Eduardo Bohrer, profile picture
Uploaded byEduardo Bohrer
KEY, PPTX842 views

Chaos Report - Web Security Version

The document discusses web security threats and statistics from 2010, finding a 93% increase in web attacks, 1+ million bots, and 260+ million new malware. It also notes that 84% of websites are susceptible to one of the top 30 vulnerabilities. The document promotes the OWASP organization as helping to defend against these threats through various open source projects, guides, and a discussion group.

Embed presentation

Download as KEY, PPTX
The Chaos Report Web Security Version Eduardo Bohrer - @nbluis eduardobohrer.com.br
Você tem tido o devido cuidado?
O nosso inimigo está armado e parapetado!
Os números de 2010
Os números de 2010 93% mais ataques web 15~20 milhões de ataques por dia 1+ milhão bots 42% mais ataques mobile 260+ milhões novos malwares Brasil 4 colocado em atividade maliciosa Fonte: Symantec Security Threat Report Volume 16
6
30 vulnerabilidades mais recorrentes. 84% websites do mundo são susceptíveis. Fonte: Whitehat website security statistics report 2011. 6
30 vulnerabilidades 84% websites do mundo Fonte: Whitehat website security statistics report 2011. 6
Quem poderá nos defender?
Sem fins lucrativos
Diversos apoiadores
Muitos projetos e material de estudo
Muitos projetos e material de estudo OWASP Top 10 OWASP Testing Guide ESAPI Web Goat WebScarab OWASP Development Guide
Grupo de discussão; Organização de eventos; Fez a organização do AppSec Latin America 2011.
Referencias http://www.symantec.com/business/threatreport/ https://www.whitehatsec.com/assets/WPstats_winter11_11th.pdf https://www.owasp.org/index.php/Main_Page https://www.owasp.org/index.php/Category:OWASP_Project https://www.owasp.org/index.php/Porto_Alegre https://www.owasp.org/index.php/Category:OWASP_WebScarab_Project https://www.owasp.org/index.php/Category:OWASP_Guide_Project https://www.owasp.org/index.php/Category:OWASP_Testing_Project https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project https://www.owasp.org/index.php/Category:OWASP_WebGoat_Project https://www.owasp.org/index.php/Category:OWASP_Enterprise_Security_API
Imagens http://3.bp.blogspot.com/_Na4CPVnGtCk/TT8o77X2PxI/AAAAAAAAZ6c/xfQtTtZxM_w/s400/ apontando_o_dedo.jpg http://1.bp.blogspot.com/_TBFrVWg5uOM/TF_9R41sK7I/AAAAAAAAB1U/elW_A1ning8/s1600/chapolin.jpg http://www.yaboukir.com/wp-content/uploads/2011/09/owasp.png https://www.owasp.org/images/c/c1/Owasp-poa-eng.png http://wallpapergravity.com/wallpapers2/650/650912.jpg http://i277.photobucket.com/albums/kk65/darinaldi/fuuu.png http://fak3r.com/wp-content/blogs.dir/12/files/ challenge_accepted_Amazing_Feats_Fails_WIns_Lolz_and_A_Contest-s325x265-158648-535.png http://osprofanos.com/wp-content/uploads/2011/02/

More Related Content

PPTX
Sophos introduces the Threat Landscape
bySophos Benelux
 
PPTX
Malware self protection-matrix
byCyphort
 
PPT
Virus Informáticos
byyaya2404
 
PPTX
Mmw mac malware-mac
byCyphort
 
TXT
Asw clntg
byMadhu Priya
 
PPTX
Cybersecurity 5 road_blocks
byCyphort
 
PPTX
Malware's Most Wanted: Malvertising Attacks on Huffingtonpost, Yahoo, AOL
byCyphort
 
PDF
The Wannacry Effect - Provided by Raconteur
byGary Chambers
 
Sophos introduces the Threat Landscape
bySophos Benelux
 
Malware self protection-matrix
byCyphort
 
Virus Informáticos
byyaya2404
 
Mmw mac malware-mac
byCyphort
 
Asw clntg
byMadhu Priya
 
Cybersecurity 5 road_blocks
byCyphort
 
Malware's Most Wanted: Malvertising Attacks on Huffingtonpost, Yahoo, AOL
byCyphort
 
The Wannacry Effect - Provided by Raconteur
byGary Chambers
 

What's hot

PPTX
Delitos informáticos
byCarlos Javier Sanbri
 
PPTX
Most notable apt_ attacks_of_2015_and_2016 predictions
byCyphort
 
PPTX
Malware's Most Wanted: Financial Trojans
byCyphort
 
PPTX
Malware's Most Wanted: The Many Faces of Malware
byCyphort
 
PPTX
MMW June 2016: The Rise and Fall of Angler
byMarci Bontadelli
 
ODT
Antivirus weakness
byabdesslem amri
 
Delitos informáticos
byCarlos Javier Sanbri
 
Most notable apt_ attacks_of_2015_and_2016 predictions
byCyphort
 
Malware's Most Wanted: Financial Trojans
byCyphort
 
Malware's Most Wanted: The Many Faces of Malware
byCyphort
 
MMW June 2016: The Rise and Fall of Angler
byMarci Bontadelli
 
Antivirus weakness
byabdesslem amri
 

Similar to Chaos Report - Web Security Version

PDF
WhiteHat Security "Website Security Statistics Report" FULL (Q1'09)
byJeremiah Grossman
 
