Your SlideShare is downloading. ×
0
Web app security
Web app security
Web app security
Web app security
Web app security
Web app security
Web app security
Web app security
Web app security
Web app security
Web app security
Web app security
Web app security
Web app security
Web app security
Web app security
Web app security
Web app security
Web app security
Web app security
Web app security
Web app security
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Web app security

312

Published on

Published in: Technology
1 Comment
0 Likes
Statistics
Notes
  • Be the first to like this

No Downloads
Views
Total Views
312
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
10
Comments
1
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide
  • http://designingwebinterfaces.com/designing-web-interfaces-12-screen-patterns
  • http://www.owasp.org/index.php/Category:OWASP_Top_Ten_ProjectThe OWASP Top 10 Web Application Security Risks for 2010 are:A1: InjectionA2: Cross-Site Scripting (XSS)A3: Broken Authentication and Session ManagementA4: Insecure Direct Object ReferencesA5: Cross-Site Request Forgery (CSRF)A6: Security MisconfigurationA7: Insecure Cryptographic StorageA8: Failure to Restrict URL AccessA9: Insufficient Transport Layer ProtectionA10: Unvalidated Redirects and Forwards
  • Transcript

    • 1. Secure Java Coding Practices Araf Karsh Hamid June, 2006
    • 2. Rich Internet Applications History Architecture Nothing New Security Threats, Vulnerabilities & Defense Web Application Firewalls Web Application Security Concerns Secure Java Coding Practices Agenda
    • 3. Rich Internet Apps – History
    • 4. AJAX Vs. Traditional Web Applications Rich Internet Apps
    • 5. Security Threats, Vulnerabilities & Defense Web Application Firewalls Web Application Security Concerns Security
    • 6. Threats, Vulnerabilities & Defense
    • 7. Web Security Web Application Firewalls
    • 8. Web Application Security & Secure Java Coding Practices
    • 9. 1. Unvalidated Inputs 2. Cross-Site Scripting (XSS) 3. Injection Flaws 4. Improper Error Handling 5. Broken Authentication and Session Management 6. Insecure Direct Object References 7. Cross-Site Request Forgery (CSRF) 8. Security Misconfiguration 9. Insecure Cryptographic Storage 10. Failure to Restrict URL Access 11. Insufficient Transport Layer Protection Top 10 Web Vulnerabilities
    • 10. Attacker can change any value of the input submitted to the Web Server Re-validate all the inputs at the server Take only the necessary information (user input) from a for submission Un-validated Input
    • 11. Un-validated Input (Problem)
    • 12. Unvalidated Input (Fixed)
    • 13. Attacker Injects code into the input data Hide malicious code with Unicode Counter measures Input validations Input length check Cross Site Scripting
    • 14. Cross Site Scripting (Problem)
    • 15. Cross Site Scripting (Fixed)
    • 16. Attacker Can inject System commands Can inject other SQL Can override access checks Examples Add more commands “; select * from users;” Override access “’ OR 1=1;” Counter Measures Use prepared statements in SQL Run with limited privileges Filter / validate the input SQL Injection
    • 17. SQL Injection (Problem)
    • 18. SQL Injection (Fixed)
    • 19. Attacker Gets system information Gets Database information Examples Stack (Thread) Traces Database dump Counter Measures Sanitize the error message Avoid sending stack traces to end user. Customize error pages (HTTP errors 404 etc) Improper Error Handling
    • 20. Improper Error Handling (Problem)
    • 21. Improper Error Handling (Fixed)
    • 22. araf.karsh@gmail.com Questions?

    ×