Prabath Siriwardena, profile picture
Uploaded byPrabath Siriwardena
984 views

Open Source for Cyber Security

The document discusses the principles and freedoms associated with free/open source software (FOSS), highlighting the rights of users to run, study, modify, and redistribute the software. It emphasizes the importance of licensing that allows for source code access and the ability to improve and share modifications while maintaining the integrity of the original author's work. Additionally, the document mentions various tools and security considerations related to open-source software.

Embed presentation

Downloaded 27 times
Prabath Siriwardena Software Architect & Senior manager, WSO2
Free/Open  Source  Software,  or  FOSS,  is  software   that  is  liberally  licensed  to  grant  users  the  right   to  study,  change  and  improve  its  design  since  its   source  code  is  made  available  
  ¡  The  freedom  to  run  the  program  for  any  purpose   ¡  The  freedom  to  study  and  modify  the  program   ¡  The  freedom  to  copy  the  program  so  you  can  help   your  neighbor   ¡   The  freedom  to  improve  the  program  and  release   your  improvements  to  the  public,  so  that  the   whole  community  benefit  
  ¡   The  license  should  not  prohibit  free  redistribution   ¡   The  program  must  include  source  code  and  must  allow  distribution  in   source  code  as  well  as  compiled  form   ¡   The  license  must  allow  modifications  and  derived  works,  and  must  allow   them  to  be  distributed  under  the  same  terms  as  the  license  of  the  original   software   ¡  The  integrity  of  the  author’s  source  code  and  reputation  must  be   maintained  by  requiring  derived  works  to  carry  a  different  name  or  version   number  from  the  original  software   ¡  The  license  must  not  discriminate  against  any  person  or  group  of  persons  
    ¡  The  license  must  not  restrict  anyone  from  making  use  of  the  program  in  a   specific  field  of  endeavor   ¡  The  rights  attached  to  the  program  must  apply  to  all  to  whom  the  program   is  redistributed,  without  the  need  for  execution  of  an  additional  license  by   those  parties   ¡  The  rights  attached  to  the  program  must  not  depend  on  the  program  being   part  of  a  particular  software  distribution   ¡  The  license  must  not  place  restrictions  on  other  software  that  is  distributed   along  with  the  licensed  software   ¡  No  provision  of  the  license  may  be  predicated  on  any  individual  technology   or  style  of  interface  
http://news.netcraft.com/archives/2011/01/12/january-­‐2011-­‐web-­‐server-­‐survey-­‐4.html  
http://www.securityspace.com/s_survey/data/man.201007/mxsurvey.html  
http://en.wikipedia.org/wiki/Usage_share_of_web_browsers  
  Lot’s  of  eye  balls  
  Lot’s  of  [Expert]  eye  balls  
  Lot’s  of  [Expert]  eye  balls       XML  signature  HMAC  truncation  authentication  bypass     DTD  based  XML  attacks    XML  Signature  Wrapping  Attack   The  Java  security  bug   Double.parseDouble("2.2250738585072012e-­‐308");  
  Money  can’t  buy  the  best  evaluation  
  Money  c   an’t  buy  the  best  evaluation     AES         IPSec   PPTP  
  ¡  Absence  of  meticulous  evaluation     ¡  Spurious  open  source   ¡  Lack  of  sponsorship   ¡  Lack  of  proper  documentation  
  ¡  Nessus   ¡  Snort   ¡  Nagios   ¡  SpamAssasssin   ¡  ClamAV   ¡  OpenSSL   ¡  OpenSSH   ¡  Ossec  HIDS   ¡  Wireshark  
Open Source for Cyber Security

More Related Content

PPTX
Web application Security tools
byNico Penaredondo
 
PPTX
Standards and methodology for application security assessment
byMykhailo Antonishyn
 
