Sharing our agency experience of developing secure web applications for some of the UK's leading high street banks and brands with a focus on the pitfalls you face when developing code in PHP. The talk will contain specific details on the many attack vectors that hackers will use to attempt to access and exploit your site and how you can improve your development process to avoid them.
Topics covered will include some old chestnuts like XSS (Cross Site Scripting) and SQL injection through to issues like aSession Hijacking.
The talk is aimed at developers who have perhaps not truly considered security of their applications before to developers who would like to extend their knowledge. The talk is aimed at software developers and will contain practical code-based examples and solutions.
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
OWASP Top 10 Web Security Risks Explained
1. Are you feeling secure – notes from the trenches Paul Lemon @anthonylime http://joind.in/3603
2.
3. “ The problem of insecure software is perhaps the most important technical challenge of our time.” – OWASP Testing Guide Introduction. Photo courtesy http://www.flickr.com/photos/katescars/
18. XSS Potential Exploits - Theft of session cookies - Insertion of content / forms etc - Redirection to malicious sites - Insertion of trojan downloads / keyloggers etc.
19.
20.
21.
22.
23. XSS – Trust zones Trusted Not Trusted API Database Web application Browser
24. XSS – Trust zones Trusted Not Trusted API Database Your application should be modular too Web application Browser
38. Session Exploits Man in the middle attacks User logs in… Session Id - Cookie HTTP POST Web application Username / Password
39. Session Exploits Man in the middle attacks User logs in… Session Id - Cookie HTTP POST Ahoy! Web application Username / Password
40. Session Exploits Man in the middle attacks Username / Password User logs in… Session Id - Cookie HTTP S POST Web application
41.
42. Session Exploits Man in the middle attacks User visits a non-secure page Resource downloaded HTTP GET Session Id - Cookie Web application Username / Password User logs in… Session Id - Cookie HTTP S POST Web application
43. Session Exploits Man in the middle attacks User visits a non-secure page Resource downloaded HTTP GET Session Id - Cookie Web application Username / Password User logs in… Session Id - Cookie HTTP S POST Web application
47. Session Exploits Man in the middle attacks User visits a non-secure page Resource downloaded HTTP GET Web application Username / Password User logs in… Session Id - Cookie HTTP S POST Web application
48. Session Exploits Man in the middle attacks User visits a non-secure page Resource downloaded HTTP GET Curses! Web application Username / Password User logs in… Session Id - Cookie HTTP S POST Web application
49.
50. Session Exploits Username / Password User logs in… Session Id – Cookie SECURE HTTP S POST Open Zone of Web application User visits a non-secure page Resource downloaded HTTP GET Session Id Extra Auth – Cookie SECURE Web application
51. Session Exploits Username / Password User logs in… Session Id – Cookie SECURE HTTP S POST Secure Zone of Web application User visits a non-secure page Response HTTP S GET/POST/PUT Session Id Extra Auth – Cookie SECURE Extra Auth – Cookie Web application
59. Are you feeling secure – notes from the trenches Paul Lemon @anthonylime – paul.lemon@gmail.com http://joind.in/3603
Editor's Notes
Still occurs in 2011 alone wikipedia lists 8 real world examples Sony Nokia’s Developer Site NetNames DNS records and changed entries redirecting users (of Betfair (Online Gambling), The Telegraph, The Register, The National Geographic, UPS, Acer, Vodafone.com)
Still occurs in 2011 alone wikipedia lists 8 real world examples Sony Nokia’s Developer Site NetNames DNS records and changed entries redirecting users (of Betfair (Online Gambling), The Telegraph, The Register, The National Geographic, UPS, Acer, Vodafone.com)
Still occurs in 2011 alone wikipedia lists 8 real world examples Sony Nokia’s Developer Site NetNames DNS records and changed entries redirecting users (of Betfair (Online Gambling), The Telegraph, The Register, The National Geographic, UPS, Acer, Vodafone.com)
Still occurs in 2011 alone wikipedia lists 8 real world examples Sony Nokia’s Developer Site NetNames DNS records and changed entries redirecting users (of Betfair (Online Gambling), The Telegraph, The Register, The National Geographic, UPS, Acer, Vodafone.com)
Still occurs in 2011 alone wikipedia lists 8 real world examples Sony Nokia’s Developer Site NetNames DNS records and changed entries redirecting users (of Betfair (Online Gambling), The Telegraph, The Register, The National Geographic, UPS, Acer, Vodafone.com)
