SlideShare a Scribd company logo

Introduction to Web Security

Y
YasserElsnbary

my presentation is Introduction to web Security with our road-map for our small community

Technology
1 of 14
Download to read offline
Introduction to Web Security
2 WHOAMI • I am Yasser Elsnbary. • Computer science student. • CTF Player • Cyber Security Enthusiast & Penetration Tester wannabe. • Leader of cyber security circle @CATReloaded. • You can find me at @YasserElsnbary2
Agenda • what is web security? • why web security is important ? • apps penetration testing • web application security jobs • bug bounty • How to start • HTTP Proxies • HTTP Protocol • WHY WE SHOULD LEARN THIS 3
What is web security 4
why web security is important ? • Your website is your brand, your storefront, and often your first contact with customers. If it’s not safe and secure, those critical business relationships can be compromised. 5
web application security jobs 6 • You can be an employee at security company as Pen-Tester or freelancer as a Bug Bounty Hunter, so what is the different: 1. Pen-tester 1. Trust With NDA Policy 2. Fixed Salary 3. Estimated time 2. Bug-hunter 1. Many Hunters Experience 2. Army of friendly hackers. 3. 3.Cost-effective solution. 4. Eliminate the risk
Bug Bounty 7
Bug Bounty History 8
Bug Bounty 9
How to start • We in CAT Reloaded have technical circles one of them is cyber security circle which we have a roadmap : http://bit.ly/3aLtpI1 This Roadmap include three path: • Penetration Testing (Specifically in Web Pen Testing: https://bit.ly/38lolZL ) • Reverse Engineering • Network Security • This Road map will take you from level zero to became an expert 10
11 • “ The best way to learn is simply by doing. That is how we learned to hack ’’ Michiel Prins and Jobert Abma Co- Founders, HackerOne
12 Any Question? •You can find me at Twitter: @YasserElsnbary2 Ask: @ElsnbaryYasser
13
THANK YOU!

Recommended

Kludges and PHP. Why Should You Use a WAF?
Kludges and PHP. Why Should You Use a WAF?Kludges and PHP. Why Should You Use a WAF?
Kludges and PHP. Why Should You Use a WAF?Sucuri
 
Hacker Halted Miami , USA 2010
Hacker Halted Miami , USA 2010Hacker Halted Miami , USA 2010
Hacker Halted Miami , USA 2010Aditya K Sood
 
Sızma Testi Metodolojileri
Sızma Testi MetodolojileriSızma Testi Metodolojileri
Sızma Testi MetodolojileriPRISMA CSI
 
1
11
1craigslistposting
 
Startups Security
Startups SecurityStartups Security
Startups SecurityAkash Mahajan
 
Secure wordpress site
Secure wordpress siteSecure wordpress site
Secure wordpress sitefirojkhansahu
 
Wordpress security best practices - WordCamp Waukesha 2017
Wordpress security best practices - WordCamp Waukesha 2017Wordpress security best practices - WordCamp Waukesha 2017
Wordpress security best practices - WordCamp Waukesha 2017vdrover
 
TechEvent 2019: Security 101 für Web Entwickler; Roland Krüger - Trivadis
TechEvent 2019: Security 101 für Web Entwickler; Roland Krüger - TrivadisTechEvent 2019: Security 101 für Web Entwickler; Roland Krüger - Trivadis
TechEvent 2019: Security 101 für Web Entwickler; Roland Krüger - TrivadisTrivadis
 

Recommended

Kludges and PHP. Why Should You Use a WAF?
Kludges and PHP. Why Should You Use a WAF?Kludges and PHP. Why Should You Use a WAF?
Kludges and PHP. Why Should You Use a WAF?Sucuri
 
Hacker Halted Miami , USA 2010
Hacker Halted Miami , USA 2010Hacker Halted Miami , USA 2010
Hacker Halted Miami , USA 2010Aditya K Sood
 
Sızma Testi Metodolojileri
Sızma Testi MetodolojileriSızma Testi Metodolojileri
Sızma Testi MetodolojileriPRISMA CSI
 
1
11
1craigslistposting
 
Startups Security
Startups SecurityStartups Security
Startups SecurityAkash Mahajan
 
Secure wordpress site
Secure wordpress siteSecure wordpress site
Secure wordpress sitefirojkhansahu
 
