SlideShare a Scribd company logo

01 Application Security Fundamentals - part 1 - introduction and goals

A
appsec

This document discusses application security fundamentals and outlines various threats including script kiddies, hacktivists, hackers, cyber criminals, and advanced persistent threats. It then discusses the goals of application security which are confidentiality, integrity, and availability. Finally, it introduces the application security hierarchy which includes goals, mechanisms, and principles to guide security decisions and techniques.

Internet
1 of 5
Application Security Fundamentals PART 1
Agenda PART 1  The Threats  Goals and Principles of Application Security PART 2  Security Mechanisms
Application Security Threats Script Kiddie • Leveraging tools and exploits created by others • Hacking by pushing the big red shiny button Hacktivist • Hacker with a cause • Denial of service, site defacement Hacker • Malicious and non-malicious • Because they can Cyber Criminal • Different levels of sophistication • Scams, information theft, fraud Advanced Persistent Threat • Extremely sophisticated attackers; nation-states • Low & slow, information theft, espionage
Application Security Goals onfidentiality ntegrity vailability Information is only available to those who should have access Data is known to be correct and trusted Information is available for use by legitimate users when it is needed
Application Security Hierarchy guiding concepts that aid in making security decisions Confidentiality Integrity Availability Goals Mechanisms Principles secure coding techniques

Recommended

Ethical Hacking
Ethical HackingEthical Hacking
Ethical HackingRishab garg
 
Cyber intelligence-services
Cyber intelligence-servicesCyber intelligence-services
Cyber intelligence-servicesCyber 51 LLC
 
Jd sherry howard a. schmidt cyber crime, cyberspy, cyberwar - taking the le...
Jd sherry howard a. schmidt cyber crime, cyberspy, cyberwar - taking the le...Jd sherry howard a. schmidt cyber crime, cyberspy, cyberwar - taking the le...
Jd sherry howard a. schmidt cyber crime, cyberspy, cyberwar - taking the le...Graeme Wood
 
Security in computer systems fundamentals
Security in computer systems fundamentalsSecurity in computer systems fundamentals
Security in computer systems fundamentalsManesh T
 
Current trends in information security โดย ผศ.ดร.ปราโมทย์ กั่วเจริญ
Current trends in information security โดย ผศ.ดร.ปราโมทย์ กั่วเจริญCurrent trends in information security โดย ผศ.ดร.ปราโมทย์ กั่วเจริญ
Current trends in information security โดย ผศ.ดร.ปราโมทย์ กั่วเจริญBAINIDA
 
Cyber Security For E-commerce (Infrastructure) development
Cyber Security For E-commerce (Infrastructure) developmentCyber Security For E-commerce (Infrastructure) development
Cyber Security For E-commerce (Infrastructure) developmentMohammad Ashfaqur Rahman
 
Introduction To Ethical Hacking
Introduction To Ethical HackingIntroduction To Ethical Hacking
Introduction To Ethical HackingAkshay Kale
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hackingshinigami-99
 

Recommended

Ethical Hacking
Ethical HackingEthical Hacking
Ethical HackingRishab garg
 
Cyber intelligence-services
Cyber intelligence-servicesCyber intelligence-services
Cyber intelligence-servicesCyber 51 LLC
 
Jd sherry howard a. schmidt cyber crime, cyberspy, cyberwar - taking the le...
Jd sherry howard a. schmidt cyber crime, cyberspy, cyberwar - taking the le...Jd sherry howard a. schmidt cyber crime, cyberspy, cyberwar - taking the le...
Jd sherry howard a. schmidt cyber crime, cyberspy, cyberwar - taking the le...Graeme Wood
 
Security in computer systems fundamentals
Security in computer systems fundamentalsSecurity in computer systems fundamentals
Security in computer systems fundamentalsManesh T
 
Current trends in information security โดย ผศ.ดร.ปราโมทย์ กั่วเจริญ
Current trends in information security โดย ผศ.ดร.ปราโมทย์ กั่วเจริญCurrent trends in information security โดย ผศ.ดร.ปราโมทย์ กั่วเจริญ
Current trends in information security โดย ผศ.ดร.ปราโมทย์ กั่วเจริญBAINIDA
 
