SlideShare a Scribd company logo

Web App Sec Roadmap

Aung Khant
Aung Khant
TechnologyBusiness
1 of 29
Download to read offline
Web Application Security Roadmap Joe White joe@cyberlocksmith.com Cyberlocksmith April 2008 Version 0.9
Background • Web application security is still very much in it’s infancy. • Traditional ‘operations’ teams do not understand web application security risk and are ill-equipped to defend against web application threats. • Many companies are wrestling with web application security and assigning ownership of the entire web application security effort to one person but these companies are still trying to figure out where this person fits into the organization. • Security ‘turf battles’ are inevitable in these situations. • There is no clear separation between where web application security stops and traditional operations security begins.
Web App Sec Roadmap
Web App Sec Roadmap
Web App Sec Roadmap
Web App Sec Roadmap
Web App Sec Roadmap
Web App Sec Roadmap
Web App Sec Roadmap
Web App Sec Roadmap
Web App Sec Roadmap
Web App Sec Roadmap
Web App Sec Roadmap
Web App Sec Roadmap
Web App Sec Roadmap
Web App Sec Roadmap
Web App Sec Roadmap
Web App Sec Roadmap
Web App Sec Roadmap
Web App Sec Roadmap
Web App Sec Roadmap
Web App Sec Roadmap
Web App Sec Roadmap
Web App Sec Roadmap
Web App Sec Roadmap
Web App Sec Roadmap
Web App Sec Roadmap
Web App Sec Roadmap
Web App Sec Roadmap

Recommended

2015 Microsoft Vulnerabilities Report
2015 Microsoft Vulnerabilities Report 2015 Microsoft Vulnerabilities Report
2015 Microsoft Vulnerabilities Report Avecto
 
Overcoming Cyber Attacks
Overcoming Cyber AttacksOvercoming Cyber Attacks
Overcoming Cyber AttacksInuit AB
 
What are the top 10 web security risks?
What are the top 10 web security risks?What are the top 10 web security risks?
What are the top 10 web security risks?Jacklin Berry
 
A Hacker's perspective on ransomware
A Hacker's perspective on ransomwareA Hacker's perspective on ransomware
A Hacker's perspective on ransomwareAvecto
 
Containing the outbreak: The healthcare security pandemic
Containing the outbreak: The healthcare security pandemicContaining the outbreak: The healthcare security pandemic
Containing the outbreak: The healthcare security pandemicAvecto
 
Owasp Top 10 Vulnerabilities List
Owasp Top 10 Vulnerabilities ListOwasp Top 10 Vulnerabilities List
Owasp Top 10 Vulnerabilities ListVamsi K
 
20150616 NPO要知道的駭客攻擊手法
20150616 NPO要知道的駭客攻擊手法20150616 NPO要知道的駭客攻擊手法
20150616 NPO要知道的駭客攻擊手法Net Tuesday Taiwan
 
Blind spots in the network.pdf
Blind spots in the network.pdfBlind spots in the network.pdf
Blind spots in the network.pdfDivyeshMDesai
 

Recommended

2015 Microsoft Vulnerabilities Report
2015 Microsoft Vulnerabilities Report 2015 Microsoft Vulnerabilities Report
2015 Microsoft Vulnerabilities Report Avecto
 
Overcoming Cyber Attacks
Overcoming Cyber AttacksOvercoming Cyber Attacks
Overcoming Cyber AttacksInuit AB
 
What are the top 10 web security risks?
What are the top 10 web security risks?What are the top 10 web security risks?
What are the top 10 web security risks?Jacklin Berry
 
A Hacker's perspective on ransomware
A Hacker's perspective on ransomwareA Hacker's perspective on ransomware
A Hacker's perspective on ransomwareAvecto
 
Containing the outbreak: The healthcare security pandemic
Containing the outbreak: The healthcare security pandemicContaining the outbreak: The healthcare security pandemic
Containing the outbreak: The healthcare security pandemicAvecto
 
Owasp Top 10 Vulnerabilities List
Owasp Top 10 Vulnerabilities ListOwasp Top 10 Vulnerabilities List
Owasp Top 10 Vulnerabilities ListVamsi K
 
20150616 NPO要知道的駭客攻擊手法
20150616 NPO要知道的駭客攻擊手法20150616 NPO要知道的駭客攻擊手法
20150616 NPO要知道的駭客攻擊手法Net Tuesday Taiwan
 
Blind spots in the network.pdf
Blind spots in the network.pdfBlind spots in the network.pdf
Blind spots in the network.pdfDivyeshMDesai
 
