SlideShare a Scribd company logo

Delhi The Second Adventure

n|u - The Open Security Community
n|u - The Open Security Community

null Delhi Special Meeting - with Joerg Simon

EducationTechnology
1 of 60
Download to read offline
Delhi the Second Adventure Thorough, Safe and Secure Fabian + Joerg jsimon@fedoraproject.org http://fedoraproject.org
/me
3 3Communication Security [ and this! ]
[ Security Lab ] A Linux based open source test- and education platform for - security-auditing - forensics - penetration-testing
[ History: @ foss.in Bangalore 2009 ] - pick up the Idea - give it a home - http://fedorahosted.org/security-spin/ - Contributor Wishlist – https://bugzilla.redhat.com/show_bug.cgi?id=563471 - Improve spin section content – went to spins.fedoraproject.org/security - move to SLiM as desktop manager – moved to SLiM -> moved to LXDM ... - move to LXDE as window manager – we moved to LXDE -> move to XFCE in Fedora20 - become a official spin in Fedora 13 – we made it as a official Fedora Security Spin in Fedora 13, 14, 15, 16, 17 and will be for 18 - LIMITS - Webapplication testing tools + implementing OSSTMM upstreams – we packaged SCARE, unicornscan also brought up limits of a large FOSS Project - become the official OSSTMM Distro – ISECOM´s Pete Herzog announced OSSTMM Lab as the “New live linux distro for OSSTMM users” - on 12.September 2012 - new features in the current Version of the OSL (v3.8b4 (F17))with input from the ISECOM HHS Team! - collect input and suggestions - Working on a Test-Bench for Students
[ possible benefits ] - usecase for the FSL - new cool upstreams - implemented methodology - fedora get taught along the OSSTMM
OSSTMM- Lab Modified Version of the Fedora Security Lab Packaging upstream Tools from the OSSTMM Team A stable platform for teaching the curriculum For OSSTMM and HHS Integrate the Methodology Flow Into one possible Toolset [ benefits ]
9 9 HIC Audit Services [ From Risk to Operations ]
From Risk to Operations
12 12 [ but we have problem ]
[ Security - Industry ]
 Comply!? But not secure? Blocked?  Get the Audit Result you need? But not secure? Blocked?  Secure? But not compliant? Blocked? [ Compliance? ] Quelle: OSSTMM ISECOM
Spend your money on „Bad Security“?
17 17Communication Security Security ? Cloud – Social Media – Mobile Plattform
18 18Communication Security Trusts neue Angriffsvektoren!
[ Reports Management & Real world compatible ] [ reproducible with the right Standards & Methods! ] [ neutral unbiased by relying on Open Standards ] [ comparable real working Metrics – based on scientific research ]
[ know ] - a way for proper testing!
[ there is a Open Source way]  How do current operations work?  How do they work differently from how management thinks they work?  How do they need to work?
22 22 HIC Audit Services [ Controls <> Trusts ] [ Security <> Safety? ] [ Operations ] [ Compliance ] [ the terrible truth? ]
Human risk will never change „In Security people are as much a part of the process as are the machines.“ derived from ISECOM, OSSTMM 3.0
● Industrie    74,49% ● Military   97,16%  ● Banks 84,36% ● Software­Vendors   73,12% ● Politik   76,58%
Usual testing synonyms Blind/Blackbox Pentest Graybox/Chrystal/RedTeam Social Engineering WarDriving WarDialing Configuration­Reviews Code Reviews [ common sence ]
[ testpath ]
 False Positive (Status true – although untrue)   False Negative (Status untrue – although true)  GrayPositive (Status always true)  Gray Negative (always untrue)  Specter (true or untrue ­ anomaly)  Indiscretion (true or untrue ­ timedependency)  Entropy Error (true or untrue ­ Overhead)  Falsification (true or untrue – unknown Variables)  Sampling Error (influenced from outside)  Constraint (true or untrue – Equipment Limit)  Propagation (not tested)  Human Error (missing Skill, Expirience)
35 35 From Risk to Operations
36 36Communication Security [ Quantify Security ]
37 37Communication Security Metrics System Schwachstelle Kritikalität Maßnahme unsichere Verschlüsselung möglich evtl. veraltete SW-Version gering bew erten und unterbinden Parameter mit Code-Injection mittel Säuberung der Codefragmente aus den Anfragen Anw endungsaudit unsichere Verschlüsselung möglich evtl. veraltete SW-Version gering bew erten Angriffsfläche verringern unsichere Verschlüsselung möglich evtl. veraltete SW-Version gering prüfen und beheben Anw endungsaudit unverschlüsselte Übertragung von Authentifizierungsdaten Cross Site Tracing mittel Einschränkung von TRACE Anfragen unverschlüsselte Übertragung prüfen und beheben unsichere Verschlüsselung möglich Passwortkombinationen unlimitiert gering bew erten und unterbinden Adminportale unverschlüsselt erreichbar Passwortkombinationen unlimitiert Offenlegung aller Systemdaten! Zugang zu privaten Daten Administrativer Zugang zum Webserver hoch umfangreiche praktische Sofort- Maßnahmen wurden am 21.08.2010 gemeldet siehe Seite 48 Spamversand möglich CodeInjection mittel Formularverarbeitung ist zu überarbeiten Säuberung der Codefragmente aus den Anfragen Anwendungsaudit eingeschränkte Verschlüsselung gering Hersteller Patch einspielen CrossSite Tracing PHP Version angreifbar CrossSiteScripting ParameterTampering InformationDisclosure hoch Einschränkung von TRACE Anfragen Formularverarbeitung ist zu überarbeiten Säuberung der Codefragmente aus den Anfragen Klassifizierung der Informationen Vulnerability Mngmt. vs Threat Modelling vs RiskAssessmentValues
38 38Communication Security RAV Quelle: OSSTMM ISECOM
39 39Communication Security [ porosity ] - Visibility - Access - Trust
[ how much security do you really need? ]
[ Authentication ]
[ Indemnification ]
[ Resistance ]
[ Subjugation ]
[ Continuity ]
[ non-repudiation ]
[ confidentiality ] [ privacy ] [ integrity ]
[ Alarm ]
[ limitations ]
Limitations
OSSTMM Risk Assessment Value
„There are only 2 ways to steal something: either you take it yourself or you have someone else take it and give it to you“ OSSTMM 3.0
54 54Communication Security Apps? Steal something for me?
55 55Communication Security Steal something for me
56 56Communication Security Tom is verbose
57 57Communication Security Tom the Cat is calling home
Size Symmetry Visibility Subjugation Consistency Integrity Offsets Value Components Porosity [ quantify Trust! ]
59 59Communication Security Risk! sometimes the result is not what you expect!
Delhi The Second Adventure

