SlideShare a Scribd company logo

4 owasp egypt_12_4_2014_ebrahim_hegazy

Download as PPT, PDF
sunil kumar
sunil kumar

This document discusses a Yahoo zero-day vulnerability from a code point of view. It covers bug bounty programs, remote code execution vulnerabilities like those using eval(), and provides a live example tool called WebPwn3r and demo videos. The document is authored by Ebrahim Hegazy, a cyber security analyst at Q-CERT, and is published on April 12, 2014 by the OWASP Foundation under an open license.

Technology
1 of 11
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP Foundation OWASP http://www.owasp.org Yahoo Zero-Day Vulnerability - Code Point of View Ebrahim Hegazy @Zigoo0 Cyber Security Analyst @Q-CERT Ehegazy@qcert.org 12 April - 2014
OWASP 2 Not this type of bugs!
OWASP Nor even This type Of hunting!
OWASP
OWASP 1- Bug Bounty Programs. 2- Remote Code Execution Vulnerability 3- Live Example – WebPwn3r 4- Demo Videos
OWASP Bug Bounty Programs https://bugcrowd.com/list-of-bug-bounty-programs/
OWASP Remote Code Execution Vulnerability Simply, PHPCE occurs when user-supplied(GET/POST) values of the parameters are reflected inside eval() function, that vulnerability allows attackers to execute PHP code such as {echo system(“id”)} or any other php function/code.
OWASP Eval
OWASP Live Example – WebPwn3r
OWASP 4- Demo Videos
OWASP

Recommended

OWASP Serbia - A5 cross-site request forgery
OWASP Serbia - A5 cross-site request forgeryOWASP Serbia - A5 cross-site request forgery
OWASP Serbia - A5 cross-site request forgeryNikola Milosevic
 
Anatomy of Exploit Kits
Anatomy of Exploit KitsAnatomy of Exploit Kits
Anatomy of Exploit Kits
securityxploded
 
OWASP Khartoum Top 10 A3 - 6th meeting
OWASP Khartoum Top 10 A3 - 6th meetingOWASP Khartoum Top 10 A3 - 6th meeting
OWASP Khartoum Top 10 A3 - 6th meetingOWASP Khartoum
 
Garage4Hackers Ranchoddas Webcast Series - Bypassing Modern WAF's Exemplified...
Garage4Hackers Ranchoddas Webcast Series - Bypassing Modern WAF's Exemplified...Garage4Hackers Ranchoddas Webcast Series - Bypassing Modern WAF's Exemplified...
Garage4Hackers Ranchoddas Webcast Series - Bypassing Modern WAF's Exemplified...
Garage4hackers.com
 
Pci compliance writing secure code
Pci compliance writing secure codePci compliance writing secure code
Pci compliance writing secure code
Miva
 
REST API Development (FB Live) - Episode 04
REST API Development (FB Live) - Episode 04REST API Development (FB Live) - Episode 04
REST API Development (FB Live) - Episode 04
Muhammad Sumon Molla Selim
 
OWASP Khartoum - Top 10 A5 - 7th meeting - Cross Site Request Forgery
OWASP Khartoum - Top 10 A5 - 7th meeting - Cross Site Request ForgeryOWASP Khartoum - Top 10 A5 - 7th meeting - Cross Site Request Forgery
OWASP Khartoum - Top 10 A5 - 7th meeting - Cross Site Request ForgeryOWASP Khartoum
 
Perform fuzz on appplications web interface
Perform fuzz on appplications web interfacePerform fuzz on appplications web interface
Perform fuzz on appplications web interface
IndicThreads
 

Recommended

OWASP Serbia - A5 cross-site request forgery
OWASP Serbia - A5 cross-site request forgeryOWASP Serbia - A5 cross-site request forgery
OWASP Serbia - A5 cross-site request forgeryNikola Milosevic
 
Anatomy of Exploit Kits
Anatomy of Exploit KitsAnatomy of Exploit Kits
Anatomy of Exploit Kits
securityxploded
 
OWASP Khartoum Top 10 A3 - 6th meeting
OWASP Khartoum Top 10 A3 - 6th meetingOWASP Khartoum Top 10 A3 - 6th meeting
OWASP Khartoum Top 10 A3 - 6th meetingOWASP Khartoum
 