Akamai
Akamai Akamai
Akamai Fran Albaladejo
 
VGTU Intro to Threats 2015
VGTU Intro to Threats 2015VGTU Intro to Threats 2015
VGTU Intro to Threats 2015slicklash
 
Navigating the Web Security Landscape
Navigating the Web Security LandscapeNavigating the Web Security Landscape
Navigating the Web Security LandscapeBanff Cyber Technologies
 
Five Reasons to Look Beyond Math-based Next-Gen Antivirus
Five Reasons to Look Beyond Math-based Next-Gen AntivirusFive Reasons to Look Beyond Math-based Next-Gen Antivirus
Five Reasons to Look Beyond Math-based Next-Gen AntivirusSarah Vanier
 
Cloud Security Myths Vs Facts
Cloud Security Myths Vs FactsCloud Security Myths Vs Facts
Cloud Security Myths Vs FactsOPAQ
 
Introduction to Threat Modeling
Introduction to Threat ModelingIntroduction to Threat Modeling
Introduction to Threat Modelingslicklash
 
Disaster recovery glossary
Disaster recovery glossaryDisaster recovery glossary
Disaster recovery glossarysinglehopsn
 
Business Continuity
Business ContinuityBusiness Continuity
Business ContinuityRedcliff
 
ISACA State of Cyber Security 2017
ISACA State of Cyber Security 2017ISACA State of Cyber Security 2017
ISACA State of Cyber Security 2017ISACA
 
How to build app sec team & culture in your organization the hack summi...
How to build app sec team & culture in your organization the hack summi...How to build app sec team & culture in your organization the hack summi...
How to build app sec team & culture in your organization the hack summi...kunwaratul hax0r
 
Peter Shorney, Global Head of Information Security - Rentokil Initial PLC
Peter Shorney, Global Head of Information Security - Rentokil Initial PLCPeter Shorney, Global Head of Information Security - Rentokil Initial PLC
Peter Shorney, Global Head of Information Security - Rentokil Initial PLCGlobal Business Intelligence
 
OWASP: Building Secure Web Apps
OWASP: Building Secure Web AppsOWASP: Building Secure Web Apps
OWASP: Building Secure Web Appsmlogvinov
 
Why you need to secure mobile apps - now
Why you need to secure mobile apps - nowWhy you need to secure mobile apps - now
Why you need to secure mobile apps - nowSymantec
 
Human error and secure systems - DevOpsDays Ohio 2015
Human error and secure systems - DevOpsDays Ohio 2015Human error and secure systems - DevOpsDays Ohio 2015
Human error and secure systems - DevOpsDays Ohio 2015Dustin Collins
 
Why security is the kidney not the tail of the dog v3
Why security is the kidney not the tail of the dog v3Why security is the kidney not the tail of the dog v3
Why security is the kidney not the tail of the dog v3Ernest Staats
 
Cloud Attacks: A Live Simulation of Cloud MIsconfiguration Attacks
Cloud Attacks: A Live Simulation of Cloud MIsconfiguration AttacksCloud Attacks: A Live Simulation of Cloud MIsconfiguration Attacks
Cloud Attacks: A Live Simulation of Cloud MIsconfiguration AttacksDiemShin
 
Resolution - Security - Cisco Advanced Malware Protection for Endpoints - Fea...
Resolution - Security - Cisco Advanced Malware Protection for Endpoints - Fea...Resolution - Security - Cisco Advanced Malware Protection for Endpoints - Fea...
Resolution - Security - Cisco Advanced Malware Protection for Endpoints - Fea...Jacob Tranter
 
MobileSecurityInfographic_v3
MobileSecurityInfographic_v3MobileSecurityInfographic_v3
MobileSecurityInfographic_v3Carlos Villafane
 
University-of-Miami_MEDINA
University-of-Miami_MEDINAUniversity-of-Miami_MEDINA
University-of-Miami_MEDINAKelvin Medina, CISSP, PA-QSA, QSA, GCIH, CISA, ITIL
 
Security Operations Strategies
Security Operations Strategies Security Operations Strategies
Security Operations Strategies Siemplify
 
