Practical security
•Transferir como PPTX, PDF•
0 gostou•592 visualizações
This document discusses practical information security topics for web development. It begins with an introduction of the author and defines information security as protecting data from unauthorized access, use, disclosure, disruption or destruction. It then discusses how rapid web development can introduce security risks if new tools are not fully understood. The document outlines several common attacks like XSS, SQL injection, brute forcing and social engineering. It provides examples of each attack and emphasizes that social engineering is effective because it manipulates human psychology. The document concludes by advising the reader on how to prevent attacks through security awareness training and ethical hacking assessments.
Recomendados
Mais conteúdo relacionado
Mais procurados
Mais procurados (20)
Semelhante a Practical security
Semelhante a Practical security (20)
Último
Último (20)
Practical security
- 1. Practical Security Ron van der Molen Wizkunde Ron van der Molen 2014 - Wizkunde.nl
- 2. About me Ron van der Molen Father of a son, always learning @RonvdMolen (twitter) RonXS (IRC Freenode) ron@wizkunde.nl Wizkunde My History Ron van der Molen 2014 - Wizkunde.nl
- 3. What is information security? The practice of defending information from unauthorized access, use, disclosure, disruption, modification, perusal, inspection, recording or destruction CIA Confidentiality Integrity Availability Ron van der Molen 2014 - Wizkunde.nl
- 4. Impact of Information Security on WebDev A rapid process, where innovation is one of the largest contradictions to information security Building better, more stable, feature rich applications by implementing new tools/frameworks everyday, without knowing the full extent of knowledge that the developers have who are writing the code. Ron van der Molen 2014 - Wizkunde.nl
- 5. Impact of Information Security on WebDev Use the tools to build code Maintainable Updateable Reusable Interchangeable Educationable This can also include secure, if the developers at hand, invest time in good coding practices and good security strategies Ron van der Molen 2014 - Wizkunde.nl
- 6. Most used attacks Cross Site Scripting (XSS) Cross Site Request Forgery (XSRF) SQL Injection Time Based Attacks Sessions Fixation Brute Forcing Ron van der Molen 2014 - Wizkunde.nl
- 7. Cross Site Scripting Abusing the fact that a user trusts a website Trusted content Output is said to be genuine Example Ron van der Molen 2014 - Wizkunde.nl
- 8. Cross-Site Request Forgery Abusing the fact that a website trusts a browser (Also called “reversed XSS”) Example Ron van der Molen 2014 - Wizkunde.nl
- 9. SQL Injection Abusing bad coding practises to inject SQL Retreive information Get unauthorized access Damage the system Example Ron van der Molen 2014 - Wizkunde.nl
- 10. Time Based Attacks Profiling the system, to get data disclosure without needing explicit access to the software itself Abusing facts or other security flaws get easier like this Example Ron van der Molen 2014 - Wizkunde.nl
- 11. Session Fixation Abusing another users session to get unauthorized access Cookie Hijacking XSS Scripting Sometimes refered to as persistent XSS Example Ron van der Molen 2014 - Wizkunde.nl
- 12. Bruteforcing Send a huge amount of requests to the server, and force your way in by trial and error. This can be more effective as you might think In combination with time based attacks! Example Ron van der Molen 2014 - Wizkunde.nl
- 13. More Attacks Code Injection Denial of Service (I.E. Syn Flooding) Lower layer architectural attacks Stack Overflow attacks Heap Overflow attacks Many many more known and unknown attacks! Ron van der Molen 2014 - Wizkunde.nl
- 14. Social Engineering What is it? Using social skills, to change facts or hack and manipulate your way into a normally secured situation Yes, its also social engineering if you manipulate or LIE to a person by changing facts to alter the outcome of a problem / situation Ron van der Molen 2014 - Wizkunde.nl
- 15. Social Engineering What is it? Where is this an issue? Everywhere!!! Larger organisations Inter organisation collaboration So how does it work? Ron van der Molen 2014 - Wizkunde.nl
- 16. Social Engineering How does it work? Psychology Small Talk Common Sense Brutality Insecurity / Uncertainty Emotions Ron van der Molen 2014 - Wizkunde.nl
- 17. Social Engineering How does it work? Reverse Psychology The problem solver The damsel in distress Information by incentives Random rewards to buy information Discount websites to buy information Ron van der Molen 2014 - Wizkunde.nl
- 18. Social Engineering How does it work? Toolkit of a social engineer Guts His mouth, you need to be able to talk Knowing the targets habits Social Media Screen Reading Sticky notes Ron van der Molen 2014 - Wizkunde.nl
- 19. Social Engineering Who does this? Everybody, including you and me Lie Cheat Manipulate Self preservation Ron van der Molen 2014 - Wizkunde.nl
- 20. Social Engineering How is that even lucrative? Information has value, and with value comes buyers Kevin mitnick – The Art of Deception Slot Machine example Ron van der Molen 2014 - Wizkunde.nl
- 21. Social Engineering How to prevent it? Security through obscurity Create security regulations for your company Train employees on a regular basis Assess your organisation by ethical hackers It will not rule out Social Engineers! Ron van der Molen 2014 - Wizkunde.nl
- 22. Information Security Dont overdo it! Ron van der Molen 2014 - Wizkunde.nl
- 23. Practical Security What will you start doing tomorrow to improve? Questions? Ron van der Molen 2014 - Wizkunde.nl