Garage4Hackers Ranchoddas Webcast Series - Bypassing Modern WAF's Exemplified...
Garage4Hackers Ranchoddas Webcast Series - Bypassing Modern WAF's Exemplified...Garage4Hackers Ranchoddas Webcast Series - Bypassing Modern WAF's Exemplified...
Garage4Hackers Ranchoddas Webcast Series - Bypassing Modern WAF's Exemplified...
Garage4hackers.com
 
Pci compliance writing secure code
Pci compliance writing secure codePci compliance writing secure code
Pci compliance writing secure code
Miva
 
REST API Development (FB Live) - Episode 04
REST API Development (FB Live) - Episode 04REST API Development (FB Live) - Episode 04
REST API Development (FB Live) - Episode 04
Muhammad Sumon Molla Selim
 
OWASP Khartoum - Top 10 A5 - 7th meeting - Cross Site Request Forgery
OWASP Khartoum - Top 10 A5 - 7th meeting - Cross Site Request ForgeryOWASP Khartoum - Top 10 A5 - 7th meeting - Cross Site Request Forgery
OWASP Khartoum - Top 10 A5 - 7th meeting - Cross Site Request ForgeryOWASP Khartoum
 
Perform fuzz on appplications web interface
Perform fuzz on appplications web interfacePerform fuzz on appplications web interface
Perform fuzz on appplications web interface
IndicThreads
 
HackFest 2015 - Rasp vs waf
HackFest 2015 - Rasp vs wafHackFest 2015 - Rasp vs waf
HackFest 2015 - Rasp vs waf
IMMUNIO
 
How Can PVS-Studio Help in the Detection of Vulnerabilities?
How Can PVS-Studio Help in the Detection of Vulnerabilities?How Can PVS-Studio Help in the Detection of Vulnerabilities?
How Can PVS-Studio Help in the Detection of Vulnerabilities?
PVS-Studio
 
Reversing malware analysis training part7 unpackingupx
Reversing malware analysis training part7 unpackingupxReversing malware analysis training part7 unpackingupx
Reversing malware analysis training part7 unpackingupx
Cysinfo Cyber Security Community
 
Reversing & malware analysis training part 10 exploit development basics
Reversing & malware analysis training part 10 exploit development basicsReversing & malware analysis training part 10 exploit development basics
Reversing & malware analysis training part 10 exploit development basicsAbdulrahman Bassam
 
Reversing malware analysis training part1 lab setup guide
Reversing malware analysis training part1 lab setup guideReversing malware analysis training part1 lab setup guide
Reversing malware analysis training part1 lab setup guide
Cysinfo Cyber Security Community
 
Web Application Firewall: Suckseed or Succeed
Web Application Firewall: Suckseed or SucceedWeb Application Firewall: Suckseed or Succeed
Web Application Firewall: Suckseed or Succeed
Prathan Phongthiproek
 
Android in the healthcare workplace
Android in the healthcare workplaceAndroid in the healthcare workplace
Android in the healthcare workplaceThomas Richards
 
Vm Penetration Test
Vm Penetration TestVm Penetration Test
Vm Penetration Test
Nicole Gaehle, MSIST
 
Web security-–-everything-we-know-is-wrong-eoin-keary
Web security-–-everything-we-know-is-wrong-eoin-kearyWeb security-–-everything-we-know-is-wrong-eoin-keary
Web security-–-everything-we-know-is-wrong-eoin-kearydrewz lin
 
Waf bypassing Techniques
Waf bypassing TechniquesWaf bypassing Techniques
Waf bypassing Techniques
Avinash Thapa
 
Reversing malware analysis training part11 exploit development advanced
Reversing malware analysis training part11 exploit development advancedReversing malware analysis training part11 exploit development advanced
Reversing malware analysis training part11 exploit development advanced
Cysinfo Cyber Security Community
 
CSRF 101
CSRF 101CSRF 101
CSRF 101
aaron bishop
 
Owasp top 10 web application security hazards part 2
Owasp top 10 web application security hazards part 2Owasp top 10 web application security hazards part 2
Owasp top 10 web application security hazards part 2
Abhinav Sejpal
 
Basic communication skills
Basic communication skillsBasic communication skills
Basic communication skillssunil kumar
 
Amazon
AmazonAmazon
Amazonsunil kumar
 
Hacking databases
Hacking databasesHacking databases
Hacking databasessunil kumar
 
Comp tia a_220-801_objectives
Comp tia a_220-801_objectivesComp tia a_220-801_objectives
Comp tia a_220-801_objectivessunil kumar
 