Wordpress security best practices - WordCamp Waukesha 2017
Wordpress security best practices - WordCamp Waukesha 2017Wordpress security best practices - WordCamp Waukesha 2017
Wordpress security best practices - WordCamp Waukesha 2017vdrover
 
TechEvent 2019: Security 101 für Web Entwickler; Roland Krüger - Trivadis
TechEvent 2019: Security 101 für Web Entwickler; Roland Krüger - TrivadisTechEvent 2019: Security 101 für Web Entwickler; Roland Krüger - Trivadis
TechEvent 2019: Security 101 für Web Entwickler; Roland Krüger - TrivadisTrivadis
 
RUNNING A SECURITY CHECK FOR YOUR WORDPRESS SITE
RUNNING A SECURITY CHECK FOR YOUR WORDPRESS SITERUNNING A SECURITY CHECK FOR YOUR WORDPRESS SITE
RUNNING A SECURITY CHECK FOR YOUR WORDPRESS SITEAcodez IT Solutions
 
Cyber security considerations for Small and Medium Businesses
Cyber security considerations for Small and Medium BusinessesCyber security considerations for Small and Medium Businesses
Cyber security considerations for Small and Medium Businessesebusinessmantra
 
CSRF
CSRFCSRF
CSRFAkanksha Raikwar
 
How To [relatively] Secure your Web Applications
How To [relatively] Secure your Web ApplicationsHow To [relatively] Secure your Web Applications
How To [relatively] Secure your Web ApplicationsAmmar WK
 
Defending web applications AISA Techday 2011 Perth
Defending web applications AISA Techday 2011 PerthDefending web applications AISA Techday 2011 Perth
Defending web applications AISA Techday 2011 PerthChristian Frichot
 
How to Boost Your Magento Store Security?
How to Boost Your Magento Store Security?How to Boost Your Magento Store Security?
How to Boost Your Magento Store Security?Bryan Walters
 
When your CEO asks, "Are we secure?" what do you say?
When your CEO asks, "Are we secure?" what do you say?When your CEO asks, "Are we secure?" what do you say?
When your CEO asks, "Are we secure?" what do you say?Tenable Network Security
 
4 . future uni presentation
4 . future uni presentation4 . future uni presentation
4 . future uni presentationRashid Khatmey
 
[1.1] Почему вам стоит поучаствовать в жизни OWASP Russia - Александр Антух
[1.1] Почему вам стоит поучаствовать в жизни OWASP Russia - Александр Антух[1.1] Почему вам стоит поучаствовать в жизни OWASP Russia - Александр Антух
[1.1] Почему вам стоит поучаствовать в жизни OWASP Russia - Александр АнтухOWASP Russia
 
WHS-hackability-Index-083013
WHS-hackability-Index-083013WHS-hackability-Index-083013
WHS-hackability-Index-083013Janis Weiss
 
HOW TO PROTECT YOUR WORDPRESS WEBSITE FROM HACKERS
HOW TO PROTECT YOUR WORDPRESS WEBSITE FROM HACKERSHOW TO PROTECT YOUR WORDPRESS WEBSITE FROM HACKERS
HOW TO PROTECT YOUR WORDPRESS WEBSITE FROM HACKERSElsner Technologies Pvt Ltd
 
A Journey Into Pen-tester land: Myths or Facts!
A Journey Into Pen-tester land: Myths or Facts!A Journey Into Pen-tester land: Myths or Facts!
A Journey Into Pen-tester land: Myths or Facts!Ammar WK
 
Why Depending On Malware Prevention Alone Is No Longer An Option
Why Depending On Malware Prevention Alone Is No Longer An Option Why Depending On Malware Prevention Alone Is No Longer An Option
Why Depending On Malware Prevention Alone Is No Longer An Option Seculert
 
English Exam 21.12.2013
English Exam 21.12.2013English Exam 21.12.2013
English Exam 21.12.2013chrisgabmas
 
Computer Security and the Web (1)
Computer Security and the Web (1)Computer Security and the Web (1)
Computer Security and the Web (1)Richard Stone
 
Intro to INFOSEC
Intro to INFOSECIntro to INFOSEC
Intro to INFOSECSean Whalen
 
Penetration testing must die
Penetration testing must diePenetration testing must die
Penetration testing must dieSecurity BSides London
 