Recommended

How to create correlation rule for threat detection in RuSIEM
How to create correlation rule for threat detection in RuSIEMHow to create correlation rule for threat detection in RuSIEM
How to create correlation rule for threat detection in RuSIEMOlesya Shelestova
 
Automated Infrastructure Security: Monitoring using FOSS
Automated Infrastructure Security: Monitoring using FOSSAutomated Infrastructure Security: Monitoring using FOSS
Automated Infrastructure Security: Monitoring using FOSSSonatype
 
Last Month in PHP - January 2016
Last Month in PHP - January 2016Last Month in PHP - January 2016
Last Month in PHP - January 2016Eric Poe
 
How to secure web applications
How to secure web applicationsHow to secure web applications
How to secure web applicationsMohammed A. Imran
 
Null bhopal Sep 2016: What it Takes to Secure a Web Application
Null bhopal Sep 2016: What it Takes to Secure a Web ApplicationNull bhopal Sep 2016: What it Takes to Secure a Web Application
Null bhopal Sep 2016: What it Takes to Secure a Web ApplicationAnant Shrivastava
 
Linux Security for Developers
Linux Security for DevelopersLinux Security for Developers
Linux Security for DevelopersMichael Boelen
 
Spring Security
Spring SecuritySpring Security
Spring SecurityKnoldus Inc.
 
Anatomy of Exploit Kits
Anatomy of Exploit KitsAnatomy of Exploit Kits
Anatomy of Exploit Kitssecurityxploded
 

Recommended

How to create correlation rule for threat detection in RuSIEM
How to create correlation rule for threat detection in RuSIEMHow to create correlation rule for threat detection in RuSIEM
How to create correlation rule for threat detection in RuSIEMOlesya Shelestova
 
Automated Infrastructure Security: Monitoring using FOSS
Automated Infrastructure Security: Monitoring using FOSSAutomated Infrastructure Security: Monitoring using FOSS
Automated Infrastructure Security: Monitoring using FOSSSonatype
 
Last Month in PHP - January 2016
Last Month in PHP - January 2016Last Month in PHP - January 2016
Last Month in PHP - January 2016Eric Poe
 
How to secure web applications
How to secure web applicationsHow to secure web applications
How to secure web applicationsMohammed A. Imran
 
Null bhopal Sep 2016: What it Takes to Secure a Web Application
Null bhopal Sep 2016: What it Takes to Secure a Web ApplicationNull bhopal Sep 2016: What it Takes to Secure a Web Application
Null bhopal Sep 2016: What it Takes to Secure a Web ApplicationAnant Shrivastava
 
Linux Security for Developers
Linux Security for DevelopersLinux Security for Developers
Linux Security for DevelopersMichael Boelen
 
Spring Security
Spring SecuritySpring Security
Spring SecurityKnoldus Inc.
 
Anatomy of Exploit Kits
Anatomy of Exploit KitsAnatomy of Exploit Kits
Anatomy of Exploit Kitssecurityxploded
 
Prepare to defend thyself with Blue/Green
Prepare to defend thyself with Blue/GreenPrepare to defend thyself with Blue/Green
Prepare to defend thyself with Blue/GreenSonatype
 
Anatomy of a Cloud Hack
Anatomy of a Cloud HackAnatomy of a Cloud Hack
Anatomy of a Cloud HackNotSoSecure Global Services
 
Sandboxing in .NET CLR
Sandboxing in .NET CLRSandboxing in .NET CLR
Sandboxing in .NET CLRMikhail Shcherbakov
 
Fortify dev ops (002)
Fortify dev ops (002)Fortify dev ops (002)
Fortify dev ops (002)Madhavan Marimuthu
 