Hacking databases
Hacking databasesHacking databases
Hacking databasessunil kumar
 
Data recovery
Data recoveryData recovery
Data recoverysunil kumar
 
Certified ethicalhacking classroom_1382954076
Certified ethicalhacking classroom_1382954076Certified ethicalhacking classroom_1382954076
Certified ethicalhacking classroom_1382954076sunil kumar
 
Top trending of the week
Top trending of the weekTop trending of the week
Top trending of the weeksunil kumar
 
Osi model
Osi modelOsi model
Osi modelsunil kumar
 

More Related Content

What's hot

HackFest 2015 - Rasp vs waf
HackFest 2015 - Rasp vs wafHackFest 2015 - Rasp vs waf
HackFest 2015 - Rasp vs waf
IMMUNIO
 
How Can PVS-Studio Help in the Detection of Vulnerabilities?
How Can PVS-Studio Help in the Detection of Vulnerabilities?How Can PVS-Studio Help in the Detection of Vulnerabilities?
How Can PVS-Studio Help in the Detection of Vulnerabilities?
PVS-Studio
 
Reversing malware analysis training part7 unpackingupx
Reversing malware analysis training part7 unpackingupxReversing malware analysis training part7 unpackingupx
Reversing malware analysis training part7 unpackingupx
Cysinfo Cyber Security Community
 
Reversing & malware analysis training part 10 exploit development basics
Reversing & malware analysis training part 10 exploit development basicsReversing & malware analysis training part 10 exploit development basics
Reversing & malware analysis training part 10 exploit development basicsAbdulrahman Bassam
 
Reversing malware analysis training part1 lab setup guide
Reversing malware analysis training part1 lab setup guideReversing malware analysis training part1 lab setup guide
Reversing malware analysis training part1 lab setup guide
Cysinfo Cyber Security Community
 
Web Application Firewall: Suckseed or Succeed
Web Application Firewall: Suckseed or SucceedWeb Application Firewall: Suckseed or Succeed
Web Application Firewall: Suckseed or Succeed
Prathan Phongthiproek
 
Android in the healthcare workplace
Android in the healthcare workplaceAndroid in the healthcare workplace
Android in the healthcare workplaceThomas Richards
 
Vm Penetration Test
Vm Penetration TestVm Penetration Test
Vm Penetration Test
Nicole Gaehle, MSIST
 
Web security-–-everything-we-know-is-wrong-eoin-keary
Web security-–-everything-we-know-is-wrong-eoin-kearyWeb security-–-everything-we-know-is-wrong-eoin-keary
Web security-–-everything-we-know-is-wrong-eoin-kearydrewz lin
 
Waf bypassing Techniques
Waf bypassing TechniquesWaf bypassing Techniques
Waf bypassing Techniques
Avinash Thapa
 
Reversing malware analysis training part11 exploit development advanced
Reversing malware analysis training part11 exploit development advancedReversing malware analysis training part11 exploit development advanced
Reversing malware analysis training part11 exploit development advanced
Cysinfo Cyber Security Community
 
CSRF 101
CSRF 101CSRF 101
CSRF 101
aaron bishop
 
Owasp top 10 web application security hazards part 2
Owasp top 10 web application security hazards part 2Owasp top 10 web application security hazards part 2
Owasp top 10 web application security hazards part 2
Abhinav Sejpal
 

What's hot (13)

HackFest 2015 - Rasp vs waf
HackFest 2015 - Rasp vs wafHackFest 2015 - Rasp vs waf
HackFest 2015 - Rasp vs waf
 
How Can PVS-Studio Help in the Detection of Vulnerabilities?
How Can PVS-Studio Help in the Detection of Vulnerabilities?How Can PVS-Studio Help in the Detection of Vulnerabilities?
How Can PVS-Studio Help in the Detection of Vulnerabilities?
 
