Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
THE ENEMY ON THE WEBhttp://www.flickr.com/photos/8407953@N03/5990642198/
The web is extremely popular.   (Web1.0, Web 2.0, Web 3.0)
It was not suppose to be. It was destined to be.    (Web 1.0 -> Web 2.0 -> Web 3.0?)
numerous tech cobbled to make an incredible app                delivery platform(HTML5+CSS3+ES5+DOM+Node/PHP/Java+MongoDB/...
Today Web is extremely dominant.    And anything dominant getsscrutinized, misused, worse attacked.        So, WHO ARE THEY?
Usually 3 kinds!
SO WHAT THEY WANT?
Deface. Steal Credentials. Malware
For Root Cause #1. Let’s go back a few decades. The telecom of 60’s – 80’s used in-band signaling.i.e. sending control inf...
In-band signaling in web a.k.a XSS
In-band signaling in web a.k.a SQL Injection
Root Cause #2 Insecure mashups:    Ads, 3rd Parties, Customers
Iframe malicious redirect attacks
Drive-by-download/malware attacks
But we have Firewalls, IDS, XYZ, ABC, 123.And we also undergo pen test, code review, etc.         Q: Did it solve your pro...
Why chase the symptom?   Lets fix the problem
The Golden Rule. Defensive Coding.Everything has bad parts. Did you subset the language                                   ...
Adopt/Build app frameworks that can bear the attack.                One’s that auto-defend. Auto Sanitize.             Lik...
Learn and Implement New Techniques.              (CSP, ES5, HTML5 Sandbox, PostMessage)WARNING: Watch production readiness...
twitter: b1shan               Email: c70n3r@gmail.comblog: http://bishankochher.blogspot.com/
Upcoming SlideShare
Loading in …5
×

The Enemy On The Web

2,499 views

Published on

Published in: Technology, Design
  • Be the first to comment

  • Be the first to like this

The Enemy On The Web

  1. 1. THE ENEMY ON THE WEBhttp://www.flickr.com/photos/8407953@N03/5990642198/
  2. 2. The web is extremely popular. (Web1.0, Web 2.0, Web 3.0)
  3. 3. It was not suppose to be. It was destined to be. (Web 1.0 -> Web 2.0 -> Web 3.0?)
  4. 4. numerous tech cobbled to make an incredible app delivery platform(HTML5+CSS3+ES5+DOM+Node/PHP/Java+MongoDB/ MySQL)
  5. 5. Today Web is extremely dominant. And anything dominant getsscrutinized, misused, worse attacked. So, WHO ARE THEY?
  6. 6. Usually 3 kinds!
  7. 7. SO WHAT THEY WANT?
  8. 8. Deface. Steal Credentials. Malware
  9. 9. For Root Cause #1. Let’s go back a few decades. The telecom of 60’s – 80’s used in-band signaling.i.e. sending control info and data on same channel. Then came the free long distance calls.
  10. 10. In-band signaling in web a.k.a XSS
  11. 11. In-band signaling in web a.k.a SQL Injection
  12. 12. Root Cause #2 Insecure mashups: Ads, 3rd Parties, Customers
  13. 13. Iframe malicious redirect attacks
  14. 14. Drive-by-download/malware attacks
  15. 15. But we have Firewalls, IDS, XYZ, ABC, 123.And we also undergo pen test, code review, etc. Q: Did it solve your problem?
  16. 16. Why chase the symptom? Lets fix the problem
  17. 17. The Golden Rule. Defensive Coding.Everything has bad parts. Did you subset the language you use?
  18. 18. Adopt/Build app frameworks that can bear the attack. One’s that auto-defend. Auto Sanitize. Like MVC templates with auto-encoding. Like NoSQL DBs, free of SQL Injection.
  19. 19. Learn and Implement New Techniques. (CSP, ES5, HTML5 Sandbox, PostMessage)WARNING: Watch production readiness at http://www.browserscope.org/?category=security&v=top
  20. 20. twitter: b1shan Email: c70n3r@gmail.comblog: http://bishankochher.blogspot.com/

×