Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

See Web Security Trend from OWASP Top 10 - 2017

170 views

Published on

OWASP Top 10 is the most well-known web security awareness document. From the first publication in 2003 till the latest one of 2017, OWASP Top 10 has become the de facto application security standard.

OWASP Top 10 – 2017 can be the best start for your journey on application security. The speaker will introduce the OWASP Top 10 structure, historical comparison, and the latest trends. Besides, the speaker will also introduce other popular application security documents and tools for developers, security testers and application managers.

Published in: Internet
  • Be the first to comment

See Web Security Trend from OWASP Top 10 - 2017

  1. 1. • • • SECURITY TRAINING • WEB SECURITY TESTER • TRANSLATED • • REVIEWER
  2. 2. Symantec 2017 Internet Security Threat Report
  3. 3. - Verizon 2017 Data Breach Investigations Report - Symantec 2018 Internet Security Threat Report
  4. 4. • • • • • COMMUNITIES • APIS • APPLICATION MANAGERS
  5. 5. • • • UNTRUSTED DATA INPUT • • PARAMETERIZED STATEMENT • • •
  6. 6. • • • • • MULTI-FACTOR AUTHENTICATION • • •
  7. 7. • • GDPR • • • • AT REST IN TRANSIT •
  8. 8. • • • EXTERNAL ENTITY • SSRF • • • • • • STATIC SCANNER
  9. 9. • • DIFFICULT! • BAD DESIGN • • • • DENY BY DEFAULT • ACCESS CONTROL MATRIX • • • •
  10. 10. • MOST PREVALENT ONE • • • • • • • CLOUD STORAGE
  11. 11. • • INJECT CLIENT-SIDE SCRIPTS • • • XSS ESCAPE • • CONTENT SECURITY POLICY
  12. 12. • • • REMOTE CODE EXECUTION PRIVILEGE ELEVATION • • • INTEGRITY CHECK DIGITAL SIGNATURE • IN LOW PRIVILEGE •
  13. 13. • • LIBRARIES AND FRAMEWORKS • VERSIONS • • • INVENTORY • UNNECESSARY FEATURES • OWASP DEPENDENCY CHECK • NRI 2017 Cyber Security Trend Review
  14. 14. • • 200 DAYS • • • • • • • OWASP APPSENSOR
  15. 15. • API • MICROSERVICES • SINGLE PAGE APPLICATIONS • COMMUNITY INPUT • • APPLICATION MANAGERS • • • BUDGETING • •
  16. 16. • CROSS-SITE REQUEST FORGERY (CSRF) • CSRF TOKEN • • UNVALIDATED REDIRECT AND FORWARDS • • • OPEN REDIRECT RESULTS IN XSS
  17. 17. • KEEP GOING • ASVS • • CHEAT SHEETS • • PROACTIVE CONTROL • • INTRUSION DETECTI • • ZAP
  18. 18. SHIFT LEFT, RIGHT AND EVERYWHERE! MAY SECURITY BE WITH YOU!

×