Cyber Security For E-commerce (Infrastructure) development
Cyber Security For E-commerce (Infrastructure) developmentCyber Security For E-commerce (Infrastructure) development
Cyber Security For E-commerce (Infrastructure) developmentMohammad Ashfaqur Rahman
 
Introduction To Ethical Hacking
Introduction To Ethical HackingIntroduction To Ethical Hacking
Introduction To Ethical HackingAkshay Kale
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hackingshinigami-99
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hackingGaurav Yadav
 
Using SurfWatch Labs' Threat Intelligence to Understand Third-Party Risk
Using SurfWatch Labs' Threat Intelligence to Understand Third-Party RiskUsing SurfWatch Labs' Threat Intelligence to Understand Third-Party Risk
Using SurfWatch Labs' Threat Intelligence to Understand Third-Party RiskSurfWatch Labs
 
IT Security Summit 2016
IT Security Summit 2016IT Security Summit 2016
IT Security Summit 2016AGC Conferences - AGC Development Corp
 
Information security
Information securityInformation security
Information securitylinalona515
 
IoT Security
IoT SecurityIoT Security
IoT SecurityTim Groenwals
 
Introduction to ethical hacking
Introduction to ethical hackingIntroduction to ethical hacking
Introduction to ethical hackingAgung Suwandaru
 
Computer network
Computer networkComputer network
Computer networkhajimahsulong
 
Ethical Hacking Tools & Techniques
Ethical Hacking Tools & Techniques Ethical Hacking Tools & Techniques
Ethical Hacking Tools & Techniques begmohsin
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hackingVipinYadav257
 
Data privacy & data governance
Data privacy & data governanceData privacy & data governance
Data privacy & data governancepoojasanghavi
 
Cyber Intelligence Vision Information Sheet 20Nov2013
Cyber Intelligence Vision Information Sheet 20Nov2013Cyber Intelligence Vision Information Sheet 20Nov2013
Cyber Intelligence Vision Information Sheet 20Nov2013Dave Eilken
 
Cybercrime
CybercrimeCybercrime
CybercrimeTouqeerAhmed30
 
Introduction to Ethical Hacking
Introduction to Ethical HackingIntroduction to Ethical Hacking
Introduction to Ethical HackingKevin Chakre
 
ethical hacking
ethical hackingethical hacking
ethical hackingNeelima Bawa
 
Ethical Hacking Overview
Ethical Hacking OverviewEthical Hacking Overview
Ethical Hacking OverviewSubhoneel Datta
 
Types of attacks
Types of attacksTypes of attacks
Types of attacksVivek Gandhi
 
Burns Sheehan Security Event
Burns Sheehan Security EventBurns Sheehan Security Event
Burns Sheehan Security EventBurns Sheehan
 
Unsafe Harbor - Tailoring Encryption to Meet HIPAA and Safe Harbor
Unsafe Harbor - Tailoring Encryption to Meet HIPAA and Safe HarborUnsafe Harbor - Tailoring Encryption to Meet HIPAA and Safe Harbor
Unsafe Harbor - Tailoring Encryption to Meet HIPAA and Safe HarborRay Potter
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hackingGarla Prajwal
 
Etical hacking
Etical hackingEtical hacking
Etical hackingtalhaabid
 
C4I cyber secuirty by Eric Eifert - Keynote 9.pptx
C4I cyber secuirty by Eric Eifert - Keynote 9.pptxC4I cyber secuirty by Eric Eifert - Keynote 9.pptx
C4I cyber secuirty by Eric Eifert - Keynote 9.pptxbakhtinasiriav
 
Lec 1- Intro to cyber security and recommendations
Lec 1- Intro to cyber security and recommendationsLec 1- Intro to cyber security and recommendations
Lec 1- Intro to cyber security and recommendationsBilalMehmood44
 