Zen and the art of Security Testing
Zen and the art of Security TestingZen and the art of Security Testing
Zen and the art of Security TestingTEST Huddle
 
Core define and_win_cmd_line gr
Core define and_win_cmd_line grCore define and_win_cmd_line gr
Core define and_win_cmd_line grFrancisco Anastácio
 
Professional Hacking in 2011
Professional Hacking in 2011Professional Hacking in 2011
Professional Hacking in 2011securityaegis
 
Life as an enterprise security geek from underground. (What enterprises want ...
Life as an enterprise security geek from underground. (What enterprises want ...Life as an enterprise security geek from underground. (What enterprises want ...
Life as an enterprise security geek from underground. (What enterprises want ...LINE Corporation
 
How to Destroy a Database
How to Destroy a DatabaseHow to Destroy a Database
How to Destroy a DatabaseJohn Ashmead
 

More Related Content

What's hot

RUNNING A SECURITY CHECK FOR YOUR WORDPRESS SITE
RUNNING A SECURITY CHECK FOR YOUR WORDPRESS SITERUNNING A SECURITY CHECK FOR YOUR WORDPRESS SITE
RUNNING A SECURITY CHECK FOR YOUR WORDPRESS SITEAcodez IT Solutions
 
Cyber security considerations for Small and Medium Businesses
Cyber security considerations for Small and Medium BusinessesCyber security considerations for Small and Medium Businesses
Cyber security considerations for Small and Medium Businessesebusinessmantra
 
How To [relatively] Secure your Web Applications
How To [relatively] Secure your Web ApplicationsHow To [relatively] Secure your Web Applications
How To [relatively] Secure your Web ApplicationsAmmar WK
 
Defending web applications AISA Techday 2011 Perth
Defending web applications AISA Techday 2011 PerthDefending web applications AISA Techday 2011 Perth
Defending web applications AISA Techday 2011 PerthChristian Frichot
 
How to Boost Your Magento Store Security?
How to Boost Your Magento Store Security?How to Boost Your Magento Store Security?
How to Boost Your Magento Store Security?Bryan Walters
 
When your CEO asks, "Are we secure?" what do you say?
When your CEO asks, "Are we secure?" what do you say?When your CEO asks, "Are we secure?" what do you say?
When your CEO asks, "Are we secure?" what do you say?Tenable Network Security
 
4 . future uni presentation
4 . future uni presentation4 . future uni presentation
4 . future uni presentationRashid Khatmey
 
[1.1] Почему вам стоит поучаствовать в жизни OWASP Russia - Александр Антух
[1.1] Почему вам стоит поучаствовать в жизни OWASP Russia - Александр Антух[1.1] Почему вам стоит поучаствовать в жизни OWASP Russia - Александр Антух
[1.1] Почему вам стоит поучаствовать в жизни OWASP Russia - Александр АнтухOWASP Russia
 
WHS-hackability-Index-083013
WHS-hackability-Index-083013WHS-hackability-Index-083013
WHS-hackability-Index-083013Janis Weiss
 
HOW TO PROTECT YOUR WORDPRESS WEBSITE FROM HACKERS
HOW TO PROTECT YOUR WORDPRESS WEBSITE FROM HACKERSHOW TO PROTECT YOUR WORDPRESS WEBSITE FROM HACKERS
HOW TO PROTECT YOUR WORDPRESS WEBSITE FROM HACKERSElsner Technologies Pvt Ltd
 
A Journey Into Pen-tester land: Myths or Facts!
A Journey Into Pen-tester land: Myths or Facts!A Journey Into Pen-tester land: Myths or Facts!
A Journey Into Pen-tester land: Myths or Facts!Ammar WK
 
Why Depending On Malware Prevention Alone Is No Longer An Option
Why Depending On Malware Prevention Alone Is No Longer An Option Why Depending On Malware Prevention Alone Is No Longer An Option
Why Depending On Malware Prevention Alone Is No Longer An Option Seculert
 
English Exam 21.12.2013
English Exam 21.12.2013English Exam 21.12.2013
English Exam 21.12.2013chrisgabmas
 
Computer Security and the Web (1)
Computer Security and the Web (1)Computer Security and the Web (1)
Computer Security and the Web (1)Richard Stone
 

