SlideShare a Scribd company logo

Training Webinar: Cover your bases - a security webinar

OutSystems
OutSystems

Every IT manager, sysAdmin, or developer is facing an increasing demand to put in place security measures that improve infrastructure and applications, while complying with projects requirements. You've probably heard all this before, but with very few solid ways to tackle the real security issues. We're here to cut through the jargon overdose and show you practical, live examples of a few common - and surprisingly simple - vulnerabilities being exploited in real time. We’ll also show you how quickly we can solve them in OutSystems. Learn about: - Layered Security in OutSystems - Open Communication Channels, Cookies, and Session Fixation Attacks - Code Injection - Open Redirection Attacks - * Sensitive User Forms Protection in OutSystems Free Online training: https://www.outsystems.com/learn/courses/ Follow us on Twitter http://www.twitter.com/OutSystemsDev Like us on Facebook http://www.Facebook.com/OutSystemsDev

1 of 34
Download to read offline
Cover Your Bases A Security Webinar
Ivo Gonçalves Platform Operations Expert Services ivo.goncalves@outsystems.com https://www.linkedin.com/in/ivomgoncalves Paulo Costa Platform Operations Expert Services paulo.costa@outsystems.com https://www.linkedin.com/in/pauloalex
Agenda • What is IT security? • Layered security. • Secure your infrastructure and your application with OutSystems recommendations: ○ 7 common vulnerabilities. ■ Vulnerability explanation and mitigation.
What is IT security? “IT Security is the process of implementing measures and systems designed to securely protect and safeguard information (...) against any unauthorized access, misuse, malfunction, modification, destruction, or improper disclosure (...)” Sans Institute Confidentiality Availability Integrity CIA Triad Confidentiality Prevent unauthorized parties to access the information. Integrity Prevent data manipulation and deletion by unauthorized parties. Availability Information is always available to authorized parties.
Layered security “Layered security combines multiple security measures to make sure that you don't have all your security eggs in one basket. This protects you from different sources and different types of threats.” Fortinet blog, 14 January 2014 Application Application Servers Systems and Network Development practices Security configurations deployed in the surrounding infrastructure Security configurations deployed in the application servers
Security and OutSystems ● Generated code is subject of advanced vulnerability scanning. ○ OutSystems applications are mostly secure. ● Exploits on user code can still be present. ● Application Servers and Systems and Network layers may have vulnerabilities. ● No system is 100% secure.
Security assessment Improve your applications security
1) Open communication channels
Description Open communication channels • Information exchanged in plain text. • Network monitoring: ○ Eavesdropping and tampering.
Mitigation
Mitigation — HTTPS Application Server Layer • Acquire a digital certificate. • Configure your application server to support HTTPS. • Disable SSL 2.0 and 3.0. • Prevent BEAST attacks. • Mobile requires valid and trusted certificates.
• Enforce HSTS headers. Mitigation — HTTPS Application Server Layer Service Center Lifetime
• HTTPS for all screens and integrations. Mitigation — HTTPS Application Server Layer Service Center Lifetime
• HTTPS for all screens and integrations. Mitigation — HTTPS Application Layer Web Screens Integrations Web Flows
2) Session cookies without “secure” flag
Description Session cookie without “secure” flag • Session cookies transmitted in plain text: ○ E.g. Session ID. • Session hijack.
Mitigation — Secure Session Cookies Application Layer • Set ‘secure’ flag for session cookies. ○ Factory Configuration.
3) Session fixation
Description Session Fixation • Session ID doesn’t change. • Session hijack.
Mitigation — Session Fixation Application Layer • Implement Token-based authentication and session ID regeneration.
4) Injections
Description Injection/Code injection • Application handles untrusted data poorly. • Application allows relaying malicious code to other systems (e.g. SQL Injection). • Application allows injecting code that is then interpreted/executed (e.g. XSS, HTML injection).
Mitigation — Injection/Code Injection Application Layer • Escape content. • Encode/Sanitize content. • Mobile apps escape all inputted content.
5) Open redirect
Description Open redirect • AKA Unvalidated Redirects and Forwards. • Application allows redirect requests to an untrusted URL. • Commonly used for phishing attacks.
Mitigation — Open Redirect Application Layer • Don’t use dynamic URL redirects from input. • If you do, use built-in functions: ○ ReplaceURLDomain • If you need to redirect to other domains, check the input URL against a whitelist.
6) Sensitive user forms with autocomplete
Description Sensitive user forms with autocomplete • User forms cache sensitive information (e.g. credit card number, email, etc). • Allows retrieving previously used data.
Mitigation — Sensitive Information User Forms Application Layer • Disable autocomplete for sensitive user forms.
7) User enumeration
Description User enumeration • Application reveals if the username exists. • Dictionary attack. • OutSystems 10 has built-in brute force login protection.
Mitigation — User Enumeration Application Layer • Display generic messages. • Update the code that reveals user information.
OWASP 10 Matrix OWASP Reference Webinar Reference A1 Injection 4) Injections A2 Broken Authentication and Session Management 1) Open communication channels 2) Session cookies without “secure” flag 3) Session fixation A3 Cross-Site Scripting 4) Injections A6 Sensitive Data Exposure 6) Sensitive user forms with autocomplete 7) User Enumeration A10 Unvalidated Redirects and Forward 5) Open redirect
Thank you!

