SlideShare a Scribd company logo

Application Security for the masses

Codemotion
Codemotion

La presentazione di Andrea Pompili in occasione del Codemotion, Roma 5 marzo 2011 http://www.codemotion.it

Technology
1 of 30
5 marzo 2011 – www.codemotion.it There are only 10 types of people in the world: Those who understand binary, and those who don't (Who + What) && (Where + When) == Why APPLICATION SECURITY FOR THE MASSES Except where otherwise noted, this work is licensed under Page  ‹N› http://creativecommons.org/licenses/by-nc-sa/3.0/ <Andrea Pompili > apompili@hotmail.com Xilogic Corp.
5 marzo 2011 – www.codemotion.it Running Normal PROGRAM INTEGER DATA CHAR DATA POINTER INSTRUCTIONS BUFFER BUFFER Which program line runs next Program jumps to next address Running Hacked Program jumps to overwritten address PROGRAM INTEGER DATA CHAR DATA CORRUPTED INSTRUCTIONS BUFFER INJECTED CODE Pointer execute injected code Except where otherwise noted, this work is licensed under Page  ‹N› http://creativecommons.org/licenses/by-nc-sa/3.0/ <Andrea Pompili > apompili@hotmail.com Xilogic Corp.
5 marzo 2011 – www.codemotion.it The Onion Application Framework DATI Except where otherwise noted, this work is licensed under Page  ‹N› http://creativecommons.org/licenses/by-nc-sa/3.0/ <Andrea Pompili > apompili@hotmail.com Xilogic Corp.
5 marzo 2011 – www.codemotion.it To Code or not to Code Except where otherwise noted, this work is licensed under Page  ‹N› http://creativecommons.org/licenses/by-nc-sa/3.0/ <Andrea Pompili > apompili@hotmail.com Xilogic Corp.
5 marzo 2011 – www.codemotion.it Utenti=UtOnti In questo momento voi ha ricevuto il "virus albanese" Siccome noi di Albania non ha esperienza di software e programmazione, questo virus albanese funziona su principio di fiducia e cooperazione. Allora noi prega voi adesso cancella tutti i file di vostro ard disc e spedisce questo virus a tutti amici di vostra rubrica. Grazie per fiducia e cooperazione. Except where otherwise noted, this work is licensed under Page  ‹N› http://creativecommons.org/licenses/by-nc-sa/3.0/ <Andrea Pompili > apompili@hotmail.com Xilogic Corp.
5 marzo 2011 – www.codemotion.it Frodi informatiche in numeri Frodi creditizie sul web durante Costo di un’identità il 2010 compromessa Danno complessivo Danni causati dalle derivante dalle truffe false identità Denunce al Servizio della Polizia Postale nel 2010 Fonte: CRIS per il Sole 24 Ore del novembre 2010 Except where otherwise noted, this work is licensed under Page  ‹N› http://creativecommons.org/licenses/by-nc-sa/3.0/ <Andrea Pompili > apompili@hotmail.com Xilogic Corp.
5 marzo 2011 – www.codemotion.it Except where otherwise noted, this work is licensed under Page  ‹N› http://creativecommons.org/licenses/by-nc-sa/3.0/ <Andrea Pompili > apompili@hotmail.com Xilogic Corp.
5 marzo 2011 – www.codemotion.it Il progetto OWASP OWASP Top 10 – 2007 (Previous) OWASP Top 10 – 2010 (New) A2 – Injection Flaws A1 - Injection A1 – Cross Site Scripting (XSS) A2 – Cross-Site Scripting (XSS) A7 – Broken Authentication and Session Management A3 - Broken Authentication and Session Management A4 – Insecure Direct Object Reference A4 – Insecure Direct Object Reference A5 – Cross Site Request Forgery (CSRF) A5 – Cross Site Request Forgery (CSRF) <was T10 2004 A10 – Insecure Configuration Management> A6 – Security Misconfiguration (NEW) A8 – Insecure Cryptographic Storage A7 – Insecure Cryptographic Storage A10 – Failure to Restrict URL Access A8 – Failure to Restrict URL Access A9 – Insecure Communications A9 – Insufficient Transport Layer Protection <not in T10 2007> A10 – Unvalidated Redirects and Forwards (NEW) A3 – Malicious File Execution <dropped from T10 2010> A6 – Information Leakage and Improper Error Handling <dropped from T10 2010> Except where otherwise noted, this work is licensed under Page  ‹N› http://creativecommons.org/licenses/by-nc-sa/3.0/ <Andrea Pompili > apompili@hotmail.com Xilogic Corp.
5 marzo 2011 – www.codemotion.it The way to Application Security Files Databases Applications Development ICT Operations IT Security Except where otherwise noted, this work is licensed under Page  ‹N› http://creativecommons.org/licenses/by-nc-sa/3.0/ <Andrea Pompili > apompili@hotmail.com Xilogic Corp.
5 marzo 2011 – www.codemotion.it Current Application Security market Except where otherwise noted, this work is licensed under Page  ‹N› http://creativecommons.org/licenses/by-nc-sa/3.0/ <Andrea Pompili > apompili@hotmail.com Xilogic Corp.
5 marzo 2011 – www.codemotion.it -Enforcement Infrastructures FAM DAM DLP Classificazione Files Databases IAM Autenticazione Applications Autorizzazione Usage Policy WAF Interne Except where otherwise noted, this work is licensed under Page  ‹N› http://creativecommons.org/licenses/by-nc-sa/3.0/ <Andrea Pompili > apompili@hotmail.com Xilogic Corp.
5 marzo 2011 – www.codemotion.it Except where otherwise noted, this work is licensed under Page  ‹N› http://creativecommons.org/licenses/by-nc-sa/3.0/ <Andrea Pompili > apompili@hotmail.com Xilogic Corp.
5 marzo 2011 – www.codemotion.it Attacco a Poste Italiane Except where otherwise noted, this work is licensed under Page  ‹N› http://creativecommons.org/licenses/by-nc-sa/3.0/ <Andrea Pompili > apompili@hotmail.com Xilogic Corp.
5 marzo 2011 – www.codemotion.it Cosa è andato storto? http://unu1234567.baywords.com/2009/09/05/poste-italiane-hacked-sql-injection/ Except where otherwise noted, this work is licensed under Page  ‹N› http://creativecommons.org/licenses/by-nc-sa/3.0/ <Andrea Pompili > apompili@hotmail.com Xilogic Corp.
5 marzo 2011 – www.codemotion.it SQL Injection OWASP A1 – Injection Le Injection Flaws, come SQL Injection, OS Injection, e LDAP injection, si verificano quando dati non validati vengono inviati come parte di un comando o di una query al loro interprete. Il dato infetto può quindi ingannare tale interprete, eseguendo comandi non previsti o accedendo a dati per i quali non si ha l’autorizzazione. Except where otherwise noted, this work is licensed under Page  ‹N› http://creativecommons.org/licenses/by-nc-sa/3.0/ <Andrea Pompili > apompili@hotmail.com Xilogic Corp.
5 marzo 2011 – www.codemotion.it redirect del sito Except where otherwise noted, this work is licensed under Page  ‹N› http://creativecommons.org/licenses/by-nc-sa/3.0/ <Andrea Pompili > apompili@hotmail.com Xilogic Corp.
5 marzo 2011 – www.codemotion.it Application Firewall POST http://www.sito.it/vulnpage.php HTTP/1.1 username: test password: x'; DROP TABLE users; -- Applications Except where otherwise noted, this work is licensed under Page  ‹N› http://creativecommons.org/licenses/by-nc-sa/3.0/ <Andrea Pompili > apompili@hotmail.com Xilogic Corp.
5 marzo 2011 – www.codemotion.it Except where otherwise noted, this work is licensed under Page  ‹N› http://creativecommons.org/licenses/by-nc-sa/3.0/ <Andrea Pompili > apompili@hotmail.com Xilogic Corp.
5 marzo 2011 – www.codemotion.it Ricariche e Contatori elettrici Except where otherwise noted, this work is licensed under Page  ‹N› http://creativecommons.org/licenses/by-nc-sa/3.0/ <Andrea Pompili > apompili@hotmail.com Xilogic Corp.
5 marzo 2011 – www.codemotion.it Cosa è andato storto? ESME 29 00229 51 . Delivery Failure: .<<0x0A>>To:<<0x0A>>Reason:Wrong address format for recipient(LH) 30 00237 51 1/2 . Delivery Failure: .<<0x0A>>To:<<0x0A>>Reason:Wrong address format for recipient(LH) UCP 31 00237 51 2/2 . Delivery Failure: .<<0x0A>>To:<<0x0A>>Reason:Wrong address format for recipient(LH) 32 00237 51 1/3 . Delivery Failure: .<<0x0A>>To:<<0x0A>>Reason:Wrong address format for recipient(LH) 33 00237 51 2/3 . Delivery Failure: .<<0x0A>>To:<<0x0A>>Reason:Wrong address format for recipient(LH) 34 00237 51 . Delivery Failure: .<<0x0A>>To:<<0x0A>>Reason:Wrong address format for recipient(LH) 35 00237 51 1/4 . Delivery Failure: .<<0x0A>>To:<<0x0A>>Reason:Wrong address format for recipient(LH) 36 00237 51 2/4 . Delivery Failure: .<<0x0A>>To:<<0x0A>>Reason:Wrong address format for recipient(LH) 37 00237 51 3/4 . Delivery Failure: .<<0x0A>>To:<<0x0A>>Reason:Wrong address format for recipient(LH) Except where otherwise noted, this work is licensed under Page  ‹N› http://creativecommons.org/licenses/by-nc-sa/3.0/ <Andrea Pompili > apompili@hotmail.com Xilogic Corp.
5 marzo 2011 – www.codemotion.it Except where otherwise noted, this work is licensed under Page  ‹N› http://creativecommons.org/licenses/by-nc-sa/3.0/ <Andrea Pompili > apompili@hotmail.com Xilogic Corp.
5 marzo 2011 – www.codemotion.it Il caso Wikileaks Except where otherwise noted, this work is licensed under Page  ‹N› http://creativecommons.org/licenses/by-nc-sa/3.0/ <Andrea Pompili > apompili@hotmail.com Xilogic Corp.
5 marzo 2011 – www.codemotion.it Cosa è andato storto? Except where otherwise noted, this work is licensed under Page  ‹N› http://creativecommons.org/licenses/by-nc-sa/3.0/ <Andrea Pompili > apompili@hotmail.com Xilogic Corp.
5 marzo 2011 – www.codemotion.it File Security & Monitoring 1 • Crawl File Systems 2 Build Data/Permission Map 3 Enforce Policies • Find name, type, owner, permissions… Who Group What Class Who What Action • Apply Classification Policies • Owner, Org, Location Joe, Fin-CC Read Financials Non Update Block IT cc.xls Finance Financials • Automatic content classification Jim, HR-Exec Read PII Any Read PII Audit HR PII.doc Joe, IT NAS X Jim, HR FAM File Servers OK Audit Log Who What When Action Joe Read CC.xls 1/1/2010 12:50 Block Jim Read PII.doc 1/1/2010 Audit 12:51 Except where otherwise noted, this work is licensed under Page  ‹N› http://creativecommons.org/licenses/by-nc-sa/3.0/ <Andrea Pompili > apompili@hotmail.com Xilogic Corp.
5 marzo 2011 – www.codemotion.it Except where otherwise noted, this work is licensed under Page  ‹N› http://creativecommons.org/licenses/by-nc-sa/3.0/ <Andrea Pompili > apompili@hotmail.com Xilogic Corp.
5 marzo 2011 – www.codemotion.it Into the Wireless World Except where otherwise noted, this work is licensed under Page  ‹N› http://creativecommons.org/licenses/by-nc-sa/3.0/ <Andrea Pompili > apompili@hotmail.com Xilogic Corp.
5 marzo 2011 – www.codemotion.it Cosa è andato storto? Application DROP DATABASE cms; CREATE TABLE contents (…); CREATE TABLE news (…); CREATE INDEX idx1; ... ../main/init/initdb.jsp Except where otherwise noted, this work is licensed under Page  ‹N› http://creativecommons.org/licenses/by-nc-sa/3.0/ <Andrea Pompili > apompili@hotmail.com Xilogic Corp.
5 marzo 2011 – www.codemotion.it Database Security & Monitoring Chi, Dove, Come e Quando Chi Come Dove Cosa Quando DAS URM DAM Who Is? Sensitive? What Rights? When Used? Is it dormant? JOE Dept? CCTAB Credit JOE CCTAB JOE CCTAB Card update Except where otherwise noted, this work is licensed under Page  ‹N› http://creativecommons.org/licenses/by-nc-sa/3.0/ <Andrea Pompili > apompili@hotmail.com Xilogic Corp.
5 marzo 2011 – www.codemotion.it La n Except where otherwise noted, this work is licensed under Page  ‹N› http://creativecommons.org/licenses/by-nc-sa/3.0/ <Andrea Pompili > apompili@hotmail.com Xilogic Corp.
5 marzo 2011 – www.codemotion.it Questions? ¿Preguntas? English Spanish вопросы? Arabic Russian Domande? Ερωτήσεις? Italian Greek Sindarin tupoQghachmey Klingon Japanese Except where otherwise noted, this work is licensed under Page  ‹N› http://creativecommons.org/licenses/by-nc-sa/3.0/ <Andrea Pompili > apompili@hotmail.com Xilogic Corp.

