Successfully reported this slideshow.

Lidiia 'Alice' Skalytska - Security Checklist for Web Developers

1

Share

Sep. 11, 2017
1 like 536 views
Upcoming SlideShare
Is there a penetration testing within PCI DSS certification? (Dmytro Diordiyc...
Is there a penetration testing within PCI DSS certification? (Dmytro Diordiyc...
Loading in …3
×
1 of 21
1 of 21

Lidiia 'Alice' Skalytska - Security Checklist for Web Developers

Sep. 11, 2017
1 like 536 views

1

Share

Technology

Application Security considerations are best articulated in a simple and actionable form. Alice recommends using specially crafted checklists just for that.
Follow Alice on Twitter: https://twitter.com/alice_kaifat

Application Security considerations are best articulated in a simple and actionable form. Alice recommends using specially crafted checklists just for that.
Follow Alice on Twitter: https://twitter.com/alice_kaifat

Technology

Recommended

More Related Content

More from OWASP Kyiv

Vlada Kulish - Why So Serial?
OWASP Kyiv
Vlad Styran - OWASP Kyiv 2017 Report and 2018 Plans
OWASP Kyiv
Roman Borodin - ISC2 & ISACA Certification Programs First-hand Experience
OWASP Kyiv
Ihor Bliumental - WebSockets
OWASP Kyiv
Serhiy Korolenko - The Strength of Ukrainian Users’ P@ssw0rds2017
OWASP Kyiv
Viktor Zhora - Cyber and Geopolitics: Ukrainian factor
OWASP Kyiv
Andriy Shalaenko - GO security tips
OWASP Kyiv
Vlad Styran - "Hidden" Features of the Tools We All Love
OWASP Kyiv
Volodymyr Ilibman - Close Look at Nyetya Investigation
OWASP Kyiv
Ihor Bliumental - Collision CORS
OWASP Kyiv
Ihor Bliumental – Is There Life Outside OWASP Top-10
OWASP Kyiv
Roman Rott – Ruby for Pentesters
OWASP Kyiv

Featured

What to Upload to SlideShare
SlideShare
Be A Great Product Leader (Amplify, Oct 2019)
Adam Nash
Trillion Dollar Coach Book (Bill Campbell)
Eric Schmidt
APIdays Paris 2019 - Innovation @ scale, APIs as Digital Factories' New Machi...
apidays
A few thoughts on work life-balance
Wim Vanderbauwhede
Is vc still a thing final
Mark Suster
The GaryVee Content Model
Gary Vaynerchuk
Mammalian Brain Chemistry Explains Everything
Loretta Breuning, PhD
Blockchain + AI + Crypto Economics Are We Creating a Code Tsunami?
Dinis Guarda
The AI Rush
Jean-Baptiste Dumont
AI and Machine Learning Demystified by Carol Smith at Midwest UX 2017
Carol Smith
10 facts about jobs in the future
Pew Research Center's Internet & American Life Project
Harry Surden - Artificial Intelligence and Law Overview
Harry Surden
Inside Google's Numbers in 2017
Rand Fishkin
Pinot: Realtime Distributed OLAP datastore
Kishore Gopalakrishna
How to Become a Thought Leader in Your Niche
Leslie Samuel
Visual Design with Data
Seth Familian
Designing Teams for Emerging Challenges
Aaron Irizarry
UX, ethnography and possibilities: for Libraries, Museums and Archives
Ned Potter
Winners and Losers - All the (Russian) President's Men
Ian Bremmer

Related Books

Free with a 14 day trial from Scribd

See all
So You Want to Start a Podcast: Finding Your Voice, Telling Your Story, and Building a Community That Will Listen Kristen Meinzer
(3.5/5)
Free
From Gutenberg to Google: The History of Our Future Tom Wheeler
(3.5/5)
Free
SAM: One Robot, a Dozen Engineers, and the Race to Revolutionize the Way We Build Jonathan Waldman
(5/5)
Free
Talk to Me: How Voice Computing Will Transform the Way We Live, Work, and Think James Vlahos
(4/5)
Free
The Future Is Faster Than You Think: How Converging Technologies Are Transforming Business, Industries, and Our Lives Peter H. Diamandis
(4.5/5)
Free
Autonomy: The Quest to Build the Driverless Car—And How It Will Reshape Our World Lawrence D. Burns
(5/5)
Free
No Filter: The Inside Story of Instagram Sarah Frier
(4.5/5)
Free
Bezonomics: How Amazon Is Changing Our Lives and What the World's Best Companies Are Learning from It Brian Dumaine
(4/5)
Free
Live Work Work Work Die: A Journey into the Savage Heart of Silicon Valley Corey Pein
(4.5/5)
Free
Future Presence: How Virtual Reality Is Changing Human Connection, Intimacy, and the Limits of Ordinary Life Peter Rubin
(4/5)
Free
Life After Google: The Fall of Big Data and the Rise of the Blockchain Economy George Gilder
(4/5)
Free
Everybody Lies: Big Data, New Data, and What the Internet Can Tell Us About Who We Really Are Seth Stephens-Davidowitz
(4.5/5)
Free
Understanding Media: The Extensions of Man Marshall McLuhan
(4/5)
Free
The Art of War Sun Tsu
(3/5)
Free
The Victorian Internet: The Remarkable Story of the Telegraph and the Nineteenth Century's On-line Pioneers Tom Standage
(3.5/5)
Free
Uncommon Carriers John McPhee
(3.5/5)
Free

