Submit Search
Upload
Ciso-platform-annual-summit-2013_logical vulnerabilities_(nilanjan_iviz)
•
0 likes
•
498 views
Priyanka Aash
Follow
Presented by Nilanjan Dey, CTO, iViZ at CISO Platform Annual Summit, 2013.
Read less
Read more
Technology
Report
Share
Report
Share
1 of 13
Recommended
The Non-Advanced Persistent Threat
The Non-Advanced Persistent Threat
Imperva
Building better security for your API platform using Azure API Management
Building better security for your API platform using Azure API Management
Eldert Grootenboer
Data-driven Security: Protect APIs from Adaptive Threats
Data-driven Security: Protect APIs from Adaptive Threats
Apigee | Google Cloud
Empathy in Monitoring
Empathy in Monitoring
Zenoss
API Days Paris - When RESTful may be considered harmful
API Days Paris - When RESTful may be considered harmful
Ross Garrett
MuleSoft Meetup Dubai Anypoint security with api-led Connectivity
MuleSoft Meetup Dubai Anypoint security with api-led Connectivity
satyasekhar123
SplunkLive! Utrecht - Splunk for Security - Monzy Merza
SplunkLive! Utrecht - Splunk for Security - Monzy Merza
Splunk
Be the Hunter
Be the Hunter
Rahul Neel Mani
Recommended
The Non-Advanced Persistent Threat
The Non-Advanced Persistent Threat
Imperva
Building better security for your API platform using Azure API Management
Building better security for your API platform using Azure API Management
Eldert Grootenboer
Data-driven Security: Protect APIs from Adaptive Threats
Data-driven Security: Protect APIs from Adaptive Threats
Apigee | Google Cloud
Empathy in Monitoring
Empathy in Monitoring
Zenoss
API Days Paris - When RESTful may be considered harmful
API Days Paris - When RESTful may be considered harmful
Ross Garrett
MuleSoft Meetup Dubai Anypoint security with api-led Connectivity
MuleSoft Meetup Dubai Anypoint security with api-led Connectivity
satyasekhar123
SplunkLive! Utrecht - Splunk for Security - Monzy Merza
SplunkLive! Utrecht - Splunk for Security - Monzy Merza
Splunk
Be the Hunter
Be the Hunter
Rahul Neel Mani
Understanding Web Bots and How They Hurt Your Business
Understanding Web Bots and How They Hurt Your Business
Imperva Incapsula
AWS Security Best Practices in a Zero Trust Security Model - DEM08 - Toronto ...
AWS Security Best Practices in a Zero Trust Security Model - DEM08 - Toronto ...
Amazon Web Services
Checkmarx meetup API Security - API Security top 10 - Erez Yalon
Checkmarx meetup API Security - API Security top 10 - Erez Yalon
Adar Weidman
SplunkLive! Utrecht - Splunk for IT Operations - Rick Fitz
SplunkLive! Utrecht - Splunk for IT Operations - Rick Fitz
Splunk
Detecting and Blocking Suspicious Internal Network Traffic
Detecting and Blocking Suspicious Internal Network Traffic
LogRhythm
Tervela Streaming for Web & Mobile
Tervela Streaming for Web & Mobile
tervela
Hacker vs AI
Hacker vs AI
Nordic APIs
Republic Services Customer Presentation
Republic Services Customer Presentation
Splunk
Mission Possible: Detect and Prevent CyberAttacks with Splunk and Palo Alto N...
Mission Possible: Detect and Prevent CyberAttacks with Splunk and Palo Alto N...
Erin Sweeney
Design, Build and Map IT and Business Services in Splunk
Design, Build and Map IT and Business Services in Splunk
Splunk
Applying API Security at Scale
Applying API Security at Scale
Nordic APIs
Managing Identities in the World of APIs
Managing Identities in the World of APIs
Apigee | Google Cloud
Security as an Enabler for the Digital World - CISO Perspective
Security as an Enabler for the Digital World - CISO Perspective
Apigee | Google Cloud
apidays LIVE India - 10 steps to secure your API by Pabitra Kumar Sahoo, Qual...
apidays LIVE India - 10 steps to secure your API by Pabitra Kumar Sahoo, Qual...
apidays
Two-factor Authentication
Two-factor Authentication
PortalGuard dba PistolStar, Inc.