PPTX
Pentesting Android Apps
byAbdelhamid Limami
 
PDF
Mobile Application Pentest [Fast-Track]
byPrathan Phongthiproek
 
PDF
Understanding Open Source
byJody Garnett
 
PPTX
Mobile security services 2012
byTjylen Veselyj
 
PPTX
4 . future uni presentation
byRashid Khatmey
 
PDF
Security-testing presentation
byEzhilan Elangovan (Eril)
 
Web application Security tools
byNico Penaredondo
 
Standards and methodology for application security assessment
byMykhailo Antonishyn
 
Pentesting Android Apps
byAbdelhamid Limami
 
Mobile Application Pentest [Fast-Track]
byPrathan Phongthiproek
 
Understanding Open Source
byJody Garnett
 
Mobile security services 2012
byTjylen Veselyj
 
4 . future uni presentation
byRashid Khatmey
 
Security-testing presentation
byEzhilan Elangovan (Eril)
 

What's hot

PDF
Web Application Security 101
byCybersecurity Education and Research Centre
 
PPTX
Pentesting Android Applications
byCláudio André
 
PPTX
security misconfigurations
byMegha Sahu
 
PDF
Web Application Security 101 - 03 Web Security Toolkit
byWebsecurify
 
PPT
OWASP Serbia - A6 security misconfiguration
byNikola Milosevic
 
PDF
Understanding The Known: OWASP A9 Using Components With Known Vulnerabilities
byAnant Shrivastava
 
PDF
Oh, WASP! Security Essentials for Web Apps
byTechWell
 
PPTX
Owasp A9 USING KNOWN VULNERABLE COMPONENTS IT 6873 presentation
byDerrick Hunter
 
PPTX
Security hole #5 application security science or quality assurance
byTjylen Veselyj
 
PPTX
Security misconfiguration
byMicho Hayek
 
PPS
Security testing
byTabăra de Testare
 
PDF
Android application security testing
byMykhailo Antonishyn
 
PPT
Ch08 Microsoft Operating System Vulnerabilities
byphanleson
 
PPTX
Android security
byMobile Rtpl
 
PDF
A5-Security misconfiguration-OWASP 2013
bySorina Chirilă
 
PDF
Domain Driven Security at Internetdagarna-2014
byDan BerghJohnsson
 
PDF
Pentesting Mobile Applications (Prashant Verma)
byClubHack
 
PPTX
Cloud Security vs Security in the Cloud
byTjylen Veselyj
 
PPTX
Android pen test basics
byOWASPKerala
 
PPTX
Security Testing
byQualitest
 
Web Application Security 101
byCybersecurity Education and Research Centre
 
Pentesting Android Applications
byCláudio André
 
security misconfigurations
byMegha Sahu
 
Web Application Security 101 - 03 Web Security Toolkit
byWebsecurify
 
OWASP Serbia - A6 security misconfiguration
byNikola Milosevic
 
Understanding The Known: OWASP A9 Using Components With Known Vulnerabilities
byAnant Shrivastava
 
Oh, WASP! Security Essentials for Web Apps
byTechWell
 
Owasp A9 USING KNOWN VULNERABLE COMPONENTS IT 6873 presentation
byDerrick Hunter
 
Security hole #5 application security science or quality assurance
byTjylen Veselyj
 