[Php Camp]Owasp Php Top5+Csrf
[Php Camp]Owasp Php Top5+Csrf[Php Camp]Owasp Php Top5+Csrf
[Php Camp]Owasp Php Top5+CsrfBipin Upadhyay
 
Istio Security Overview
Istio Security OverviewIstio Security Overview
Istio Security OverviewMichael Furman
 
HackFest 2015 - Rasp vs waf
HackFest 2015 - Rasp vs wafHackFest 2015 - Rasp vs waf
HackFest 2015 - Rasp vs wafIMMUNIO
 
Web server security techniques by Khawar Nehal
Web server security techniques by Khawar NehalWeb server security techniques by Khawar Nehal
Web server security techniques by Khawar NehalKhawar Nehal khawar.nehal@atrc.net.pk
 
Sol 03 - Office 365 Advanced Security Hardening with cFocus Software
Sol 03 - Office 365 Advanced Security Hardening with cFocus SoftwareSol 03 - Office 365 Advanced Security Hardening with cFocus Software
Sol 03 - Office 365 Advanced Security Hardening with cFocus SoftwareJasson Walker
 
Passwords are passé. WebAuthn is simpler, stronger and ready to go
Passwords are passé. WebAuthn is simpler, stronger and ready to goPasswords are passé. WebAuthn is simpler, stronger and ready to go
Passwords are passé. WebAuthn is simpler, stronger and ready to goMichael Furman
 
OWASP API Security Top 10 Examples
OWASP API Security Top 10 ExamplesOWASP API Security Top 10 Examples
OWASP API Security Top 10 Examples42Crunch
 
Shellcoding in linux
Shellcoding in linuxShellcoding in linux
Shellcoding in linuxAjin Abraham
 
Primer on password security
Primer on password securityPrimer on password security
Primer on password securitysecurityxploded
 
My tryst with sourcecode review
My tryst with sourcecode reviewMy tryst with sourcecode review
My tryst with sourcecode reviewAnant Shrivastava
 
DevOops Redux Ken Johnson Chris Gates - AppSec USA 2016
DevOops Redux Ken Johnson Chris Gates - AppSec USA 2016DevOops Redux Ken Johnson Chris Gates - AppSec USA 2016
DevOops Redux Ken Johnson Chris Gates - AppSec USA 2016Chris Gates
 
Testing Automaton - CFSummit 2016
Testing Automaton - CFSummit 2016Testing Automaton - CFSummit 2016
Testing Automaton - CFSummit 2016Ortus Solutions, Corp
 
The Twelve Factor Apps
The Twelve Factor AppsThe Twelve Factor Apps
The Twelve Factor Appstomi vanek
 
Tale of Forgotten Disclosure and Lesson learned
Tale of Forgotten Disclosure and Lesson learnedTale of Forgotten Disclosure and Lesson learned
Tale of Forgotten Disclosure and Lesson learnedAnant Shrivastava
 
Fedora Security LAB
Fedora Security LABFedora Security LAB
Fedora Security LABBaruch Ramos
 
Three things that rowhammer taught me by Halvar Flake
Three things that rowhammer taught me by Halvar FlakeThree things that rowhammer taught me by Halvar Flake
Three things that rowhammer taught me by Halvar Flaken|u - The Open Security Community
 
iOS Application Pentesting
iOS Application PentestingiOS Application Pentesting
iOS Application Pentestingn|u - The Open Security Community
 
DNS hijacking - null Singapore
DNS hijacking - null SingaporeDNS hijacking - null Singapore
DNS hijacking - null Singaporen|u - The Open Security Community
 

More Related Content

What's hot

Prepare to defend thyself with Blue/Green
Prepare to defend thyself with Blue/GreenPrepare to defend thyself with Blue/Green
Prepare to defend thyself with Blue/GreenSonatype
 
[Php Camp]Owasp Php Top5+Csrf
[Php Camp]Owasp Php Top5+Csrf[Php Camp]Owasp Php Top5+Csrf
[Php Camp]Owasp Php Top5+CsrfBipin Upadhyay
 
Istio Security Overview
Istio Security OverviewIstio Security Overview
Istio Security OverviewMichael Furman
 
HackFest 2015 - Rasp vs waf
HackFest 2015 - Rasp vs wafHackFest 2015 - Rasp vs waf
HackFest 2015 - Rasp vs wafIMMUNIO
 
Sol 03 - Office 365 Advanced Security Hardening with cFocus Software
Sol 03 - Office 365 Advanced Security Hardening with cFocus SoftwareSol 03 - Office 365 Advanced Security Hardening with cFocus Software
Sol 03 - Office 365 Advanced Security Hardening with cFocus SoftwareJasson Walker
 
Passwords are passé. WebAuthn is simpler, stronger and ready to go
Passwords are passé. WebAuthn is simpler, stronger and ready to goPasswords are passé. WebAuthn is simpler, stronger and ready to go
Passwords are passé. WebAuthn is simpler, stronger and ready to goMichael Furman
 
OWASP API Security Top 10 Examples
OWASP API Security Top 10 ExamplesOWASP API Security Top 10 Examples
OWASP API Security Top 10 Examples42Crunch
 
