Smartphone security
Seu SlideShare está sendo baixado.
×
Confira estes a seguir
Mais Conteúdo rRelacionado
Diapositivos para si (20)
Semelhante a No Website Left Behind: Are We Making Web Security Only for the Elite? (20)
Mais recentes (20)
No Website Left Behind: Are We Making Web Security Only for the Elite?
- 1. No Web Sit e Lef t Behind: Ar e We Making Web Secur it y Only f or t he Elit e? Ter r i Oda and Anil Somayaji Car let on Universit y, Ot t awa, Canada
- 2. Page Cr eat ors ar e not all Progr ammers
- 3. Deigner Art Direct or Web developer Graphic Artist Logo creator Web Designer Creative Director
- 4. Moter Citizen Minister Gaming guild leader Entrepreneur Real estate agent Journalist Soccer Coach Teacher Writer Pet Owner Worker Student Repair Tech
- 5. Web Secur it y is f or Progr ammers
- 6. =
- 7. Problem: Gr emlins in t he Engine
- 8. Saf er Coding Pr act ices
- 9. Taint ing
- 10. Taint ing
- 11. Known Exploit Det ect ion Look! Look! Look! Look!
- 12. Known Exploit Det ect ion Look! Look! Look! Look!
- 13. Mashup Prot ect ions
- 14. The language of secur it y CWE/SANS TOP 25 Most Dangerous Programming Errors SANS Cross-site Scripting (XSS) is an attack technique that involves echoing attacker-supplied code into a user's browser instance. A browser WASC instance can be a standard web browser client, or a browser object embedded in a software product such as the browser within WinAmp, an RSS reader, or an email client. The Open Web Application Security Project (OWASP) is a worldwide free and open community focused on improving the OWASP security of application software. define R1 ≡ all URIs accepted by the first HTTP header CSP Mozilla define R2 ≡ all URIs accepted by the second HTTP header CSP CSP Re = {r | r ∈ R1 AND r ∈ R2} (Re is the set of all URIs accepted by the intersected CSP)
- 15. Non-Progr ammers st ill need Secur it y
- 16. 64% of websites currently have a serious vulnerability Web hit by high tech crime wave When Web 2.0 Becomes Security Risk 2.0 75% of web sites with malicious code are compromised legitimate sites More than 100 attacks a second Malware delivered by Yahoo, Fox, Google ads 83% of sites have had a serious vulnerability Popular Facebook Game Caught Serving Malvertisements 78% of reported vulnerabilities were web related in Q1-2 2009
- 17. Deign afects Securty
- 18. So... Now What ?
- 19. security costs > risk?
- 20. Mor e secur e inf r ast r uct ur e and t ools
- 21. Educat ion
- 22. Minimal Int er vent ions
- 23. Separ at ion bet ween secur it y and design
- 24. Of oad t o someone else l f ● Ot her s in t he or ganizat ion ● e.g. Syst ems administ r at or ● Users ● Out side exper t s
- 25. Quest ions? t er r i@ccsl.car let on.ca