What's hot (15)

RUNNING A SECURITY CHECK FOR YOUR WORDPRESS SITE
RUNNING A SECURITY CHECK FOR YOUR WORDPRESS SITERUNNING A SECURITY CHECK FOR YOUR WORDPRESS SITE
RUNNING A SECURITY CHECK FOR YOUR WORDPRESS SITE
 
Cyber security considerations for Small and Medium Businesses
Cyber security considerations for Small and Medium BusinessesCyber security considerations for Small and Medium Businesses
Cyber security considerations for Small and Medium Businesses
 
CSRF
CSRFCSRF
CSRF
 
How To [relatively] Secure your Web Applications
How To [relatively] Secure your Web ApplicationsHow To [relatively] Secure your Web Applications
How To [relatively] Secure your Web Applications
 
Defending web applications AISA Techday 2011 Perth
Defending web applications AISA Techday 2011 PerthDefending web applications AISA Techday 2011 Perth
Defending web applications AISA Techday 2011 Perth
 
How to Boost Your Magento Store Security?
How to Boost Your Magento Store Security?How to Boost Your Magento Store Security?
How to Boost Your Magento Store Security?
 
When your CEO asks, "Are we secure?" what do you say?
When your CEO asks, "Are we secure?" what do you say?When your CEO asks, "Are we secure?" what do you say?
When your CEO asks, "Are we secure?" what do you say?
 
4 . future uni presentation
4 . future uni presentation4 . future uni presentation
4 . future uni presentation
 
[1.1] Почему вам стоит поучаствовать в жизни OWASP Russia - Александр Антух
[1.1] Почему вам стоит поучаствовать в жизни OWASP Russia - Александр Антух[1.1] Почему вам стоит поучаствовать в жизни OWASP Russia - Александр Антух
[1.1] Почему вам стоит поучаствовать в жизни OWASP Russia - Александр Антух
 
WHS-hackability-Index-083013
WHS-hackability-Index-083013WHS-hackability-Index-083013
WHS-hackability-Index-083013
 
HOW TO PROTECT YOUR WORDPRESS WEBSITE FROM HACKERS
HOW TO PROTECT YOUR WORDPRESS WEBSITE FROM HACKERSHOW TO PROTECT YOUR WORDPRESS WEBSITE FROM HACKERS
HOW TO PROTECT YOUR WORDPRESS WEBSITE FROM HACKERS
 
A Journey Into Pen-tester land: Myths or Facts!
A Journey Into Pen-tester land: Myths or Facts!A Journey Into Pen-tester land: Myths or Facts!
A Journey Into Pen-tester land: Myths or Facts!
 
Why Depending On Malware Prevention Alone Is No Longer An Option
Why Depending On Malware Prevention Alone Is No Longer An Option Why Depending On Malware Prevention Alone Is No Longer An Option
Why Depending On Malware Prevention Alone Is No Longer An Option
 
English Exam 21.12.2013
English Exam 21.12.2013English Exam 21.12.2013
English Exam 21.12.2013
 
Computer Security and the Web (1)
Computer Security and the Web (1)Computer Security and the Web (1)
Computer Security and the Web (1)
 

Similar to Introduction to Web Security

Intro to INFOSEC
Intro to INFOSECIntro to INFOSEC
Intro to INFOSECSean Whalen
 
Zen and the art of Security Testing
Zen and the art of Security TestingZen and the art of Security Testing
Zen and the art of Security TestingTEST Huddle
 
Professional Hacking in 2011
Professional Hacking in 2011Professional Hacking in 2011
Professional Hacking in 2011securityaegis
 
Life as an enterprise security geek from underground. (What enterprises want ...
Life as an enterprise security geek from underground. (What enterprises want ...Life as an enterprise security geek from underground. (What enterprises want ...
Life as an enterprise security geek from underground. (What enterprises want ...LINE Corporation
 
How to Destroy a Database
How to Destroy a DatabaseHow to Destroy a Database
How to Destroy a DatabaseJohn Ashmead
 
Top 20 certified ethical hacker interview questions and answer
Top 20 certified ethical hacker interview questions and answerTop 20 certified ethical hacker interview questions and answer
Top 20 certified ethical hacker interview questions and answerShivamSharma909
 