Shellcoding in linux
Shellcoding in linuxShellcoding in linux
Shellcoding in linuxAjin Abraham
 
Primer on password security
Primer on password securityPrimer on password security
Primer on password securitysecurityxploded
 
My tryst with sourcecode review
My tryst with sourcecode reviewMy tryst with sourcecode review
My tryst with sourcecode reviewAnant Shrivastava
 
DevOops Redux Ken Johnson Chris Gates - AppSec USA 2016
DevOops Redux Ken Johnson Chris Gates - AppSec USA 2016DevOops Redux Ken Johnson Chris Gates - AppSec USA 2016
DevOops Redux Ken Johnson Chris Gates - AppSec USA 2016Chris Gates
 
The Twelve Factor Apps
The Twelve Factor AppsThe Twelve Factor Apps
The Twelve Factor Appstomi vanek
 
Tale of Forgotten Disclosure and Lesson learned
Tale of Forgotten Disclosure and Lesson learnedTale of Forgotten Disclosure and Lesson learned
Tale of Forgotten Disclosure and Lesson learnedAnant Shrivastava
 

What's hot (18)

Prepare to defend thyself with Blue/Green
Prepare to defend thyself with Blue/GreenPrepare to defend thyself with Blue/Green
Prepare to defend thyself with Blue/Green
 
Anatomy of a Cloud Hack
Anatomy of a Cloud HackAnatomy of a Cloud Hack
Anatomy of a Cloud Hack
 
Sandboxing in .NET CLR
Sandboxing in .NET CLRSandboxing in .NET CLR
Sandboxing in .NET CLR
 
Fortify dev ops (002)
Fortify dev ops (002)Fortify dev ops (002)
Fortify dev ops (002)
 
[Php Camp]Owasp Php Top5+Csrf
[Php Camp]Owasp Php Top5+Csrf[Php Camp]Owasp Php Top5+Csrf
[Php Camp]Owasp Php Top5+Csrf
 
Istio Security Overview
Istio Security OverviewIstio Security Overview
Istio Security Overview
 
HackFest 2015 - Rasp vs waf
HackFest 2015 - Rasp vs wafHackFest 2015 - Rasp vs waf
HackFest 2015 - Rasp vs waf
 
Web server security techniques by Khawar Nehal
Web server security techniques by Khawar NehalWeb server security techniques by Khawar Nehal
Web server security techniques by Khawar Nehal
 
Sol 03 - Office 365 Advanced Security Hardening with cFocus Software
Sol 03 - Office 365 Advanced Security Hardening with cFocus SoftwareSol 03 - Office 365 Advanced Security Hardening with cFocus Software
Sol 03 - Office 365 Advanced Security Hardening with cFocus Software
 
Passwords are passé. WebAuthn is simpler, stronger and ready to go
Passwords are passé. WebAuthn is simpler, stronger and ready to goPasswords are passé. WebAuthn is simpler, stronger and ready to go
Passwords are passé. WebAuthn is simpler, stronger and ready to go
 
OWASP API Security Top 10 Examples
OWASP API Security Top 10 ExamplesOWASP API Security Top 10 Examples
OWASP API Security Top 10 Examples
 
Shellcoding in linux
Shellcoding in linuxShellcoding in linux
Shellcoding in linux
 
Primer on password security
Primer on password securityPrimer on password security
Primer on password security
 
My tryst with sourcecode review
My tryst with sourcecode reviewMy tryst with sourcecode review
My tryst with sourcecode review
 
DevOops Redux Ken Johnson Chris Gates - AppSec USA 2016
DevOops Redux Ken Johnson Chris Gates - AppSec USA 2016DevOops Redux Ken Johnson Chris Gates - AppSec USA 2016
DevOops Redux Ken Johnson Chris Gates - AppSec USA 2016
 
Testing Automaton - CFSummit 2016
Testing Automaton - CFSummit 2016Testing Automaton - CFSummit 2016
Testing Automaton - CFSummit 2016
 
The Twelve Factor Apps
The Twelve Factor AppsThe Twelve Factor Apps
The Twelve Factor Apps
 
Tale of Forgotten Disclosure and Lesson learned
Tale of Forgotten Disclosure and Lesson learnedTale of Forgotten Disclosure and Lesson learned
Tale of Forgotten Disclosure and Lesson learned
 

Viewers also liked

Fedora Security LAB
Fedora Security LABFedora Security LAB
Fedora Security LABBaruch Ramos
 

Viewers also liked (9)

Fedora Security LAB
Fedora Security LABFedora Security LAB
Fedora Security LAB
 
Three things that rowhammer taught me by Halvar Flake
Three things that rowhammer taught me by Halvar FlakeThree things that rowhammer taught me by Halvar Flake
Three things that rowhammer taught me by Halvar Flake
 
iOS Application Pentesting
iOS Application PentestingiOS Application Pentesting
iOS Application Pentesting
 
DNS hijacking - null Singapore
DNS hijacking - null SingaporeDNS hijacking - null Singapore
DNS hijacking - null Singapore
 
Humla workshop on Android Security Testing - null Singapore
Humla workshop on Android Security Testing - null SingaporeHumla workshop on Android Security Testing - null Singapore
Humla workshop on Android Security Testing - null Singapore
 