Hacking A Bluetooth-Enabled Medical Device Is Too Easy
Hacking A Bluetooth-Enabled Medical Device Is Too Easy
IFAH
SACON - Connected cars (Aditya Kakrania)
SACON - Connected cars (Aditya Kakrania)
Priyanka Aash
Compliance in the mobile enterprise: 5 tips to prepare for your next audit
Compliance in the mobile enterprise: 5 tips to prepare for your next audit
NowSecure
Developing Web Applications Securely - How to Fix Common Code Vulnerabilities...
Developing Web Applications Securely - How to Fix Common Code Vulnerabilities...
Veracode
SplunkLive! Stockholm 2017 - ABN AMRO Customer Presentation
SplunkLive! Stockholm 2017 - ABN AMRO Customer Presentation
Splunk
Mohit_Jain_Resume
Mohit_Jain_Resume
Mohit Jain
nostalgia pix
nostalgia pix
Choo Theng Lim
More Related Content
What's hot
Understanding Web Bots and How They Hurt Your Business
Understanding Web Bots and How They Hurt Your Business
Imperva Incapsula
AWS Security Best Practices in a Zero Trust Security Model - DEM08 - Toronto ...
AWS Security Best Practices in a Zero Trust Security Model - DEM08 - Toronto ...
Amazon Web Services
Checkmarx meetup API Security - API Security top 10 - Erez Yalon
Checkmarx meetup API Security - API Security top 10 - Erez Yalon
Adar Weidman
SplunkLive! Utrecht - Splunk for IT Operations - Rick Fitz
SplunkLive! Utrecht - Splunk for IT Operations - Rick Fitz
Splunk
Detecting and Blocking Suspicious Internal Network Traffic
Detecting and Blocking Suspicious Internal Network Traffic
LogRhythm
Tervela Streaming for Web & Mobile
Tervela Streaming for Web & Mobile
tervela
Hacker vs AI
Hacker vs AI
Nordic APIs
Republic Services Customer Presentation
Republic Services Customer Presentation
Splunk
Mission Possible: Detect and Prevent CyberAttacks with Splunk and Palo Alto N...
Mission Possible: Detect and Prevent CyberAttacks with Splunk and Palo Alto N...
Erin Sweeney
Design, Build and Map IT and Business Services in Splunk
Design, Build and Map IT and Business Services in Splunk
Splunk
Applying API Security at Scale
Applying API Security at Scale
Nordic APIs
Managing Identities in the World of APIs
Managing Identities in the World of APIs
Apigee | Google Cloud
Security as an Enabler for the Digital World - CISO Perspective
Security as an Enabler for the Digital World - CISO Perspective
Apigee | Google Cloud
apidays LIVE India - 10 steps to secure your API by Pabitra Kumar Sahoo, Qual...
apidays LIVE India - 10 steps to secure your API by Pabitra Kumar Sahoo, Qual...
apidays
Two-factor Authentication
Two-factor Authentication
PortalGuard dba PistolStar, Inc.
Hacking A Bluetooth-Enabled Medical Device Is Too Easy
Hacking A Bluetooth-Enabled Medical Device Is Too Easy
IFAH
SACON - Connected cars (Aditya Kakrania)
SACON - Connected cars (Aditya Kakrania)
Priyanka Aash
Compliance in the mobile enterprise: 5 tips to prepare for your next audit
Compliance in the mobile enterprise: 5 tips to prepare for your next audit
NowSecure
Developing Web Applications Securely - How to Fix Common Code Vulnerabilities...
Developing Web Applications Securely - How to Fix Common Code Vulnerabilities...
Veracode
SplunkLive! Stockholm 2017 - ABN AMRO Customer Presentation
SplunkLive! Stockholm 2017 - ABN AMRO Customer Presentation
Splunk
What's hot
(20)
Understanding Web Bots and How They Hurt Your Business
Understanding Web Bots and How They Hurt Your Business
AWS Security Best Practices in a Zero Trust Security Model - DEM08 - Toronto ...
AWS Security Best Practices in a Zero Trust Security Model - DEM08 - Toronto ...