More Related Content

What's hot

Using SurfWatch Labs' Threat Intelligence to Understand Third-Party Risk
Using SurfWatch Labs' Threat Intelligence to Understand Third-Party RiskUsing SurfWatch Labs' Threat Intelligence to Understand Third-Party Risk
Using SurfWatch Labs' Threat Intelligence to Understand Third-Party RiskSurfWatch Labs
 
Information security
Information securityInformation security
Information securitylinalona515
 
Introduction to ethical hacking
Introduction to ethical hackingIntroduction to ethical hacking
Introduction to ethical hackingAgung Suwandaru
 
Ethical Hacking Tools & Techniques
Ethical Hacking Tools & Techniques Ethical Hacking Tools & Techniques
Ethical Hacking Tools & Techniques begmohsin
 
Data privacy & data governance
Data privacy & data governanceData privacy & data governance
Data privacy & data governancepoojasanghavi
 
Cyber Intelligence Vision Information Sheet 20Nov2013
Cyber Intelligence Vision Information Sheet 20Nov2013Cyber Intelligence Vision Information Sheet 20Nov2013
Cyber Intelligence Vision Information Sheet 20Nov2013Dave Eilken
 
Introduction to Ethical Hacking
Introduction to Ethical HackingIntroduction to Ethical Hacking
Introduction to Ethical HackingKevin Chakre
 
Ethical Hacking Overview
Ethical Hacking OverviewEthical Hacking Overview
Ethical Hacking OverviewSubhoneel Datta
 
Burns Sheehan Security Event
Burns Sheehan Security EventBurns Sheehan Security Event
Burns Sheehan Security EventBurns Sheehan
 
Unsafe Harbor - Tailoring Encryption to Meet HIPAA and Safe Harbor
Unsafe Harbor - Tailoring Encryption to Meet HIPAA and Safe HarborUnsafe Harbor - Tailoring Encryption to Meet HIPAA and Safe Harbor
Unsafe Harbor - Tailoring Encryption to Meet HIPAA and Safe HarborRay Potter
 
Etical hacking
Etical hackingEtical hacking
Etical hackingtalhaabid
 

What's hot (20)

Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
 
Using SurfWatch Labs' Threat Intelligence to Understand Third-Party Risk
Using SurfWatch Labs' Threat Intelligence to Understand Third-Party RiskUsing SurfWatch Labs' Threat Intelligence to Understand Third-Party Risk
Using SurfWatch Labs' Threat Intelligence to Understand Third-Party Risk
 
IT Security Summit 2016
IT Security Summit 2016IT Security Summit 2016
IT Security Summit 2016
 
Information security
Information securityInformation security
Information security
 
IoT Security
IoT SecurityIoT Security
IoT Security
 
Introduction to ethical hacking
Introduction to ethical hackingIntroduction to ethical hacking
Introduction to ethical hacking
 
Computer network
Computer networkComputer network
Computer network
 
Ethical Hacking Tools & Techniques
Ethical Hacking Tools & Techniques Ethical Hacking Tools & Techniques
Ethical Hacking Tools & Techniques
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
 
Data privacy & data governance
Data privacy & data governanceData privacy & data governance
Data privacy & data governance
 
Cyber Intelligence Vision Information Sheet 20Nov2013
Cyber Intelligence Vision Information Sheet 20Nov2013Cyber Intelligence Vision Information Sheet 20Nov2013
Cyber Intelligence Vision Information Sheet 20Nov2013
 
Cybercrime
CybercrimeCybercrime
Cybercrime
 
Introduction to Ethical Hacking
Introduction to Ethical HackingIntroduction to Ethical Hacking
Introduction to Ethical Hacking
 
ethical hacking
ethical hackingethical hacking
ethical hacking
 
Ethical Hacking Overview
Ethical Hacking OverviewEthical Hacking Overview
Ethical Hacking Overview
 
Types of attacks
Types of attacksTypes of attacks
Types of attacks
 
Burns Sheehan Security Event
Burns Sheehan Security EventBurns Sheehan Security Event
Burns Sheehan Security Event
 