Null Singapore - Can We secure the IoT - Chadi Hantouche
Null Singapore - Can We secure the IoT - Chadi HantoucheNull Singapore - Can We secure the IoT - Chadi Hantouche
Null Singapore - Can We secure the IoT - Chadi Hantouche
 
Attacking VPN's
Attacking VPN'sAttacking VPN's
Attacking VPN's
 
Newbytes NullHyd
Newbytes NullHydNewbytes NullHyd
Newbytes NullHyd
 
Identifying XSS Vulnerabilities
Identifying XSS VulnerabilitiesIdentifying XSS Vulnerabilities
Identifying XSS Vulnerabilities
 

Similar to Delhi The Second Adventure

Pragmatic Pipeline Security
Pragmatic Pipeline SecurityPragmatic Pipeline Security
Pragmatic Pipeline SecurityJames Wickett
 
1.3. (In)security Software
1.3. (In)security Software1.3. (In)security Software
1.3. (In)security Softwaredefconmoscow
 
apidays LIVE Paris - Serverless security: how to protect what you don't see? ...
apidays LIVE Paris - Serverless security: how to protect what you don't see? ...apidays LIVE Paris - Serverless security: how to protect what you don't see? ...
apidays LIVE Paris - Serverless security: how to protect what you don't see? ...apidays
 
Bat Blue Cloud Sec Presentation 4
Bat Blue Cloud Sec Presentation 4Bat Blue Cloud Sec Presentation 4
Bat Blue Cloud Sec Presentation 4bpasdar
 
Security automation simplified: an intro to DIY security automation
Security automation simplified: an intro to DIY security automationSecurity automation simplified: an intro to DIY security automation
Security automation simplified: an intro to DIY security automationMoses Schwartz
 
Democratizing security
Democratizing securityDemocratizing security
Democratizing securitySanjeev Sharma
 
Q Con New York 2015 Presentation - Conjur
Q Con New York 2015 Presentation - ConjurQ Con New York 2015 Presentation - Conjur
Q Con New York 2015 Presentation - Conjurconjur_inc
 
Serverless security - how to protect what you don't see?
Serverless security - how to protect what you don't see?Serverless security - how to protect what you don't see?
Serverless security - how to protect what you don't see?Sqreen
 
Scaling security in a cloud environment v0.5 (Sep 2017)
Scaling security in a cloud environment v0.5 (Sep 2017)Scaling security in a cloud environment v0.5 (Sep 2017)
Scaling security in a cloud environment v0.5 (Sep 2017)Dinis Cruz
 
Making Security Agile
Making Security AgileMaking Security Agile
Making Security AgileOleg Gryb
 
Devops security-An Insight into Secure-SDLC
Devops security-An Insight into Secure-SDLCDevops security-An Insight into Secure-SDLC
Devops security-An Insight into Secure-SDLCSuman Sourav
 
Securing Servers in Public and Hybrid Clouds
Securing Servers in Public and Hybrid CloudsSecuring Servers in Public and Hybrid Clouds
Securing Servers in Public and Hybrid CloudsRightScale
 
RIoT (Raiding Internet of Things) by Jacob Holcomb
RIoT (Raiding Internet of Things) by Jacob HolcombRIoT (Raiding Internet of Things) by Jacob Holcomb
RIoT (Raiding Internet of Things) by Jacob HolcombPriyanka Aash
 
Secure Coding principles by example: Build Security In from the start - Carlo...
Secure Coding principles by example: Build Security In from the start - Carlo...Secure Coding principles by example: Build Security In from the start - Carlo...
Secure Coding principles by example: Build Security In from the start - Carlo...Codemotion
 
Secure Architecture and Programming 101
Secure Architecture and Programming 101Secure Architecture and Programming 101
Secure Architecture and Programming 101Mario-Leander Reimer
 
Secure Architecture and Programming 101
Secure Architecture and Programming 101Secure Architecture and Programming 101
Secure Architecture and Programming 101QAware GmbH
 
Drupal Security Seminar
Drupal Security SeminarDrupal Security Seminar
Drupal Security SeminarCalibrate
 
I got 99 trends and a # is all of them
I got 99 trends and a # is all of themI got 99 trends and a # is all of them
I got 99 trends and a # is all of themRoberto Suggi Liverani
 
DevSecOps and the CI/CD Pipeline
DevSecOps and the CI/CD Pipeline DevSecOps and the CI/CD Pipeline
DevSecOps and the CI/CD PipelineJames Wickett
 

Similar to Delhi The Second Adventure (20)

Pragmatic Pipeline Security
Pragmatic Pipeline SecurityPragmatic Pipeline Security
Pragmatic Pipeline Security
 
1.3. (In)security Software
1.3. (In)security Software1.3. (In)security Software
1.3. (In)security Software
 
apidays LIVE Paris - Serverless security: how to protect what you don't see? ...
apidays LIVE Paris - Serverless security: how to protect what you don't see? ...apidays LIVE Paris - Serverless security: how to protect what you don't see? ...
apidays LIVE Paris - Serverless security: how to protect what you don't see? ...
 