Checkmarx meetup API Security - API Security top 10 - Erez Yalon
Checkmarx meetup API Security - API Security top 10 - Erez Yalon
SplunkLive! Utrecht - Splunk for IT Operations - Rick Fitz
SplunkLive! Utrecht - Splunk for IT Operations - Rick Fitz
Detecting and Blocking Suspicious Internal Network Traffic
Detecting and Blocking Suspicious Internal Network Traffic
Tervela Streaming for Web & Mobile
Tervela Streaming for Web & Mobile
Hacker vs AI
Hacker vs AI
Republic Services Customer Presentation
Republic Services Customer Presentation
Mission Possible: Detect and Prevent CyberAttacks with Splunk and Palo Alto N...
Mission Possible: Detect and Prevent CyberAttacks with Splunk and Palo Alto N...
Design, Build and Map IT and Business Services in Splunk
Design, Build and Map IT and Business Services in Splunk
Applying API Security at Scale
Applying API Security at Scale
Managing Identities in the World of APIs
Managing Identities in the World of APIs
Security as an Enabler for the Digital World - CISO Perspective
Security as an Enabler for the Digital World - CISO Perspective
apidays LIVE India - 10 steps to secure your API by Pabitra Kumar Sahoo, Qual...
apidays LIVE India - 10 steps to secure your API by Pabitra Kumar Sahoo, Qual...
Two-factor Authentication
Two-factor Authentication
Hacking A Bluetooth-Enabled Medical Device Is Too Easy
Hacking A Bluetooth-Enabled Medical Device Is Too Easy
SACON - Connected cars (Aditya Kakrania)
SACON - Connected cars (Aditya Kakrania)
Compliance in the mobile enterprise: 5 tips to prepare for your next audit
Compliance in the mobile enterprise: 5 tips to prepare for your next audit
Developing Web Applications Securely - How to Fix Common Code Vulnerabilities...
Developing Web Applications Securely - How to Fix Common Code Vulnerabilities...
SplunkLive! Stockholm 2017 - ABN AMRO Customer Presentation
SplunkLive! Stockholm 2017 - ABN AMRO Customer Presentation
Viewers also liked
Mohit_Jain_Resume
Mohit_Jain_Resume
Mohit Jain
nostalgia pix
nostalgia pix
Choo Theng Lim
PSICOLOGIA DE LA SALUD
PSICOLOGIA DE LA SALUD
stephanie23sjs
Solicitud de alta como socio de acedc
Solicitud de alta como socio de acedc
acedc
Oer prezi
Oer prezi
helgelaj
Ciso bitcoin tx_mallability-pdf
Ciso bitcoin tx_mallability-pdf
Priyanka Aash
Bachelor in History
Bachelor in History
Thibault Barb
ciso-platform-annual-summit-2013-IT risk as business risk
ciso-platform-annual-summit-2013-IT risk as business risk
Priyanka Aash
RAB Lighting
RAB Lighting
Allison Sundstrom
CV
CV
Chad Stewart
447.теория и история литературы проблемы фольклоризма и мифотворчества
447.теория и история литературы проблемы фольклоризма и мифотворчества
ivanov15548
Notorious 9 ciso platform moshe
Notorious 9 ciso platform moshe
Priyanka Aash
197.«основные положения гражданского права» часть 2 «договоры, направленные н...
197.«основные положения гражданского права» часть 2 «договоры, направленные н...
