Prabath Siriwardena, profile picture
Uploaded byPrabath Siriwardena
984 views

Open Source for Cyber Security

The document discusses the principles and freedoms associated with free/open source software (FOSS), highlighting the rights of users to run, study, modify, and redistribute the software. It emphasizes the importance of licensing that allows for source code access and the ability to improve and share modifications while maintaining the integrity of the original author's work. Additionally, the document mentions various tools and security considerations related to open-source software.

Embed presentation

Downloaded 27 times
Prabath Siriwardena Software Architect & Senior manager, WSO2
Free/Open  Source  Software,  or  FOSS,  is  software   that  is  liberally  licensed  to  grant  users  the  right   to  study,  change  and  improve  its  design  since  its   source  code  is  made  available  
  ¡  The  freedom  to  run  the  program  for  any  purpose   ¡  The  freedom  to  study  and  modify  the  program   ¡  The  freedom  to  copy  the  program  so  you  can  help   your  neighbor   ¡   The  freedom  to  improve  the  program  and  release   your  improvements  to  the  public,  so  that  the   whole  community  benefit  
  ¡   The  license  should  not  prohibit  free  redistribution   ¡   The  program  must  include  source  code  and  must  allow  distribution  in   source  code  as  well  as  compiled  form   ¡   The  license  must  allow  modifications  and  derived  works,  and  must  allow   them  to  be  distributed  under  the  same  terms  as  the  license  of  the  original   software   ¡  The  integrity  of  the  author’s  source  code  and  reputation  must  be   maintained  by  requiring  derived  works  to  carry  a  different  name  or  version   number  from  the  original  software   ¡  The  license  must  not  discriminate  against  any  person  or  group  of  persons  
    ¡  The  license  must  not  restrict  anyone  from  making  use  of  the  program  in  a   specific  field  of  endeavor   ¡  The  rights  attached  to  the  program  must  apply  to  all  to  whom  the  program   is  redistributed,  without  the  need  for  execution  of  an  additional  license  by   those  parties   ¡  The  rights  attached  to  the  program  must  not  depend  on  the  program  being   part  of  a  particular  software  distribution   ¡  The  license  must  not  place  restrictions  on  other  software  that  is  distributed   along  with  the  licensed  software   ¡  No  provision  of  the  license  may  be  predicated  on  any  individual  technology   or  style  of  interface  
http://news.netcraft.com/archives/2011/01/12/january-­‐2011-­‐web-­‐server-­‐survey-­‐4.html  
http://www.securityspace.com/s_survey/data/man.201007/mxsurvey.html  
http://en.wikipedia.org/wiki/Usage_share_of_web_browsers  
  Lot’s  of  eye  balls  
  Lot’s  of  [Expert]  eye  balls  
  Lot’s  of  [Expert]  eye  balls       XML  signature  HMAC  truncation  authentication  bypass     DTD  based  XML  attacks    XML  Signature  Wrapping  Attack   The  Java  security  bug   Double.parseDouble("2.2250738585072012e-­‐308");  
  Money  can’t  buy  the  best  evaluation  
  Money  c   an’t  buy  the  best  evaluation     AES         IPSec   PPTP  
  ¡  Absence  of  meticulous  evaluation     ¡  Spurious  open  source   ¡  Lack  of  sponsorship   ¡  Lack  of  proper  documentation  
  ¡  Nessus   ¡  Snort   ¡  Nagios   ¡  SpamAssasssin   ¡  ClamAV   ¡  OpenSSL   ¡  OpenSSH   ¡  Ossec  HIDS   ¡  Wireshark  
Open Source for Cyber Security

More Related Content

PPTX
Standards and methodology for application security assessment
byMykhailo Antonishyn
 
PPTX
Pentesting Android Apps
byAbdelhamid Limami
 
PPTX
Web application Security tools
byNico Penaredondo
 
PPTX
4 . future uni presentation
byRashid Khatmey
 
PDF
Mobile Application Pentest [Fast-Track]
byPrathan Phongthiproek
 
PDF
Understanding Open Source
byJody Garnett
 
PPTX
Mobile security services 2012
byTjylen Veselyj
 
PDF
Security-testing presentation
byEzhilan Elangovan (Eril)
 
Standards and methodology for application security assessment
byMykhailo Antonishyn
 
Pentesting Android Apps
byAbdelhamid Limami
 
Web application Security tools
byNico Penaredondo
 
4 . future uni presentation
byRashid Khatmey
 
Mobile Application Pentest [Fast-Track]
byPrathan Phongthiproek
 
Understanding Open Source
byJody Garnett
 
Mobile security services 2012
byTjylen Veselyj
 
Security-testing presentation
byEzhilan Elangovan (Eril)
 