Recommended

Broaden Your Market with Windows Live
Broaden Your Market with Windows LiveBroaden Your Market with Windows Live
Broaden Your Market with Windows Livegoodfriday
 
How To Protect and Commercialize Intellectual Property
How To Protect and Commercialize Intellectual PropertyHow To Protect and Commercialize Intellectual Property
How To Protect and Commercialize Intellectual PropertyMaRS Discovery District
 
Enterprise Communication beyond 2.0
Enterprise Communication beyond 2.0Enterprise Communication beyond 2.0
Enterprise Communication beyond 2.0Massimo Canducci
 
Families and alcohol
Families and alcohol Families and alcohol
Families and alcohol localinsight
 
Leading the older peoples prevention project
Leading the older peoples prevention projectLeading the older peoples prevention project
Leading the older peoples prevention projectlocalinsight
 
Building modular Java application in the cloud age - Ertman
Building modular Java application in the cloud age - ErtmanBuilding modular Java application in the cloud age - Ertman
Building modular Java application in the cloud age - ErtmanCodemotion
 
You wrong-you die - Huynh
You wrong-you die - Huynh You wrong-you die - Huynh
You wrong-you die - Huynh Codemotion
 
Introduction to Web application development with Vaadin 7.1 - Tzukanov
Introduction to Web application development with Vaadin 7.1 - TzukanovIntroduction to Web application development with Vaadin 7.1 - Tzukanov
Introduction to Web application development with Vaadin 7.1 - TzukanovCodemotion
 

Recommended

Broaden Your Market with Windows Live
Broaden Your Market with Windows LiveBroaden Your Market with Windows Live
Broaden Your Market with Windows Livegoodfriday
 
How To Protect and Commercialize Intellectual Property
How To Protect and Commercialize Intellectual PropertyHow To Protect and Commercialize Intellectual Property
How To Protect and Commercialize Intellectual PropertyMaRS Discovery District
 
Enterprise Communication beyond 2.0
Enterprise Communication beyond 2.0Enterprise Communication beyond 2.0
Enterprise Communication beyond 2.0Massimo Canducci
 
Families and alcohol
Families and alcohol Families and alcohol
Families and alcohol localinsight
 
Leading the older peoples prevention project
Leading the older peoples prevention projectLeading the older peoples prevention project
Leading the older peoples prevention projectlocalinsight
 
Building modular Java application in the cloud age - Ertman
Building modular Java application in the cloud age - ErtmanBuilding modular Java application in the cloud age - Ertman
Building modular Java application in the cloud age - ErtmanCodemotion
 
You wrong-you die - Huynh
You wrong-you die - Huynh You wrong-you die - Huynh
You wrong-you die - Huynh Codemotion
 
Introduction to Web application development with Vaadin 7.1 - Tzukanov
Introduction to Web application development with Vaadin 7.1 - TzukanovIntroduction to Web application development with Vaadin 7.1 - Tzukanov
Introduction to Web application development with Vaadin 7.1 - TzukanovCodemotion
 
The magic world of APT 0.6 - Pompili
The magic world of APT 0.6 - Pompili The magic world of APT 0.6 - Pompili
The magic world of APT 0.6 - Pompili Codemotion
 
The magic world of Advanced Persistent Threat - Andrea Pompili - Codemotion M...
The magic world of Advanced Persistent Threat - Andrea Pompili - Codemotion M...The magic world of Advanced Persistent Threat - Andrea Pompili - Codemotion M...
The magic world of Advanced Persistent Threat - Andrea Pompili - Codemotion M...Codemotion
 
Enterprise Open Source Fccs March
Enterprise Open Source Fccs MarchEnterprise Open Source Fccs March
Enterprise Open Source Fccs Marcharnaudblandin
 
More than the Sum of its parts, the API's whole
More than the Sum of its parts, the API's wholeMore than the Sum of its parts, the API's whole
More than the Sum of its parts, the API's whole3scale
 
Disclosing Vulnerabilities for Fun and Profit
Disclosing Vulnerabilities for Fun and ProfitDisclosing Vulnerabilities for Fun and Profit
Disclosing Vulnerabilities for Fun and Profitn|u - The Open Security Community
 
A lap around monotouch
A lap around monotouchA lap around monotouch
A lap around monotouchmecurioJ
 
Attacchi, bugie e underground digitale by Andrea Pompili
Attacchi, bugie e underground digitale by Andrea PompiliAttacchi, bugie e underground digitale by Andrea Pompili
Attacchi, bugie e underground digitale by Andrea PompiliCodemotion
 
Infinitytech New
Infinitytech NewInfinitytech New
Infinitytech NewShashwat Shriparv
 
The Dark Side of Malware Analysis - Andrea Pompili - Codemotion Rome 2015
The Dark Side of Malware Analysis - Andrea Pompili - Codemotion Rome 2015The Dark Side of Malware Analysis - Andrea Pompili - Codemotion Rome 2015
The Dark Side of Malware Analysis - Andrea Pompili - Codemotion Rome 2015Codemotion
 
Going Mobile With Mobile 2.0 (V0.2)
Going Mobile With Mobile 2.0 (V0.2)Going Mobile With Mobile 2.0 (V0.2)
Going Mobile With Mobile 2.0 (V0.2)Paul Golding
 
AI Machine vs Human
AI Machine vs HumanAI Machine vs Human
AI Machine vs Humanantimo musone
 
Human vs Bot: Giocare a Sasso-Carta-Forbici - Matteo Valoriani, Antimo Musone...
Human vs Bot: Giocare a Sasso-Carta-Forbici - Matteo Valoriani, Antimo Musone...Human vs Bot: Giocare a Sasso-Carta-Forbici - Matteo Valoriani, Antimo Musone...
Human vs Bot: Giocare a Sasso-Carta-Forbici - Matteo Valoriani, Antimo Musone...Codemotion
 
Pompili - The miracle of sprite multiplication (C64)
Pompili - The miracle of sprite multiplication (C64)Pompili - The miracle of sprite multiplication (C64)
Pompili - The miracle of sprite multiplication (C64)Codemotion
 
Can't Handle My Scale
Can't Handle My ScaleCan't Handle My Scale
Can't Handle My ScaleMichele Titolo
 
Thesis
ThesisThesis
ThesisJeremy Clark
 
IzPack - fOSSa 2009
IzPack - fOSSa 2009IzPack - fOSSa 2009
IzPack - fOSSa 2009julien.ponge
 
Mobile Application Development with WP7 & Others
Mobile Application Development with WP7 & OthersMobile Application Development with WP7 & Others
Mobile Application Development with WP7 & OthersAndri Yadi
 
Stefano Fornari - Come creare e far crescere un progetto ed una community ope...
Stefano Fornari - Come creare e far crescere un progetto ed una community ope...Stefano Fornari - Come creare e far crescere un progetto ed una community ope...
Stefano Fornari - Come creare e far crescere un progetto ed una community ope...Better Software
 
Landmines for Open Source in the Mobile Space
Landmines for Open Source in the Mobile SpaceLandmines for Open Source in the Mobile Space
Landmines for Open Source in the Mobile SpaceRobert Sutor
 
Customer Worthy 2012 Customer Experience Forecast
Customer Worthy 2012 Customer Experience ForecastCustomer Worthy 2012 Customer Experience Forecast
Customer Worthy 2012 Customer Experience ForecastClient X Client
 
Fuzz-testing: A hacker's approach to making your code more secure | Pascal Ze...
Fuzz-testing: A hacker's approach to making your code more secure | Pascal Ze...Fuzz-testing: A hacker's approach to making your code more secure | Pascal Ze...
Fuzz-testing: A hacker's approach to making your code more secure | Pascal Ze...Codemotion
 
Pompili - From hero to_zero: The FatalNoise neverending story
Pompili - From hero to_zero: The FatalNoise neverending storyPompili - From hero to_zero: The FatalNoise neverending story
Pompili - From hero to_zero: The FatalNoise neverending storyCodemotion
 