Security misconfiguration
byMicho Hayek
 
Security testing
byTabăra de Testare
 
Android application security testing
byMykhailo Antonishyn
 
Ch08 Microsoft Operating System Vulnerabilities
byphanleson
 
Android security
byMobile Rtpl
 
A5-Security misconfiguration-OWASP 2013
bySorina Chirilă
 
Domain Driven Security at Internetdagarna-2014
byDan BerghJohnsson
 
Pentesting Mobile Applications (Prashant Verma)
byClubHack
 
Cloud Security vs Security in the Cloud
byTjylen Veselyj
 
Android pen test basics
byOWASPKerala
 
Security Testing
byQualitest
 

Viewers also liked

PPT
Open source technology
byaparnaz1
 
PPT
Open Source Technology
bypriyadharshini murugan
 
PDF
(In)security in Open Source
byShane Coughlan
 
PPTX
Open Source Security
bySander Temme
 
PPTX
OPEN SOURCE SEMINAR PRESENTATION
byRitwick Halder
 
PPT
Open Source Software Presentation
byHenry Briggs
 
ODP
Open Source Software (OSS/FLOSS) and Security
byJoshua L. Davis
 
PPTX
Open Source and Cyber Security: Open Source Software's Role in Government Cyb...
byGreat Wide Open
 
PPTX
RFID security ppt
bySandeep Singh
 
PPT
Power Point Presentation on Open Source Software
byopensourceacademy
 
PDF
Application Security in the Age of Open Source
byBlack Duck by Synopsys
 
PPTX
Open source security
bylrigknat
 
PDF
Open Source in Application Security
byBlack Duck by Synopsys
 
PDF
Web Summit 2015 - Enterprise stage - Cloud, Open-Source, Security
byDiogo Mónica
 
Open source technology
byaparnaz1
 
Open Source Technology
bypriyadharshini murugan
 
(In)security in Open Source
byShane Coughlan
 
Open Source Security
bySander Temme
 
OPEN SOURCE SEMINAR PRESENTATION
byRitwick Halder
 
Open Source Software Presentation
byHenry Briggs
 
Open Source Software (OSS/FLOSS) and Security
byJoshua L. Davis
 
Open Source and Cyber Security: Open Source Software's Role in Government Cyb...
byGreat Wide Open
 
RFID security ppt
bySandeep Singh
 
Power Point Presentation on Open Source Software
byopensourceacademy
 
Application Security in the Age of Open Source
byBlack Duck by Synopsys
 
Open source security
bylrigknat
 
Open Source in Application Security
byBlack Duck by Synopsys
 
Web Summit 2015 - Enterprise stage - Cloud, Open-Source, Security
byDiogo Mónica
 

Similar to Open Source for Cyber Security

PDF
Tiếng Anh công nghệ thông tin VHU Tuần 5
byHunhBnhAn
 
PPT
Open source movement khalid-revised feb 2012
byKhalid Mahmood
 
PPT
Open source software vs proprietary software
byLavan1997
 
PPT
Open Source in the Enterprise: Compliance and Risk Management
bySebastiano Cobianco
 
PPT
Discuss open sourcelicensing
byJohn Carlo Catacutan
 
PDF
FOSS-intro-with-license
byFOSS User Project
 
PDF
Introduction to FOSS
bymgamal87
 
PDF
Free Libre Open Source Software - Business Aspects of Software Industry
byFrederik Questier
 
PDF
Open Source In Education
byDom Cimafranca
 
DOC
Report presentation
byZul Mazlan
 
PPT
Open Source Presentation To Portal Partners2
byViet NguyenHoang
 
PPTX
OPEN SOURCE SOFTWARE
bySarvesh Maurya
 
PPT
JISC Webinar - An introduction to free and open source software
byJisc
 
PDF
Open source . . . Open Road
byMazen Elsayed
 
DOC
Student x
byguesta20cea
 
PDF
Foss for students
byNAILBITER
 
PDF
FITT Toolbox: Open Source Business Case
byFITT
 
PPTX
Open source presentation_v03
bySergi Torrellas
 
PDF
Free Libre Open Source Software - Business aspects of software industry
byFrederik Questier
 
PDF
IPO Presentation 2012
bytheosss
 
Tiếng Anh công nghệ thông tin VHU Tuần 5
byHunhBnhAn
 
Open source movement khalid-revised feb 2012
byKhalid Mahmood
 
Open source software vs proprietary software
byLavan1997
 
Open Source in the Enterprise: Compliance and Risk Management
bySebastiano Cobianco
 