What's hot

PPTX
security misconfigurations
byMegha Sahu
 
PDF
Android application security testing
byMykhailo Antonishyn
 
PPTX
Android pen test basics
byOWASPKerala
 
PDF
Domain Driven Security at Internetdagarna-2014
byDan BerghJohnsson
 
PPTX
Owasp A9 USING KNOWN VULNERABLE COMPONENTS IT 6873 presentation
byDerrick Hunter
 
PPTX
Android security
byMobile Rtpl
 
PPS
Security testing
byTabăra de Testare
 
PPTX
Cloud Security vs Security in the Cloud
byTjylen Veselyj
 
PDF
Web Application Security 101
byCybersecurity Education and Research Centre
 
PDF
Understanding The Known: OWASP A9 Using Components With Known Vulnerabilities
byAnant Shrivastava
 
PPT
Ch08 Microsoft Operating System Vulnerabilities
byphanleson
 
PPTX
Pentesting Android Applications
byCláudio André
 
PPTX
Security hole #5 application security science or quality assurance
byTjylen Veselyj
 
PDF
A5-Security misconfiguration-OWASP 2013
bySorina Chirilă
 
PDF
Web Application Security 101 - 03 Web Security Toolkit
byWebsecurify
 
PPTX
Security Testing
byQualitest
 
PPTX
Security misconfiguration
byMicho Hayek
 
PPT
OWASP Serbia - A6 security misconfiguration
byNikola Milosevic
 
PDF
Oh, WASP! Security Essentials for Web Apps
byTechWell
 
PDF
Pentesting Mobile Applications (Prashant Verma)
byClubHack
 
security misconfigurations
byMegha Sahu
 
Android application security testing
byMykhailo Antonishyn
 
Android pen test basics
byOWASPKerala
 
Domain Driven Security at Internetdagarna-2014
byDan BerghJohnsson
 
Owasp A9 USING KNOWN VULNERABLE COMPONENTS IT 6873 presentation
byDerrick Hunter
 
Android security
byMobile Rtpl
 
Security testing
byTabăra de Testare
 
Cloud Security vs Security in the Cloud
byTjylen Veselyj
 
Web Application Security 101
byCybersecurity Education and Research Centre
 
Understanding The Known: OWASP A9 Using Components With Known Vulnerabilities
byAnant Shrivastava
 
Ch08 Microsoft Operating System Vulnerabilities
byphanleson
 
Pentesting Android Applications
byCláudio André
 
Security hole #5 application security science or quality assurance
byTjylen Veselyj
 
A5-Security misconfiguration-OWASP 2013
bySorina Chirilă
 
Web Application Security 101 - 03 Web Security Toolkit
byWebsecurify
 
Security Testing
byQualitest
 
Security misconfiguration
byMicho Hayek
 
OWASP Serbia - A6 security misconfiguration
byNikola Milosevic
 
Oh, WASP! Security Essentials for Web Apps
byTechWell
 
Pentesting Mobile Applications (Prashant Verma)
byClubHack
 

Viewers also liked

PPTX
Open source security
bylrigknat
 
PDF
(In)security in Open Source
byShane Coughlan
 
PPTX
Open Source and Cyber Security: Open Source Software's Role in Government Cyb...
byGreat Wide Open
 
ODP
Open Source Software (OSS/FLOSS) and Security
byJoshua L. Davis
 
PDF
Web Summit 2015 - Enterprise stage - Cloud, Open-Source, Security
byDiogo Mónica
 
PDF
Application Security in the Age of Open Source
byBlack Duck by Synopsys
 
PPTX
Open Source Security
bySander Temme
 
PDF
Open Source in Application Security
byBlack Duck by Synopsys
 
PPTX
RFID security ppt
bySandeep Singh
 
PPT
Power Point Presentation on Open Source Software
byopensourceacademy
 
PPT
Open Source Software Presentation
byHenry Briggs
 
PPT
Open source technology
byaparnaz1
 
PPTX
OPEN SOURCE SEMINAR PRESENTATION
byRitwick Halder
 
PPT
Open Source Technology
bypriyadharshini murugan
 
Open source security
bylrigknat
 
(In)security in Open Source
byShane Coughlan
 
Open Source and Cyber Security: Open Source Software's Role in Government Cyb...
byGreat Wide Open
 
