SlideShare a Scribd company logo
1 of 19
The Chaos
    Report
Web Security Version
                Eduardo Bohrer - @nbluis
                   eduardobohrer.com.br
Você tem tido o devido cuidado?
O nosso inimigo está armado e parapetado!
Os números de 2010
Os números de 2010

      93% mais ataques web

                                                          15~20 milhões de ataques por dia

                               1+ milhão bots

                                                           42% mais ataques mobile

   260+ milhões novos malwares

                                                     Brasil 4 colocado em atividade maliciosa


Fonte: Symantec Security Threat Report Volume 16
6
30 vulnerabilidades mais recorrentes.


  84% websites do mundo são susceptíveis.




Fonte: Whitehat website security statistics report 2011.
                                                                   6
30 vulnerabilidades
84% websites do mundo


Fonte: Whitehat website security statistics report 2011.
                                                           6
Quem poderá nos defender?
Sem fins lucrativos
Diversos apoiadores
Muitos projetos e material de estudo
Muitos projetos e material de estudo

OWASP Top 10
                      OWASP Testing Guide
              ESAPI
                            Web Goat
  WebScarab

       OWASP Development Guide
Grupo de discussão;
Organização de eventos;
Fez a organização do AppSec Latin America 2011.
Referencias
http://www.symantec.com/business/threatreport/

https://www.whitehatsec.com/assets/WPstats_winter11_11th.pdf

https://www.owasp.org/index.php/Main_Page

https://www.owasp.org/index.php/Category:OWASP_Project

https://www.owasp.org/index.php/Porto_Alegre

https://www.owasp.org/index.php/Category:OWASP_WebScarab_Project

https://www.owasp.org/index.php/Category:OWASP_Guide_Project

https://www.owasp.org/index.php/Category:OWASP_Testing_Project

https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project

https://www.owasp.org/index.php/Category:OWASP_WebGoat_Project

https://www.owasp.org/index.php/Category:OWASP_Enterprise_Security_API
Imagens
http://3.bp.blogspot.com/_Na4CPVnGtCk/TT8o77X2PxI/AAAAAAAAZ6c/xfQtTtZxM_w/s400/
apontando_o_dedo.jpg

http://1.bp.blogspot.com/_TBFrVWg5uOM/TF_9R41sK7I/AAAAAAAAB1U/elW_A1ning8/s1600/chapolin.jpg

http://www.yaboukir.com/wp-content/uploads/2011/09/owasp.png

https://www.owasp.org/images/c/c1/Owasp-poa-eng.png

http://wallpapergravity.com/wallpapers2/650/650912.jpg

http://i277.photobucket.com/albums/kk65/darinaldi/fuuu.png

http://fak3r.com/wp-content/blogs.dir/12/files/
challenge_accepted_Amazing_Feats_Fails_WIns_Lolz_and_A_Contest-s325x265-158648-535.png

http://osprofanos.com/wp-content/uploads/2011/02/

More Related Content

What's hot

What's hot (6)

Delitos informáticos
Delitos informáticosDelitos informáticos
Delitos informáticos
 
Most notable apt_ attacks_of_2015_and_2016 predictions
Most notable apt_ attacks_of_2015_and_2016 predictionsMost notable apt_ attacks_of_2015_and_2016 predictions
Most notable apt_ attacks_of_2015_and_2016 predictions
 
Malware's Most Wanted: Financial Trojans
Malware's Most Wanted: Financial TrojansMalware's Most Wanted: Financial Trojans
Malware's Most Wanted: Financial Trojans
 
Malware's Most Wanted: The Many Faces of Malware
Malware's Most Wanted: The Many Faces of MalwareMalware's Most Wanted: The Many Faces of Malware
Malware's Most Wanted: The Many Faces of Malware
 
MMW June 2016: The Rise and Fall of Angler
MMW June 2016: The Rise and Fall of Angler MMW June 2016: The Rise and Fall of Angler
MMW June 2016: The Rise and Fall of Angler
 
Antivirus weakness
Antivirus weaknessAntivirus weakness
Antivirus weakness
 

Similar to Chaos Report - Web Security Version

The Web Hacking Incidents Database Annual
The Web Hacking Incidents Database AnnualThe Web Hacking Incidents Database Annual
The Web Hacking Incidents Database Annual
guest376352
 
Web Application Security
Web Application SecurityWeb Application Security
Web Application Security
sudip pudasaini
 
Vinoo thomas rahul_mohandas__indian_cybercrime_scene - ClubHack2009
Vinoo thomas rahul_mohandas__indian_cybercrime_scene - ClubHack2009Vinoo thomas rahul_mohandas__indian_cybercrime_scene - ClubHack2009
Vinoo thomas rahul_mohandas__indian_cybercrime_scene - ClubHack2009
ClubHack
 
Renaud Bido & Mohammad Shams - Hijacking web servers & clients
Renaud Bido & Mohammad Shams - Hijacking web servers & clientsRenaud Bido & Mohammad Shams - Hijacking web servers & clients
Renaud Bido & Mohammad Shams - Hijacking web servers & clients
nooralmousa
 