Xpath Injection
Xpath InjectionXpath Injection
Xpath InjectionAung Khant
 
Web Sphere5 Sec
Web Sphere5 SecWeb Sphere5 Sec
Web Sphere5 SecAung Khant
 

More Related Content

What's hot

VGTU Intro to Threats 2015
VGTU Intro to Threats 2015VGTU Intro to Threats 2015
VGTU Intro to Threats 2015slicklash
 
Five Reasons to Look Beyond Math-based Next-Gen Antivirus
Five Reasons to Look Beyond Math-based Next-Gen AntivirusFive Reasons to Look Beyond Math-based Next-Gen Antivirus
Five Reasons to Look Beyond Math-based Next-Gen AntivirusSarah Vanier
 
Cloud Security Myths Vs Facts
Cloud Security Myths Vs FactsCloud Security Myths Vs Facts
Cloud Security Myths Vs FactsOPAQ
 
Introduction to Threat Modeling
Introduction to Threat ModelingIntroduction to Threat Modeling
Introduction to Threat Modelingslicklash
 
Disaster recovery glossary
Disaster recovery glossaryDisaster recovery glossary
Disaster recovery glossarysinglehopsn
 
Business Continuity
Business ContinuityBusiness Continuity
Business ContinuityRedcliff
 
ISACA State of Cyber Security 2017
ISACA State of Cyber Security 2017ISACA State of Cyber Security 2017
ISACA State of Cyber Security 2017ISACA
 
How to build app sec team & culture in your organization the hack summi...
How to build app sec team & culture in your organization the hack summi...How to build app sec team & culture in your organization the hack summi...
How to build app sec team & culture in your organization the hack summi...kunwaratul hax0r
 
Peter Shorney, Global Head of Information Security - Rentokil Initial PLC
Peter Shorney, Global Head of Information Security - Rentokil Initial PLCPeter Shorney, Global Head of Information Security - Rentokil Initial PLC
Peter Shorney, Global Head of Information Security - Rentokil Initial PLCGlobal Business Intelligence
 
OWASP: Building Secure Web Apps
OWASP: Building Secure Web AppsOWASP: Building Secure Web Apps
OWASP: Building Secure Web Appsmlogvinov
 
Why you need to secure mobile apps - now
Why you need to secure mobile apps - nowWhy you need to secure mobile apps - now
Why you need to secure mobile apps - nowSymantec
 
Human error and secure systems - DevOpsDays Ohio 2015
Human error and secure systems - DevOpsDays Ohio 2015Human error and secure systems - DevOpsDays Ohio 2015
Human error and secure systems - DevOpsDays Ohio 2015Dustin Collins
 
Why security is the kidney not the tail of the dog v3
Why security is the kidney not the tail of the dog v3Why security is the kidney not the tail of the dog v3
Why security is the kidney not the tail of the dog v3Ernest Staats
 
Cloud Attacks: A Live Simulation of Cloud MIsconfiguration Attacks
Cloud Attacks: A Live Simulation of Cloud MIsconfiguration AttacksCloud Attacks: A Live Simulation of Cloud MIsconfiguration Attacks
Cloud Attacks: A Live Simulation of Cloud MIsconfiguration AttacksDiemShin
 
Resolution - Security - Cisco Advanced Malware Protection for Endpoints - Fea...
Resolution - Security - Cisco Advanced Malware Protection for Endpoints - Fea...Resolution - Security - Cisco Advanced Malware Protection for Endpoints - Fea...
Resolution - Security - Cisco Advanced Malware Protection for Endpoints - Fea...Jacob Tranter
 
MobileSecurityInfographic_v3
MobileSecurityInfographic_v3MobileSecurityInfographic_v3
MobileSecurityInfographic_v3Carlos Villafane
 
Security Operations Strategies
Security Operations Strategies Security Operations Strategies
Security Operations Strategies Siemplify
 

What's hot (20)

Akamai
Akamai Akamai
Akamai
 
VGTU Intro to Threats 2015
VGTU Intro to Threats 2015VGTU Intro to Threats 2015
VGTU Intro to Threats 2015
 
Navigating the Web Security Landscape
Navigating the Web Security LandscapeNavigating the Web Security Landscape
Navigating the Web Security Landscape
 
Five Reasons to Look Beyond Math-based Next-Gen Antivirus
Five Reasons to Look Beyond Math-based Next-Gen AntivirusFive Reasons to Look Beyond Math-based Next-Gen Antivirus
Five Reasons to Look Beyond Math-based Next-Gen Antivirus
 
