • 15. For more details, contact kaushal@pratikar.com or our website www.pratikar.com