Unsafe Harbor - Tailoring Encryption to Meet HIPAA and Safe Harbor
Unsafe Harbor - Tailoring Encryption to Meet HIPAA and Safe HarborUnsafe Harbor - Tailoring Encryption to Meet HIPAA and Safe Harbor
Unsafe Harbor - Tailoring Encryption to Meet HIPAA and Safe Harbor
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
 
Etical hacking
Etical hackingEtical hacking
Etical hacking
 

Similar to 01 Application Security Fundamentals - part 1 - introduction and goals

C4I cyber secuirty by Eric Eifert - Keynote 9.pptx
C4I cyber secuirty by Eric Eifert - Keynote 9.pptxC4I cyber secuirty by Eric Eifert - Keynote 9.pptx
C4I cyber secuirty by Eric Eifert - Keynote 9.pptxbakhtinasiriav
 
Lec 1- Intro to cyber security and recommendations
Lec 1- Intro to cyber security and recommendationsLec 1- Intro to cyber security and recommendations
Lec 1- Intro to cyber security and recommendationsBilalMehmood44
 
Cloud Security.pptx
Cloud Security.pptxCloud Security.pptx
Cloud Security.pptxBinod Rimal
 
Cyber Security and Data Privacy in Information Systems.pptx
Cyber Security and Data Privacy in Information Systems.pptxCyber Security and Data Privacy in Information Systems.pptx
Cyber Security and Data Privacy in Information Systems.pptxRoshni814224
 
Cyber Security Awareness Session for Executives and Non-IT professionals
Cyber Security Awareness Session for Executives and Non-IT professionalsCyber Security Awareness Session for Executives and Non-IT professionals
Cyber Security Awareness Session for Executives and Non-IT professionalsKrishna Srikanth Manda
 
Concept-And-Scope-of-Ethical-Hacking.pptx
Concept-And-Scope-of-Ethical-Hacking.pptxConcept-And-Scope-of-Ethical-Hacking.pptx
Concept-And-Scope-of-Ethical-Hacking.pptxVaibhavYadav297587
 
Concept-And-Scope-of-Ethical-Hacking.pptx
Concept-And-Scope-of-Ethical-Hacking.pptxConcept-And-Scope-of-Ethical-Hacking.pptx
Concept-And-Scope-of-Ethical-Hacking.pptxNarangYadav
 
Cyber security for engg students and diploma
Cyber security for engg students and diplomaCyber security for engg students and diploma
Cyber security for engg students and diplomaDrPraveenKumar37
 
IAEM cybersecurity 101
IAEM cybersecurity 101IAEM cybersecurity 101
IAEM cybersecurity 101Sarah K Miller
 
Current trends in information security โดย ผศ.ดร.ปราโมทย์ กั่วเจริญ
Current trends in information security โดย ผศ.ดร.ปราโมทย์ กั่วเจริญCurrent trends in information security โดย ผศ.ดร.ปราโมทย์ กั่วเจริญ
Current trends in information security โดย ผศ.ดร.ปราโมทย์ กั่วเจริญBAINIDA
 
Security in Computer System
Security in Computer SystemSecurity in Computer System
Security in Computer SystemManesh T
 
Basic Security Concepts of Computer
Basic Security Concepts of ComputerBasic Security Concepts of Computer
Basic Security Concepts of ComputerFaizan Janjua
 
CYBER SECURITY AND ETHICAL HACKING.pptx
CYBER SECURITY AND ETHICAL HACKING.pptxCYBER SECURITY AND ETHICAL HACKING.pptx
CYBER SECURITY AND ETHICAL HACKING.pptxRiyaNair19
 
Cybersecurity - Introduction and Preventive Measures
Cybersecurity - Introduction and Preventive MeasuresCybersecurity - Introduction and Preventive Measures
Cybersecurity - Introduction and Preventive MeasuresAditya Ratnaparkhi
 