PDF
WhiteHat’s 12th Website Security Statistics [Full Report]
byJeremiah Grossman
 
PDF
WhiteHat Security 8th Website Security Statistics Report
byJeremiah Grossman
 
PDF
WhiteHat Security Website Statistics [Full Report] (2013)
byJeremiah Grossman
 
PPTX
Symantec Website Security Threat Report - Insights
bySymantec Website Security
 
PPTX
Website Security Threats - January 2014 Update
bySymantec Website Security
 
PDF
Web Application Security Statistics Report 2016
byJeremiah Grossman
 
PPTX
Sucuri Webinar: How Websites Get Hacked
bySucuri
 
PDF
Jean pier talbot - web is the battlefield - atlseccon2011
byAtlantic Security Conference
 
PDF
Web Application Security: Connecting the Dots
byInnoTech
 
PPTX
CSS 17: NYC - Protecting your Web Applications
byAlert Logic
 
PDF
SOCRadar Annual Dark Insight Web Report 2024
bySOCRadar
 
PDF
2013 Threat Report
byEnvision Technology Advisors
 
PPTX
Cybercrime - Attack of the Cyber Spies
bySymantec Website Security
 
PPTX
7 mike-steenberg-carlos-lopera-us-bank
byshreemala1
 
PPTX
Threat landscape update: June to September 2017
bySymantec Security Response
 
PPTX
OWASP Top 10 Vulnerabilities 2017- AppTrana
byIshan Mathur
 
PDF
Protecting Against Web Attacks
byAlert Logic
 
PDF
Common WebApp Vulnerabilities and What to Do About Them
byEoin Woods
 
PDF
Websense 2013 Threat Report
byKim Jensen
 
WhiteHat Security "Website Security Statistics Report" FULL (Q1'09)
byJeremiah Grossman
 
WhiteHat’s 12th Website Security Statistics [Full Report]
byJeremiah Grossman
 
WhiteHat Security 8th Website Security Statistics Report
byJeremiah Grossman
 
WhiteHat Security Website Statistics [Full Report] (2013)
byJeremiah Grossman
 
Symantec Website Security Threat Report - Insights
bySymantec Website Security
 
Website Security Threats - January 2014 Update
bySymantec Website Security
 
Web Application Security Statistics Report 2016
byJeremiah Grossman
 
Sucuri Webinar: How Websites Get Hacked
bySucuri
 
Jean pier talbot - web is the battlefield - atlseccon2011
byAtlantic Security Conference
 
Web Application Security: Connecting the Dots
byInnoTech
 
CSS 17: NYC - Protecting your Web Applications
byAlert Logic
 
SOCRadar Annual Dark Insight Web Report 2024
bySOCRadar
 
2013 Threat Report
byEnvision Technology Advisors
 
Cybercrime - Attack of the Cyber Spies
bySymantec Website Security
 
7 mike-steenberg-carlos-lopera-us-bank
byshreemala1
 
Threat landscape update: June to September 2017
bySymantec Security Response
 
OWASP Top 10 Vulnerabilities 2017- AppTrana
byIshan Mathur
 
Protecting Against Web Attacks
byAlert Logic
 
Common WebApp Vulnerabilities and What to Do About Them
byEoin Woods
 
Websense 2013 Threat Report
byKim Jensen
 

More from Eduardo Bohrer

PDF
Monitorando sistemas distribuidos
byEduardo Bohrer
 
PDF
Kubernetes - ThoughtWorks Tech Radar 18
byEduardo Bohrer
 
PDF
Refatoração - XPConfBR 2015
byEduardo Bohrer
 
PDF
Node.JS - Workshop do básico ao avançado
byEduardo Bohrer
 
PDF
Builds e Pipelines - A arte de automatizar a entrega de software!
byEduardo Bohrer
 
PDF
Git para quem gosta de git
byEduardo Bohrer
 
PDF
NoSQL and AWS Dynamodb
byEduardo Bohrer
 
PDF
uMov.me API - Do básico ao avançado
byEduardo Bohrer
 
PDF
XSS (Cross site scripting)
byEduardo Bohrer
 
PDF
Memória e Garbage Collection na JVM
byEduardo Bohrer
 
Monitorando sistemas distribuidos
byEduardo Bohrer
 
Kubernetes - ThoughtWorks Tech Radar 18
byEduardo Bohrer
 
Refatoração - XPConfBR 2015
byEduardo Bohrer
 
Node.JS - Workshop do básico ao avançado
byEduardo Bohrer
 
Builds e Pipelines - A arte de automatizar a entrega de software!
byEduardo Bohrer
 