Still occurs in 2011 alone wikipedia lists 8 real world examples Sony Nokia’s Developer Site NetNames DNS records and changed entries redirecting users (of Betfair (Online Gambling), The Telegraph, The Register, The National Geographic, UPS, Acer, Vodafone.com)
Still occurs in 2011 alone wikipedia lists 8 real world examples Sony Nokia’s Developer Site NetNames DNS records and changed entries redirecting users (of Betfair (Online Gambling), The Telegraph, The Register, The National Geographic, UPS, Acer, Vodafone.com)
Still occurs in 2011 alone wikipedia lists 8 real world examples Sony Nokia’s Developer Site NetNames DNS records and changed entries redirecting users (of Betfair (Online Gambling), The Telegraph, The Register, The National Geographic, UPS, Acer, Vodafone.com)
Still occurs in 2011 alone wikipedia lists 8 real world examples Sony Nokia’s Developer Site NetNames DNS records and changed entries redirecting users (of Betfair (Online Gambling), The Telegraph, The Register, The National Geographic, UPS, Acer, Vodafone.com)
Still occurs in 2011 alone wikipedia lists 8 real world examples Sony Nokia’s Developer Site NetNames DNS records and changed entries redirecting users (of Betfair (Online Gambling), The Telegraph, The Register, The National Geographic, UPS, Acer, Vodafone.com)
Still occurs in 2011 alone wikipedia lists 8 real world examples Sony Nokia’s Developer Site NetNames DNS records and changed entries redirecting users (of Betfair (Online Gambling), The Telegraph, The Register, The National Geographic, UPS, Acer, Vodafone.com)
Still occurs in 2011 alone wikipedia lists 8 real world examples Sony Nokia’s Developer Site NetNames DNS records and changed entries redirecting users (of Betfair (Online Gambling), The Telegraph, The Register, The National Geographic, UPS, Acer, Vodafone.com)
Still occurs in 2011 alone wikipedia lists 8 real world examples Sony Nokia’s Developer Site NetNames DNS records and changed entries redirecting users (of Betfair (Online Gambling), The Telegraph, The Register, The National Geographic, UPS, Acer, Vodafone.com)
Still occurs in 2011 alone wikipedia lists 8 real world examples Sony Nokia’s Developer Site NetNames DNS records and changed entries redirecting users (of Betfair (Online Gambling), The Telegraph, The Register, The National Geographic, UPS, Acer, Vodafone.com)
Still occurs in 2011 alone wikipedia lists 8 real world examples Sony Nokia’s Developer Site NetNames DNS records and changed entries redirecting users (of Betfair (Online Gambling), The Telegraph, The Register, The National Geographic, UPS, Acer, Vodafone.com)
Still occurs in 2011 alone wikipedia lists 8 real world examples Sony Nokia’s Developer Site NetNames DNS records and changed entries redirecting users (of Betfair (Online Gambling), The Telegraph, The Register, The National Geographic, UPS, Acer, Vodafone.com)
Still occurs in 2011 alone wikipedia lists 8 real world examples Sony Nokia’s Developer Site NetNames DNS records and changed entries redirecting users (of Betfair (Online Gambling), The Telegraph, The Register, The National Geographic, UPS, Acer, Vodafone.com)
Still occurs in 2011 alone wikipedia lists 8 real world examples Sony Nokia’s Developer Site NetNames DNS records and changed entries redirecting users (of Betfair (Online Gambling), The Telegraph, The Register, The National Geographic, UPS, Acer, Vodafone.com)
Still occurs in 2011 alone wikipedia lists 8 real world examples Sony Nokia’s Developer Site NetNames DNS records and changed entries redirecting users (of Betfair (Online Gambling), The Telegraph, The Register, The National Geographic, UPS, Acer, Vodafone.com)
Still occurs in 2011 alone wikipedia lists 8 real world examples Sony Nokia’s Developer Site NetNames DNS records and changed entries redirecting users (of Betfair (Online Gambling), The Telegraph, The Register, The National Geographic, UPS, Acer, Vodafone.com)
Still occurs in 2011 alone wikipedia lists 8 real world examples Sony Nokia’s Developer Site NetNames DNS records and changed entries redirecting users (of Betfair (Online Gambling), The Telegraph, The Register, The National Geographic, UPS, Acer, Vodafone.com)
Still occurs in 2011 alone wikipedia lists 8 real world examples Sony Nokia’s Developer Site NetNames DNS records and changed entries redirecting users (of Betfair (Online Gambling), The Telegraph, The Register, The National Geographic, UPS, Acer, Vodafone.com)
Still occurs in 2011 alone wikipedia lists 8 real world examples Sony Nokia’s Developer Site NetNames DNS records and changed entries redirecting users (of Betfair (Online Gambling), The Telegraph, The Register, The National Geographic, UPS, Acer, Vodafone.com)
Still occurs in 2011 alone wikipedia lists 8 real world examples Sony Nokia’s Developer Site NetNames DNS records and changed entries redirecting users (of Betfair (Online Gambling), The Telegraph, The Register, The National Geographic, UPS, Acer, Vodafone.com)