Similar to Chaos Report - Web Security Version (20)

What? Why? Who? How? Of Application Security Testing
What? Why? Who? How? Of Application Security Testing What? Why? Who? How? Of Application Security Testing
What? Why? Who? How? Of Application Security Testing
 
Today's malware aint what you think
Today's malware aint what you thinkToday's malware aint what you think
Today's malware aint what you think
 
20160713 2016 the honeynet projct annual workshop focus and global trends
20160713 2016 the honeynet projct annual workshop focus and global trends20160713 2016 the honeynet projct annual workshop focus and global trends
20160713 2016 the honeynet projct annual workshop focus and global trends
 
Sucuri website-hacked-report-2016 q1
Sucuri website-hacked-report-2016 q1Sucuri website-hacked-report-2016 q1
Sucuri website-hacked-report-2016 q1
 
The Dangers of Lapto
The Dangers of LaptoThe Dangers of Lapto
The Dangers of Lapto
 
2016 Bad Bot Report: Quantifying the Risk and Economic Impact of Bad Bots
2016 Bad Bot Report: Quantifying the Risk and Economic Impact of Bad Bots2016 Bad Bot Report: Quantifying the Risk and Economic Impact of Bad Bots
2016 Bad Bot Report: Quantifying the Risk and Economic Impact of Bad Bots
 
Quick heal threat_report_q3_2016
Quick heal threat_report_q3_2016Quick heal threat_report_q3_2016
Quick heal threat_report_q3_2016
 
Protect Yourself Against Today's Cybercriminals and Hackers
Protect Yourself Against Today's Cybercriminals and HackersProtect Yourself Against Today's Cybercriminals and Hackers
Protect Yourself Against Today's Cybercriminals and Hackers
 
Threats, Threat Modeling and Analysis
Threats, Threat Modeling and AnalysisThreats, Threat Modeling and Analysis
Threats, Threat Modeling and Analysis
 
RSA Europe 2013 OWASP Training
RSA Europe 2013 OWASP TrainingRSA Europe 2013 OWASP Training
RSA Europe 2013 OWASP Training
 
2016 Trends in Security
2016 Trends in Security 2016 Trends in Security
2016 Trends in Security
 
En msft-scrty-cntnt-e book-cybersecurity
En msft-scrty-cntnt-e book-cybersecurityEn msft-scrty-cntnt-e book-cybersecurity
En msft-scrty-cntnt-e book-cybersecurity
 
The Web Hacking Incidents Database Annual
The Web Hacking Incidents Database AnnualThe Web Hacking Incidents Database Annual
The Web Hacking Incidents Database Annual
 
DevSecCon London 2019: Are Open Source Developers Security’s New Front Line?
DevSecCon London 2019: Are Open Source Developers Security’s New Front Line?DevSecCon London 2019: Are Open Source Developers Security’s New Front Line?
DevSecCon London 2019: Are Open Source Developers Security’s New Front Line?
 
Web Application Security
Web Application SecurityWeb Application Security
Web Application Security
 
Indiancybercrimescene
IndiancybercrimesceneIndiancybercrimescene
Indiancybercrimescene
 
Vinoo thomas rahul_mohandas__indian_cybercrime_scene - ClubHack2009
Vinoo thomas rahul_mohandas__indian_cybercrime_scene - ClubHack2009Vinoo thomas rahul_mohandas__indian_cybercrime_scene - ClubHack2009
Vinoo thomas rahul_mohandas__indian_cybercrime_scene - ClubHack2009
 
Cisco Web and Email Security Overview
Cisco Web and Email Security OverviewCisco Web and Email Security Overview
Cisco Web and Email Security Overview
 
Renaud Bido & Mohammad Shams - Hijacking web servers & clients
Renaud Bido & Mohammad Shams - Hijacking web servers & clientsRenaud Bido & Mohammad Shams - Hijacking web servers & clients
Renaud Bido & Mohammad Shams - Hijacking web servers & clients
 
Threat Check for Struts Released, Equifax Breach Dominates News
Threat Check for Struts Released, Equifax Breach Dominates NewsThreat Check for Struts Released, Equifax Breach Dominates News
Threat Check for Struts Released, Equifax Breach Dominates News
 

More from Eduardo Bohrer

Memória e Garbage Collection na JVM
Memória e Garbage Collection na JVMMemória e Garbage Collection na JVM
Memória e Garbage Collection na JVM
Eduardo Bohrer
 

More from Eduardo Bohrer (10)

Monitorando sistemas distribuidos
Monitorando sistemas distribuidosMonitorando sistemas distribuidos
Monitorando sistemas distribuidos
 
Kubernetes - ThoughtWorks Tech Radar 18
Kubernetes - ThoughtWorks Tech Radar 18Kubernetes - ThoughtWorks Tech Radar 18
Kubernetes - ThoughtWorks Tech Radar 18
 
Refatoração - XPConfBR 2015
Refatoração - XPConfBR 2015 Refatoração - XPConfBR 2015
Refatoração - XPConfBR 2015
 
Node.JS - Workshop do básico ao avançado
Node.JS - Workshop do básico ao avançadoNode.JS - Workshop do básico ao avançado
Node.JS - Workshop do básico ao avançado
 
Builds e Pipelines - A arte de automatizar a entrega de software!
Builds e Pipelines - A arte de automatizar a entrega de software!Builds e Pipelines - A arte de automatizar a entrega de software!
Builds e Pipelines - A arte de automatizar a entrega de software!
 
