Advertisement

Security Content Automation Protocol and Web Application Security

Michael Smith
Security Management Consultant
Aug. 7, 2009
Security Content Automation Protocol and Web Application Security
Security Content Automation Protocol and Web Application Security
Security Content Automation Protocol and Web Application Security
Security Content Automation Protocol and Web Application Security
Security Content Automation Protocol and Web Application Security
Security Content Automation Protocol and Web Application Security
Security Content Automation Protocol and Web Application Security
Security Content Automation Protocol and Web Application Security
Security Content Automation Protocol and Web Application Security
Security Content Automation Protocol and Web Application Security
Security Content Automation Protocol and Web Application Security
Security Content Automation Protocol and Web Application Security
Security Content Automation Protocol and Web Application Security
Security Content Automation Protocol and Web Application Security
Security Content Automation Protocol and Web Application Security

Check these out next

ESAPI
ESAPI
n|u - The Open Security Community
Technical Architecture of RASP Technology
Technical Architecture of RASP Technology
Priyanka Aash
Web Application Firewall intro
Web Application Firewall intro
Rich Helton
Pci compliance writing secure code
Pci compliance writing secure code
Miva
Testing Web Application Security
Testing Web Application Security
Ted Husted
Browser Exploit Framework
Browser Exploit Framework
n|u - The Open Security Community
7 Effective Practices to Follow for Selenium Automation Testing
7 Effective Practices to Follow for Selenium Automation Testing
TestingXperts
From the Frontline of RASP Adoption
From the Frontline of RASP Adoption
Goran Begic
1 of 15

Security Content Automation Protocol and Web Application Security

Aug. 7, 2009
Download to read offline
Technology
News & Politics

A presentation on SCAP I delivered at the August 5th OWASP DC Chapter.

Michael Smith
Security Management Consultant
Advertisement
Advertisement
Advertisement

Recommended

Top Security Threats for .NET DevelopersTop Security Threats for .NET Developers
Top Security Threats for .NET DevelopersMikhail Shcherbakov905 views36 slides
Practice of AppSec .NETPractice of AppSec .NET
Practice of AppSec .NETMikhail Shcherbakov872 views46 slides
Sergey Kochergan - OWASP Top 10 Web Application Vulnerabilities Sergey Kochergan - OWASP Top 10 Web Application Vulnerabilities
Sergey Kochergan - OWASP Top 10 Web Application Vulnerabilities Braindev Kyiv377 views23 slides
Owasp lapseOwasp lapse
Owasp lapsen|u - The Open Security Community2.4K views10 slides
Pentesting Rest API's by :- Gaurang BhatnagarPentesting Rest API's by :- Gaurang Bhatnagar
Pentesting Rest API's by :- Gaurang BhatnagarOWASP Delhi5.9K views38 slides
Implementing application security using the .net frameworkImplementing application security using the .net framework
Implementing application security using the .net frameworkLalit Kale4.1K views50 slides

More Related Content

Slideshows for you(20)