Reversing malware analysis training part7 unpackingupx
Reversing malware analysis training part7 unpackingupxReversing malware analysis training part7 unpackingupx
Reversing malware analysis training part7 unpackingupx
 
Reversing & malware analysis training part 10 exploit development basics
Reversing & malware analysis training part 10 exploit development basicsReversing & malware analysis training part 10 exploit development basics
Reversing & malware analysis training part 10 exploit development basics
 
Reversing malware analysis training part1 lab setup guide
Reversing malware analysis training part1 lab setup guideReversing malware analysis training part1 lab setup guide
Reversing malware analysis training part1 lab setup guide
 
Web Application Firewall: Suckseed or Succeed
Web Application Firewall: Suckseed or SucceedWeb Application Firewall: Suckseed or Succeed
Web Application Firewall: Suckseed or Succeed
 
Android in the healthcare workplace
Android in the healthcare workplaceAndroid in the healthcare workplace
Android in the healthcare workplace
 
Vm Penetration Test
Vm Penetration TestVm Penetration Test
Vm Penetration Test
 
Web security-–-everything-we-know-is-wrong-eoin-keary
Web security-–-everything-we-know-is-wrong-eoin-kearyWeb security-–-everything-we-know-is-wrong-eoin-keary
Web security-–-everything-we-know-is-wrong-eoin-keary
 
Waf bypassing Techniques
Waf bypassing TechniquesWaf bypassing Techniques
Waf bypassing Techniques
 
Reversing malware analysis training part11 exploit development advanced
Reversing malware analysis training part11 exploit development advancedReversing malware analysis training part11 exploit development advanced
Reversing malware analysis training part11 exploit development advanced
 
CSRF 101
CSRF 101CSRF 101
CSRF 101
 
Owasp top 10 web application security hazards part 2
Owasp top 10 web application security hazards part 2Owasp top 10 web application security hazards part 2
Owasp top 10 web application security hazards part 2
 

Viewers also liked

Basic communication skills
Basic communication skillsBasic communication skills
Basic communication skillssunil kumar
 
Hacking databases
Hacking databasesHacking databases
Hacking databasessunil kumar
 
Comp tia a_220-801_objectives
Comp tia a_220-801_objectivesComp tia a_220-801_objectives
Comp tia a_220-801_objectivessunil kumar
 
Hacking databases
Hacking databasesHacking databases
Hacking databasessunil kumar
 
Certified ethicalhacking classroom_1382954076
Certified ethicalhacking classroom_1382954076Certified ethicalhacking classroom_1382954076
Certified ethicalhacking classroom_1382954076sunil kumar
 
Top trending of the week
Top trending of the weekTop trending of the week
Top trending of the weeksunil kumar
 
Types of optical device
Types of optical deviceTypes of optical device
Types of optical devicesunil kumar
 
Tiziano tutorial-writing-articles
Tiziano tutorial-writing-articlesTiziano tutorial-writing-articles
Tiziano tutorial-writing-articlessunil kumar
 
Ben barden -_a_beginners_guide_to_google_analytics
Ben barden -_a_beginners_guide_to_google_analyticsBen barden -_a_beginners_guide_to_google_analytics
Ben barden -_a_beginners_guide_to_google_analyticssunil kumar
 
google logo
google logogoogle logo
google logo
sunil kumar
 
Classification of computers
Classification of computersClassification of computers
Classification of computerssunil kumar
 

Viewers also liked (15)

Basic communication skills
Basic communication skillsBasic communication skills
Basic communication skills
 
Amazon
AmazonAmazon
Amazon
 
Hacking databases
Hacking databasesHacking databases
Hacking databases
 
Comp tia a_220-801_objectives
Comp tia a_220-801_objectivesComp tia a_220-801_objectives
Comp tia a_220-801_objectives
 
Hacking databases
Hacking databasesHacking databases
Hacking databases
 
Data recovery
Data recoveryData recovery
Data recovery
 
Certified ethicalhacking classroom_1382954076
Certified ethicalhacking classroom_1382954076Certified ethicalhacking classroom_1382954076
Certified ethicalhacking classroom_1382954076
 
Top trending of the week
Top trending of the weekTop trending of the week
Top trending of the week
 
Osi model
Osi modelOsi model
Osi model
 
081106 computer
081106 computer081106 computer
081106 computer
 
Types of optical device
Types of optical deviceTypes of optical device
Types of optical device
 
Tiziano tutorial-writing-articles
Tiziano tutorial-writing-articlesTiziano tutorial-writing-articles
Tiziano tutorial-writing-articles
 
Ben barden -_a_beginners_guide_to_google_analytics
Ben barden -_a_beginners_guide_to_google_analyticsBen barden -_a_beginners_guide_to_google_analytics
Ben barden -_a_beginners_guide_to_google_analytics
 
google logo
google logogoogle logo
google logo
 
Classification of computers
Classification of computersClassification of computers
Classification of computers
 