Git para quem gosta de git
Git para quem gosta de gitGit para quem gosta de git
Git para quem gosta de git
 
NoSQL and AWS Dynamodb
NoSQL and AWS DynamodbNoSQL and AWS Dynamodb
NoSQL and AWS Dynamodb
 
uMov.me API - Do básico ao avançado
uMov.me API - Do básico ao avançadouMov.me API - Do básico ao avançado
uMov.me API - Do básico ao avançado
 
XSS (Cross site scripting)
XSS (Cross site scripting)XSS (Cross site scripting)
XSS (Cross site scripting)
 
Memória e Garbage Collection na JVM
Memória e Garbage Collection na JVMMemória e Garbage Collection na JVM
Memória e Garbage Collection na JVM
 

Recently uploaded

Tales from a Passkey Provider Progress from Awareness to Implementation.pptx
Tales from a Passkey Provider  Progress from Awareness to Implementation.pptxTales from a Passkey Provider  Progress from Awareness to Implementation.pptx
Tales from a Passkey Provider Progress from Awareness to Implementation.pptx
FIDO Alliance
 
TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...
TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...
TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...
TrustArc
 

Recently uploaded (20)

How to Check CNIC Information Online with Pakdata cf
How to Check CNIC Information Online with Pakdata cfHow to Check CNIC Information Online with Pakdata cf
How to Check CNIC Information Online with Pakdata cf
 
Quantum Leap in Next-Generation Computing
Quantum Leap in Next-Generation ComputingQuantum Leap in Next-Generation Computing
Quantum Leap in Next-Generation Computing
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)
 
Tales from a Passkey Provider Progress from Awareness to Implementation.pptx
Tales from a Passkey Provider  Progress from Awareness to Implementation.pptxTales from a Passkey Provider  Progress from Awareness to Implementation.pptx
Tales from a Passkey Provider Progress from Awareness to Implementation.pptx
 
Simplifying Mobile A11y Presentation.pptx
Simplifying Mobile A11y Presentation.pptxSimplifying Mobile A11y Presentation.pptx
Simplifying Mobile A11y Presentation.pptx
 
UiPath manufacturing technology benefits and AI overview
UiPath manufacturing technology benefits and AI overviewUiPath manufacturing technology benefits and AI overview
UiPath manufacturing technology benefits and AI overview
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
Intro to Passkeys and the State of Passwordless.pptx
Intro to Passkeys and the State of Passwordless.pptxIntro to Passkeys and the State of Passwordless.pptx
Intro to Passkeys and the State of Passwordless.pptx
 
Design Guidelines for Passkeys 2024.pptx
Design Guidelines for Passkeys 2024.pptxDesign Guidelines for Passkeys 2024.pptx
Design Guidelines for Passkeys 2024.pptx
 
JavaScript Usage Statistics 2024 - The Ultimate Guide
JavaScript Usage Statistics 2024 - The Ultimate GuideJavaScript Usage Statistics 2024 - The Ultimate Guide
JavaScript Usage Statistics 2024 - The Ultimate Guide
 
Design and Development of a Provenance Capture Platform for Data Science
Design and Development of a Provenance Capture Platform for Data ScienceDesign and Development of a Provenance Capture Platform for Data Science
Design and Development of a Provenance Capture Platform for Data Science
 
TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...
TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...
TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...
 
AI in Action: Real World Use Cases by Anitaraj
AI in Action: Real World Use Cases by AnitarajAI in Action: Real World Use Cases by Anitaraj
AI in Action: Real World Use Cases by Anitaraj
 
Top 10 CodeIgniter Development Companies
Top 10 CodeIgniter Development CompaniesTop 10 CodeIgniter Development Companies
Top 10 CodeIgniter Development Companies
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistan
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
JohnPollard-hybrid-app-RailsConf2024.pptx
JohnPollard-hybrid-app-RailsConf2024.pptxJohnPollard-hybrid-app-RailsConf2024.pptx
JohnPollard-hybrid-app-RailsConf2024.pptx
 
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
 

Chaos Report - Web Security Version

Editor's Notes

  1. \n
  2. \n
  3. \n
  4. \n
  5. \n
  6. \n
  7. \n
  8. \n
  9. \n
  10. \n
  11. \n
  12. \n
  13. \n
  14. \n
  15. \n
  16. \n
  17. \n
  18. \n
  19. \n
  20. \n
  21. \n
  22. \n
  23. \n
  24. \n
  25. \n
  26. \n
  27. \n
  28. \n
  29. \n
  30. \n
  31. \n
  32. \n