Bat Blue Cloud Sec Presentation 4
Bat Blue Cloud Sec Presentation 4Bat Blue Cloud Sec Presentation 4
Bat Blue Cloud Sec Presentation 4
 
Security automation simplified: an intro to DIY security automation
Security automation simplified: an intro to DIY security automationSecurity automation simplified: an intro to DIY security automation
Security automation simplified: an intro to DIY security automation
 
Democratizing security
Democratizing securityDemocratizing security
Democratizing security
 
Q Con New York 2015 Presentation - Conjur
Q Con New York 2015 Presentation - ConjurQ Con New York 2015 Presentation - Conjur
Q Con New York 2015 Presentation - Conjur
 
Serverless security - how to protect what you don't see?
Serverless security - how to protect what you don't see?Serverless security - how to protect what you don't see?
Serverless security - how to protect what you don't see?
 
Scaling security in a cloud environment v0.5 (Sep 2017)
Scaling security in a cloud environment v0.5 (Sep 2017)Scaling security in a cloud environment v0.5 (Sep 2017)
Scaling security in a cloud environment v0.5 (Sep 2017)
 
Making Security Agile
Making Security AgileMaking Security Agile
Making Security Agile
 
Devops security-An Insight into Secure-SDLC
Devops security-An Insight into Secure-SDLCDevops security-An Insight into Secure-SDLC
Devops security-An Insight into Secure-SDLC
 
Securing Servers in Public and Hybrid Clouds
Securing Servers in Public and Hybrid CloudsSecuring Servers in Public and Hybrid Clouds
Securing Servers in Public and Hybrid Clouds
 
RIoT (Raiding Internet of Things) by Jacob Holcomb
RIoT (Raiding Internet of Things) by Jacob HolcombRIoT (Raiding Internet of Things) by Jacob Holcomb
RIoT (Raiding Internet of Things) by Jacob Holcomb
 
Secure Coding principles by example: Build Security In from the start - Carlo...
Secure Coding principles by example: Build Security In from the start - Carlo...Secure Coding principles by example: Build Security In from the start - Carlo...
Secure Coding principles by example: Build Security In from the start - Carlo...
 
Secure Architecture and Programming 101
Secure Architecture and Programming 101Secure Architecture and Programming 101
Secure Architecture and Programming 101
 
Secure Architecture and Programming 101
Secure Architecture and Programming 101Secure Architecture and Programming 101
Secure Architecture and Programming 101
 
Drupal Security Seminar
Drupal Security SeminarDrupal Security Seminar
Drupal Security Seminar
 
Dev{sec}ops
Dev{sec}opsDev{sec}ops
Dev{sec}ops
 
I got 99 trends and a # is all of them
I got 99 trends and a # is all of themI got 99 trends and a # is all of them
I got 99 trends and a # is all of them
 
DevSecOps and the CI/CD Pipeline
DevSecOps and the CI/CD Pipeline DevSecOps and the CI/CD Pipeline
DevSecOps and the CI/CD Pipeline
 

More from n|u - The Open Security Community

Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...
Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...
Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...n|u - The Open Security Community
 

More from n|u - The Open Security Community (20)

Hardware security testing 101 (Null - Delhi Chapter)
Hardware security testing 101 (Null - Delhi Chapter)Hardware security testing 101 (Null - Delhi Chapter)
Hardware security testing 101 (Null - Delhi Chapter)
 
Osint primer
Osint primerOsint primer
Osint primer
 
SSRF exploit the trust relationship
SSRF exploit the trust relationshipSSRF exploit the trust relationship
SSRF exploit the trust relationship
 
Nmap basics
Nmap basicsNmap basics
Nmap basics
 
Metasploit primary
Metasploit primaryMetasploit primary
Metasploit primary
 
Api security-testing
Api security-testingApi security-testing
Api security-testing
 
Introduction to TLS 1.3
Introduction to TLS 1.3Introduction to TLS 1.3
Introduction to TLS 1.3
 
Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...
Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...
Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...
 
Talking About SSRF,CRLF
Talking About SSRF,CRLFTalking About SSRF,CRLF
Talking About SSRF,CRLF
 
Building active directory lab for red teaming
Building active directory lab for red teamingBuilding active directory lab for red teaming
Building active directory lab for red teaming
 
Owning a company through their logs
Owning a company through their logsOwning a company through their logs
Owning a company through their logs
 
Introduction to shodan
Introduction to shodanIntroduction to shodan
Introduction to shodan
 
Cloud security
Cloud security Cloud security
Cloud security
 
Detecting persistence in windows
Detecting persistence in windowsDetecting persistence in windows
Detecting persistence in windows
 
Frida - Objection Tool Usage
Frida - Objection Tool UsageFrida - Objection Tool Usage
Frida - Objection Tool Usage
 
OSQuery - Monitoring System Process
OSQuery - Monitoring System ProcessOSQuery - Monitoring System Process
OSQuery - Monitoring System Process
 
DevSecOps Jenkins Pipeline -Security
DevSecOps Jenkins Pipeline -SecurityDevSecOps Jenkins Pipeline -Security
DevSecOps Jenkins Pipeline -Security
 
Extensible markup language attacks
Extensible markup language attacksExtensible markup language attacks
Extensible markup language attacks
 