Cloud Security Myths Vs Facts
Cloud Security Myths Vs FactsCloud Security Myths Vs Facts
Cloud Security Myths Vs Facts
 
Introduction to Threat Modeling
Introduction to Threat ModelingIntroduction to Threat Modeling
Introduction to Threat Modeling
 
Disaster recovery glossary
Disaster recovery glossaryDisaster recovery glossary
Disaster recovery glossary
 
Business Continuity
Business ContinuityBusiness Continuity
Business Continuity
 
ISACA State of Cyber Security 2017
ISACA State of Cyber Security 2017ISACA State of Cyber Security 2017
ISACA State of Cyber Security 2017
 
How to build app sec team & culture in your organization the hack summi...
How to build app sec team & culture in your organization the hack summi...How to build app sec team & culture in your organization the hack summi...
How to build app sec team & culture in your organization the hack summi...
 
Peter Shorney, Global Head of Information Security - Rentokil Initial PLC
Peter Shorney, Global Head of Information Security - Rentokil Initial PLCPeter Shorney, Global Head of Information Security - Rentokil Initial PLC
Peter Shorney, Global Head of Information Security - Rentokil Initial PLC
 
OWASP: Building Secure Web Apps
OWASP: Building Secure Web AppsOWASP: Building Secure Web Apps
OWASP: Building Secure Web Apps
 
Why you need to secure mobile apps - now
Why you need to secure mobile apps - nowWhy you need to secure mobile apps - now
Why you need to secure mobile apps - now
 
Human error and secure systems - DevOpsDays Ohio 2015
Human error and secure systems - DevOpsDays Ohio 2015Human error and secure systems - DevOpsDays Ohio 2015
Human error and secure systems - DevOpsDays Ohio 2015
 
Why security is the kidney not the tail of the dog v3
Why security is the kidney not the tail of the dog v3Why security is the kidney not the tail of the dog v3
Why security is the kidney not the tail of the dog v3
 
Cloud Attacks: A Live Simulation of Cloud MIsconfiguration Attacks
Cloud Attacks: A Live Simulation of Cloud MIsconfiguration AttacksCloud Attacks: A Live Simulation of Cloud MIsconfiguration Attacks
Cloud Attacks: A Live Simulation of Cloud MIsconfiguration Attacks
 
Resolution - Security - Cisco Advanced Malware Protection for Endpoints - Fea...
Resolution - Security - Cisco Advanced Malware Protection for Endpoints - Fea...Resolution - Security - Cisco Advanced Malware Protection for Endpoints - Fea...
Resolution - Security - Cisco Advanced Malware Protection for Endpoints - Fea...
 
MobileSecurityInfographic_v3
MobileSecurityInfographic_v3MobileSecurityInfographic_v3
MobileSecurityInfographic_v3
 
University-of-Miami_MEDINA
University-of-Miami_MEDINAUniversity-of-Miami_MEDINA
University-of-Miami_MEDINA
 
Security Operations Strategies
Security Operations Strategies Security Operations Strategies
Security Operations Strategies
 

Viewers also liked

Xpath Injection
Xpath InjectionXpath Injection
Xpath InjectionAung Khant
 
Web Sphere5 Sec
Web Sphere5 SecWeb Sphere5 Sec
Web Sphere5 SecAung Khant
 
Web Application Security Ny Cyber Sec Conf
Web Application Security Ny Cyber Sec ConfWeb Application Security Ny Cyber Sec Conf
Web Application Security Ny Cyber Sec ConfAung Khant
 
Venise, Venice, Veneza..
Venise, Venice, Veneza..Venise, Venice, Veneza..
Venise, Venice, Veneza..Carlos Marques
 
Web Risk Exposure Intranet
Web Risk Exposure IntranetWeb Risk Exposure Intranet
Web Risk Exposure IntranetAung Khant
 
Web Services Profiling
Web Services ProfilingWeb Services Profiling
Web Services ProfilingAung Khant
 

Viewers also liked (9)

Xpath Injection
Xpath InjectionXpath Injection
Xpath Injection
 
Web Sphere5 Sec
Web Sphere5 SecWeb Sphere5 Sec
Web Sphere5 Sec
 
Web Application Security Ny Cyber Sec Conf
Web Application Security Ny Cyber Sec ConfWeb Application Security Ny Cyber Sec Conf
Web Application Security Ny Cyber Sec Conf
 
Xss Explained
Xss ExplainedXss Explained
Xss Explained
 
Venise, Venice, Veneza..
Venise, Venice, Veneza..Venise, Venice, Veneza..
Venise, Venice, Veneza..
 