Survey Presentation About Application Security
Survey Presentation About Application SecuritySurvey Presentation About Application Security
Survey Presentation About Application SecurityNicholas Davis
 
The Myth of The Iron Triangle in Security
The Myth of The Iron Triangle in SecurityThe Myth of The Iron Triangle in Security
The Myth of The Iron Triangle in SecuritySherif Mansour
 
Web Application Security And Getting Into Bug Bounties
Web Application Security And Getting Into Bug BountiesWeb Application Security And Getting Into Bug Bounties
Web Application Security And Getting Into Bug Bountieskunwaratul hax0r
 
Top Security Challenges Facing Credit Unions Today
Top Security Challenges Facing Credit Unions TodayTop Security Challenges Facing Credit Unions Today
Top Security Challenges Facing Credit Unions TodayChris Gates
 
Staying safe on the internet
Staying safe on the internetStaying safe on the internet
Staying safe on the internetArthur Landry
 
Hacking hired [Forecasting 2021] Jan 2021
Hacking hired [Forecasting 2021] Jan 2021Hacking hired [Forecasting 2021] Jan 2021
Hacking hired [Forecasting 2021] Jan 2021Rachel Harpley
 
What Every Developer And Tester Should Know About Software Security
What Every Developer And Tester Should Know About Software SecurityWhat Every Developer And Tester Should Know About Software Security
What Every Developer And Tester Should Know About Software SecurityAnne Oikarinen
 
Just4Meeting 2012 - How to protect your web applications
Just4Meeting 2012 - How to protect your web applicationsJust4Meeting 2012 - How to protect your web applications
Just4Meeting 2012 - How to protect your web applicationsMagno Logan
 
Vulnerability Assessment and Penetration Testing Framework by Falgun Rathod
Vulnerability Assessment and Penetration Testing Framework by Falgun RathodVulnerability Assessment and Penetration Testing Framework by Falgun Rathod
Vulnerability Assessment and Penetration Testing Framework by Falgun RathodFalgun Rathod
 
apidays LIVE India - 10 steps to secure your API by Pabitra Kumar Sahoo, Qual...
apidays LIVE India - 10 steps to secure your API by Pabitra Kumar Sahoo, Qual...apidays LIVE India - 10 steps to secure your API by Pabitra Kumar Sahoo, Qual...
apidays LIVE India - 10 steps to secure your API by Pabitra Kumar Sahoo, Qual...apidays
 
How to Get the Most Out of Security Tools
How to Get the Most Out of Security ToolsHow to Get the Most Out of Security Tools
How to Get the Most Out of Security ToolsSecurity Innovation
 
Identifying a Compromised WordPress Site
Identifying a Compromised WordPress SiteIdentifying a Compromised WordPress Site
Identifying a Compromised WordPress SiteChris Burgess
 

Similar to Introduction to Web Security (20)

Intro to INFOSEC
Intro to INFOSECIntro to INFOSEC
Intro to INFOSEC
 
Penetration testing must die
Penetration testing must diePenetration testing must die
Penetration testing must die
 
Zen and the art of Security Testing
Zen and the art of Security TestingZen and the art of Security Testing
Zen and the art of Security Testing
 
Core define and_win_cmd_line gr
Core define and_win_cmd_line grCore define and_win_cmd_line gr
Core define and_win_cmd_line gr
 
Professional Hacking in 2011
Professional Hacking in 2011Professional Hacking in 2011
Professional Hacking in 2011
 
Life as an enterprise security geek from underground. (What enterprises want ...
Life as an enterprise security geek from underground. (What enterprises want ...Life as an enterprise security geek from underground. (What enterprises want ...
Life as an enterprise security geek from underground. (What enterprises want ...
 