Open Source Software (OSS/FLOSS) and Security
byJoshua L. Davis
 
Web Summit 2015 - Enterprise stage - Cloud, Open-Source, Security
byDiogo Mónica
 
Application Security in the Age of Open Source
byBlack Duck by Synopsys
 
Open Source Security
bySander Temme
 
Open Source in Application Security
byBlack Duck by Synopsys
 
RFID security ppt
bySandeep Singh
 
Power Point Presentation on Open Source Software
byopensourceacademy
 
Open Source Software Presentation
byHenry Briggs
 
Open source technology
byaparnaz1
 
OPEN SOURCE SEMINAR PRESENTATION
byRitwick Halder
 
Open Source Technology
bypriyadharshini murugan
 

Similar to Open Source for Cyber Security

PPT
Discuss open sourcelicensing
byJohn Carlo Catacutan
 
DOC
Report presentation
byZul Mazlan
 
PDF
Free Libre Open Source Software - Business aspects of software industry
byFrederik Questier
 
DOC
Student x
byguesta20cea
 
PPTX
Open source presentation_v03
bySergi Torrellas
 
PDF
Foss for students
byNAILBITER
 
PPT
JISC Webinar - An introduction to free and open source software
byJisc
 
PDF
FOSS-intro-with-license
byFOSS User Project
 
PDF
Free Libre Open Source Software - Business Aspects of Software Industry
byFrederik Questier
 
PDF
FITT Toolbox: Open Source Business Case
byFITT
 
PPT
Open source software vs proprietary software
byLavan1997
 
PPTX
OPEN SOURCE SOFTWARE
bySarvesh Maurya
 
PDF
Tiếng Anh công nghệ thông tin VHU Tuần 5
byHunhBnhAn
 
PPT
Open source movement khalid-revised feb 2012
byKhalid Mahmood
 
PPT
Open Source Presentation To Portal Partners2
byViet NguyenHoang
 
PPT
Open Source in the Enterprise: Compliance and Risk Management
bySebastiano Cobianco
 
PDF
Open Source In Education
byDom Cimafranca
 
PDF
Open source . . . Open Road
byMazen Elsayed
 
PDF
IPO Presentation 2012
bytheosss
 
PDF
Introduction to FOSS
bymgamal87
 
Discuss open sourcelicensing
byJohn Carlo Catacutan
 
Report presentation
byZul Mazlan
 
Free Libre Open Source Software - Business aspects of software industry
byFrederik Questier
 
Student x
byguesta20cea
 
Open source presentation_v03
bySergi Torrellas
 
Foss for students
byNAILBITER
 
JISC Webinar - An introduction to free and open source software
byJisc
 
FOSS-intro-with-license
byFOSS User Project
 
Free Libre Open Source Software - Business Aspects of Software Industry
byFrederik Questier
 
FITT Toolbox: Open Source Business Case
byFITT
 
Open source software vs proprietary software
byLavan1997
 
OPEN SOURCE SOFTWARE
bySarvesh Maurya
 
Tiếng Anh công nghệ thông tin VHU Tuần 5
byHunhBnhAn
 
Open source movement khalid-revised feb 2012
byKhalid Mahmood
 
Open Source Presentation To Portal Partners2
byViet NguyenHoang
 
Open Source in the Enterprise: Compliance and Risk Management
bySebastiano Cobianco
 
Open Source In Education
byDom Cimafranca
 
Open source . . . Open Road
byMazen Elsayed
 
IPO Presentation 2012
bytheosss
 
Introduction to FOSS
bymgamal87
 

More from Prabath Siriwardena

PDF
Microservices Security Landscape
byPrabath Siriwardena
 
PDF
Cloud Native Identity with SPIFFE
byPrabath Siriwardena
 
PDF
API Security Best Practices & Guidelines
byPrabath Siriwardena
 
PDF
Identity is Eating the World!
byPrabath Siriwardena
 
PPTX
Microservices Security Landscape
byPrabath Siriwardena
 
PPTX
OAuth 2.0 Threat Landscape
byPrabath Siriwardena
 
PDF
GDPR for Identity Architects
byPrabath Siriwardena
 
PDF
Blockchain-based Solutions for Identity & Access Management
byPrabath Siriwardena
 