ivanov15666688
El coordinator meeting 11.5.15
El coordinator meeting 11.5.15
Minnesota English Learner Education Conference
Nielson_Samaj in Bhutanese Culture
Nielson_Samaj in Bhutanese Culture
Minnesota English Learner Education Conference
Nanotechnology in surgery
Nanotechnology in surgery
Louizos Louizos
Performance Arts Awards Graded Examinations in Musical Theatre | RSL
Performance Arts Awards Graded Examinations in Musical Theatre | RSL
Francesca Denton
Information Visualization Project
Information Visualization Project
Alexander Nwala
AHMED HAMDI%27S PORTFOLIO
AHMED HAMDI%27S PORTFOLIO
Ahmed Hamdi
Viewers also liked
(19)
Mohit_Jain_Resume
Mohit_Jain_Resume
nostalgia pix
nostalgia pix
PSICOLOGIA DE LA SALUD
PSICOLOGIA DE LA SALUD
Solicitud de alta como socio de acedc
Solicitud de alta como socio de acedc
Oer prezi
Oer prezi
Ciso bitcoin tx_mallability-pdf
Ciso bitcoin tx_mallability-pdf
Bachelor in History
Bachelor in History
ciso-platform-annual-summit-2013-IT risk as business risk
ciso-platform-annual-summit-2013-IT risk as business risk
RAB Lighting
RAB Lighting
CV
CV
447.теория и история литературы проблемы фольклоризма и мифотворчества
447.теория и история литературы проблемы фольклоризма и мифотворчества
Notorious 9 ciso platform moshe
Notorious 9 ciso platform moshe
197.«основные положения гражданского права» часть 2 «договоры, направленные н...
197.«основные положения гражданского права» часть 2 «договоры, направленные н...
El coordinator meeting 11.5.15
El coordinator meeting 11.5.15
Nielson_Samaj in Bhutanese Culture
Nielson_Samaj in Bhutanese Culture
Nanotechnology in surgery
Nanotechnology in surgery
Performance Arts Awards Graded Examinations in Musical Theatre | RSL
Performance Arts Awards Graded Examinations in Musical Theatre | RSL
Information Visualization Project
Information Visualization Project
AHMED HAMDI%27S PORTFOLIO
AHMED HAMDI%27S PORTFOLIO
Similar to Ciso-platform-annual-summit-2013_logical vulnerabilities_(nilanjan_iviz)
Anatomy of business logic vulnerabilities
Anatomy of business logic vulnerabilities
DaveEdwards12
Using 80 20 rule in application security management
Using 80 20 rule in application security management
DaveEdwards12
Securing a Moving Target
Securing a Moving Target
JAX Chamber IT Council
Insecurity in security products 2013
Insecurity in security products 2013
DaveEdwards12
Why current security solutions fail
Why current security solutions fail
DaveEdwards12
Building an AppSec Team Extended Cut
Building an AppSec Team Extended Cut
Mike Spaulding
Mike Spaulding - Building an Application Security Program
Mike Spaulding - Building an Application Security Program
centralohioissa
Ryan Elkins - Simple Security Defense to Thwart an Army of Cyber Ninja Warriors
Ryan Elkins - Simple Security Defense to Thwart an Army of Cyber Ninja Warriors
Ryan Elkins
Scalar Security Roadshow: Toronto Presentation - April 15, 2015
Scalar Security Roadshow: Toronto Presentation - April 15, 2015
Scalar Decisions
Luncheon 2015-11-19 - Lessons Learned from Avid Life Media by Rob Davis
Luncheon 2015-11-19 - Lessons Learned from Avid Life Media by Rob Davis
North Texas Chapter of the ISSA
Web Application Security For Small and Medium Businesses
Web Application Security For Small and Medium Businesses
Sasha Nunke
Introduction Sebyde BV | Security Testing | Security Awareness | Secure Devel...
Introduction Sebyde BV | Security Testing | Security Awareness | Secure Devel...
Derk Yntema
Cyber security - It starts with the embedded system
Cyber security - It starts with the embedded system
Rogue Wave Software
Andrew Useckas Csa presentation hacking custom webapps 4 3
Andrew Useckas Csa presentation hacking custom webapps 4 3
Trish McGinity, CCSK
Oh, WASP! Security Essentials for Web Apps
Oh, WASP! Security Essentials for Web Apps
TechWell
[CB19] Integration of Cyber Insurance Into A Risk Management Program by Jake ...
[CB19] Integration of Cyber Insurance Into A Risk Management Program by Jake ...
CODE BLUE
Securing Privileged Access “Inside the Perimeter”
Securing Privileged Access “Inside the Perimeter”
Bomgar
Vendors, and Risk, and Tigers, and Bears, Oh My: How to Create a Vendor Revie...
Vendors, and Risk, and Tigers, and Bears, Oh My: How to Create a Vendor Revie...