Network Security
Network SecurityNetwork Security
Network SecurityManoj Singh
 
Using Technology and People to Improve your Threat Resistance and Cyber Security
Using Technology and People to Improve your Threat Resistance and Cyber SecurityUsing Technology and People to Improve your Threat Resistance and Cyber Security
Using Technology and People to Improve your Threat Resistance and Cyber SecurityStephen Cobb
 
iuvo Technologies Business & IT Leadership Symposium 2019 - Michael Joseph
iuvo Technologies Business & IT Leadership Symposium 2019 - Michael Josephiuvo Technologies Business & IT Leadership Symposium 2019 - Michael Joseph
iuvo Technologies Business & IT Leadership Symposium 2019 - Michael JosephiuvoTechnologies
 

Similar to 01 Application Security Fundamentals - part 1 - introduction and goals (20)

C4I cyber secuirty by Eric Eifert - Keynote 9.pptx
C4I cyber secuirty by Eric Eifert - Keynote 9.pptxC4I cyber secuirty by Eric Eifert - Keynote 9.pptx
C4I cyber secuirty by Eric Eifert - Keynote 9.pptx
 
Lec 1- Intro to cyber security and recommendations
Lec 1- Intro to cyber security and recommendationsLec 1- Intro to cyber security and recommendations
Lec 1- Intro to cyber security and recommendations
 
Cloud Security.pptx
Cloud Security.pptxCloud Security.pptx
Cloud Security.pptx
 
Intrusion in computing
Intrusion in computingIntrusion in computing
Intrusion in computing
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
 
Cyber Security and Data Privacy in Information Systems.pptx
Cyber Security and Data Privacy in Information Systems.pptxCyber Security and Data Privacy in Information Systems.pptx
Cyber Security and Data Privacy in Information Systems.pptx
 
Cyber Security Awareness Session for Executives and Non-IT professionals
Cyber Security Awareness Session for Executives and Non-IT professionalsCyber Security Awareness Session for Executives and Non-IT professionals
Cyber Security Awareness Session for Executives and Non-IT professionals
 
Concept-And-Scope-of-Ethical-Hacking.pptx
Concept-And-Scope-of-Ethical-Hacking.pptxConcept-And-Scope-of-Ethical-Hacking.pptx
Concept-And-Scope-of-Ethical-Hacking.pptx
 
Concept-And-Scope-of-Ethical-Hacking.pptx
Concept-And-Scope-of-Ethical-Hacking.pptxConcept-And-Scope-of-Ethical-Hacking.pptx
Concept-And-Scope-of-Ethical-Hacking.pptx
 
Cyber security for engg students and diploma
Cyber security for engg students and diplomaCyber security for engg students and diploma
Cyber security for engg students and diploma
 
IAEM cybersecurity 101
IAEM cybersecurity 101IAEM cybersecurity 101
IAEM cybersecurity 101
 
Current trends in information security โดย ผศ.ดร.ปราโมทย์ กั่วเจริญ
Current trends in information security โดย ผศ.ดร.ปราโมทย์ กั่วเจริญCurrent trends in information security โดย ผศ.ดร.ปราโมทย์ กั่วเจริญ
Current trends in information security โดย ผศ.ดร.ปราโมทย์ กั่วเจริญ
 
Security in Computer System
Security in Computer SystemSecurity in Computer System
Security in Computer System
 
Basic Security Concepts of Computer
Basic Security Concepts of ComputerBasic Security Concepts of Computer
Basic Security Concepts of Computer
 
Cybersecurity.pptx
Cybersecurity.pptxCybersecurity.pptx
Cybersecurity.pptx
 
CYBER SECURITY AND ETHICAL HACKING.pptx
CYBER SECURITY AND ETHICAL HACKING.pptxCYBER SECURITY AND ETHICAL HACKING.pptx
CYBER SECURITY AND ETHICAL HACKING.pptx
 
Cybersecurity - Introduction and Preventive Measures
Cybersecurity - Introduction and Preventive MeasuresCybersecurity - Introduction and Preventive Measures
Cybersecurity - Introduction and Preventive Measures
 