PDF
OAuth 2.0 Threat Landscapes
byPrabath Siriwardena
 
PDF
OAuth 2.0 for Web and Native (Mobile) App Developers
byPrabath Siriwardena
 
PDF
Identity Management for Web Application Developers
byPrabath Siriwardena
 
PDF
API Security Best Practices & Guidelines
byPrabath Siriwardena
 
PDF
Open Standards in Identity Management
byPrabath Siriwardena
 
PDF
Securing Single-Page Applications with OAuth 2.0
byPrabath Siriwardena
 
PPTX
API Security : Patterns and Practices
byPrabath Siriwardena
 
PPTX
Best Practices in Building an API Security Ecosystem
byPrabath Siriwardena
 
PPTX
Connected Identity : The Role of the Identity Bus
byPrabath Siriwardena
 
PPTX
Connected Identity : Benefits, Risks & Challenges
byPrabath Siriwardena
 
PPTX
The Evolution of Internet Identity
byPrabath Siriwardena
 
PPTX
Next-Gen Apps with IoT and Cloud
byPrabath Siriwardena
 
Microservices Security Landscape
byPrabath Siriwardena
 
Cloud Native Identity with SPIFFE
byPrabath Siriwardena
 
API Security Best Practices & Guidelines
byPrabath Siriwardena
 
Identity is Eating the World!
byPrabath Siriwardena
 
Microservices Security Landscape
byPrabath Siriwardena
 
OAuth 2.0 Threat Landscape
byPrabath Siriwardena
 
GDPR for Identity Architects
byPrabath Siriwardena
 
Blockchain-based Solutions for Identity & Access Management
byPrabath Siriwardena
 
OAuth 2.0 Threat Landscapes
byPrabath Siriwardena
 
OAuth 2.0 for Web and Native (Mobile) App Developers
byPrabath Siriwardena
 
Identity Management for Web Application Developers
byPrabath Siriwardena
 
API Security Best Practices & Guidelines
byPrabath Siriwardena
 
Open Standards in Identity Management
byPrabath Siriwardena
 
Securing Single-Page Applications with OAuth 2.0
byPrabath Siriwardena
 
API Security : Patterns and Practices
byPrabath Siriwardena
 
Best Practices in Building an API Security Ecosystem
byPrabath Siriwardena
 
Connected Identity : The Role of the Identity Bus
byPrabath Siriwardena
 
Connected Identity : Benefits, Risks & Challenges
byPrabath Siriwardena
 
The Evolution of Internet Identity
byPrabath Siriwardena
 
Next-Gen Apps with IoT and Cloud
byPrabath Siriwardena
 

Recently uploaded

DOCX
iRobot Post‑Mortem and Alternative Paths - Discussion Document for Boards and...
byDave Litwiller
 
PDF
Is It Possible to Have Wi-Fi Without an Internet Provider
bySidra Jefferi
 
PDF
Cross-Cultural Agile Development -Challenges and Strategies for Overcoming Them-
byTakashi Makino
 
PDF
DevFest El Jadida 2025 - Product Thinking
byElmehdi AMLOU
 
PDF
Data Virtualization in Action: Scaling APIs and Apps with FME
bySafe Software
 
PDF
HCSP-Presales-Campus Network Planning and Design V2.0
byVeronica916344
 
PPTX
Building Agents in Microsoft Agent Framework.pptx
byUdaiappa Ramachandran
 
PDF
How to Evaluate a High Performance Database
byScyllaDB
 
PPTX
communication-skills-with-technology tools
byJaleto Sunkemo
 
PPTX
From Backup to Resilience: How MSPs Are Preparing for 2026
byMSP360
 
PDF
Workshop on Sustaining & Growing Open Source Communities - GAS2025
bySammy Fung
 
PDF
Fundamentals and Frontiers of Post Quantum Cryptography
byGokul Alex
 
PPTX
DYNAMICALLY.pptx good for the teachers or students to do seminars and for tea...
bympoorvika031
 
PDF
Dev Dives: AI that builds with you - UiPath Autopilot for effortless RPA & AP...
byUiPathCommunity
 
PDF
The State of the Gen AI economy - 2025 - The Meliora Company
byClive Dickens
 
PPTX
Technology Consulting _ by Slidesgo.pptx
byfh82277
 
PDF
API-First Architecture in Financial Systems
bycyy111112
 
PDF
Lab 1.5 - Sharing Secrets with GPG ~ 2nd Sight Lab Cloud Security Class
by2nd Sight Lab
 
PDF
Real-Time Data Insight Using Microsoft Forms for Business
byElevate
 
PDF
10 Things AI-First Apps Do Differently by iProgrammer Solutions
byiProgrammer Solutions Private Limited
 
iRobot Post‑Mortem and Alternative Paths - Discussion Document for Boards and...
byDave Litwiller
 
Is It Possible to Have Wi-Fi Without an Internet Provider
bySidra Jefferi
 
Cross-Cultural Agile Development -Challenges and Strategies for Overcoming Them-
byTakashi Makino
 