Wendy Knox Everette
Application Security Done Right
Application Security Done Right
pvanwoud
Application Security - Your Success Depends on it
Application Security - Your Success Depends on it
WSO2
Similar to Ciso-platform-annual-summit-2013_logical vulnerabilities_(nilanjan_iviz)
(20)
Anatomy of business logic vulnerabilities
Anatomy of business logic vulnerabilities
Using 80 20 rule in application security management
Using 80 20 rule in application security management
Securing a Moving Target
Securing a Moving Target
Insecurity in security products 2013
Insecurity in security products 2013
Why current security solutions fail
Why current security solutions fail
Building an AppSec Team Extended Cut
Building an AppSec Team Extended Cut
Mike Spaulding - Building an Application Security Program
Mike Spaulding - Building an Application Security Program
Ryan Elkins - Simple Security Defense to Thwart an Army of Cyber Ninja Warriors
Ryan Elkins - Simple Security Defense to Thwart an Army of Cyber Ninja Warriors
Scalar Security Roadshow: Toronto Presentation - April 15, 2015
Scalar Security Roadshow: Toronto Presentation - April 15, 2015
Luncheon 2015-11-19 - Lessons Learned from Avid Life Media by Rob Davis
Luncheon 2015-11-19 - Lessons Learned from Avid Life Media by Rob Davis
Web Application Security For Small and Medium Businesses
Web Application Security For Small and Medium Businesses
Introduction Sebyde BV | Security Testing | Security Awareness | Secure Devel...
Introduction Sebyde BV | Security Testing | Security Awareness | Secure Devel...
Cyber security - It starts with the embedded system
Cyber security - It starts with the embedded system
Andrew Useckas Csa presentation hacking custom webapps 4 3
Andrew Useckas Csa presentation hacking custom webapps 4 3
Oh, WASP! Security Essentials for Web Apps
Oh, WASP! Security Essentials for Web Apps
[CB19] Integration of Cyber Insurance Into A Risk Management Program by Jake ...
[CB19] Integration of Cyber Insurance Into A Risk Management Program by Jake ...
Securing Privileged Access “Inside the Perimeter”
Securing Privileged Access “Inside the Perimeter”
Vendors, and Risk, and Tigers, and Bears, Oh My: How to Create a Vendor Revie...
Vendors, and Risk, and Tigers, and Bears, Oh My: How to Create a Vendor Revie...
Application Security Done Right
Application Security Done Right
Application Security - Your Success Depends on it
Application Security - Your Success Depends on it
More from Priyanka Aash
Digital Personal Data Protection (DPDP) Practical Approach For CISOs
Digital Personal Data Protection (DPDP) Practical Approach For CISOs
Priyanka Aash
Verizon Breach Investigation Report (VBIR).pdf
Verizon Breach Investigation Report (VBIR).pdf
Priyanka Aash
Top 10 Security Risks .pptx.pdf
Top 10 Security Risks .pptx.pdf
Priyanka Aash
Simplifying data privacy and protection.pdf
Simplifying data privacy and protection.pdf
Priyanka Aash
Generative AI and Security (1).pptx.pdf
Generative AI and Security (1).pptx.pdf
Priyanka Aash
EVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdf
EVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdf
Priyanka Aash
DPDP Act 2023.pdf
DPDP Act 2023.pdf
Priyanka Aash
Cyber Truths_Are you Prepared version 1.1.pptx.pdf
Cyber Truths_Are you Prepared version 1.1.pptx.pdf
Priyanka Aash
Cyber Crisis Management.pdf
Cyber Crisis Management.pdf
Priyanka Aash
CISOPlatform journey.pptx.pdf
CISOPlatform journey.pptx.pdf
Priyanka Aash
Chennai Chapter.pptx.pdf
Chennai Chapter.pptx.pdf
Priyanka Aash
Cloud attack vectors_Moshe.pdf
Cloud attack vectors_Moshe.pdf
Priyanka Aash
Stories From The Web 3 Battlefield
Stories From The Web 3 Battlefield
Priyanka Aash
Lessons Learned From Ransomware Attacks
Lessons Learned From Ransomware Attacks
Priyanka Aash
Emerging New Threats And Top CISO Priorities In 2022 (Chennai)
Emerging New Threats And Top CISO Priorities In 2022 (Chennai)
Priyanka Aash
Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)
Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)
Priyanka Aash
Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)
Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)
Priyanka Aash
Cloud Security: Limitations of Cloud Security Groups and Flow Logs
Cloud Security: Limitations of Cloud Security Groups and Flow Logs
Priyanka Aash
Cyber Security Governance
Cyber Security Governance
Priyanka Aash
Ethical Hacking
Ethical Hacking
Priyanka Aash
