Web application security

1,115 views

Published on

This talk is designed for people interested in the concepts of web application security but maybe have never been involved with it before or on the other side of the coin i.e. developers. Using Open Source frameworks and tools we discuss an approach to a couple of well known vulnerabilities and demonstrate how these can be fixed well (and not so well). The talk also give the audience a "take away" in the form of further exercises that can be done in order to learn more about the security side of web applications and PHP in particular.

Published in: Technology
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
1,115
On SlideShare
0
From Embeds
0
Number of Embeds
6
Actions
Shares
0
Downloads
25
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

Web application security

  1. 1. Web Application Security: PHP<br />Thomas Mackenzie<br />
  2. 2. $ whois spiderlabs.tom<br />
  3. 3. Tom Mackenzie<br /><ul><li>Web Application Security
  4. 4. @tmacuk
  5. 5. http://www.tmacuk.co.uk
  6. 6. http://www.upsploit.com
  7. 7. Podcast</li></ul>PUBOTD<br />
  8. 8. About SpiderLabs ®<br />Incident Response<br />Pentesting<br />Application Security<br />Research & Development<br />Global Security Report<br />Security Conferences<br />
  9. 9. About SpiderLabs®<br /><ul><li>Formed in 2005 to serve a growing need for deep technical professional services within Trustwave’s client base.
  10. 10. SpiderLabs is the advanced security team at Trustwave.
  11. 11. SpiderLabs provides thought leadership to the entire Trustwave organisation and our clients.</li></ul>In 2009 and 2010, Trustwave’s SpiderLabs responded to over 400 incidents and performed nearly 4,500 penetrations tests for organisations in over 50 different countries. <br />Featured Speakers at:<br />
  12. 12. Introduction<br />
  13. 13. Expectations<br /><ul><li>PHP
  14. 14. Code and Security
  15. 15. Live Demos
  16. 16. Best Practices
  17. 17. DIY</li></ul>PUBOTD<br />
  18. 18. DVWA – Damn Vulnerable Web App<br />
  19. 19. About DVWA<br /><ul><li>Ryan Dewhurst - @ethicalhack3r
  20. 20. Damn Vulnerable?
  21. 21. Security Levels
  22. 22. PHP & MySQL / PostgreSQL
  23. 23. http://code.google.com/p/dvwa/</li></ul>PUBOTD<br />
  24. 24. About DVWA<br /><ul><li>How can you help?
  25. 25. Open Source
  26. 26. Contributors
  27. 27. Fork
  28. 28. Ideas!
  29. 29. Ideas?</li></ul>PUBOTD<br />
  30. 30. Live Demo<br />
  31. 31. Best Practices <br />
  32. 32. OWASP<br /><ul><li>Books
  33. 33. Cheat Sheets
  34. 34. People
  35. 35. Events
  36. 36. Projects</li></ul>PUBOTD<br />
  37. 37. Intercepting Proxies<br /><ul><li>Burp Suite / BS Pro
  38. 38. ZAP
  39. 39. Paros</li></ul>PUBOTD<br />
  40. 40. Live Demo<br />
  41. 41. Links<br />
  42. 42. Links<br /><ul><li>http://www.dvwa.co.uk
  43. 43. http://www.owasp.org
  44. 44. http://portswigger.net/burp/
  45. 45. https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project
  46. 46. http://www.parosproxy.org/
  47. 47. https://www.owasp.org/index.php/OWASP_Testing_Project
  48. 48. http://mdsec.net/wahh/
  49. 49. http://blog.spiderlabs.com
  50. 50. https://www.trustwave.com/apppentest.php</li></li></ul><li>SpiderLabs Research Reports<br />WHID Report<br />Global Security Report<br />
  51. 51. Contact<br /><ul><li>tmackenzie@trustwave.com
  52. 52. http://www.tmacuk.co.uk</li>

×