Discuss open sourcelicensing
byJohn Carlo Catacutan
 
FOSS-intro-with-license
byFOSS User Project
 
Introduction to FOSS
bymgamal87
 
Free Libre Open Source Software - Business Aspects of Software Industry
byFrederik Questier
 
Open Source In Education
byDom Cimafranca
 
Report presentation
byZul Mazlan
 
Open Source Presentation To Portal Partners2
byViet NguyenHoang
 
OPEN SOURCE SOFTWARE
bySarvesh Maurya
 
JISC Webinar - An introduction to free and open source software
byJisc
 
Open source . . . Open Road
byMazen Elsayed
 
Student x
byguesta20cea
 
Foss for students
byNAILBITER
 
FITT Toolbox: Open Source Business Case
byFITT
 
Open source presentation_v03
bySergi Torrellas
 
Free Libre Open Source Software - Business aspects of software industry
byFrederik Questier
 
IPO Presentation 2012
bytheosss
 

More from Prabath Siriwardena

PDF
Cloud Native Identity with SPIFFE
byPrabath Siriwardena
 
PDF
API Security Best Practices & Guidelines
byPrabath Siriwardena
 
PDF
OAuth 2.0 for Web and Native (Mobile) App Developers
byPrabath Siriwardena
 
PDF
OAuth 2.0 Threat Landscapes
byPrabath Siriwardena
 
PPTX
API Security : Patterns and Practices
byPrabath Siriwardena
 
PPTX
Connected Identity : The Role of the Identity Bus
byPrabath Siriwardena
 
PDF
Microservices Security Landscape
byPrabath Siriwardena
 
PPTX
OAuth 2.0 Threat Landscape
byPrabath Siriwardena
 
PDF
Identity Management for Web Application Developers
byPrabath Siriwardena
 
PDF
Securing Single-Page Applications with OAuth 2.0
byPrabath Siriwardena
 
PPTX
Next-Gen Apps with IoT and Cloud
byPrabath Siriwardena
 
PDF
Blockchain-based Solutions for Identity & Access Management
byPrabath Siriwardena
 
PPTX
Microservices Security Landscape
byPrabath Siriwardena
 
PPTX
The Evolution of Internet Identity
byPrabath Siriwardena
 
PDF
API Security Best Practices & Guidelines
byPrabath Siriwardena
 
PPTX
Best Practices in Building an API Security Ecosystem
byPrabath Siriwardena
 
PDF
Open Standards in Identity Management
byPrabath Siriwardena
 
PDF
Identity is Eating the World!
byPrabath Siriwardena
 
PDF
GDPR for Identity Architects
byPrabath Siriwardena
 
PPTX
Connected Identity : Benefits, Risks & Challenges
byPrabath Siriwardena
 
Cloud Native Identity with SPIFFE
byPrabath Siriwardena
 
API Security Best Practices & Guidelines
byPrabath Siriwardena
 
OAuth 2.0 for Web and Native (Mobile) App Developers
byPrabath Siriwardena
 
OAuth 2.0 Threat Landscapes
byPrabath Siriwardena
 
API Security : Patterns and Practices
byPrabath Siriwardena
 
Connected Identity : The Role of the Identity Bus
byPrabath Siriwardena
 
Microservices Security Landscape
byPrabath Siriwardena
 
OAuth 2.0 Threat Landscape
byPrabath Siriwardena
 
Identity Management for Web Application Developers
byPrabath Siriwardena
 
Securing Single-Page Applications with OAuth 2.0
byPrabath Siriwardena
 
Next-Gen Apps with IoT and Cloud
byPrabath Siriwardena
 
Blockchain-based Solutions for Identity & Access Management
byPrabath Siriwardena
 
