Application Security
Upcoming SlideShare
Loading in...5
×
 

Like this? Share it with your network

Share

Application Security

on

  • 640 views

cissp -> Application Security

cissp -> Application Security

Statistics

Views

Total Views
640
Views on SlideShare
633
Embed Views
7

Actions

Likes
1
Downloads
35
Comments
1

3 Embeds 7

http://www.linkedin.com 5
http://www.lmodules.com 1
http://www.slideshare.net 1

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

Application Security Presentation Transcript

  • 1. Application Security
  • 2. toc • good and bad • bad things first • to be good • and more
  • 3. good and bad • bad things first
  • 4. bad app for • hobby • money (trend)
  • 5. hobby • virus • worm
  • 6. virus • script • stealth
  • 7. money • tick • dos
  • 8. side of good • repository • code
  • 9. repository • database (+warehouse) • directory service • expert system
  • 10. code • more than secure coding
  • 11. to be good app • follow the protocol • based on infra
  • 12. cmm • initial • repeatable • defined • managed • optimizing
  • 13. and more
  • 14. process • needs • logical design (using UML) • real design (using UML) • coding • test • implementation & maintenance • end is near
  • 15. database • DDL, DML • dictionary • rollback, commit and checkpoint • ODBC
  • 16. oo
  • 17. attack! • [infra] nos • [infra] daemon • code
  • 18. attack nos • icmp - flood, can’t handle (ping of death) • tcp/ip - same (flag, syn)
  • 19. attack daemon • dns - cache poison (-> dnssec) • ssh1 - des (-> ssh2 with other cryto) • openssl (-> patch)
  • 20. attack code • cross-site scripting (XSS) • SQL injection
  • 21. fine