Network Security
Network SecurityNetwork Security
Network Security
 
Using Technology and People to Improve your Threat Resistance and Cyber Security
Using Technology and People to Improve your Threat Resistance and Cyber SecurityUsing Technology and People to Improve your Threat Resistance and Cyber Security
Using Technology and People to Improve your Threat Resistance and Cyber Security
 
iuvo Technologies Business & IT Leadership Symposium 2019 - Michael Joseph
iuvo Technologies Business & IT Leadership Symposium 2019 - Michael Josephiuvo Technologies Business & IT Leadership Symposium 2019 - Michael Joseph
iuvo Technologies Business & IT Leadership Symposium 2019 - Michael Joseph
 

More from appsec

23 owasp top 10 - resources
23 owasp top 10 - resources23 owasp top 10 - resources
23 owasp top 10 - resourcesappsec
 
15 owasp top 10 - a3-xss
15 owasp top 10 - a3-xss15 owasp top 10 - a3-xss
15 owasp top 10 - a3-xssappsec
 
12 owasp top 10 - introduction
12 owasp top 10 - introduction12 owasp top 10 - introduction
12 owasp top 10 - introductionappsec
 
10 application security fundamentals - part 2 - security mechanisms - encry...
10 application security fundamentals - part 2 - security mechanisms - encry...10 application security fundamentals - part 2 - security mechanisms - encry...
10 application security fundamentals - part 2 - security mechanisms - encry...appsec
 
11 application security fundamentals - part 2 - security mechanisms - summary
11 application security fundamentals - part 2 - security mechanisms - summary11 application security fundamentals - part 2 - security mechanisms - summary
11 application security fundamentals - part 2 - security mechanisms - summaryappsec
 
09 application security fundamentals - part 2 - security mechanisms - logging
09 application security fundamentals - part 2 - security mechanisms - logging09 application security fundamentals - part 2 - security mechanisms - logging
09 application security fundamentals - part 2 - security mechanisms - loggingappsec
 
08 application security fundamentals - part 2 - security mechanisms - error...
08 application security fundamentals - part 2 - security mechanisms - error...08 application security fundamentals - part 2 - security mechanisms - error...
08 application security fundamentals - part 2 - security mechanisms - error...appsec
 
06 application security fundamentals - part 2 - security mechanisms - sessi...
06 application security fundamentals - part 2 - security mechanisms - sessi...06 application security fundamentals - part 2 - security mechanisms - sessi...
06 application security fundamentals - part 2 - security mechanisms - sessi...appsec
 
07 application security fundamentals - part 2 - security mechanisms - data ...
07 application security fundamentals - part 2 - security mechanisms - data ...07 application security fundamentals - part 2 - security mechanisms - data ...
07 application security fundamentals - part 2 - security mechanisms - data ...appsec
 
04 application security fundamentals - part 2 - security mechanisms - authe...
04 application security fundamentals - part 2 - security mechanisms - authe...04 application security fundamentals - part 2 - security mechanisms - authe...
04 application security fundamentals - part 2 - security mechanisms - authe...appsec
 
05 application security fundamentals - part 2 - security mechanisms - autho...
05 application security fundamentals - part 2 - security mechanisms - autho...05 application security fundamentals - part 2 - security mechanisms - autho...
05 application security fundamentals - part 2 - security mechanisms - autho...appsec
 
02 application security fundamentals - part 1 - security priciples
02 application security fundamentals - part 1 - security priciples02 application security fundamentals - part 1 - security priciples
02 application security fundamentals - part 1 - security priciplesappsec
 

More from appsec (12)

23 owasp top 10 - resources
23 owasp top 10 - resources23 owasp top 10 - resources
23 owasp top 10 - resources
 
15 owasp top 10 - a3-xss
15 owasp top 10 - a3-xss15 owasp top 10 - a3-xss
15 owasp top 10 - a3-xss
 
12 owasp top 10 - introduction
12 owasp top 10 - introduction12 owasp top 10 - introduction
12 owasp top 10 - introduction
 
10 application security fundamentals - part 2 - security mechanisms - encry...
10 application security fundamentals - part 2 - security mechanisms - encry...10 application security fundamentals - part 2 - security mechanisms - encry...
10 application security fundamentals - part 2 - security mechanisms - encry...
 
