Your SlideShare is downloading. ×
OWASP -  Security Awareness Presentation for Bitcoin Wednesday Amsterdam
OWASP -  Security Awareness Presentation for Bitcoin Wednesday Amsterdam
OWASP -  Security Awareness Presentation for Bitcoin Wednesday Amsterdam
OWASP -  Security Awareness Presentation for Bitcoin Wednesday Amsterdam
OWASP -  Security Awareness Presentation for Bitcoin Wednesday Amsterdam
OWASP -  Security Awareness Presentation for Bitcoin Wednesday Amsterdam
OWASP -  Security Awareness Presentation for Bitcoin Wednesday Amsterdam
OWASP -  Security Awareness Presentation for Bitcoin Wednesday Amsterdam
OWASP -  Security Awareness Presentation for Bitcoin Wednesday Amsterdam
OWASP -  Security Awareness Presentation for Bitcoin Wednesday Amsterdam
OWASP -  Security Awareness Presentation for Bitcoin Wednesday Amsterdam
OWASP -  Security Awareness Presentation for Bitcoin Wednesday Amsterdam
OWASP -  Security Awareness Presentation for Bitcoin Wednesday Amsterdam
OWASP -  Security Awareness Presentation for Bitcoin Wednesday Amsterdam
OWASP -  Security Awareness Presentation for Bitcoin Wednesday Amsterdam
OWASP -  Security Awareness Presentation for Bitcoin Wednesday Amsterdam
OWASP -  Security Awareness Presentation for Bitcoin Wednesday Amsterdam
OWASP -  Security Awareness Presentation for Bitcoin Wednesday Amsterdam
OWASP -  Security Awareness Presentation for Bitcoin Wednesday Amsterdam
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

OWASP - Security Awareness Presentation for Bitcoin Wednesday Amsterdam

112

Published on

Security Awareness Presentation by Dutch Chapter of OWASP on Bitcoin Wednesday's First Year Anniversary Meeting in Amsterdam

Security Awareness Presentation by Dutch Chapter of OWASP on Bitcoin Wednesday's First Year Anniversary Meeting in Amsterdam

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
112
On Slideshare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
4
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Martin Knobloch – 10 years developer experience – 10 years information security experience – +3 years independent Security Consultant – Dutch OWASP Chapter Leader – OWASP AppSec-Eu/Research 2015 Chair – martin.knobloch@owasp.org – www.owasp.org
  • 2. www.owasp.org | 3
  • 3. Enter the rest of OWASP • Free Chapter Meetings • Free Local Events • Conferences • ... People • Webgoat • Zed Attack Proxy (ZAP) • ESAPI • ... Tools • Requirements list • CLASP • SAMM • ... Guides 6
  • 4. Your security “perimeter” has huge holes at the application layer |7 Firewall Hardened OS Web Server App Server Firewall Databases LegacySystems WebServices Directories HumanResrcs Billing Custom Developed Application Code APPLICATION ATTACK You can’t use network layer protection (firewall, SSL, IDS, hardening) to stop or detect application layer attacks Network Layer Application Layer
  • 5. 8 An Attacker has 24x7x365 to Attack Scheduled Pen-Test Scheduled Pen-Test Attacker Schedule The Defender has 20 man days per year to detect and defend
  • 6. Tools – At Best 45% • MITRE found that all application security tool vendors’ claims put together cover only 45% of the known vulnerability types (695) • They found very little overlap between tools, so to get 45% you need them all (assuming their claims are true)
  • 7. 10
  • 8. Content
  • 9. Insecure? Insecure? Functional Specification Technical Implementation An application is secure if it acts and reacts, as it expected, at any time! Secure
  • 10. Username Password password forgotten link
  • 11. Threat Modeling – The Basics Asset: Valuable resource Vulnerability: Exploitable weakness Threat: Causes harm Risk: Chance of harm occurring ? Countermeasure: Reduces risk
  • 12. Why start again? Asset Threat Risk is low Countermeasure Dependency Dependency’s Countermeasure Dependency’s Threat
  • 13. 22 That’s it… ..thank you!

×