Similar to 4 owasp egypt_12_4_2014_ebrahim_hegazy

Csrf protector
Csrf protectorCsrf protector
Csrf protector
Minhaz A V
 
OWASP Overview of Projects You Can Use Today - DefCamp 2012
OWASP Overview of Projects You Can Use Today - DefCamp 2012OWASP Overview of Projects You Can Use Today - DefCamp 2012
OWASP Overview of Projects You Can Use Today - DefCamp 2012DefCamp
 
Automating Web Application Security Testing With OWASP ZAP DOT NET API - Tech...
Automating Web Application Security Testing With OWASP ZAP DOT NET API - Tech...Automating Web Application Security Testing With OWASP ZAP DOT NET API - Tech...
Automating Web Application Security Testing With OWASP ZAP DOT NET API - Tech...
gmaran23
 
AppSec EU 2009 - HTTP Parameter Pollution by Luca Carettoni and Stefano di P...
AppSec EU 2009 - HTTP Parameter Pollution by Luca Carettoni and Stefano di P...AppSec EU 2009 - HTTP Parameter Pollution by Luca Carettoni and Stefano di P...
AppSec EU 2009 - HTTP Parameter Pollution by Luca Carettoni and Stefano di P...
Magno Logan
 
OWASP App Sec US - 2010
OWASP App Sec US - 2010OWASP App Sec US - 2010
OWASP App Sec US - 2010
Aditya K Sood
 
OWASP_Top_10_Introduction_and_Remedies_2017.ppt
OWASP_Top_10_Introduction_and_Remedies_2017.pptOWASP_Top_10_Introduction_and_Remedies_2017.ppt
OWASP_Top_10_Introduction_and_Remedies_2017.ppt
jangomanso
 
Http Parameter Pollution, a new category of web attacks
Http Parameter Pollution, a new category of web attacksHttp Parameter Pollution, a new category of web attacks
Http Parameter Pollution, a new category of web attacks
Stefano Di Paola
 
Shake Hooves With BeEF - OWASP AppSec APAC 2012
Shake Hooves With BeEF - OWASP AppSec APAC 2012Shake Hooves With BeEF - OWASP AppSec APAC 2012
Shake Hooves With BeEF - OWASP AppSec APAC 2012Christian Frichot
 
Owasp london training course 2010 - Matteo Meucci
Owasp london training course 2010 - Matteo MeucciOwasp london training course 2010 - Matteo Meucci
Owasp london training course 2010 - Matteo Meucci
Matteo Meucci
 
[Php Camp]Owasp Php Top5+Csrf
[Php Camp]Owasp Php Top5+Csrf[Php Camp]Owasp Php Top5+Csrf
[Php Camp]Owasp Php Top5+Csrf
Bipin Upadhyay
 
Security Code Review for .NET - Sherif Koussa (OWASP Ottawa)
Security Code Review for .NET - Sherif Koussa (OWASP Ottawa)Security Code Review for .NET - Sherif Koussa (OWASP Ottawa)
Security Code Review for .NET - Sherif Koussa (OWASP Ottawa)
OWASP Ottawa
 
Owasp tools - OWASP Serbia
Owasp tools - OWASP SerbiaOwasp tools - OWASP Serbia
Owasp tools - OWASP Serbia
Nikola Milosevic
 
State of Web App Security 2012
State of Web App Security 2012State of Web App Security 2012
State of Web App Security 2012
Robert Rowley
 
OWASP Serbia - A6 security misconfiguration
OWASP Serbia - A6 security misconfigurationOWASP Serbia - A6 security misconfiguration
OWASP Serbia - A6 security misconfigurationNikola Milosevic
 
OWASP Top10 2010
OWASP Top10 2010OWASP Top10 2010
OWASP Top10 2010
Tommy Tracx Xaypanya
 
Null July - OWTF - Bharadwaj Machiraju
Null July - OWTF - Bharadwaj MachirajuNull July - OWTF - Bharadwaj Machiraju
Null July - OWTF - Bharadwaj Machiraju
Raghunath G
 
Running an app sec program with OWASP projects_ Defcon AppSec Village
Running an app sec program with OWASP projects_ Defcon AppSec VillageRunning an app sec program with OWASP projects_ Defcon AppSec Village
Running an app sec program with OWASP projects_ Defcon AppSec Village
Vandana Verma
 