Related Audiobooks

Free with a 14 day trial from Scribd

See all
The Quiet Zone: Unraveling the Mystery of a Town Suspended in Silence Stephen Kurczy
(4.5/5)
Free
System Error: Where Big Tech Went Wrong and How We Can Reboot Rob Reich
(4.5/5)
Free
The Wires of War: Technology and the Global Struggle for Power Jacob Helberg
(4/5)
Free
After Steve: How Apple Became a Trillion-Dollar Company and Lost its Soul Tripp Mickle
(4.5/5)
Free
Dignity in a Digital Age: Making Tech Work for All of Us Ro Khanna
(4/5)
Free
Einstein's Fridge: How the Difference Between Hot and Cold Explains the Universe Paul Sen
(4.5/5)
Free
Test Gods: Virgin Galactic and the Making of a Modern Astronaut Nicholas Schmidle
(5/5)
Free
Driven: The Race to Create the Autonomous Car Alex Davies
(4.5/5)
Free
Second Nature: Scenes from a World Remade Nathaniel Rich
(5/5)
Free
Spooked: The Trump Dossier, Black Cube, and the Rise of Private Spies Barry Meier
(4/5)
Free
A World Without Work: Technology, Automation, and How We Should Respond Daniel Susskind
(4.5/5)
Free
Lean Out: The Truth About Women, Power, and the Workplace Marissa Orr
(4.5/5)
Free
Uncanny Valley: A Memoir Anna Wiener
(4/5)
Free
Blockchain: The Next Everything Stephen P. Williams
(4/5)
Free
User Friendly: How the Hidden Rules of Design Are Changing the Way We Live, Work, and Play Cliff Kuang
(4.5/5)
Free
Bitcoin Billionaires: A True Story of Genius, Betrayal, and Redemption Ben Mezrich
(4.5/5)
Free

Lidiia 'Alice' Skalytska - Security Checklist for Web Developers

  1. 1. Security checklist for Web Developers Lidiia ‘Alice’ Skalytska OWASP Kyiv 2017
  2. 2. Software development lifecycle
  3. 3. Secure Software development lifecycle
  4. 4. Planning Analyze your application threat modeling user interface flaws data presentation flaws Usability create applications that users understand and like to use Security incident plan build security incident plan. One day, you will need it.
  5. 5. Development / Implementation Authentication Database Input / output / validate Web Traffic Logs The 3rd party components
  6. 6. Authentication Use Facebook / Google / etc. Login Use multi-factor authentication Implement Proper Password Strength Controls Ensure all passwords are hashed Implement Secure Password Recovery Mechanism Never write your own crypto Prevent Brute- Force Attacks
  7. 7. Database Access control Use minimal privilege user account If you can use crypto, use it! Store backups in other place(s) Encrypt backups
  8. 8. Input / Output / Validate Client-side and server-side input validation Always validate and encode user input before displaying Never use untrusted user input Input data is always suspect
  9. 9. Web Traffic TLS Use TLS for the entire site Cookies Cookies must be httpOnly and secure HSTS Use HSTS responses
  10. 10. Logs All user account management activity Every access control related events Application errors and system events Changes to application configuration settings You need readable logs (who? when? where?)
  11. 11. The 3rd party components Libraries • internally or externally • keep them small • check vendor reputation APIs • use a special key to access • testing inputs and outputs • check vendor reputation Microservices • each microservice is separate • use JSON • use TLS
  12. 12. Testing 1 Create a testing plan 2 Audit your design and implementation 3 Do penetration testing  4 Think like a hacker
  13. 13. Resume Planning Development Testing
  14. 14. Questions? Security checklist for Web Developers alice.bizarius@gmail.com securit13podcast@gmail.com http://securit13.libsyn.com/ @alice_kaifat

×