More Related Content

Similar to Application Security for the masses

The magic world of APT 0.6 - Pompili
The magic world of APT 0.6 - Pompili The magic world of APT 0.6 - Pompili
The magic world of APT 0.6 - Pompili Codemotion
 
The magic world of Advanced Persistent Threat - Andrea Pompili - Codemotion M...
The magic world of Advanced Persistent Threat - Andrea Pompili - Codemotion M...The magic world of Advanced Persistent Threat - Andrea Pompili - Codemotion M...
The magic world of Advanced Persistent Threat - Andrea Pompili - Codemotion M...Codemotion
 
Enterprise Open Source Fccs March
Enterprise Open Source Fccs MarchEnterprise Open Source Fccs March
Enterprise Open Source Fccs Marcharnaudblandin
 
More than the Sum of its parts, the API's whole
More than the Sum of its parts, the API's wholeMore than the Sum of its parts, the API's whole
More than the Sum of its parts, the API's whole3scale
 
A lap around monotouch
A lap around monotouchA lap around monotouch
A lap around monotouchmecurioJ
 
Attacchi, bugie e underground digitale by Andrea Pompili
Attacchi, bugie e underground digitale by Andrea PompiliAttacchi, bugie e underground digitale by Andrea Pompili
Attacchi, bugie e underground digitale by Andrea PompiliCodemotion
 
The Dark Side of Malware Analysis - Andrea Pompili - Codemotion Rome 2015
The Dark Side of Malware Analysis - Andrea Pompili - Codemotion Rome 2015The Dark Side of Malware Analysis - Andrea Pompili - Codemotion Rome 2015
The Dark Side of Malware Analysis - Andrea Pompili - Codemotion Rome 2015Codemotion
 
Going Mobile With Mobile 2.0 (V0.2)
Going Mobile With Mobile 2.0 (V0.2)Going Mobile With Mobile 2.0 (V0.2)
Going Mobile With Mobile 2.0 (V0.2)Paul Golding
 
Human vs Bot: Giocare a Sasso-Carta-Forbici - Matteo Valoriani, Antimo Musone...
Human vs Bot: Giocare a Sasso-Carta-Forbici - Matteo Valoriani, Antimo Musone...Human vs Bot: Giocare a Sasso-Carta-Forbici - Matteo Valoriani, Antimo Musone...
Human vs Bot: Giocare a Sasso-Carta-Forbici - Matteo Valoriani, Antimo Musone...Codemotion
 
Pompili - The miracle of sprite multiplication (C64)
Pompili - The miracle of sprite multiplication (C64)Pompili - The miracle of sprite multiplication (C64)
Pompili - The miracle of sprite multiplication (C64)Codemotion
 
IzPack - fOSSa 2009
IzPack - fOSSa 2009IzPack - fOSSa 2009
IzPack - fOSSa 2009julien.ponge
 
Mobile Application Development with WP7 & Others
Mobile Application Development with WP7 & OthersMobile Application Development with WP7 & Others
Mobile Application Development with WP7 & OthersAndri Yadi
 
Stefano Fornari - Come creare e far crescere un progetto ed una community ope...
Stefano Fornari - Come creare e far crescere un progetto ed una community ope...Stefano Fornari - Come creare e far crescere un progetto ed una community ope...
Stefano Fornari - Come creare e far crescere un progetto ed una community ope...Better Software
 
Landmines for Open Source in the Mobile Space
Landmines for Open Source in the Mobile SpaceLandmines for Open Source in the Mobile Space
Landmines for Open Source in the Mobile SpaceRobert Sutor
 
Customer Worthy 2012 Customer Experience Forecast
Customer Worthy 2012 Customer Experience ForecastCustomer Worthy 2012 Customer Experience Forecast
Customer Worthy 2012 Customer Experience ForecastClient X Client
 

Similar to Application Security for the masses (20)

The magic world of APT 0.6 - Pompili
The magic world of APT 0.6 - Pompili The magic world of APT 0.6 - Pompili
The magic world of APT 0.6 - Pompili
 
The magic world of Advanced Persistent Threat - Andrea Pompili - Codemotion M...
The magic world of Advanced Persistent Threat - Andrea Pompili - Codemotion M...The magic world of Advanced Persistent Threat - Andrea Pompili - Codemotion M...
The magic world of Advanced Persistent Threat - Andrea Pompili - Codemotion M...
 
Enterprise Open Source Fccs March
Enterprise Open Source Fccs MarchEnterprise Open Source Fccs March
Enterprise Open Source Fccs March
 
More than the Sum of its parts, the API's whole
More than the Sum of its parts, the API's wholeMore than the Sum of its parts, the API's whole
More than the Sum of its parts, the API's whole
 
Disclosing Vulnerabilities for Fun and Profit
Disclosing Vulnerabilities for Fun and ProfitDisclosing Vulnerabilities for Fun and Profit
Disclosing Vulnerabilities for Fun and Profit
 
A lap around monotouch
A lap around monotouchA lap around monotouch
A lap around monotouch
 
Attacchi, bugie e underground digitale by Andrea Pompili
Attacchi, bugie e underground digitale by Andrea PompiliAttacchi, bugie e underground digitale by Andrea Pompili
Attacchi, bugie e underground digitale by Andrea Pompili
 
Infinitytech New
Infinitytech NewInfinitytech New
Infinitytech New
 
The Dark Side of Malware Analysis - Andrea Pompili - Codemotion Rome 2015
The Dark Side of Malware Analysis - Andrea Pompili - Codemotion Rome 2015The Dark Side of Malware Analysis - Andrea Pompili - Codemotion Rome 2015
The Dark Side of Malware Analysis - Andrea Pompili - Codemotion Rome 2015
 
Going Mobile With Mobile 2.0 (V0.2)
Going Mobile With Mobile 2.0 (V0.2)Going Mobile With Mobile 2.0 (V0.2)
Going Mobile With Mobile 2.0 (V0.2)
 
AI Machine vs Human
AI Machine vs HumanAI Machine vs Human
AI Machine vs Human
 
Human vs Bot: Giocare a Sasso-Carta-Forbici - Matteo Valoriani, Antimo Musone...
Human vs Bot: Giocare a Sasso-Carta-Forbici - Matteo Valoriani, Antimo Musone...Human vs Bot: Giocare a Sasso-Carta-Forbici - Matteo Valoriani, Antimo Musone...
Human vs Bot: Giocare a Sasso-Carta-Forbici - Matteo Valoriani, Antimo Musone...
 
Pompili - The miracle of sprite multiplication (C64)
Pompili - The miracle of sprite multiplication (C64)Pompili - The miracle of sprite multiplication (C64)
Pompili - The miracle of sprite multiplication (C64)
 
Can't Handle My Scale
Can't Handle My ScaleCan't Handle My Scale
Can't Handle My Scale
 
Thesis
ThesisThesis
Thesis
 
IzPack - fOSSa 2009
IzPack - fOSSa 2009IzPack - fOSSa 2009
IzPack - fOSSa 2009
 
Mobile Application Development with WP7 & Others
Mobile Application Development with WP7 & OthersMobile Application Development with WP7 & Others
Mobile Application Development with WP7 & Others
 
Stefano Fornari - Come creare e far crescere un progetto ed una community ope...
Stefano Fornari - Come creare e far crescere un progetto ed una community ope...Stefano Fornari - Come creare e far crescere un progetto ed una community ope...
Stefano Fornari - Come creare e far crescere un progetto ed una community ope...
 