More from Priyanka Aash
(20)
Digital Personal Data Protection (DPDP) Practical Approach For CISOs
Digital Personal Data Protection (DPDP) Practical Approach For CISOs
Verizon Breach Investigation Report (VBIR).pdf
Verizon Breach Investigation Report (VBIR).pdf
Top 10 Security Risks .pptx.pdf
Top 10 Security Risks .pptx.pdf
Simplifying data privacy and protection.pdf
Simplifying data privacy and protection.pdf
Generative AI and Security (1).pptx.pdf
Generative AI and Security (1).pptx.pdf
EVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdf
EVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdf
DPDP Act 2023.pdf
DPDP Act 2023.pdf
Cyber Truths_Are you Prepared version 1.1.pptx.pdf
Cyber Truths_Are you Prepared version 1.1.pptx.pdf
Cyber Crisis Management.pdf
Cyber Crisis Management.pdf
CISOPlatform journey.pptx.pdf
CISOPlatform journey.pptx.pdf
Chennai Chapter.pptx.pdf
Chennai Chapter.pptx.pdf
Cloud attack vectors_Moshe.pdf
Cloud attack vectors_Moshe.pdf
Stories From The Web 3 Battlefield
Stories From The Web 3 Battlefield
Lessons Learned From Ransomware Attacks
Lessons Learned From Ransomware Attacks
Emerging New Threats And Top CISO Priorities In 2022 (Chennai)
Emerging New Threats And Top CISO Priorities In 2022 (Chennai)
Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)
Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)
Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)
Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)
Cloud Security: Limitations of Cloud Security Groups and Flow Logs
Cloud Security: Limitations of Cloud Security Groups and Flow Logs
Cyber Security Governance
Cyber Security Governance
Ethical Hacking
Ethical Hacking
Recently uploaded
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf
Sandro Moreira
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Edi Saputra
Elevate Developer Efficiency & build GenAI Application with Amazon Q
Elevate Developer Efficiency & build GenAI Application with Amazon Q
Bhuvaneswari Subramani
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
Khushali Kathiriya
Navigating Identity and Access Management in the Modern Enterprise
Navigating Identity and Access Management in the Modern Enterprise
WSO2
Simplifying Mobile A11y Presentation.pptx
Simplifying Mobile A11y Presentation.pptx
MarkSteadman7
API Governance and Monetization - The evolution of API governance
API Governance and Monetization - The evolution of API governance
WSO2
Vector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptx
Remote DBA Services
Six Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal Ontology
johnbeverley2021
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Orbitshub
TEST BANK For Principles of Anatomy and Physiology, 16th Edition by Gerard J....
TEST BANK For Principles of Anatomy and Physiology, 16th Edition by Gerard J....
rightmanforbloodline
Platformless Horizons for Digital Adaptability
Platformless Horizons for Digital Adaptability
WSO2
Architecting Cloud Native Applications
Architecting Cloud Native Applications
WSO2
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with Milvus
Zilliz
Stronger Together: Developing an Organizational Strategy for Accessible Desig...
Stronger Together: Developing an Organizational Strategy for Accessible Desig...
caitlingebhard1
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
Zilliz
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Victor Rentea
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
UiPathCommunity
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
Andrey Devyatkin
Recently uploaded
(20)
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Elevate Developer Efficiency & build GenAI Application with Amazon Q
Elevate Developer Efficiency & build GenAI Application with Amazon Q
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
Navigating Identity and Access Management in the Modern Enterprise
Navigating Identity and Access Management in the Modern Enterprise
Simplifying Mobile A11y Presentation.pptx
Simplifying Mobile A11y Presentation.pptx
API Governance and Monetization - The evolution of API governance
API Governance and Monetization - The evolution of API governance
Vector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptx
Six Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal Ontology
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
TEST BANK For Principles of Anatomy and Physiology, 16th Edition by Gerard J....