Web Risk Exposure Intranet
Web Risk Exposure IntranetWeb Risk Exposure Intranet
Web Risk Exposure Intranet
 
Web Services Profiling
Web Services ProfilingWeb Services Profiling
Web Services Profiling
 
Maldivas Islands
Maldivas IslandsMaldivas Islands
Maldivas Islands
 
Portuguese Walksides
Portuguese WalksidesPortuguese Walksides
Portuguese Walksides
 

Similar to Web App Sec Roadmap

A Beginner's Guide To Cybersecurity For Startups
A Beginner's Guide To Cybersecurity For StartupsA Beginner's Guide To Cybersecurity For Startups
A Beginner's Guide To Cybersecurity For StartupsInvoZone
 
Top 6 Web Application Security Best Practices.pdf
Top 6 Web Application Security Best Practices.pdfTop 6 Web Application Security Best Practices.pdf
Top 6 Web Application Security Best Practices.pdfSolviosTechnology
 
WhiteHat’s 12th Website Security Statistics [Full Report]
WhiteHat’s 12th Website Security Statistics [Full Report]WhiteHat’s 12th Website Security Statistics [Full Report]
WhiteHat’s 12th Website Security Statistics [Full Report]Jeremiah Grossman
 
Best Security Practices for a Web Application
Best Security Practices for a Web Application Best Security Practices for a Web Application
Best Security Practices for a Web Application TriState Technology
 
Streamlining AppSec Policy Definition.pptx
Streamlining AppSec Policy Definition.pptxStreamlining AppSec Policy Definition.pptx
Streamlining AppSec Policy Definition.pptxtmbainjr131
 
Building an AppSec Team Extended Cut
Building an AppSec Team Extended CutBuilding an AppSec Team Extended Cut
Building an AppSec Team Extended CutMike Spaulding
 
Mike Spaulding - Building an Application Security Program
Mike Spaulding - Building an Application Security ProgramMike Spaulding - Building an Application Security Program
Mike Spaulding - Building an Application Security Programcentralohioissa
 
Ass3201 cyber securityassignment
Ass3201 cyber securityassignmentAss3201 cyber securityassignment
Ass3201 cyber securityassignmentharinathinfotech
 
Website Security Statistics Report 2013
Website Security Statistics Report 2013Website Security Statistics Report 2013
Website Security Statistics Report 2013Bee_Ware
 
Essentials of Web Application Security: what it is, why it matters and how to...
Essentials of Web Application Security: what it is, why it matters and how to...Essentials of Web Application Security: what it is, why it matters and how to...
Essentials of Web Application Security: what it is, why it matters and how to...Cenzic
 
Client-Side Penetration Testing Presentation
Client-Side Penetration Testing PresentationClient-Side Penetration Testing Presentation
Client-Side Penetration Testing PresentationChris Gates
 
How to Stand Out in Cybersecurity
How to Stand Out in CybersecurityHow to Stand Out in Cybersecurity
How to Stand Out in CybersecurityJeff Starke
 
Web Application Security - Everything You Should Know
Web Application Security - Everything You Should KnowWeb Application Security - Everything You Should Know
Web Application Security - Everything You Should KnowNarola Infotech
 
Discussion 300 wordsSearch scholar.google.com or your textbook
Discussion 300 wordsSearch scholar.google.com or your textbookDiscussion 300 wordsSearch scholar.google.com or your textbook
Discussion 300 wordsSearch scholar.google.com or your textbookhuttenangela
 
Issa Charlotte 2009 Patching Your Users
Issa Charlotte 2009 Patching Your UsersIssa Charlotte 2009 Patching Your Users
Issa Charlotte 2009 Patching Your UsersMike Murray
 
Networking 2016-06-14 - The Dirty Secrets of Enterprise Security by Kevin Dunn
Networking 2016-06-14 - The Dirty Secrets of Enterprise Security by Kevin DunnNetworking 2016-06-14 - The Dirty Secrets of Enterprise Security by Kevin Dunn
Networking 2016-06-14 - The Dirty Secrets of Enterprise Security by Kevin DunnNorth Texas Chapter of the ISSA
 

Similar to Web App Sec Roadmap (20)

A Beginner's Guide To Cybersecurity For Startups
A Beginner's Guide To Cybersecurity For StartupsA Beginner's Guide To Cybersecurity For Startups
A Beginner's Guide To Cybersecurity For Startups
 