11 application security fundamentals - part 2 - security mechanisms - summary
11 application security fundamentals - part 2 - security mechanisms - summary11 application security fundamentals - part 2 - security mechanisms - summary
11 application security fundamentals - part 2 - security mechanisms - summary
 
09 application security fundamentals - part 2 - security mechanisms - logging
09 application security fundamentals - part 2 - security mechanisms - logging09 application security fundamentals - part 2 - security mechanisms - logging
09 application security fundamentals - part 2 - security mechanisms - logging
 
08 application security fundamentals - part 2 - security mechanisms - error...
08 application security fundamentals - part 2 - security mechanisms - error...08 application security fundamentals - part 2 - security mechanisms - error...
08 application security fundamentals - part 2 - security mechanisms - error...
 
06 application security fundamentals - part 2 - security mechanisms - sessi...
06 application security fundamentals - part 2 - security mechanisms - sessi...06 application security fundamentals - part 2 - security mechanisms - sessi...
06 application security fundamentals - part 2 - security mechanisms - sessi...
 
07 application security fundamentals - part 2 - security mechanisms - data ...
07 application security fundamentals - part 2 - security mechanisms - data ...07 application security fundamentals - part 2 - security mechanisms - data ...
07 application security fundamentals - part 2 - security mechanisms - data ...
 
04 application security fundamentals - part 2 - security mechanisms - authe...
04 application security fundamentals - part 2 - security mechanisms - authe...04 application security fundamentals - part 2 - security mechanisms - authe...
04 application security fundamentals - part 2 - security mechanisms - authe...
 
05 application security fundamentals - part 2 - security mechanisms - autho...
05 application security fundamentals - part 2 - security mechanisms - autho...05 application security fundamentals - part 2 - security mechanisms - autho...
05 application security fundamentals - part 2 - security mechanisms - autho...
 
02 application security fundamentals - part 1 - security priciples
02 application security fundamentals - part 1 - security priciples02 application security fundamentals - part 1 - security priciples
02 application security fundamentals - part 1 - security priciples
 

Recently uploaded

Elevate Your Business with Our IT Expertise in New Orleans
Elevate Your Business with Our IT Expertise in New OrleansElevate Your Business with Our IT Expertise in New Orleans
Elevate Your Business with Our IT Expertise in New Orleanscorenetworkseo
 
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一Fs
 
PHP-based rendering of TYPO3 Documentation
PHP-based rendering of TYPO3 DocumentationPHP-based rendering of TYPO3 Documentation
PHP-based rendering of TYPO3 DocumentationLinaWolf1
 
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170Sonam Pathan
 
定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一
定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一
定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一Fs
 
Top 10 Interactive Website Design Trends in 2024.pptx
Top 10 Interactive Website Design Trends in 2024.pptxTop 10 Interactive Website Design Trends in 2024.pptx
Top 10 Interactive Website Design Trends in 2024.pptxDyna Gilbert
 
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一Fs
 
『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书
『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书
『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书rnrncn29
 
Font Performance - NYC WebPerf Meetup April '24
Font Performance - NYC WebPerf Meetup April '24Font Performance - NYC WebPerf Meetup April '24
Font Performance - NYC WebPerf Meetup April '24Paul Calvano
 
Film cover research (1).pptxsdasdasdasdasdasa
Film cover research (1).pptxsdasdasdasdasdasaFilm cover research (1).pptxsdasdasdasdasdasa
Film cover research (1).pptxsdasdasdasdasdasa494f574xmv
 
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)Christopher H Felton
 
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一z xss
 
Q4-1-Illustrating-Hypothesis-Testing.pptx
Q4-1-Illustrating-Hypothesis-Testing.pptxQ4-1-Illustrating-Hypothesis-Testing.pptx
Q4-1-Illustrating-Hypothesis-Testing.pptxeditsforyah
 