Microservices Security Landscape
byPrabath Siriwardena
 
The Evolution of Internet Identity
byPrabath Siriwardena
 
API Security Best Practices & Guidelines
byPrabath Siriwardena
 
Best Practices in Building an API Security Ecosystem
byPrabath Siriwardena
 
Open Standards in Identity Management
byPrabath Siriwardena
 
Identity is Eating the World!
byPrabath Siriwardena
 
GDPR for Identity Architects
byPrabath Siriwardena
 
Connected Identity : Benefits, Risks & Challenges
byPrabath Siriwardena
 

Recently uploaded

PPTX
Coded Agents – with UiPath SDK + LangGraph [Virtual Hands-on Workshop]
byUiPathCommunity
 
PDF
Data Virtualization in Action: Scaling APIs and Apps with FME
bySafe Software
 
PPTX
Why Most GenAI Projects Fail to Scale and How to Become One of the Success St...
byEarley Information Science
 
PDF
The State of the Gen AI economy - 2025 - The Meliora Company
byClive Dickens
 
PPTX
Building Agents in Microsoft Agent Framework.pptx
byUdaiappa Ramachandran
 
PDF
WCAG Analyzer Tools and Techniques for User-Friendly Websites
byAccessibility Analyzer
 
PDF
Our Digital Tribe_ Cultivating Connection and Growth in Our Slack Community 🌿...
bysanjeetmishra30
 
PDF
HCSP-Presales-Campus Network Planning and Design V2.0
byVeronica916344
 
PDF
Day 5 - Red Team + Blue Team in the Cloud - 2nd Sight Lab Cloud Security Class
by2nd Sight Lab
 
PDF
Day 4 - Access, Deployments, and Monitoring - 2nd Sight Lab Cloud Security Class
by2nd Sight Lab
 
PPTX
Gemini vs ChatGPT : Comparing Top AI Models
byDigicarrom
 
PPTX
Top _HR Technology Trends _for 2026_.pptx
byAutomationEdge Technologies
 
PPTX
Building Cyber Resilience for 2026: Best Practices for a Secure, AI-Driven Bu...
byYasir Naveed Riaz
 
PDF
Internet_of_Things_IoT_for_Next_Generation_Smart_Systems_Utilizing.pdf
byRoshanSyed12
 
PPTX
MGw_MRS Benfits seu beficios de redes 4g
byJoaquimBarros18
 
PDF
Is It Possible to Have Wi-Fi Without an Internet Provider
bySidra Jefferi
 
PDF
TrustArc Webinar - Looking Ahead: The 2026 Privacy Landscape
byTrustArc
 
PPTX
From Backup to Resilience: How MSPs Are Preparing for 2026
byMSP360
 
PDF
WHITE PAPER_ Ransomware Payment Policy and Resilience Strategy_ A Framework f...
byssuser0d171c
 
PDF
AI Powered Document Processing and Data Extraction
byRobert McDermott
 
Coded Agents – with UiPath SDK + LangGraph [Virtual Hands-on Workshop]
byUiPathCommunity
 
Data Virtualization in Action: Scaling APIs and Apps with FME
bySafe Software
 
Why Most GenAI Projects Fail to Scale and How to Become One of the Success St...
byEarley Information Science
 
The State of the Gen AI economy - 2025 - The Meliora Company
byClive Dickens
 
Building Agents in Microsoft Agent Framework.pptx
byUdaiappa Ramachandran
 
WCAG Analyzer Tools and Techniques for User-Friendly Websites
byAccessibility Analyzer
 
Our Digital Tribe_ Cultivating Connection and Growth in Our Slack Community 🌿...
bysanjeetmishra30
 
HCSP-Presales-Campus Network Planning and Design V2.0
byVeronica916344
 
Day 5 - Red Team + Blue Team in the Cloud - 2nd Sight Lab Cloud Security Class
by2nd Sight Lab
 
Day 4 - Access, Deployments, and Monitoring - 2nd Sight Lab Cloud Security Class
by2nd Sight Lab
 