Linux for hackers
Linux for hackersLinux for hackers
Linux for hackers
 
Android Pentesting
Android PentestingAndroid Pentesting
Android Pentesting
 

Recently uploaded

Indexing Structures in Database Management system.pdf
Indexing Structures in Database Management system.pdfIndexing Structures in Database Management system.pdf
Indexing Structures in Database Management system.pdfChristalin Nelson
 
Employablity presentation and Future Career Plan.pptx
Employablity presentation and Future Career Plan.pptxEmployablity presentation and Future Career Plan.pptx
Employablity presentation and Future Career Plan.pptxryandux83rd
 
Decoding the Tweet _ Practical Criticism in the Age of Hashtag.pptx
Decoding the Tweet _ Practical Criticism in the Age of Hashtag.pptxDecoding the Tweet _ Practical Criticism in the Age of Hashtag.pptx
Decoding the Tweet _ Practical Criticism in the Age of Hashtag.pptxDhatriParmar
 
MS4 level being good citizen -imperative- (1) (1).pdf
MS4 level being good citizen -imperative- (1) (1).pdfMS4 level being good citizen -imperative- (1) (1).pdf
MS4 level being good citizen -imperative- (1) (1).pdfMr Bounab Samir
 
BIOCHEMISTRY-CARBOHYDRATE METABOLISM CHAPTER 2.pptx
BIOCHEMISTRY-CARBOHYDRATE METABOLISM CHAPTER 2.pptxBIOCHEMISTRY-CARBOHYDRATE METABOLISM CHAPTER 2.pptx
BIOCHEMISTRY-CARBOHYDRATE METABOLISM CHAPTER 2.pptxSayali Powar
 
Healthy Minds, Flourishing Lives: A Philosophical Approach to Mental Health a...
Healthy Minds, Flourishing Lives: A Philosophical Approach to Mental Health a...Healthy Minds, Flourishing Lives: A Philosophical Approach to Mental Health a...
Healthy Minds, Flourishing Lives: A Philosophical Approach to Mental Health a...Osopher
 
4.11.24 Poverty and Inequality in America.pptx
4.11.24 Poverty and Inequality in America.pptx4.11.24 Poverty and Inequality in America.pptx
4.11.24 Poverty and Inequality in America.pptxmary850239
 
Transaction Management in Database Management System
Transaction Management in Database Management SystemTransaction Management in Database Management System
Transaction Management in Database Management SystemChristalin Nelson
 
Objectives n learning outcoms - MD 20240404.pptx
Objectives n learning outcoms - MD 20240404.pptxObjectives n learning outcoms - MD 20240404.pptx
Objectives n learning outcoms - MD 20240404.pptxMadhavi Dharankar
 
Sulphonamides, mechanisms and their uses
Sulphonamides, mechanisms and their usesSulphonamides, mechanisms and their uses
Sulphonamides, mechanisms and their usesVijayaLaxmi84
 
31 ĐỀ THI THỬ VÀO LỚP 10 - TIẾNG ANH - FORM MỚI 2025 - 40 CÂU HỎI - BÙI VĂN V...
31 ĐỀ THI THỬ VÀO LỚP 10 - TIẾNG ANH - FORM MỚI 2025 - 40 CÂU HỎI - BÙI VĂN V...31 ĐỀ THI THỬ VÀO LỚP 10 - TIẾNG ANH - FORM MỚI 2025 - 40 CÂU HỎI - BÙI VĂN V...
31 ĐỀ THI THỬ VÀO LỚP 10 - TIẾNG ANH - FORM MỚI 2025 - 40 CÂU HỎI - BÙI VĂN V...Nguyen Thanh Tu Collection
 
Comparative Literature in India by Amiya dev.pptx
Comparative Literature in India by Amiya dev.pptxComparative Literature in India by Amiya dev.pptx
Comparative Literature in India by Amiya dev.pptxAvaniJani1
 
Congestive Cardiac Failure..presentation
Congestive Cardiac Failure..presentationCongestive Cardiac Failure..presentation
Congestive Cardiac Failure..presentationdeepaannamalai16
 
4.9.24 School Desegregation in Boston.pptx
4.9.24 School Desegregation in Boston.pptx4.9.24 School Desegregation in Boston.pptx
4.9.24 School Desegregation in Boston.pptxmary850239
 
Tree View Decoration Attribute in the Odoo 17
Tree View Decoration Attribute in the Odoo 17Tree View Decoration Attribute in the Odoo 17
Tree View Decoration Attribute in the Odoo 17Celine George
 
ESP 4-EDITED.pdfmmcncncncmcmmnmnmncnmncmnnjvnnv
ESP 4-EDITED.pdfmmcncncncmcmmnmnmncnmncmnnjvnnvESP 4-EDITED.pdfmmcncncncmcmmnmnmncnmncmnnjvnnv
ESP 4-EDITED.pdfmmcncncncmcmmnmnmncnmncmnnjvnnvRicaMaeCastro1
 

Recently uploaded (20)

Indexing Structures in Database Management system.pdf
Indexing Structures in Database Management system.pdfIndexing Structures in Database Management system.pdf
Indexing Structures in Database Management system.pdf
 