Blepharitis inflammation of eyelid symptoms cause everything included along w...
Blepharitis inflammation of eyelid symptoms cause everything included along w...Blepharitis inflammation of eyelid symptoms cause everything included along w...
Blepharitis inflammation of eyelid symptoms cause everything included along w...Excelmac1
 
『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书
『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书
『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书rnrncn29
 
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)Dana Luther
 
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作ys8omjxb
 

Recently uploaded (20)

Elevate Your Business with Our IT Expertise in New Orleans
Elevate Your Business with Our IT Expertise in New OrleansElevate Your Business with Our IT Expertise in New Orleans
Elevate Your Business with Our IT Expertise in New Orleans
 
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一
 
PHP-based rendering of TYPO3 Documentation
PHP-based rendering of TYPO3 DocumentationPHP-based rendering of TYPO3 Documentation
PHP-based rendering of TYPO3 Documentation
 
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170
 
定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一
定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一
定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一
 
Top 10 Interactive Website Design Trends in 2024.pptx
Top 10 Interactive Website Design Trends in 2024.pptxTop 10 Interactive Website Design Trends in 2024.pptx
Top 10 Interactive Website Design Trends in 2024.pptx
 
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一
 
『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书
『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书
『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书
 
Model Call Girl in Jamuna Vihar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Jamuna Vihar Delhi reach out to us at 🔝9953056974🔝Model Call Girl in Jamuna Vihar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Jamuna Vihar Delhi reach out to us at 🔝9953056974🔝
 
Font Performance - NYC WebPerf Meetup April '24
Font Performance - NYC WebPerf Meetup April '24Font Performance - NYC WebPerf Meetup April '24
Font Performance - NYC WebPerf Meetup April '24
 
Film cover research (1).pptxsdasdasdasdasdasa
Film cover research (1).pptxsdasdasdasdasdasaFilm cover research (1).pptxsdasdasdasdasdasa
Film cover research (1).pptxsdasdasdasdasdasa
 
Hot Sexy call girls in Rk Puram 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Rk Puram 🔝 9953056974 🔝 Delhi escort ServiceHot Sexy call girls in Rk Puram 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Rk Puram 🔝 9953056974 🔝 Delhi escort Service
 
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)
 
young call girls in Uttam Nagar🔝 9953056974 🔝 Delhi escort Service
young call girls in Uttam Nagar🔝 9953056974 🔝 Delhi escort Serviceyoung call girls in Uttam Nagar🔝 9953056974 🔝 Delhi escort Service
young call girls in Uttam Nagar🔝 9953056974 🔝 Delhi escort Service
 
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
 
Q4-1-Illustrating-Hypothesis-Testing.pptx
Q4-1-Illustrating-Hypothesis-Testing.pptxQ4-1-Illustrating-Hypothesis-Testing.pptx
Q4-1-Illustrating-Hypothesis-Testing.pptx
 
Blepharitis inflammation of eyelid symptoms cause everything included along w...
Blepharitis inflammation of eyelid symptoms cause everything included along w...Blepharitis inflammation of eyelid symptoms cause everything included along w...
Blepharitis inflammation of eyelid symptoms cause everything included along w...
 
『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书
『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书
『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书
 
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)
 
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作
 

01 Application Security Fundamentals - part 1 - introduction and goals

  • 2. Agenda PART 1  The Threats  Goals and Principles of Application Security PART 2  Security Mechanisms
  • 3. Application Security Threats Script Kiddie • Leveraging tools and exploits created by others • Hacking by pushing the big red shiny button Hacktivist • Hacker with a cause • Denial of service, site defacement Hacker • Malicious and non-malicious • Because they can Cyber Criminal • Different levels of sophistication • Scams, information theft, fraud Advanced Persistent Threat • Extremely sophisticated attackers; nation-states • Low & slow, information theft, espionage
  • 4. Application Security Goals onfidentiality ntegrity vailability Information is only available to those who should have access Data is known to be correct and trusted Information is available for use by legitimate users when it is needed
  • 5. Application Security Hierarchy guiding concepts that aid in making security decisions Confidentiality Integrity Availability Goals Mechanisms Principles secure coding techniques