Landmines for Open Source in the Mobile Space
Landmines for Open Source in the Mobile SpaceLandmines for Open Source in the Mobile Space
Landmines for Open Source in the Mobile Space
 
Customer Worthy 2012 Customer Experience Forecast
Customer Worthy 2012 Customer Experience ForecastCustomer Worthy 2012 Customer Experience Forecast
Customer Worthy 2012 Customer Experience Forecast
 

More from Codemotion

Fuzz-testing: A hacker's approach to making your code more secure | Pascal Ze...
Fuzz-testing: A hacker's approach to making your code more secure | Pascal Ze...Fuzz-testing: A hacker's approach to making your code more secure | Pascal Ze...
Fuzz-testing: A hacker's approach to making your code more secure | Pascal Ze...Codemotion
 
Pompili - From hero to_zero: The FatalNoise neverending story
Pompili - From hero to_zero: The FatalNoise neverending storyPompili - From hero to_zero: The FatalNoise neverending story
Pompili - From hero to_zero: The FatalNoise neverending storyCodemotion
 
Pastore - Commodore 65 - La storia
Pastore - Commodore 65 - La storiaPastore - Commodore 65 - La storia
Pastore - Commodore 65 - La storiaCodemotion
 
Pennisi - Essere Richard Altwasser
Pennisi - Essere Richard AltwasserPennisi - Essere Richard Altwasser
Pennisi - Essere Richard AltwasserCodemotion
 
Michel Schudel - Let's build a blockchain... in 40 minutes! - Codemotion Amst...
Michel Schudel - Let's build a blockchain... in 40 minutes! - Codemotion Amst...Michel Schudel - Let's build a blockchain... in 40 minutes! - Codemotion Amst...
Michel Schudel - Let's build a blockchain... in 40 minutes! - Codemotion Amst...Codemotion
 
Richard Süselbeck - Building your own ride share app - Codemotion Amsterdam 2019
Richard Süselbeck - Building your own ride share app - Codemotion Amsterdam 2019Richard Süselbeck - Building your own ride share app - Codemotion Amsterdam 2019
Richard Süselbeck - Building your own ride share app - Codemotion Amsterdam 2019Codemotion
 
Eward Driehuis - What we learned from 20.000 attacks - Codemotion Amsterdam 2019
Eward Driehuis - What we learned from 20.000 attacks - Codemotion Amsterdam 2019Eward Driehuis - What we learned from 20.000 attacks - Codemotion Amsterdam 2019
Eward Driehuis - What we learned from 20.000 attacks - Codemotion Amsterdam 2019Codemotion
 
Francesco Baldassarri - Deliver Data at Scale - Codemotion Amsterdam 2019 -
Francesco Baldassarri - Deliver Data at Scale - Codemotion Amsterdam 2019 - Francesco Baldassarri - Deliver Data at Scale - Codemotion Amsterdam 2019 -
Francesco Baldassarri - Deliver Data at Scale - Codemotion Amsterdam 2019 - Codemotion
 
Martin Förtsch, Thomas Endres - Stereoscopic Style Transfer AI - Codemotion A...
Martin Förtsch, Thomas Endres - Stereoscopic Style Transfer AI - Codemotion A...Martin Förtsch, Thomas Endres - Stereoscopic Style Transfer AI - Codemotion A...
Martin Förtsch, Thomas Endres - Stereoscopic Style Transfer AI - Codemotion A...Codemotion
 
Melanie Rieback, Klaus Kursawe - Blockchain Security: Melting the "Silver Bul...
Melanie Rieback, Klaus Kursawe - Blockchain Security: Melting the "Silver Bul...Melanie Rieback, Klaus Kursawe - Blockchain Security: Melting the "Silver Bul...
Melanie Rieback, Klaus Kursawe - Blockchain Security: Melting the "Silver Bul...Codemotion
 
Angelo van der Sijpt - How well do you know your network stack? - Codemotion ...
Angelo van der Sijpt - How well do you know your network stack? - Codemotion ...Angelo van der Sijpt - How well do you know your network stack? - Codemotion ...
Angelo van der Sijpt - How well do you know your network stack? - Codemotion ...Codemotion
 
Lars Wolff - Performance Testing for DevOps in the Cloud - Codemotion Amsterd...
Lars Wolff - Performance Testing for DevOps in the Cloud - Codemotion Amsterd...Lars Wolff - Performance Testing for DevOps in the Cloud - Codemotion Amsterd...
Lars Wolff - Performance Testing for DevOps in the Cloud - Codemotion Amsterd...Codemotion
 
Sascha Wolter - Conversational AI Demystified - Codemotion Amsterdam 2019
Sascha Wolter - Conversational AI Demystified - Codemotion Amsterdam 2019Sascha Wolter - Conversational AI Demystified - Codemotion Amsterdam 2019
Sascha Wolter - Conversational AI Demystified - Codemotion Amsterdam 2019Codemotion
 
Michele Tonutti - Scaling is caring - Codemotion Amsterdam 2019
Michele Tonutti - Scaling is caring - Codemotion Amsterdam 2019Michele Tonutti - Scaling is caring - Codemotion Amsterdam 2019
Michele Tonutti - Scaling is caring - Codemotion Amsterdam 2019Codemotion
 
Pat Hermens - From 100 to 1,000+ deployments a day - Codemotion Amsterdam 2019
Pat Hermens - From 100 to 1,000+ deployments a day - Codemotion Amsterdam 2019Pat Hermens - From 100 to 1,000+ deployments a day - Codemotion Amsterdam 2019
Pat Hermens - From 100 to 1,000+ deployments a day - Codemotion Amsterdam 2019Codemotion
 
James Birnie - Using Many Worlds of Compute Power with Quantum - Codemotion A...
James Birnie - Using Many Worlds of Compute Power with Quantum - Codemotion A...James Birnie - Using Many Worlds of Compute Power with Quantum - Codemotion A...
James Birnie - Using Many Worlds of Compute Power with Quantum - Codemotion A...Codemotion
 
Don Goodman-Wilson - Chinese food, motor scooters, and open source developmen...
Don Goodman-Wilson - Chinese food, motor scooters, and open source developmen...Don Goodman-Wilson - Chinese food, motor scooters, and open source developmen...
Don Goodman-Wilson - Chinese food, motor scooters, and open source developmen...Codemotion
 
Pieter Omvlee - The story behind Sketch - Codemotion Amsterdam 2019
Pieter Omvlee - The story behind Sketch - Codemotion Amsterdam 2019Pieter Omvlee - The story behind Sketch - Codemotion Amsterdam 2019
Pieter Omvlee - The story behind Sketch - Codemotion Amsterdam 2019Codemotion
 
Dave Farley - Taking Back “Software Engineering” - Codemotion Amsterdam 2019
Dave Farley - Taking Back “Software Engineering” - Codemotion Amsterdam 2019Dave Farley - Taking Back “Software Engineering” - Codemotion Amsterdam 2019
Dave Farley - Taking Back “Software Engineering” - Codemotion Amsterdam 2019Codemotion
 
Joshua Hoffman - Should the CTO be Coding? - Codemotion Amsterdam 2019
Joshua Hoffman - Should the CTO be Coding? - Codemotion Amsterdam 2019Joshua Hoffman - Should the CTO be Coding? - Codemotion Amsterdam 2019
Joshua Hoffman - Should the CTO be Coding? - Codemotion Amsterdam 2019Codemotion
 

More from Codemotion (20)

Fuzz-testing: A hacker's approach to making your code more secure | Pascal Ze...
Fuzz-testing: A hacker's approach to making your code more secure | Pascal Ze...Fuzz-testing: A hacker's approach to making your code more secure | Pascal Ze...
Fuzz-testing: A hacker's approach to making your code more secure | Pascal Ze...
 