ESAPIESAPI
ESAPI
n|u - The Open Security Community2.3K views
Technical Architecture of RASP TechnologyTechnical Architecture of RASP Technology
Technical Architecture of RASP Technology
Priyanka Aash1.1K views
Web Application Firewall introWeb Application Firewall intro
Web Application Firewall intro
Rich Helton5.6K views
Pci compliance writing secure codePci compliance writing secure code
Pci compliance writing secure code
Miva646 views
Testing Web Application SecurityTesting Web Application Security
Testing Web Application Security
Ted Husted1.6K views
Browser Exploit FrameworkBrowser Exploit Framework
Browser Exploit Framework
n|u - The Open Security Community2.2K views
7 Effective Practices to Follow for Selenium Automation Testing7 Effective Practices to Follow for Selenium Automation Testing
7 Effective Practices to Follow for Selenium Automation Testing
TestingXperts 73 views
From the Frontline of RASP AdoptionFrom the Frontline of RASP Adoption
From the Frontline of RASP Adoption
Goran Begic461 views
OWASP PDX May 2016 : Scanning with Swagger (OAS) 2.0 OWASP PDX May 2016 : Scanning with Swagger (OAS) 2.0
OWASP PDX May 2016 : Scanning with Swagger (OAS) 2.0
Scott Lee Davis1.4K views
Owasp Code Crawler PresentationOwasp Code Crawler Presentation
Owasp Code Crawler Presentation
alessiomarziali1.3K views
Static analysis for securityStatic analysis for security
Static analysis for security
Fadi Abdulwahab577 views
Scanning web vulnerabilitiesScanning web vulnerabilities
Scanning web vulnerabilities
Mohit Dholakiya275 views
Microsoft Fakes, Unit Testing the (almost) Untestable CodeMicrosoft Fakes, Unit Testing the (almost) Untestable Code
Microsoft Fakes, Unit Testing the (almost) Untestable Code
Aleksandar Bozinovski512 views
Security hole #5 application security science or quality assuranceSecurity hole #5 application security science or quality assurance
Security hole #5 application security science or quality assurance
Tjylen Veselyj1.4K views
Will it pass or not? - A few words about automationWill it pass or not? - A few words about automation
Will it pass or not? - A few words about automation
Railwaymen171 views
Eirtight writing secure codeEirtight writing secure code
Eirtight writing secure code
Kieran Dundon490 views
Spring Security IntroductionSpring Security Introduction
Spring Security Introduction
Mindfire Solutions1.7K views
OWASP -Top 5 JagjitOWASP -Top 5 Jagjit
OWASP -Top 5 Jagjit
Jagjit Singh Brar102 views
t rt r
t r
electronicmingle013.8K views
Owasp webgoatOwasp webgoat
Owasp webgoat
Zakaria SMAHI2K views

Similar to Security Content Automation Protocol and Web Application Security(20)

Our talk in Black Hat Asia 2015 Briefing Our talk in Black Hat Asia 2015 Briefing
Our talk in Black Hat Asia 2015 Briefing
SecPod Technologies248 views
OWASP_Top_Ten_Proactive_Controls_v2.pptxOWASP_Top_Ten_Proactive_Controls_v2.pptx
OWASP_Top_Ten_Proactive_Controls_v2.pptx
azida34 views
2010-12 SCAP Explained 2010-12 SCAP Explained
2010-12 SCAP Explained
Raleigh ISSA1.6K views
Secure SDLC for Software Secure SDLC for Software
Secure SDLC for Software
Shreeraj Shah5.8K views
OWASP an Introduction OWASP an Introduction
OWASP an Introduction
alessiomarziali891 views
DevSecOps - automating securityDevSecOps - automating security
DevSecOps - automating security
John Staveley723 views
The Anatomy of Java Vulnerabilities (Devoxx UK 2017)The Anatomy of Java Vulnerabilities (Devoxx UK 2017)
The Anatomy of Java Vulnerabilities (Devoxx UK 2017)
Steve Poole879 views
The Dev, Sec and Ops of API Security - API WorldThe Dev, Sec and Ops of API Security - API World
The Dev, Sec and Ops of API Security - API World
42Crunch711 views
香港六合彩香港六合彩
香港六合彩
baoyin563 views
Matthew Coles - Izar Tarandach - Security ToolboxMatthew Coles - Izar Tarandach - Security Toolbox
Matthew Coles - Izar Tarandach - Security Toolbox
Source Conference2.2K views
Java application security the hard way - a workshop for the serious developerJava application security the hard way - a workshop for the serious developer
Java application security the hard way - a workshop for the serious developer
Steve Poole519 views
Agnitio: its static analysis, but not as we know itAgnitio: its static analysis, but not as we know it
Agnitio: its static analysis, but not as we know it
Security BSides London1.3K views
Security, Hack1ng and Hardening on Linux - an OverviewSecurity, Hack1ng and Hardening on Linux - an Overview
Security, Hack1ng and Hardening on Linux - an Overview
Kaiwan Billimoria1.2K views
AWS Summit Auckland - Application Delivery Patterns for DevelopersAWS Summit Auckland - Application Delivery Patterns for Developers
AWS Summit Auckland - Application Delivery Patterns for Developers
Amazon Web Services482 views
OWASP Top 10 And Insecure Software Root CausesOWASP Top 10 And Insecure Software Root Causes
OWASP Top 10 And Insecure Software Root Causes
Marco Morana11.4K views
Getting Started with Amazon Inspector - AWS June 2016 Webinar SeriesGetting Started with Amazon Inspector - AWS June 2016 Webinar Series
Getting Started with Amazon Inspector - AWS June 2016 Webinar Series
Amazon Web Services3.9K views
Cost effective web application testingCost effective web application testing
Cost effective web application testing
Harinath Pudipeddi410 views
Cost effective web application testingCost effective web application testing
Cost effective web application testing
Harinath Pudipeddi71 views
Cost Effective Web Application TestingCost Effective Web Application Testing
Cost Effective Web Application Testing
Hari Pudipeddi804 views
Don't Drop the SOAP: Real World Web Service Testing for Web Hackers Don't Drop the SOAP: Real World Web Service Testing for Web Hackers
Don't Drop the SOAP: Real World Web Service Testing for Web Hackers
Tom Eston5.6K views
Advertisement