ISC2: AppSec & OWASP Primer
ISC2: AppSec & OWASP PrimerISC2: AppSec & OWASP Primer
ISC2: AppSec & OWASP Primer
ThreatReel Podcast
 
OWASP Top 10 2007 for JavaEE
OWASP Top 10 2007 for JavaEE OWASP Top 10 2007 for JavaEE
OWASP Top 10 2007 for JavaEE
Magno Logan
 
Security Code Reviews. Does Your Code Need an Open Heart Surgery and The 6 Po...
Security Code Reviews. Does Your Code Need an Open Heart Surgery and The 6 Po...Security Code Reviews. Does Your Code Need an Open Heart Surgery and The 6 Po...
Security Code Reviews. Does Your Code Need an Open Heart Surgery and The 6 Po...Sherif Koussa
 

Similar to 4 owasp egypt_12_4_2014_ebrahim_hegazy (20)

Csrf protector
Csrf protectorCsrf protector
Csrf protector
 
OWASP Overview of Projects You Can Use Today - DefCamp 2012
OWASP Overview of Projects You Can Use Today - DefCamp 2012OWASP Overview of Projects You Can Use Today - DefCamp 2012
OWASP Overview of Projects You Can Use Today - DefCamp 2012
 
Automating Web Application Security Testing With OWASP ZAP DOT NET API - Tech...
Automating Web Application Security Testing With OWASP ZAP DOT NET API - Tech...Automating Web Application Security Testing With OWASP ZAP DOT NET API - Tech...
Automating Web Application Security Testing With OWASP ZAP DOT NET API - Tech...
 
AppSec EU 2009 - HTTP Parameter Pollution by Luca Carettoni and Stefano di P...
AppSec EU 2009 - HTTP Parameter Pollution by Luca Carettoni and Stefano di P...AppSec EU 2009 - HTTP Parameter Pollution by Luca Carettoni and Stefano di P...
AppSec EU 2009 - HTTP Parameter Pollution by Luca Carettoni and Stefano di P...
 
OWASP App Sec US - 2010
OWASP App Sec US - 2010OWASP App Sec US - 2010
OWASP App Sec US - 2010
 
OWASP_Top_10_Introduction_and_Remedies_2017.ppt
OWASP_Top_10_Introduction_and_Remedies_2017.pptOWASP_Top_10_Introduction_and_Remedies_2017.ppt
OWASP_Top_10_Introduction_and_Remedies_2017.ppt
 
Http Parameter Pollution, a new category of web attacks
Http Parameter Pollution, a new category of web attacksHttp Parameter Pollution, a new category of web attacks
Http Parameter Pollution, a new category of web attacks
 
Shake Hooves With BeEF - OWASP AppSec APAC 2012
Shake Hooves With BeEF - OWASP AppSec APAC 2012Shake Hooves With BeEF - OWASP AppSec APAC 2012
Shake Hooves With BeEF - OWASP AppSec APAC 2012
 
Owasp london training course 2010 - Matteo Meucci
Owasp london training course 2010 - Matteo MeucciOwasp london training course 2010 - Matteo Meucci
Owasp london training course 2010 - Matteo Meucci
 
[Php Camp]Owasp Php Top5+Csrf
[Php Camp]Owasp Php Top5+Csrf[Php Camp]Owasp Php Top5+Csrf
[Php Camp]Owasp Php Top5+Csrf
 
Security Code Review for .NET - Sherif Koussa (OWASP Ottawa)
Security Code Review for .NET - Sherif Koussa (OWASP Ottawa)Security Code Review for .NET - Sherif Koussa (OWASP Ottawa)
Security Code Review for .NET - Sherif Koussa (OWASP Ottawa)
 
Owasp tools - OWASP Serbia
Owasp tools - OWASP SerbiaOwasp tools - OWASP Serbia
Owasp tools - OWASP Serbia
 
State of Web App Security 2012
State of Web App Security 2012State of Web App Security 2012
State of Web App Security 2012
 
OWASP Serbia - A6 security misconfiguration
OWASP Serbia - A6 security misconfigurationOWASP Serbia - A6 security misconfiguration
OWASP Serbia - A6 security misconfiguration
 