Secure Web Apps Training at Corporate College
Secure Web Apps Training at Corporate CollegeSecure Web Apps Training at Corporate College
Secure Web Apps Training at Corporate College
 
Security Firm Program - Corporate College
Security Firm Program - Corporate CollegeSecurity Firm Program - Corporate College
Security Firm Program - Corporate College
 
Top 6 Web Application Security Best Practices.pdf
Top 6 Web Application Security Best Practices.pdfTop 6 Web Application Security Best Practices.pdf
Top 6 Web Application Security Best Practices.pdf
 
WhiteHat’s 12th Website Security Statistics [Full Report]
WhiteHat’s 12th Website Security Statistics [Full Report]WhiteHat’s 12th Website Security Statistics [Full Report]
WhiteHat’s 12th Website Security Statistics [Full Report]
 
Best Security Practices for a Web Application
Best Security Practices for a Web Application Best Security Practices for a Web Application
Best Security Practices for a Web Application
 
Streamlining AppSec Policy Definition.pptx
Streamlining AppSec Policy Definition.pptxStreamlining AppSec Policy Definition.pptx
Streamlining AppSec Policy Definition.pptx
 
Building an AppSec Team Extended Cut
Building an AppSec Team Extended CutBuilding an AppSec Team Extended Cut
Building an AppSec Team Extended Cut
 
Mike Spaulding - Building an Application Security Program
Mike Spaulding - Building an Application Security ProgramMike Spaulding - Building an Application Security Program
Mike Spaulding - Building an Application Security Program
 
Cloud security
Cloud securityCloud security
Cloud security
 
Ass3201 cyber securityassignment
Ass3201 cyber securityassignmentAss3201 cyber securityassignment
Ass3201 cyber securityassignment
 
Website Security Statistics Report 2013
Website Security Statistics Report 2013Website Security Statistics Report 2013
Website Security Statistics Report 2013
 
Essentials of Web Application Security: what it is, why it matters and how to...
Essentials of Web Application Security: what it is, why it matters and how to...Essentials of Web Application Security: what it is, why it matters and how to...
Essentials of Web Application Security: what it is, why it matters and how to...
 
Client-Side Penetration Testing Presentation
Client-Side Penetration Testing PresentationClient-Side Penetration Testing Presentation
Client-Side Penetration Testing Presentation
 
How to Stand Out in Cybersecurity
How to Stand Out in CybersecurityHow to Stand Out in Cybersecurity
How to Stand Out in Cybersecurity
 
Web Application Security - Everything You Should Know
Web Application Security - Everything You Should KnowWeb Application Security - Everything You Should Know
Web Application Security - Everything You Should Know
 
W verb68
W verb68W verb68
W verb68
 
Discussion 300 wordsSearch scholar.google.com or your textbook
Discussion 300 wordsSearch scholar.google.com or your textbookDiscussion 300 wordsSearch scholar.google.com or your textbook
Discussion 300 wordsSearch scholar.google.com or your textbook
 
Issa Charlotte 2009 Patching Your Users
Issa Charlotte 2009 Patching Your UsersIssa Charlotte 2009 Patching Your Users
Issa Charlotte 2009 Patching Your Users
 
Networking 2016-06-14 - The Dirty Secrets of Enterprise Security by Kevin Dunn
Networking 2016-06-14 - The Dirty Secrets of Enterprise Security by Kevin DunnNetworking 2016-06-14 - The Dirty Secrets of Enterprise Security by Kevin Dunn
Networking 2016-06-14 - The Dirty Secrets of Enterprise Security by Kevin Dunn
 

More from Aung Khant

Introducing Msd
Introducing MsdIntroducing Msd
Introducing MsdAung Khant
 
Securing Php App
Securing Php AppSecuring Php App
Securing Php AppAung Khant
 
Securing Web Server Ibm
Securing Web Server IbmSecuring Web Server Ibm
Securing Web Server IbmAung Khant
 
Security Design Patterns
Security Design PatternsSecurity Design Patterns
Security Design PatternsAung Khant
 
Security Code Review
Security Code ReviewSecurity Code Review
Security Code ReviewAung Khant
 
Security Engineering Executive
Security Engineering ExecutiveSecurity Engineering Executive
Security Engineering ExecutiveAung Khant
 