More from Michael Smith(8)

Meta-Metrics: Building a Scorecard for the Evaluation of Security Management ...Meta-Metrics: Building a Scorecard for the Evaluation of Security Management ...
Meta-Metrics: Building a Scorecard for the Evaluation of Security Management ...
Michael Smith1K views
BarcodesBarcodes
Barcodes
Michael Smith5.2K views
Building A Modern Security Policy For Social Media and GovernmentBuilding A Modern Security Policy For Social Media and Government
Building A Modern Security Policy For Social Media and Government
Michael Smith1.9K views
Dojo Con 09Dojo Con 09
Dojo Con 09
Michael Smith1.1K views
Massively Scaled Security Solutions for Massively Scaled IT:SecTor 09Massively Scaled Security Solutions for Massively Scaled IT:SecTor 09
Massively Scaled Security Solutions for Massively Scaled IT:SecTor 09
Michael Smith897 views
The Authorizing Official And The Accreditation DecisionThe Authorizing Official And The Accreditation Decision
The Authorizing Official And The Accreditation Decision
Michael Smith1.9K views
Backtrack 3 USBBacktrack 3 USB
Backtrack 3 USB
Michael Smith2.5K views
Why Care About Government SecurityWhy Care About Government Security
Why Care About Government Security
Michael Smith937 views

Recently uploaded(20)