Employablity presentation and Future Career Plan.pptx
Employablity presentation and Future Career Plan.pptxEmployablity presentation and Future Career Plan.pptx
Employablity presentation and Future Career Plan.pptx
 
Decoding the Tweet _ Practical Criticism in the Age of Hashtag.pptx
Decoding the Tweet _ Practical Criticism in the Age of Hashtag.pptxDecoding the Tweet _ Practical Criticism in the Age of Hashtag.pptx
Decoding the Tweet _ Practical Criticism in the Age of Hashtag.pptx
 
Mattingly "AI & Prompt Design: Large Language Models"
Mattingly "AI & Prompt Design: Large Language Models"Mattingly "AI & Prompt Design: Large Language Models"
Mattingly "AI & Prompt Design: Large Language Models"
 
MS4 level being good citizen -imperative- (1) (1).pdf
MS4 level being good citizen -imperative- (1) (1).pdfMS4 level being good citizen -imperative- (1) (1).pdf
MS4 level being good citizen -imperative- (1) (1).pdf
 
Mattingly "AI & Prompt Design" - Introduction to Machine Learning"
Mattingly "AI & Prompt Design" - Introduction to Machine Learning"Mattingly "AI & Prompt Design" - Introduction to Machine Learning"
Mattingly "AI & Prompt Design" - Introduction to Machine Learning"
 
BIOCHEMISTRY-CARBOHYDRATE METABOLISM CHAPTER 2.pptx
BIOCHEMISTRY-CARBOHYDRATE METABOLISM CHAPTER 2.pptxBIOCHEMISTRY-CARBOHYDRATE METABOLISM CHAPTER 2.pptx
BIOCHEMISTRY-CARBOHYDRATE METABOLISM CHAPTER 2.pptx
 
Healthy Minds, Flourishing Lives: A Philosophical Approach to Mental Health a...
Healthy Minds, Flourishing Lives: A Philosophical Approach to Mental Health a...Healthy Minds, Flourishing Lives: A Philosophical Approach to Mental Health a...
Healthy Minds, Flourishing Lives: A Philosophical Approach to Mental Health a...
 
4.11.24 Poverty and Inequality in America.pptx
4.11.24 Poverty and Inequality in America.pptx4.11.24 Poverty and Inequality in America.pptx
4.11.24 Poverty and Inequality in America.pptx
 
Paradigm shift in nursing research by RS MEHTA
Paradigm shift in nursing research by RS MEHTAParadigm shift in nursing research by RS MEHTA
Paradigm shift in nursing research by RS MEHTA
 
Transaction Management in Database Management System
Transaction Management in Database Management SystemTransaction Management in Database Management System
Transaction Management in Database Management System
 
Objectives n learning outcoms - MD 20240404.pptx
Objectives n learning outcoms - MD 20240404.pptxObjectives n learning outcoms - MD 20240404.pptx
Objectives n learning outcoms - MD 20240404.pptx
 
Spearman's correlation,Formula,Advantages,
Spearman's correlation,Formula,Advantages,Spearman's correlation,Formula,Advantages,
Spearman's correlation,Formula,Advantages,
 
Sulphonamides, mechanisms and their uses
Sulphonamides, mechanisms and their usesSulphonamides, mechanisms and their uses
Sulphonamides, mechanisms and their uses
 
31 ĐỀ THI THỬ VÀO LỚP 10 - TIẾNG ANH - FORM MỚI 2025 - 40 CÂU HỎI - BÙI VĂN V...
31 ĐỀ THI THỬ VÀO LỚP 10 - TIẾNG ANH - FORM MỚI 2025 - 40 CÂU HỎI - BÙI VĂN V...31 ĐỀ THI THỬ VÀO LỚP 10 - TIẾNG ANH - FORM MỚI 2025 - 40 CÂU HỎI - BÙI VĂN V...
31 ĐỀ THI THỬ VÀO LỚP 10 - TIẾNG ANH - FORM MỚI 2025 - 40 CÂU HỎI - BÙI VĂN V...
 
Comparative Literature in India by Amiya dev.pptx
Comparative Literature in India by Amiya dev.pptxComparative Literature in India by Amiya dev.pptx
Comparative Literature in India by Amiya dev.pptx
 
Congestive Cardiac Failure..presentation
Congestive Cardiac Failure..presentationCongestive Cardiac Failure..presentation
Congestive Cardiac Failure..presentation
 
4.9.24 School Desegregation in Boston.pptx
4.9.24 School Desegregation in Boston.pptx4.9.24 School Desegregation in Boston.pptx
4.9.24 School Desegregation in Boston.pptx
 
Tree View Decoration Attribute in the Odoo 17
Tree View Decoration Attribute in the Odoo 17Tree View Decoration Attribute in the Odoo 17
Tree View Decoration Attribute in the Odoo 17
 
ESP 4-EDITED.pdfmmcncncncmcmmnmnmncnmncmnnjvnnv
ESP 4-EDITED.pdfmmcncncncmcmmnmnmncnmncmnnjvnnvESP 4-EDITED.pdfmmcncncncmcmmnmnmncnmncmnnjvnnv
ESP 4-EDITED.pdfmmcncncncmcmmnmnmncnmncmnnjvnnv
 

Delhi The Second Adventure