How to Destroy a Database
How to Destroy a DatabaseHow to Destroy a Database
How to Destroy a Database
 
Top 20 certified ethical hacker interview questions and answer
Top 20 certified ethical hacker interview questions and answerTop 20 certified ethical hacker interview questions and answer
Top 20 certified ethical hacker interview questions and answer
 
Survey Presentation About Application Security
Survey Presentation About Application SecuritySurvey Presentation About Application Security
Survey Presentation About Application Security
 
The Myth of The Iron Triangle in Security
The Myth of The Iron Triangle in SecurityThe Myth of The Iron Triangle in Security
The Myth of The Iron Triangle in Security
 
Web Application Security And Getting Into Bug Bounties
Web Application Security And Getting Into Bug BountiesWeb Application Security And Getting Into Bug Bounties
Web Application Security And Getting Into Bug Bounties
 
Top Security Challenges Facing Credit Unions Today
Top Security Challenges Facing Credit Unions TodayTop Security Challenges Facing Credit Unions Today
Top Security Challenges Facing Credit Unions Today
 
Staying safe on the internet
Staying safe on the internetStaying safe on the internet
Staying safe on the internet
 
Hacking hired [Forecasting 2021] Jan 2021
Hacking hired [Forecasting 2021] Jan 2021Hacking hired [Forecasting 2021] Jan 2021
Hacking hired [Forecasting 2021] Jan 2021
 
What Every Developer And Tester Should Know About Software Security
What Every Developer And Tester Should Know About Software SecurityWhat Every Developer And Tester Should Know About Software Security
What Every Developer And Tester Should Know About Software Security
 
Just4Meeting 2012 - How to protect your web applications
Just4Meeting 2012 - How to protect your web applicationsJust4Meeting 2012 - How to protect your web applications
Just4Meeting 2012 - How to protect your web applications
 
Vulnerability Assessment and Penetration Testing Framework by Falgun Rathod
Vulnerability Assessment and Penetration Testing Framework by Falgun RathodVulnerability Assessment and Penetration Testing Framework by Falgun Rathod
Vulnerability Assessment and Penetration Testing Framework by Falgun Rathod
 
apidays LIVE India - 10 steps to secure your API by Pabitra Kumar Sahoo, Qual...
apidays LIVE India - 10 steps to secure your API by Pabitra Kumar Sahoo, Qual...apidays LIVE India - 10 steps to secure your API by Pabitra Kumar Sahoo, Qual...
apidays LIVE India - 10 steps to secure your API by Pabitra Kumar Sahoo, Qual...
 
How to Get the Most Out of Security Tools
How to Get the Most Out of Security ToolsHow to Get the Most Out of Security Tools
How to Get the Most Out of Security Tools
 
Identifying a Compromised WordPress Site
Identifying a Compromised WordPress SiteIdentifying a Compromised WordPress Site
Identifying a Compromised WordPress Site
 

Recently uploaded

Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?XfilesPro
 
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsSnow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsHyundai Motor Group
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your BudgetHyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your BudgetEnjoy Anytime
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 

Recently uploaded (20)

Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?
 
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsSnow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your BudgetHyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 

Introduction to Web Security

  • 2. 2 WHOAMI • I am Yasser Elsnbary. • Computer science student. • CTF Player • Cyber Security Enthusiast & Penetration Tester wannabe. • Leader of cyber security circle @CATReloaded. • You can find me at @YasserElsnbary2
  • 3. Agenda • what is web security? • why web security is important ? • apps penetration testing • web application security jobs • bug bounty • How to start • HTTP Proxies • HTTP Protocol • WHY WE SHOULD LEARN THIS 3
  • 4. What is web security 4
  • 5. why web security is important ? • Your website is your brand, your storefront, and often your first contact with customers. If it’s not safe and secure, those critical business relationships can be compromised. 5
  • 6. web application security jobs 6 • You can be an employee at security company as Pen-Tester or freelancer as a Bug Bounty Hunter, so what is the different: 1. Pen-tester 1. Trust With NDA Policy 2. Fixed Salary 3. Estimated time 2. Bug-hunter 1. Many Hunters Experience 2. Army of friendly hackers. 3. 3.Cost-effective solution. 4. Eliminate the risk
  • 10. How to start • We in CAT Reloaded have technical circles one of them is cyber security circle which we have a roadmap : http://bit.ly/3aLtpI1 This Roadmap include three path: • Penetration Testing (Specifically in Web Pen Testing: https://bit.ly/38lolZL ) • Reverse Engineering • Network Security • This Road map will take you from level zero to became an expert 10
  • 11. 11 • “ The best way to learn is simply by doing. That is how we learned to hack ’’ Michiel Prins and Jobert Abma Co- Founders, HackerOne
  • 12. 12 Any Question? •You can find me at Twitter: @YasserElsnbary2 Ask: @ElsnbaryYasser
  • 13. 13