Pompili - From hero to_zero: The FatalNoise neverending story
Pompili - From hero to_zero: The FatalNoise neverending storyPompili - From hero to_zero: The FatalNoise neverending story
Pompili - From hero to_zero: The FatalNoise neverending story
 
Pastore - Commodore 65 - La storia
Pastore - Commodore 65 - La storiaPastore - Commodore 65 - La storia
Pastore - Commodore 65 - La storia
 
Pennisi - Essere Richard Altwasser
Pennisi - Essere Richard AltwasserPennisi - Essere Richard Altwasser
Pennisi - Essere Richard Altwasser
 
Michel Schudel - Let's build a blockchain... in 40 minutes! - Codemotion Amst...
Michel Schudel - Let's build a blockchain... in 40 minutes! - Codemotion Amst...Michel Schudel - Let's build a blockchain... in 40 minutes! - Codemotion Amst...
Michel Schudel - Let's build a blockchain... in 40 minutes! - Codemotion Amst...
 
Richard Süselbeck - Building your own ride share app - Codemotion Amsterdam 2019
Richard Süselbeck - Building your own ride share app - Codemotion Amsterdam 2019Richard Süselbeck - Building your own ride share app - Codemotion Amsterdam 2019
Richard Süselbeck - Building your own ride share app - Codemotion Amsterdam 2019
 
Eward Driehuis - What we learned from 20.000 attacks - Codemotion Amsterdam 2019
Eward Driehuis - What we learned from 20.000 attacks - Codemotion Amsterdam 2019Eward Driehuis - What we learned from 20.000 attacks - Codemotion Amsterdam 2019
Eward Driehuis - What we learned from 20.000 attacks - Codemotion Amsterdam 2019
 
Francesco Baldassarri - Deliver Data at Scale - Codemotion Amsterdam 2019 -
Francesco Baldassarri - Deliver Data at Scale - Codemotion Amsterdam 2019 - Francesco Baldassarri - Deliver Data at Scale - Codemotion Amsterdam 2019 -
Francesco Baldassarri - Deliver Data at Scale - Codemotion Amsterdam 2019 -
 
Martin Förtsch, Thomas Endres - Stereoscopic Style Transfer AI - Codemotion A...
Martin Förtsch, Thomas Endres - Stereoscopic Style Transfer AI - Codemotion A...Martin Förtsch, Thomas Endres - Stereoscopic Style Transfer AI - Codemotion A...
Martin Förtsch, Thomas Endres - Stereoscopic Style Transfer AI - Codemotion A...
 
Melanie Rieback, Klaus Kursawe - Blockchain Security: Melting the "Silver Bul...
Melanie Rieback, Klaus Kursawe - Blockchain Security: Melting the "Silver Bul...Melanie Rieback, Klaus Kursawe - Blockchain Security: Melting the "Silver Bul...
Melanie Rieback, Klaus Kursawe - Blockchain Security: Melting the "Silver Bul...
 
Angelo van der Sijpt - How well do you know your network stack? - Codemotion ...
Angelo van der Sijpt - How well do you know your network stack? - Codemotion ...Angelo van der Sijpt - How well do you know your network stack? - Codemotion ...
Angelo van der Sijpt - How well do you know your network stack? - Codemotion ...
 
Lars Wolff - Performance Testing for DevOps in the Cloud - Codemotion Amsterd...
Lars Wolff - Performance Testing for DevOps in the Cloud - Codemotion Amsterd...Lars Wolff - Performance Testing for DevOps in the Cloud - Codemotion Amsterd...
Lars Wolff - Performance Testing for DevOps in the Cloud - Codemotion Amsterd...
 
Sascha Wolter - Conversational AI Demystified - Codemotion Amsterdam 2019
Sascha Wolter - Conversational AI Demystified - Codemotion Amsterdam 2019Sascha Wolter - Conversational AI Demystified - Codemotion Amsterdam 2019
Sascha Wolter - Conversational AI Demystified - Codemotion Amsterdam 2019
 
Michele Tonutti - Scaling is caring - Codemotion Amsterdam 2019
Michele Tonutti - Scaling is caring - Codemotion Amsterdam 2019Michele Tonutti - Scaling is caring - Codemotion Amsterdam 2019
Michele Tonutti - Scaling is caring - Codemotion Amsterdam 2019
 
Pat Hermens - From 100 to 1,000+ deployments a day - Codemotion Amsterdam 2019
Pat Hermens - From 100 to 1,000+ deployments a day - Codemotion Amsterdam 2019Pat Hermens - From 100 to 1,000+ deployments a day - Codemotion Amsterdam 2019
Pat Hermens - From 100 to 1,000+ deployments a day - Codemotion Amsterdam 2019
 
James Birnie - Using Many Worlds of Compute Power with Quantum - Codemotion A...
James Birnie - Using Many Worlds of Compute Power with Quantum - Codemotion A...James Birnie - Using Many Worlds of Compute Power with Quantum - Codemotion A...
James Birnie - Using Many Worlds of Compute Power with Quantum - Codemotion A...
 
Don Goodman-Wilson - Chinese food, motor scooters, and open source developmen...
Don Goodman-Wilson - Chinese food, motor scooters, and open source developmen...Don Goodman-Wilson - Chinese food, motor scooters, and open source developmen...
Don Goodman-Wilson - Chinese food, motor scooters, and open source developmen...
 