Security Engineeringwith Patterns
Security Engineeringwith PatternsSecurity Engineeringwith Patterns
Security Engineeringwith PatternsAung Khant
 
Security Web Servers
Security Web ServersSecurity Web Servers
Security Web ServersAung Khant
 
Security Testing Web App
Security Testing Web AppSecurity Testing Web App
Security Testing Web AppAung Khant
 
Session Fixation
Session FixationSession Fixation
Session FixationAung Khant
 
Sql Injection Paper
Sql Injection PaperSql Injection Paper
Sql Injection PaperAung Khant
 
Sql Injection Adv Owasp
Sql Injection Adv OwaspSql Injection Adv Owasp
Sql Injection Adv OwaspAung Khant
 
Php Security Iissues
Php Security IissuesPhp Security Iissues
Php Security IissuesAung Khant
 
Sql Injection White Paper
Sql Injection White PaperSql Injection White Paper
Sql Injection White PaperAung Khant
 
S Vector4 Web App Sec Management
S Vector4 Web App Sec ManagementS Vector4 Web App Sec Management
S Vector4 Web App Sec ManagementAung Khant
 
Php Security Value1
Php Security Value1Php Security Value1
Php Security Value1Aung Khant
 
Privilege Escalation
Privilege EscalationPrivilege Escalation
Privilege EscalationAung Khant
 
Php Security Workshop
Php Security WorkshopPhp Security Workshop
Php Security WorkshopAung Khant
 
Preventing Xs Sin Perl Apache
Preventing Xs Sin Perl ApachePreventing Xs Sin Perl Apache
Preventing Xs Sin Perl ApacheAung Khant
 

More from Aung Khant (20)

Introducing Msd
Introducing MsdIntroducing Msd
Introducing Msd
 
Securing Php App
Securing Php AppSecuring Php App
Securing Php App
 
Securing Web Server Ibm
Securing Web Server IbmSecuring Web Server Ibm
Securing Web Server Ibm
 
Security Design Patterns
Security Design PatternsSecurity Design Patterns
Security Design Patterns
 
Security Code Review
Security Code ReviewSecurity Code Review
Security Code Review
 
Security Engineering Executive
Security Engineering ExecutiveSecurity Engineering Executive
Security Engineering Executive
 
Security Engineeringwith Patterns
Security Engineeringwith PatternsSecurity Engineeringwith Patterns
Security Engineeringwith Patterns
 
Security Web Servers
Security Web ServersSecurity Web Servers
Security Web Servers
 
Security Testing Web App
Security Testing Web AppSecurity Testing Web App
Security Testing Web App
 
Session Fixation
Session FixationSession Fixation
Session Fixation
 
Sql Injection Paper
Sql Injection PaperSql Injection Paper
Sql Injection Paper
 
Sql Injection Adv Owasp
Sql Injection Adv OwaspSql Injection Adv Owasp
Sql Injection Adv Owasp
 
Php Security Iissues
Php Security IissuesPhp Security Iissues
Php Security Iissues
 
Sql Injection White Paper
Sql Injection White PaperSql Injection White Paper
Sql Injection White Paper
 
S Shah Web20
S Shah Web20S Shah Web20
S Shah Web20
 
S Vector4 Web App Sec Management
S Vector4 Web App Sec ManagementS Vector4 Web App Sec Management
S Vector4 Web App Sec Management
 
Php Security Value1
Php Security Value1Php Security Value1
Php Security Value1
 
Privilege Escalation
Privilege EscalationPrivilege Escalation
Privilege Escalation
 
Php Security Workshop
Php Security WorkshopPhp Security Workshop
Php Security Workshop
 
Preventing Xs Sin Perl Apache
Preventing Xs Sin Perl ApachePreventing Xs Sin Perl Apache
Preventing Xs Sin Perl Apache
 

Recently uploaded

Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilV3cube
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 

Recently uploaded (20)

Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of Brazil
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 

Web App Sec Roadmap

  • 1. Web Application Security Roadmap Joe White joe@cyberlocksmith.com Cyberlocksmith April 2008 Version 0.9
  • 2. Background • Web application security is still very much in it’s infancy. • Traditional ‘operations’ teams do not understand web application security risk and are ill-equipped to defend against web application threats. • Many companies are wrestling with web application security and assigning ownership of the entire web application security effort to one person but these companies are still trying to figure out where this person fits into the organization. • Security ‘turf battles’ are inevitable in these situations. • There is no clear separation between where web application security stops and traditional operations security begins.