Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Tgt26 lukasz badziak

43 views

Published on

TGT 26

Published in: Internet
  • Hey, ściągnęłam prezentację jednak na wielu slajdach (przykładowo slajd 9, 10) treść zasłonięta jest screenem z ulicy sezamkowej... czy dało by się to zmienić tak aby treść slajdu była widoczna?
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • Be the first to like this

Tgt26 lukasz badziak

  1. 1. How and What should we test? Source: https://www.freepik.com/ #TGT26
  2. 2. Source: https://www.freepik.com How and What should we test? #TGT26 Server Web Cloud ? ? ?
  3. 3. Source: https://www.freepik.com How and What should we test? #TGT26 Server Web Cloud ? ? ? Legend: Product Server Other Web Cloud
  4. 4. Source: https://www.freepik.com #TGT26 Web How and What should we test?
  5. 5. Source: https://www.freepik.com #TGT26 Check Cookies: How and What should we test?
  6. 6. Source: https://www.freepik.com #TGT26 Check Cookies: Local Storage Session Storage Secure Http-only Prefixed Expires Same-site Path How and What should we test?
  7. 7. Source: https://www.freepik.com #TGT26 Check Security HTTP Headers: CORS HSTS X-Content-Type-OptionsReferrer X-XSS-protectionX-Frame-Options HPKPServer Referrer Policy Content Security Policy How and What should we test?
  8. 8. #TGT26 Check Security HTTP Headers: Source: https://www.freepik.com How and What should we test?
  9. 9. #TGT26 Check Security HTTP Headers: Source: https://www.freepik.com , https://infosec.mozilla.org/guidelines/web_security#http-redirections How and What should we test?
  10. 10. Source: https://www.freepik.com #TGT26 Check View Source: How and What should we test?
  11. 11. Source: https://www.freepik.com #TGT26 Check Fronted Libraries: Integration: Covers: How and What should we test?
  12. 12. Source: https://www.freepik.com #TGT26 Check Backend Dependencies: How and What should we test?
  13. 13. Source: https://www.freepik.com #TGT26 Check Fronted/Backend Libraries: How and What should we test?
  14. 14. Source: https://www.freepik.com #TGT26 Check Code: How and What should we test?
  15. 15. #TGT26 Source: https://www.freepik.com Check Commits: How and What should we test?
  16. 16. #TGT26 Check Ciphers: Source: https://www.freepik.com How and What should we test?
  17. 17. #TGT26 Source: https://www.freepik.com Check TLS Protocol: How and What should we test?
  18. 18. #TGT26 Check Web Application Firewall: Source: https://www.freepik.com How and What should we test?
  19. 19. #TGT26 Check Anti-Virus: Source: https://www.freepik.com How and What should we test?
  20. 20. #TGT26 How and What should we test? Source: https://www.freepik.com Check Scanners:
  21. 21. #TGT26 Use Exploratory Tests: Functionalities Endpoints Flows + Source: https://www.freepik.com , http://rest-assured.io/ , https://portswigger.net/burp , https://selenium.dev/ , https://www.getpostman.com/ How and What should we test?
  22. 22. Source: https://www.freepik.com #TGT26 Use Cheat Sheets: OWASP Top 10 OWASP Cheat Sheets OWASP ASVS 4 How and What should we test?
  23. 23. Source: https://www.freepik.com #TGT26 Web How and What should we test?
  24. 24. Source: https://www.freepik.com How and What should we test? #TGT26 Server
  25. 25. Source: https://www.freepik.com #TGT26 Check System Default Settings: How and What should we test?
  26. 26. Source: https://www.freepik.com , nmap --script +ssl-enum-ciphers youraddress.yourdomain.com –p80,443 #TGT26 Check Ciphers, Ports and Services: How and What should we test? TLS 1.1 HTTP Service, Port 80
  27. 27. Source: https://www.freepik.com #TGT26 Check Kernel and Libraries: How and What should we test?
  28. 28. Source: https://www.freepik.com #TGT26 Check Hardening: Operation Systems Server Software Desktop Software Print Devices Cloud Providers Mobile Devices Network Devices How and What should we test?
  29. 29. Source: https://www.freepik.com #TGT26 Use IDS/IPS Protection: How and What should we test?
  30. 30. Source: https://www.freepik.com #TGT26 Perform Penetration Tests: Information Gathering Web Applications Sniffing & Spoofing Exploitation Tools Forensics Tools Stress Testing Vulnerability Analysis Wireless Attacks Maintaining Access Password Attacks Reverse Engineering Reporting Tools Hardware Hacking How and What should we test?
  31. 31. Source: https://www.freepik.com #TGT26 Server How and What should we test?
  32. 32. Source: https://www.freepik.com #TGT26 Cloud How and What should we test?
  33. 33. #TGT26 Try to Enumerate Resources: How and What should we test? Cmd: hostname:compute.amazonaws.comCmd: hostname:amazonaws.com +netflixCmd: s3.us-east-2.amazonaws.comCmd: s3 site:amazonaws.com filetype:xls passwordCmd: .pem | dump.sql | id_rsa | configCmd: https://github.com/toniblyx/my-arsenal-of-aws- security-tools Source: https://www.freepik.com
  34. 34. Source: https://www.freepik.com #TGT26 Check S3 Buckets Settings: How and What should we test?
  35. 35. Source: https://www.freepik.com #TGT26 Check IAM users: How and What should we test? Root access Groups Access Keys | Console Access Key AgeAdmin accounts MFA
  36. 36. Source: https://www.freepik.com #TGT26 Check Configuration of VPCs: How and What should we test? VPC flow logsInbound and Outbound Security Groups
  37. 37. Source: https://www.freepik.com #TGT26 Check Logs: How and What should we test?
  38. 38. Source: https://www.freepik.com , OWASP ModSec CRS Paranoia Mode #TGT26 Check WAF Rules: How and What should we test?
  39. 39. Source: https://www.freepik.com #TGT26 Check AWS Trusted Advisor: How and What should we test?
  40. 40. Source: https://www.freepik.com #TGT26 Check AWS Security Hub: How and What should we test?
  41. 41. Source: https://www.freepik.com #TGT26 Check Preview Features: How and What should we test?
  42. 42. Source: https://www.freepik.com #TGT26 Use Cheat Sheets: How and What should we test? OWASP Cloud Top 10 Security Risks Cloud Controls Matrix Provider Security Best Practices CIS Benchmarks
  43. 43. Source: https://www.freepik.com #TGT26 Cloud How and What should we test?
  44. 44. Source: https://www.freepik.com How and What should we test? #TGT26 ? ? ? SSDLC Notifications Alarms
  45. 45. Source: https://www.freepik.com How and What should we test? #TGT26 Server Web Cloud ? ? ?
  46. 46. Source: https://www.freepik.com How and What should we test? #TGT26
  47. 47. Source: https://www.freepik.com , https://pixabay.com/videos/bubbles-bubbles-in-water-26067/ How and What should we test? #TGT26
  48. 48. THANK YOU ! for joining this session Source: https://www.youtube.com/watch?v=O0qPC46McwA

×