Git para quem gosta de git
byEduardo Bohrer
 
NoSQL and AWS Dynamodb
byEduardo Bohrer
 
uMov.me API - Do básico ao avançado
byEduardo Bohrer
 
XSS (Cross site scripting)
byEduardo Bohrer
 
Memória e Garbage Collection na JVM
byEduardo Bohrer
 

Recently uploaded

PDF
Startup Formation Collapses While Acquisition Activity Hits New High!
byMemoori
 
PDF
Explaining the flow of purpose-specific BOM
byakipii ogaoga
 
PDF
Self-Correction Failure Diagnostic: Detecting Drift in Complex Systems
bySystems Research Group
 
PDF
Analyze and Preserve Logs - RHCSA (RH134).pdf
byLinuxCert Guru
 
PDF
AI for Risk Management & Fraud Detection ppt.pdf
byalexmartincaneda
 
PDF
Poročilo odbora CIS (CH08873) za leto 2025 na letni skupščini IEEE Slovenija ...
byUniversity of Maribor
 
PDF
GenerationAI Paris 2025 | City of Light (COL)
byapidays
 
PDF
Mesh WiFi Router: The Smart Solution for Fast, Seamless, Whole-Home Internet
byAeroMesh Systems
 
PPT
Introduction to Risk Based Inspection API-580 & 581
byumerfaiz99
 
PPTX
Retrieval Augmented Generation- The Synergistic Power of Prompt Engineering
bySemantic SEO BD
 
PDF
UiPath Automation Developer Associate Training Series 2026 - Session 2
byDianaGray10
 
PDF
Configure and Manage Systemd Timers- RHCSA (RH134).pdf
byLinuxCert Guru
 
PPTX
Automation Without Apprentices: How AI Challenges the Open Source Way
byIcinga
 
PDF
The Emergence of Empathic XR: AWE Asia 2026 keynote
byMark Billinghurst
 
PDF
Python Automation in Action: Real-World Use Cases and Practical Implementation
byDenys Smirnov
 
PPTX
Beyond the Algorithm: Designing Human-Centric Public Service with AI
byAlan Dix
 
PDF
Chapter 5 Security Mechanisms iin computer security.pdf
byGetnet Tigabie Askale -(GM)
 
PDF
The Manifesto for AI-enabled Governance !
byYannis Charalabidis
 
PPTX
TravelTech Paris 2025 | Beyond the pipes: Why Channel Management isn’t really...
byapidays
 
PDF
From DeFi POC to Production MVP - A 12-16 Week Blueprint.pdf
byniahiggins21
 
Startup Formation Collapses While Acquisition Activity Hits New High!
byMemoori
 
Explaining the flow of purpose-specific BOM
byakipii ogaoga
 
Self-Correction Failure Diagnostic: Detecting Drift in Complex Systems
bySystems Research Group
 
Analyze and Preserve Logs - RHCSA (RH134).pdf
byLinuxCert Guru
 
AI for Risk Management & Fraud Detection ppt.pdf
byalexmartincaneda
 
Poročilo odbora CIS (CH08873) za leto 2025 na letni skupščini IEEE Slovenija ...
byUniversity of Maribor
 
GenerationAI Paris 2025 | City of Light (COL)
byapidays
 
Mesh WiFi Router: The Smart Solution for Fast, Seamless, Whole-Home Internet
byAeroMesh Systems
 
Introduction to Risk Based Inspection API-580 & 581
byumerfaiz99
 
Retrieval Augmented Generation- The Synergistic Power of Prompt Engineering
bySemantic SEO BD
 
UiPath Automation Developer Associate Training Series 2026 - Session 2
byDianaGray10
 
Configure and Manage Systemd Timers- RHCSA (RH134).pdf
byLinuxCert Guru
 
Automation Without Apprentices: How AI Challenges the Open Source Way
byIcinga
 
The Emergence of Empathic XR: AWE Asia 2026 keynote
byMark Billinghurst
 
Python Automation in Action: Real-World Use Cases and Practical Implementation
byDenys Smirnov
 
Beyond the Algorithm: Designing Human-Centric Public Service with AI
byAlan Dix
 
Chapter 5 Security Mechanisms iin computer security.pdf
byGetnet Tigabie Askale -(GM)
 
The Manifesto for AI-enabled Governance !
byYannis Charalabidis
 
TravelTech Paris 2025 | Beyond the pipes: Why Channel Management isn’t really...
byapidays
 
From DeFi POC to Production MVP - A 12-16 Week Blueprint.pdf
byniahiggins21
 

Chaos Report - Web Security Version

Editor's Notes