Java-if-Statement-Activity2.docxJava-if-Statement-Activity2.docx
Java-if-Statement-Activity2.docx
SofiaArquero20 views
Develop Blockchain App - Blocktech BrewDevelop Blockchain App - Blocktech Brew
Develop Blockchain App - Blocktech Brew
Blocktech Brew0 views
Galaxy Calendar by Slidesgo.pptxGalaxy Calendar by Slidesgo.pptx
Galaxy Calendar by Slidesgo.pptx
JorgeEnrique670 views
Good Regulatory Practices.pptxGood Regulatory Practices.pptx
Good Regulatory Practices.pptx
Sudipta Roy0 views
d9f0992b5cb6478fa0dfff092cccc2d2.pdfd9f0992b5cb6478fa0dfff092cccc2d2.pdf
d9f0992b5cb6478fa0dfff092cccc2d2.pdf
ThnhNguynVn970 views
Plugg Session.pptxPlugg Session.pptx
Plugg Session.pptx
FIWARE0 views
Blockchain TechnologyBlockchain Technology
Blockchain Technology
Aryan Chaudhary0 views
How to Unmute iPhone.pdfHow to Unmute iPhone.pdf
How to Unmute iPhone.pdf
syedmuneebhaider30 views
MVC.pptxMVC.pptx
MVC.pptx
ssuserfd27a70 views
F5 State of App Strategy Report 2023.pdfF5 State of App Strategy Report 2023.pdf
F5 State of App Strategy Report 2023.pdf
Zeppos Galanos, MSc.0 views
BG CSLTTT C1.pptxBG CSLTTT C1.pptx
BG CSLTTT C1.pptx
MnhQuang140 views
Business, Strategy, Funding _ Matchmaking .pptxBusiness, Strategy, Funding _ Matchmaking .pptx
Business, Strategy, Funding _ Matchmaking .pptx
FIWARE0 views
Smart Packaging Technology | Connected Packaging Solutions | EnnoventureSmart Packaging Technology | Connected Packaging Solutions | Ennoventure
Smart Packaging Technology | Connected Packaging Solutions | Ennoventure
Ennoventure0 views
STKI Israeli Market Study 2023 STKI Israeli Market Study 2023
STKI Israeli Market Study 2023
Dr. Jimmy Schwarzkopf0 views
拉筹伯大学毕业证办理|La Trobe文凭购买拉筹伯大学毕业证办理|La Trobe文凭购买
拉筹伯大学毕业证办理|La Trobe文凭购买
eunha170 views
Digital Conference Rooms Have Video Displays & Smart Cameras For Remote Team ...Digital Conference Rooms Have Video Displays & Smart Cameras For Remote Team ...
Digital Conference Rooms Have Video Displays & Smart Cameras For Remote Team ...
Other130 views
Brochure-Sodium-Hydroxide.pdfBrochure-Sodium-Hydroxide.pdf
Brochure-Sodium-Hydroxide.pdf
pinit10 views
Impact Of Biotechnologies On Genetic Diversity Of Cattle Populations.pptxImpact Of Biotechnologies On Genetic Diversity Of Cattle Populations.pptx
Impact Of Biotechnologies On Genetic Diversity Of Cattle Populations.pptx
AkashYaqoob0 views
Iguana - openSUSE Conf 2023Iguana - openSUSE Conf 2023
Iguana - openSUSE Conf 2023
Ondrej Holecek0 views
SUBMIT YOUR PAPERS - International Journal of Data Mining & Knowledge Managem...SUBMIT YOUR PAPERS - International Journal of Data Mining & Knowledge Managem...
SUBMIT YOUR PAPERS - International Journal of Data Mining & Knowledge Managem...
IJDKP0 views
Advertisement

Security Content Automation Protocol and Web Application Security

  1. The Security Content Automation Protocol and Web Application Security Automatisch, Praktisch, Gut!
  8. Scenario: Patch, VM, and Audit
  9. Scenario: Configuration Management
  10. Scenario: Vulnerability Research
  14. The Final Message

Editor's Notes

  1. The following presentation contains insights and opinions gathered from over 30 years of combined experience in the government INFOSEC space. It’s interspersed with some humor – security presentations can be pretty dry without it. We hope that this presentation will provide you with the impetus to reemphasize security within your organization, and feel good about doing so. The subtitle means “Automatic, Practical, Good!” and is a play on the Ritter Sport tagline “Quadratisch, Praktish, Gut!” which translates as “Square, Practical, Good!” http://www.ritter-sport.de/
  2. Mike’s blog is at http://www.guerilla-ciso.com/ Mike teaches for Potomac Forum http://www.potomacforum.org/ Contact information for Mike is at the end of this presentation.
  3. OK, it could be that SCAP and automation replaces all of us with tool monkeys. This impact remains to be seen.
  4. WASC Threat Classification Working Group http://projects.webappsec.org/Threat-Classification-Working CWE http://cwe.mitre.org/
  5. Picture is “lifted” from Encyclopedia Dramatica and used under Fair Use. http://www.encyclopediadramatica.com/Image:God-kills-kitten.jpg http://www.encyclopediadramatica.com/Encyclopedia_Dramatica:General_disclaimer#Fair_Use_and_Copyrighted_Materials
  6. If you would like us to speak for your event or group, please ask. If you would like to learn more and to keep up-to-date on groundbreaking Government security news, subscribe to the guerilla-ciso blog feed. Presentation released under the Creative Commons Attribution-NonCommercial-ShareAlike 3.0 License. More information available at http://creativecommons.org/licenses/by-nc-sa/3.0/
Advertisement