Gemini vs ChatGPT : Comparing Top AI Models
byDigicarrom
 
Top _HR Technology Trends _for 2026_.pptx
byAutomationEdge Technologies
 
Building Cyber Resilience for 2026: Best Practices for a Secure, AI-Driven Bu...
byYasir Naveed Riaz
 
Internet_of_Things_IoT_for_Next_Generation_Smart_Systems_Utilizing.pdf
byRoshanSyed12
 
MGw_MRS Benfits seu beficios de redes 4g
byJoaquimBarros18
 
Is It Possible to Have Wi-Fi Without an Internet Provider
bySidra Jefferi
 
TrustArc Webinar - Looking Ahead: The 2026 Privacy Landscape
byTrustArc
 
From Backup to Resilience: How MSPs Are Preparing for 2026
byMSP360
 
WHITE PAPER_ Ransomware Payment Policy and Resilience Strategy_ A Framework f...
byssuser0d171c
 
AI Powered Document Processing and Data Extraction
byRobert McDermott
 

Open Source for Cyber Security

  • 1.
  • 2.
    Free/Open  Source  Software,  or  FOSS,  is  software   that  is  liberally  licensed  to  grant  users  the  right   to  study,  change  and  improve  its  design  since  its   source  code  is  made  available  
  • 3.
      ¡  The  freedom  to  run  the  program  for  any  purpose   ¡  The  freedom  to  study  and  modify  the  program   ¡  The  freedom  to  copy  the  program  so  you  can  help   your  neighbor   ¡   The  freedom  to  improve  the  program  and  release   your  improvements  to  the  public,  so  that  the   whole  community  benefit  
  • 4.
      ¡   The  license  should  not  prohibit  free  redistribution   ¡   The  program  must  include  source  code  and  must  allow  distribution  in   source  code  as  well  as  compiled  form   ¡   The  license  must  allow  modifications  and  derived  works,  and  must  allow   them  to  be  distributed  under  the  same  terms  as  the  license  of  the  original   software   ¡  The  integrity  of  the  author’s  source  code  and  reputation  must  be   maintained  by  requiring  derived  works  to  carry  a  different  name  or  version   number  from  the  original  software   ¡  The  license  must  not  discriminate  against  any  person  or  group  of  persons  
  • 5.
        ¡  The  license  must  not  restrict  anyone  from  making  use  of  the  program  in  a   specific  field  of  endeavor   ¡  The  rights  attached  to  the  program  must  apply  to  all  to  whom  the  program   is  redistributed,  without  the  need  for  execution  of  an  additional  license  by   those  parties   ¡  The  rights  attached  to  the  program  must  not  depend  on  the  program  being   part  of  a  particular  software  distribution   ¡  The  license  must  not  place  restrictions  on  other  software  that  is  distributed   along  with  the  licensed  software   ¡  No  provision  of  the  license  may  be  predicated  on  any  individual  technology   or  style  of  interface  
  • 6.
  • 7.
  • 8.
  • 14.
      Lot’s  of  eye  balls  
  • 15.
      Lot’s  of  [Expert]  eye  balls  
  • 16.
      Lot’s  of  [Expert]  eye  balls       XML  signature  HMAC  truncation  authentication  bypass     DTD  based  XML  attacks    XML  Signature  Wrapping  Attack   The  Java  security  bug   Double.parseDouble("2.2250738585072012e-­‐308");  
  • 17.
      Money  can’t  buy  the  best  evaluation  
  • 18.
      Money  c   an’t  buy  the  best  evaluation     AES         IPSec   PPTP  
  • 19.
      ¡  Absence  of  meticulous  evaluation     ¡  Spurious  open  source   ¡  Lack  of  sponsorship   ¡  Lack  of  proper  documentation  
  • 20.
      ¡  Nessus   ¡  Snort   ¡  Nagios   ¡  SpamAssasssin   ¡  ClamAV   ¡  OpenSSL   ¡  OpenSSH   ¡  Ossec  HIDS   ¡  Wireshark