OWASP Top10 2010
OWASP Top10 2010OWASP Top10 2010
OWASP Top10 2010
 
Null July - OWTF - Bharadwaj Machiraju
Null July - OWTF - Bharadwaj MachirajuNull July - OWTF - Bharadwaj Machiraju
Null July - OWTF - Bharadwaj Machiraju
 
Running an app sec program with OWASP projects_ Defcon AppSec Village
Running an app sec program with OWASP projects_ Defcon AppSec VillageRunning an app sec program with OWASP projects_ Defcon AppSec Village
Running an app sec program with OWASP projects_ Defcon AppSec Village
 
ISC2: AppSec & OWASP Primer
ISC2: AppSec & OWASP PrimerISC2: AppSec & OWASP Primer
ISC2: AppSec & OWASP Primer
 
OWASP Top 10 2007 for JavaEE
OWASP Top 10 2007 for JavaEE OWASP Top 10 2007 for JavaEE
OWASP Top 10 2007 for JavaEE
 
Security Code Reviews. Does Your Code Need an Open Heart Surgery and The 6 Po...
Security Code Reviews. Does Your Code Need an Open Heart Surgery and The 6 Po...Security Code Reviews. Does Your Code Need an Open Heart Surgery and The 6 Po...
Security Code Reviews. Does Your Code Need an Open Heart Surgery and The 6 Po...
 

More from sunil kumar

Best Ways to loose weight by Keto diet Deliciously
Best Ways to loose weight by Keto diet Deliciously Best Ways to loose weight by Keto diet Deliciously
Best Ways to loose weight by Keto diet Deliciously
sunil kumar
 
Best ways to loose weight Naturaly
Best ways to loose weight NaturalyBest ways to loose weight Naturaly
Best ways to loose weight Naturaly
sunil kumar
 
Gam ks egnfk
Gam ks egnfkGam ks egnfk
Gam ks egnfk
sunil kumar
 
how to invest in shares with only ₹ 5000
how to invest in shares with only ₹ 5000how to invest in shares with only ₹ 5000
how to invest in shares with only ₹ 5000
sunil kumar
 
Comp tia network_n10-005
Comp tia network_n10-005Comp tia network_n10-005
Comp tia network_n10-005sunil kumar
 
Comp tia a_220-802_objectives
Comp tia a_220-802_objectivesComp tia a_220-802_objectives
Comp tia a_220-802_objectivessunil kumar
 
Not bridge south bridge archexture
Not bridge south bridge archextureNot bridge south bridge archexture
Not bridge south bridge archexturesunil kumar
 
Dns introduction
Dns introduction Dns introduction
Dns introduction sunil kumar
 
Overview presentation
Overview presentationOverview presentation
Overview presentationsunil kumar
 
Seo and digital marketing expert freelancer
Seo and digital marketing expert freelancerSeo and digital marketing expert freelancer
Seo and digital marketing expert freelancersunil kumar
 
Hacking applications
Hacking applicationsHacking applications
Hacking applicationssunil kumar
 
Hack any website
Hack any websiteHack any website
Hack any websitesunil kumar
 

More from sunil kumar (20)

Best Ways to loose weight by Keto diet Deliciously
Best Ways to loose weight by Keto diet Deliciously Best Ways to loose weight by Keto diet Deliciously
Best Ways to loose weight by Keto diet Deliciously
 
Best ways to loose weight Naturaly
Best ways to loose weight NaturalyBest ways to loose weight Naturaly
Best ways to loose weight Naturaly
 
Gam ks egnfk
Gam ks egnfkGam ks egnfk
Gam ks egnfk
 
how to invest in shares with only ₹ 5000
how to invest in shares with only ₹ 5000how to invest in shares with only ₹ 5000
how to invest in shares with only ₹ 5000
 
Ping
PingPing
Ping
 
Comp tia network_n10-005
Comp tia network_n10-005Comp tia network_n10-005
Comp tia network_n10-005
 
Comp tia a_220-802_objectives
Comp tia a_220-802_objectivesComp tia a_220-802_objectives
Comp tia a_220-802_objectives
 
App b
App bApp b
App b
 
Smps
SmpsSmps
Smps
 
Memoryhierarchy
MemoryhierarchyMemoryhierarchy
Memoryhierarchy
 
Wi fi copy
Wi fi copyWi fi copy
Wi fi copy
 
Not bridge south bridge archexture
Not bridge south bridge archextureNot bridge south bridge archexture
Not bridge south bridge archexture
 