Pieter Omvlee - The story behind Sketch - Codemotion Amsterdam 2019
Pieter Omvlee - The story behind Sketch - Codemotion Amsterdam 2019Pieter Omvlee - The story behind Sketch - Codemotion Amsterdam 2019
Pieter Omvlee - The story behind Sketch - Codemotion Amsterdam 2019
 
Dave Farley - Taking Back “Software Engineering” - Codemotion Amsterdam 2019
Dave Farley - Taking Back “Software Engineering” - Codemotion Amsterdam 2019Dave Farley - Taking Back “Software Engineering” - Codemotion Amsterdam 2019
Dave Farley - Taking Back “Software Engineering” - Codemotion Amsterdam 2019
 
Joshua Hoffman - Should the CTO be Coding? - Codemotion Amsterdam 2019
Joshua Hoffman - Should the CTO be Coding? - Codemotion Amsterdam 2019Joshua Hoffman - Should the CTO be Coding? - Codemotion Amsterdam 2019
Joshua Hoffman - Should the CTO be Coding? - Codemotion Amsterdam 2019
 

Recently uploaded

SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024The Digital Insurer
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
Bluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdfBluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdfngoud9212
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
Unlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power SystemsUnlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power SystemsPrecisely
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxnull - The Open Security Community
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxLBM Solutions
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 

Recently uploaded (20)

SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort ServiceHot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
Bluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdfBluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdf
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
Unlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power SystemsUnlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power Systems
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 