Still occurs in 2011 alone wikipedia lists 8 real world examples Sony Nokia’s Developer Site NetNames DNS records and changed entries redirecting users (of Betfair (Online Gambling), The Telegraph, The Register, The National Geographic, UPS, Acer, Vodafone.com)
Still occurs in 2011 alone wikipedia lists 8 real world examples Sony Nokia’s Developer Site NetNames DNS records and changed entries redirecting users (of Betfair (Online Gambling), The Telegraph, The Register, The National Geographic, UPS, Acer, Vodafone.com)
Still occurs in 2011 alone wikipedia lists 8 real world examples Sony Nokia’s Developer Site NetNames DNS records and changed entries redirecting users (of Betfair (Online Gambling), The Telegraph, The Register, The National Geographic, UPS, Acer, Vodafone.com)
Still occurs in 2011 alone wikipedia lists 8 real world examples Sony Nokia’s Developer Site NetNames DNS records and changed entries redirecting users (of Betfair (Online Gambling), The Telegraph, The Register, The National Geographic, UPS, Acer, Vodafone.com)
Still occurs in 2011 alone wikipedia lists 8 real world examples Sony Nokia’s Developer Site NetNames DNS records and changed entries redirecting users (of Betfair (Online Gambling), The Telegraph, The Register, The National Geographic, UPS, Acer, Vodafone.com)
Still occurs in 2011 alone wikipedia lists 8 real world examples Sony Nokia’s Developer Site NetNames DNS records and changed entries redirecting users (of Betfair (Online Gambling), The Telegraph, The Register, The National Geographic, UPS, Acer, Vodafone.com)
Still occurs in 2011 alone wikipedia lists 8 real world examples Sony Nokia’s Developer Site NetNames DNS records and changed entries redirecting users (of Betfair (Online Gambling), The Telegraph, The Register, The National Geographic, UPS, Acer, Vodafone.com)
Still occurs in 2011 alone wikipedia lists 8 real world examples Sony Nokia’s Developer Site NetNames DNS records and changed entries redirecting users (of Betfair (Online Gambling), The Telegraph, The Register, The National Geographic, UPS, Acer, Vodafone.com)
Still occurs in 2011 alone wikipedia lists 8 real world examples Sony Nokia’s Developer Site NetNames DNS records and changed entries redirecting users (of Betfair (Online Gambling), The Telegraph, The Register, The National Geographic, UPS, Acer, Vodafone.com)
Still occurs in 2011 alone wikipedia lists 8 real world examples Sony Nokia’s Developer Site NetNames DNS records and changed entries redirecting users (of Betfair (Online Gambling), The Telegraph, The Register, The National Geographic, UPS, Acer, Vodafone.com)
Still occurs in 2011 alone wikipedia lists 8 real world examples Sony Nokia’s Developer Site NetNames DNS records and changed entries redirecting users (of Betfair (Online Gambling), The Telegraph, The Register, The National Geographic, UPS, Acer, Vodafone.com)
Still occurs in 2011 alone wikipedia lists 8 real world examples Sony Nokia’s Developer Site NetNames DNS records and changed entries redirecting users (of Betfair (Online Gambling), The Telegraph, The Register, The National Geographic, UPS, Acer, Vodafone.com)
Still occurs in 2011 alone wikipedia lists 8 real world examples Sony Nokia’s Developer Site NetNames DNS records and changed entries redirecting users (of Betfair (Online Gambling), The Telegraph, The Register, The National Geographic, UPS, Acer, Vodafone.com)
Still occurs in 2011 alone wikipedia lists 8 real world examples Sony Nokia’s Developer Site NetNames DNS records and changed entries redirecting users (of Betfair (Online Gambling), The Telegraph, The Register, The National Geographic, UPS, Acer, Vodafone.com)
Still occurs in 2011 alone wikipedia lists 8 real world examples Sony Nokia’s Developer Site NetNames DNS records and changed entries redirecting users (of Betfair (Online Gambling), The Telegraph, The Register, The National Geographic, UPS, Acer, Vodafone.com)
Still occurs in 2011 alone wikipedia lists 8 real world examples Sony Nokia’s Developer Site NetNames DNS records and changed entries redirecting users (of Betfair (Online Gambling), The Telegraph, The Register, The National Geographic, UPS, Acer, Vodafone.com)
Still occurs in 2011 alone wikipedia lists 8 real world examples Sony Nokia’s Developer Site NetNames DNS records and changed entries redirecting users (of Betfair (Online Gambling), The Telegraph, The Register, The National Geographic, UPS, Acer, Vodafone.com)
Still occurs in 2011 alone wikipedia lists 8 real world examples Sony Nokia’s Developer Site NetNames DNS records and changed entries redirecting users (of Betfair (Online Gambling), The Telegraph, The Register, The National Geographic, UPS, Acer, Vodafone.com)