Dns introduction
Dns introduction Dns introduction
Dns introduction
 
Ethernet copy
Ethernet copyEthernet copy
Ethernet copy
 
Adeex
AdeexAdeex
Adeex
 
Overview presentation
Overview presentationOverview presentation
Overview presentation
 
Seo and digital marketing expert freelancer
Seo and digital marketing expert freelancerSeo and digital marketing expert freelancer
Seo and digital marketing expert freelancer
 
Hacking applications
Hacking applicationsHacking applications
Hacking applications
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
 
Hack any website
Hack any websiteHack any website
Hack any website
 

Recently uploaded

20240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 202420240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 2024
Matthew Sinclair
 
Uni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdfUni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems S.M.S.A.
 
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AI
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AIEnchancing adoption of Open Source Libraries. A case study on Albumentations.AI
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AI
Vladimir Iglovikov, Ph.D.
 
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
DanBrown980551
 
Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?
Nexer Digital
 
Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1
DianaGray10
 
20240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 202420240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 2024
Matthew Sinclair
 
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Albert Hoitingh
 
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
Neo4j
 
Large Language Model (LLM) and it’s Geospatial Applications
Large Language Model (LLM) and it’s Geospatial ApplicationsLarge Language Model (LLM) and it’s Geospatial Applications
Large Language Model (LLM) and it’s Geospatial Applications
Rohit Gautam
 
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
Neo4j
 
Generative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionGenerative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to Production
Aggregage
 
20 Comprehensive Checklist of Designing and Developing a Website
20 Comprehensive Checklist of Designing and Developing a Website20 Comprehensive Checklist of Designing and Developing a Website
20 Comprehensive Checklist of Designing and Developing a Website
Pixlogix Infotech
 
GridMate - End to end testing is a critical piece to ensure quality and avoid...
GridMate - End to end testing is a critical piece to ensure quality and avoid...GridMate - End to end testing is a critical piece to ensure quality and avoid...
GridMate - End to end testing is a critical piece to ensure quality and avoid...
ThomasParaiso2
 
Mind map of terminologies used in context of Generative AI
Mind map of terminologies used in context of Generative AIMind map of terminologies used in context of Generative AI
Mind map of terminologies used in context of Generative AI
Kumud Singh
 
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
Neo4j
 
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
SOFTTECHHUB
 
UiPath Test Automation using UiPath Test Suite series, part 5
UiPath Test Automation using UiPath Test Suite series, part 5UiPath Test Automation using UiPath Test Suite series, part 5
UiPath Test Automation using UiPath Test Suite series, part 5
DianaGray10
 
Pushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 daysPushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 days
Adtran
 
Essentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FMEEssentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FME
Safe Software
 

Recently uploaded (20)

20240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 202420240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 2024
 
Uni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdfUni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdf
 
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AI
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AIEnchancing adoption of Open Source Libraries. A case study on Albumentations.AI
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AI
 
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
 
Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?
 
Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1
 
20240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 202420240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 2024
 
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
 
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
 
Large Language Model (LLM) and it’s Geospatial Applications
Large Language Model (LLM) and it’s Geospatial ApplicationsLarge Language Model (LLM) and it’s Geospatial Applications
Large Language Model (LLM) and it’s Geospatial Applications
 
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
 
Generative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionGenerative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to Production
 
20 Comprehensive Checklist of Designing and Developing a Website
20 Comprehensive Checklist of Designing and Developing a Website20 Comprehensive Checklist of Designing and Developing a Website
20 Comprehensive Checklist of Designing and Developing a Website
 
GridMate - End to end testing is a critical piece to ensure quality and avoid...
GridMate - End to end testing is a critical piece to ensure quality and avoid...GridMate - End to end testing is a critical piece to ensure quality and avoid...
GridMate - End to end testing is a critical piece to ensure quality and avoid...
 
Mind map of terminologies used in context of Generative AI
Mind map of terminologies used in context of Generative AIMind map of terminologies used in context of Generative AI
Mind map of terminologies used in context of Generative AI
 
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
 
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
 
UiPath Test Automation using UiPath Test Suite series, part 5
UiPath Test Automation using UiPath Test Suite series, part 5UiPath Test Automation using UiPath Test Suite series, part 5
UiPath Test Automation using UiPath Test Suite series, part 5
 
Pushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 daysPushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 days
 
Essentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FMEEssentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FME
 

4 owasp egypt_12_4_2014_ebrahim_hegazy