Application Security for the masses

  • 1. 5 marzo 2011 – www.codemotion.it There are only 10 types of people in the world: Those who understand binary, and those who don't (Who + What) && (Where + When) == Why APPLICATION SECURITY FOR THE MASSES Except where otherwise noted, this work is licensed under Page  ‹N› http://creativecommons.org/licenses/by-nc-sa/3.0/ <Andrea Pompili > apompili@hotmail.com Xilogic Corp.
  • 2. 5 marzo 2011 – www.codemotion.it Running Normal PROGRAM INTEGER DATA CHAR DATA POINTER INSTRUCTIONS BUFFER BUFFER Which program line runs next Program jumps to next address Running Hacked Program jumps to overwritten address PROGRAM INTEGER DATA CHAR DATA CORRUPTED INSTRUCTIONS BUFFER INJECTED CODE Pointer execute injected code Except where otherwise noted, this work is licensed under Page  ‹N› http://creativecommons.org/licenses/by-nc-sa/3.0/ <Andrea Pompili > apompili@hotmail.com Xilogic Corp.
  • 3. 5 marzo 2011 – www.codemotion.it The Onion Application Framework DATI Except where otherwise noted, this work is licensed under Page  ‹N› http://creativecommons.org/licenses/by-nc-sa/3.0/ <Andrea Pompili > apompili@hotmail.com Xilogic Corp.
  • 4. 5 marzo 2011 – www.codemotion.it To Code or not to Code Except where otherwise noted, this work is licensed under Page  ‹N› http://creativecommons.org/licenses/by-nc-sa/3.0/ <Andrea Pompili > apompili@hotmail.com Xilogic Corp.
  • 5. 5 marzo 2011 – www.codemotion.it Utenti=UtOnti In questo momento voi ha ricevuto il "virus albanese" Siccome noi di Albania non ha esperienza di software e programmazione, questo virus albanese funziona su principio di fiducia e cooperazione. Allora noi prega voi adesso cancella tutti i file di vostro ard disc e spedisce questo virus a tutti amici di vostra rubrica. Grazie per fiducia e cooperazione. Except where otherwise noted, this work is licensed under Page  ‹N› http://creativecommons.org/licenses/by-nc-sa/3.0/ <Andrea Pompili > apompili@hotmail.com Xilogic Corp.
  • 6. 5 marzo 2011 – www.codemotion.it Frodi informatiche in numeri Frodi creditizie sul web durante Costo di un’identità il 2010 compromessa Danno complessivo Danni causati dalle derivante dalle truffe false identità Denunce al Servizio della Polizia Postale nel 2010 Fonte: CRIS per il Sole 24 Ore del novembre 2010 Except where otherwise noted, this work is licensed under Page  ‹N› http://creativecommons.org/licenses/by-nc-sa/3.0/ <Andrea Pompili > apompili@hotmail.com Xilogic Corp.
  • 7. 5 marzo 2011 – www.codemotion.it Except where otherwise noted, this work is licensed under Page  ‹N› http://creativecommons.org/licenses/by-nc-sa/3.0/ <Andrea Pompili > apompili@hotmail.com Xilogic Corp.
  • 8. 5 marzo 2011 – www.codemotion.it Il progetto OWASP OWASP Top 10 – 2007 (Previous) OWASP Top 10 – 2010 (New) A2 – Injection Flaws A1 - Injection A1 – Cross Site Scripting (XSS) A2 – Cross-Site Scripting (XSS) A7 – Broken Authentication and Session Management A3 - Broken Authentication and Session Management A4 – Insecure Direct Object Reference A4 – Insecure Direct Object Reference A5 – Cross Site Request Forgery (CSRF) A5 – Cross Site Request Forgery (CSRF) <was T10 2004 A10 – Insecure Configuration Management> A6 – Security Misconfiguration (NEW) A8 – Insecure Cryptographic Storage A7 – Insecure Cryptographic Storage A10 – Failure to Restrict URL Access A8 – Failure to Restrict URL Access A9 – Insecure Communications A9 – Insufficient Transport Layer Protection <not in T10 2007> A10 – Unvalidated Redirects and Forwards (NEW) A3 – Malicious File Execution <dropped from T10 2010> A6 – Information Leakage and Improper Error Handling <dropped from T10 2010> Except where otherwise noted, this work is licensed under Page  ‹N› http://creativecommons.org/licenses/by-nc-sa/3.0/ <Andrea Pompili > apompili@hotmail.com Xilogic Corp.
  • 9. 5 marzo 2011 – www.codemotion.it The way to Application Security Files Databases Applications Development ICT Operations IT Security Except where otherwise noted, this work is licensed under Page  ‹N› http://creativecommons.org/licenses/by-nc-sa/3.0/ <Andrea Pompili > apompili@hotmail.com Xilogic Corp.
  • 10. 5 marzo 2011 – www.codemotion.it Current Application Security market Except where otherwise noted, this work is licensed under Page  ‹N› http://creativecommons.org/licenses/by-nc-sa/3.0/ <Andrea Pompili > apompili@hotmail.com Xilogic Corp.
  • 11. 5 marzo 2011 – www.codemotion.it -Enforcement Infrastructures FAM DAM DLP Classificazione Files Databases IAM Autenticazione Applications Autorizzazione Usage Policy WAF Interne Except where otherwise noted, this work is licensed under Page  ‹N› http://creativecommons.org/licenses/by-nc-sa/3.0/ <Andrea Pompili > apompili@hotmail.com Xilogic Corp.
  • 12. 5 marzo 2011 – www.codemotion.it Except where otherwise noted, this work is licensed under Page  ‹N› http://creativecommons.org/licenses/by-nc-sa/3.0/ <Andrea Pompili > apompili@hotmail.com Xilogic Corp.
  • 13. 5 marzo 2011 – www.codemotion.it Attacco a Poste Italiane Except where otherwise noted, this work is licensed under Page  ‹N› http://creativecommons.org/licenses/by-nc-sa/3.0/ <Andrea Pompili > apompili@hotmail.com Xilogic Corp.
  • 14. 5 marzo 2011 – www.codemotion.it Cosa è andato storto? http://unu1234567.baywords.com/2009/09/05/poste-italiane-hacked-sql-injection/ Except where otherwise noted, this work is licensed under Page  ‹N› http://creativecommons.org/licenses/by-nc-sa/3.0/ <Andrea Pompili > apompili@hotmail.com Xilogic Corp.