DevFest El Jadida 2025 - Product Thinking
byElmehdi AMLOU
 
Data Virtualization in Action: Scaling APIs and Apps with FME
bySafe Software
 
HCSP-Presales-Campus Network Planning and Design V2.0
byVeronica916344
 
Building Agents in Microsoft Agent Framework.pptx
byUdaiappa Ramachandran
 
How to Evaluate a High Performance Database
byScyllaDB
 
communication-skills-with-technology tools
byJaleto Sunkemo
 
From Backup to Resilience: How MSPs Are Preparing for 2026
byMSP360
 
Workshop on Sustaining & Growing Open Source Communities - GAS2025
bySammy Fung
 
Fundamentals and Frontiers of Post Quantum Cryptography
byGokul Alex
 
DYNAMICALLY.pptx good for the teachers or students to do seminars and for tea...
bympoorvika031
 
Dev Dives: AI that builds with you - UiPath Autopilot for effortless RPA & AP...
byUiPathCommunity
 
The State of the Gen AI economy - 2025 - The Meliora Company
byClive Dickens
 
Technology Consulting _ by Slidesgo.pptx
byfh82277
 
API-First Architecture in Financial Systems
bycyy111112
 
Lab 1.5 - Sharing Secrets with GPG ~ 2nd Sight Lab Cloud Security Class
by2nd Sight Lab
 
Real-Time Data Insight Using Microsoft Forms for Business
byElevate
 
10 Things AI-First Apps Do Differently by iProgrammer Solutions
byiProgrammer Solutions Private Limited
 

Open Source for Cyber Security

  • 1.
  • 2.
    Free/Open  Source  Software,  or  FOSS,  is  software   that  is  liberally  licensed  to  grant  users  the  right   to  study,  change  and  improve  its  design  since  its   source  code  is  made  available  
  • 3.
      ¡  The  freedom  to  run  the  program  for  any  purpose   ¡  The  freedom  to  study  and  modify  the  program   ¡  The  freedom  to  copy  the  program  so  you  can  help   your  neighbor   ¡   The  freedom  to  improve  the  program  and  release   your  improvements  to  the  public,  so  that  the   whole  community  benefit  
  • 4.
      ¡   The  license  should  not  prohibit  free  redistribution   ¡   The  program  must  include  source  code  and  must  allow  distribution  in   source  code  as  well  as  compiled  form   ¡   The  license  must  allow  modifications  and  derived  works,  and  must  allow   them  to  be  distributed  under  the  same  terms  as  the  license  of  the  original   software   ¡  The  integrity  of  the  author’s  source  code  and  reputation  must  be   maintained  by  requiring  derived  works  to  carry  a  different  name  or  version   number  from  the  original  software   ¡  The  license  must  not  discriminate  against  any  person  or  group  of  persons  
  • 5.
        ¡  The  license  must  not  restrict  anyone  from  making  use  of  the  program  in  a   specific  field  of  endeavor   ¡  The  rights  attached  to  the  program  must  apply  to  all  to  whom  the  program   is  redistributed,  without  the  need  for  execution  of  an  additional  license  by   those  parties   ¡  The  rights  attached  to  the  program  must  not  depend  on  the  program  being   part  of  a  particular  software  distribution   ¡  The  license  must  not  place  restrictions  on  other  software  that  is  distributed   along  with  the  licensed  software   ¡  No  provision  of  the  license  may  be  predicated  on  any  individual  technology   or  style  of  interface  
  • 6.
  • 7.
  • 8.
  • 14.
      Lot’s  of  eye  balls  
  • 15.
      Lot’s  of  [Expert]  eye  balls  
  • 16.
      Lot’s  of  [Expert]  eye  balls       XML  signature  HMAC  truncation  authentication  bypass     DTD  based  XML  attacks    XML  Signature  Wrapping  Attack   The  Java  security  bug   Double.parseDouble("2.2250738585072012e-­‐308");  
  • 17.
      Money  can’t  buy  the  best  evaluation  
  • 18.
      Money  c   an’t  buy  the  best  evaluation     AES         IPSec   PPTP  
  • 19.
      ¡  Absence  of  meticulous  evaluation     ¡  Spurious  open  source   ¡  Lack  of  sponsorship   ¡  Lack  of  proper  documentation  
  • 20.
      ¡  Nessus   ¡  Snort   ¡  Nagios   ¡  SpamAssasssin   ¡  ClamAV   ¡  OpenSSL   ¡  OpenSSH   ¡  Ossec  HIDS   ¡  Wireshark