TEST BANK For Principles of Anatomy and Physiology, 16th Edition by Gerard J....
Platformless Horizons for Digital Adaptability
Platformless Horizons for Digital Adaptability
Architecting Cloud Native Applications
Architecting Cloud Native Applications
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with Milvus
Stronger Together: Developing an Organizational Strategy for Accessible Desig...
Stronger Together: Developing an Organizational Strategy for Accessible Desig...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
Ciso-platform-annual-summit-2013_logical vulnerabilities_(nilanjan_iviz)
1.
Logical Vulnerabilities in
Web Applications Nilanjan De, CTO, iViZ Security Inc. Nov 2013 © iViZ Security Inc 0
2.
Introduction • iViZ -
Cloud based Application Penetration testing – Zero False positive guarantee – Business logic testing along with 100% WASC class coverage • 3000+ applications tested till date • Average number of logical Vulnerabilities per non-trivial and critical app ~ 2-3 Nov 2013 © iViZ Security Inc 1
3.
Logical Vulnerabilities Nov 2013 ©
iViZ Security Inc 2
4.
Logical vs Technical
Flaws Logical Flaws Technical Flaws Occurs due to logical design weakness and not due to wrong coding. These flaws exploit legitimate processing flow of an application to cause a negative consequence to the application owner or user. Most often occurs due to wrong or insecure coding or missing security controls. Finding logical vulnerabilities is an Automated scanners can largely find Undecidable problem. Hence it is difficult these vulnerabilities for automated scanners to find them in all cases. Typically testing or exploiting these require multi-step operations and hence makes it more difficult for automated scanners to find them. Nov 2013 These flaws typically have well known and reliable test-cases. © iViZ Security Inc 3
5.
Common Logical Vulnerabilities Nov
2013 © iViZ Security Inc 4
6.
Payment gateway price
manipulation • Manipulation of price when the request is transferred to payment gateway and back. • Attacker can purchase at a different price than actual(usually lower or zero price). Especially dangerous for items where the fulfillment or delivery is immediate, e.g., digital downloads, e-tickets, phone recharge, etc. Nov 2013 © iViZ Security Inc 5
7.
Discount coupon abuse •
Apply discount coupon on large number of items and then cancel the items but retain the discount • Use same coupon multiple times or use multiple coupons on the same order. • Use single time use coupons in multiple orders by initiating the orders simultaneously. • Use expired coupons • Predictable coupon codes Nov 2013 © iViZ Security Inc 6
8.
Password Recovery • Weak
“Do not have access to registered email?” functionality. • Guessable secret questions – – – – When is your birthday/anniversary? Where were you born? Mother’s maiden name? Where did you go on honeymoon? • Multi-step password recovery process bypass. • Pre-authenticated password change functionality abuse Nov 2013 © iViZ Security Inc 7
9.
Negative Transfer • Transfer
negative amount from your account and increase your bank balance and decrease your victims balance. – Only client side validation and lack of server side validation leads to such flaws – Relatively less common these days but we still find such flaws • Transfer a very large positive amount from your account and obtain the same result as above – Positive amount bypasses client side and server side validation – Backend legacy code cannot handle above 32-bit integers, therefore due to integer overflow, treats them as negative integers Nov 2013 © iViZ Security Inc 8
10.
Denial of Service •
Lock out legitimate user – Abuse of legitimate functionality to lock user on repeated failed logins. – Can be misused by attackers to lock victim’s account. • Lock resources without completing transaction – Eg, bus tickets, movie tickets – Deduct charges before fulfillment of order. Nov 2013 © iViZ Security Inc 9
11.
Resources • List of
common Logical Vulnerabilities – http://www.ivizsecurity.com/50-common-logicalvulnerabilities.html • OWASP – https://www.owasp.org/index.php/Business_logic _vulnerability – https://www.owasp.org/index.php/Testing_for_b usiness_logic_(OWASP- BL-001) Nov 2013 © iViZ Security Inc 10
12.
Questions? Nov 2013 © iViZ
Security Inc 11
13.
Thank You nilanjan@ivizsecurity.com http://www.ivizsecurity.com/ Nov 2013 ©
iViZ Security Inc 12