  • 15. 5 marzo 2011 – www.codemotion.it SQL Injection OWASP A1 – Injection Le Injection Flaws, come SQL Injection, OS Injection, e LDAP injection, si verificano quando dati non validati vengono inviati come parte di un comando o di una query al loro interprete. Il dato infetto può quindi ingannare tale interprete, eseguendo comandi non previsti o accedendo a dati per i quali non si ha l’autorizzazione. Except where otherwise noted, this work is licensed under Page  ‹N› http://creativecommons.org/licenses/by-nc-sa/3.0/ <Andrea Pompili > apompili@hotmail.com Xilogic Corp.
  • 16. 5 marzo 2011 – www.codemotion.it redirect del sito Except where otherwise noted, this work is licensed under Page  ‹N› http://creativecommons.org/licenses/by-nc-sa/3.0/ <Andrea Pompili > apompili@hotmail.com Xilogic Corp.
  • 17. 5 marzo 2011 – www.codemotion.it Application Firewall POST http://www.sito.it/vulnpage.php HTTP/1.1 username: test password: x'; DROP TABLE users; -- Applications Except where otherwise noted, this work is licensed under Page  ‹N› http://creativecommons.org/licenses/by-nc-sa/3.0/ <Andrea Pompili > apompili@hotmail.com Xilogic Corp.
  • 18. 5 marzo 2011 – www.codemotion.it Except where otherwise noted, this work is licensed under Page  ‹N› http://creativecommons.org/licenses/by-nc-sa/3.0/ <Andrea Pompili > apompili@hotmail.com Xilogic Corp.
  • 19. 5 marzo 2011 – www.codemotion.it Ricariche e Contatori elettrici Except where otherwise noted, this work is licensed under Page  ‹N› http://creativecommons.org/licenses/by-nc-sa/3.0/ <Andrea Pompili > apompili@hotmail.com Xilogic Corp.
  • 20. 5 marzo 2011 – www.codemotion.it Cosa è andato storto? ESME 29 00229 51 . Delivery Failure: .<<0x0A>>To:<<0x0A>>Reason:Wrong address format for recipient(LH) 30 00237 51 1/2 . Delivery Failure: .<<0x0A>>To:<<0x0A>>Reason:Wrong address format for recipient(LH) UCP 31 00237 51 2/2 . Delivery Failure: .<<0x0A>>To:<<0x0A>>Reason:Wrong address format for recipient(LH) 32 00237 51 1/3 . Delivery Failure: .<<0x0A>>To:<<0x0A>>Reason:Wrong address format for recipient(LH) 33 00237 51 2/3 . Delivery Failure: .<<0x0A>>To:<<0x0A>>Reason:Wrong address format for recipient(LH) 34 00237 51 . Delivery Failure: .<<0x0A>>To:<<0x0A>>Reason:Wrong address format for recipient(LH) 35 00237 51 1/4 . Delivery Failure: .<<0x0A>>To:<<0x0A>>Reason:Wrong address format for recipient(LH) 36 00237 51 2/4 . Delivery Failure: .<<0x0A>>To:<<0x0A>>Reason:Wrong address format for recipient(LH) 37 00237 51 3/4 . Delivery Failure: .<<0x0A>>To:<<0x0A>>Reason:Wrong address format for recipient(LH) Except where otherwise noted, this work is licensed under Page  ‹N› http://creativecommons.org/licenses/by-nc-sa/3.0/ <Andrea Pompili > apompili@hotmail.com Xilogic Corp.
  • 21. 5 marzo 2011 – www.codemotion.it Except where otherwise noted, this work is licensed under Page  ‹N› http://creativecommons.org/licenses/by-nc-sa/3.0/ <Andrea Pompili > apompili@hotmail.com Xilogic Corp.
  • 22. 5 marzo 2011 – www.codemotion.it Il caso Wikileaks Except where otherwise noted, this work is licensed under Page  ‹N› http://creativecommons.org/licenses/by-nc-sa/3.0/ <Andrea Pompili > apompili@hotmail.com Xilogic Corp.
  • 23. 5 marzo 2011 – www.codemotion.it Cosa è andato storto? Except where otherwise noted, this work is licensed under Page  ‹N› http://creativecommons.org/licenses/by-nc-sa/3.0/ <Andrea Pompili > apompili@hotmail.com Xilogic Corp.
  • 24. 5 marzo 2011 – www.codemotion.it File Security & Monitoring 1 • Crawl File Systems 2 Build Data/Permission Map 3 Enforce Policies • Find name, type, owner, permissions… Who Group What Class Who What Action • Apply Classification Policies • Owner, Org, Location Joe, Fin-CC Read Financials Non Update Block IT cc.xls Finance Financials • Automatic content classification Jim, HR-Exec Read PII Any Read PII Audit HR PII.doc Joe, IT NAS X Jim, HR FAM File Servers OK Audit Log Who What When Action Joe Read CC.xls 1/1/2010 12:50 Block Jim Read PII.doc 1/1/2010 Audit 12:51 Except where otherwise noted, this work is licensed under Page  ‹N› http://creativecommons.org/licenses/by-nc-sa/3.0/ <Andrea Pompili > apompili@hotmail.com Xilogic Corp.
  • 25. 5 marzo 2011 – www.codemotion.it Except where otherwise noted, this work is licensed under Page  ‹N› http://creativecommons.org/licenses/by-nc-sa/3.0/ <Andrea Pompili > apompili@hotmail.com Xilogic Corp.
  • 26. 5 marzo 2011 – www.codemotion.it Into the Wireless World Except where otherwise noted, this work is licensed under Page  ‹N› http://creativecommons.org/licenses/by-nc-sa/3.0/ <Andrea Pompili > apompili@hotmail.com Xilogic Corp.
  • 27. 5 marzo 2011 – www.codemotion.it Cosa è andato storto? Application DROP DATABASE cms; CREATE TABLE contents (…); CREATE TABLE news (…); CREATE INDEX idx1; ... ../main/init/initdb.jsp Except where otherwise noted, this work is licensed under Page  ‹N› http://creativecommons.org/licenses/by-nc-sa/3.0/ <Andrea Pompili > apompili@hotmail.com Xilogic Corp.
  • 28. 5 marzo 2011 – www.codemotion.it Database Security & Monitoring Chi, Dove, Come e Quando Chi Come Dove Cosa Quando DAS URM DAM Who Is? Sensitive? What Rights? When Used? Is it dormant? JOE Dept? CCTAB Credit JOE CCTAB JOE CCTAB Card update Except where otherwise noted, this work is licensed under Page  ‹N› http://creativecommons.org/licenses/by-nc-sa/3.0/ <Andrea Pompili > apompili@hotmail.com Xilogic Corp.
  • 29. 5 marzo 2011 – www.codemotion.it La n Except where otherwise noted, this work is licensed under Page  ‹N› http://creativecommons.org/licenses/by-nc-sa/3.0/ <Andrea Pompili > apompili@hotmail.com Xilogic Corp.
  • 30. 5 marzo 2011 – www.codemotion.it Questions? ¿Preguntas? English Spanish вопросы? Arabic Russian Domande? Ερωτήσεις? Italian Greek Sindarin tupoQghachmey Klingon Japanese Except where otherwise noted, this work is licensed under Page  ‹N› http://creativecommons.org/licenses/by-nc-sa/3.0/ <Andrea Pompili > apompili@hotmail.com Xilogic Corp.