Recommended

SnapComms Technical Overview
SnapComms Technical OverviewSnapComms Technical Overview
SnapComms Technical Overviewleanne_abarro
 
CSF18 Azure Information Protection - Albert Hoitingh
CSF18 Azure Information Protection - Albert HoitinghCSF18 Azure Information Protection - Albert Hoitingh
CSF18 Azure Information Protection - Albert Hoitingh
NCCOMMS
 
BIG IRON, BIG RISK? SECURING THE MAINFRAME - #MFSummit2017
BIG IRON, BIG RISK? SECURING THE MAINFRAME - #MFSummit2017BIG IRON, BIG RISK? SECURING THE MAINFRAME - #MFSummit2017
BIG IRON, BIG RISK? SECURING THE MAINFRAME - #MFSummit2017
Micro Focus
 
PROTECT AND SURVIVE – SAFEGUARDING YOUR INFORMATION ASSETS - #MFSummit2017
PROTECT AND SURVIVE – SAFEGUARDING YOUR INFORMATION ASSETS - #MFSummit2017PROTECT AND SURVIVE – SAFEGUARDING YOUR INFORMATION ASSETS - #MFSummit2017
PROTECT AND SURVIVE – SAFEGUARDING YOUR INFORMATION ASSETS - #MFSummit2017
Micro Focus
 
UNIFIED MESSAGE ARCHIVING – WHY IT IS IMPORTANT
UNIFIED MESSAGE ARCHIVING – WHY IT IS IMPORTANTUNIFIED MESSAGE ARCHIVING – WHY IT IS IMPORTANT
UNIFIED MESSAGE ARCHIVING – WHY IT IS IMPORTANT
Micro Focus
 
APIdays Paris 2019 - RASP for APIs and Microservices by Jean-Baptiste Aviat, ...
APIdays Paris 2019 - RASP for APIs and Microservices by Jean-Baptiste Aviat, ...APIdays Paris 2019 - RASP for APIs and Microservices by Jean-Baptiste Aviat, ...
APIdays Paris 2019 - RASP for APIs and Microservices by Jean-Baptiste Aviat, ...
apidays
 
Basic security and Barracuda VRS
Basic security and Barracuda VRSBasic security and Barracuda VRS
Basic security and Barracuda VRS
Aravindan A
 
Observability for Integration Using WSO2 Enterprise Integrator
Observability for Integration Using WSO2 Enterprise IntegratorObservability for Integration Using WSO2 Enterprise Integrator
Observability for Integration Using WSO2 Enterprise Integrator
WSO2
 

Recommended

SnapComms Technical Overview
SnapComms Technical OverviewSnapComms Technical Overview
SnapComms Technical Overviewleanne_abarro
 
CSF18 Azure Information Protection - Albert Hoitingh
CSF18 Azure Information Protection - Albert HoitinghCSF18 Azure Information Protection - Albert Hoitingh
CSF18 Azure Information Protection - Albert Hoitingh
NCCOMMS
 
BIG IRON, BIG RISK? SECURING THE MAINFRAME - #MFSummit2017
BIG IRON, BIG RISK? SECURING THE MAINFRAME - #MFSummit2017BIG IRON, BIG RISK? SECURING THE MAINFRAME - #MFSummit2017
BIG IRON, BIG RISK? SECURING THE MAINFRAME - #MFSummit2017
Micro Focus
 
PROTECT AND SURVIVE – SAFEGUARDING YOUR INFORMATION ASSETS - #MFSummit2017
PROTECT AND SURVIVE – SAFEGUARDING YOUR INFORMATION ASSETS - #MFSummit2017PROTECT AND SURVIVE – SAFEGUARDING YOUR INFORMATION ASSETS - #MFSummit2017
PROTECT AND SURVIVE – SAFEGUARDING YOUR INFORMATION ASSETS - #MFSummit2017
Micro Focus
 
UNIFIED MESSAGE ARCHIVING – WHY IT IS IMPORTANT
UNIFIED MESSAGE ARCHIVING – WHY IT IS IMPORTANTUNIFIED MESSAGE ARCHIVING – WHY IT IS IMPORTANT
UNIFIED MESSAGE ARCHIVING – WHY IT IS IMPORTANT
Micro Focus
 
APIdays Paris 2019 - RASP for APIs and Microservices by Jean-Baptiste Aviat, ...
APIdays Paris 2019 - RASP for APIs and Microservices by Jean-Baptiste Aviat, ...APIdays Paris 2019 - RASP for APIs and Microservices by Jean-Baptiste Aviat, ...
APIdays Paris 2019 - RASP for APIs and Microservices by Jean-Baptiste Aviat, ...
apidays
 
Basic security and Barracuda VRS
Basic security and Barracuda VRSBasic security and Barracuda VRS
Basic security and Barracuda VRS
Aravindan A
 
Observability for Integration Using WSO2 Enterprise Integrator
Observability for Integration Using WSO2 Enterprise IntegratorObservability for Integration Using WSO2 Enterprise Integrator
Observability for Integration Using WSO2 Enterprise Integrator
WSO2
 
Istio Security Overview
Istio Security OverviewIstio Security Overview
Istio Security Overview
Michael Furman
 
How to Deploy WSO2 Enterprise Integrator in Containers
How to Deploy WSO2 Enterprise Integrator in ContainersHow to Deploy WSO2 Enterprise Integrator in Containers
How to Deploy WSO2 Enterprise Integrator in Containers
WSO2
 
SSO with the WSO2 Identity Server
SSO with the WSO2 Identity ServerSSO with the WSO2 Identity Server
SSO with the WSO2 Identity ServerWSO2
 
Security in microservices architectures
Security in microservices architecturesSecurity in microservices architectures
Security in microservices architectures
inovia
 
15 intro to ssl certificate & pki concept
15 intro to ssl certificate & pki concept15 intro to ssl certificate & pki concept
15 intro to ssl certificate & pki concept
Mostafa El Lathy
 
13 palo alto url web filtering concept
13 palo alto url web filtering concept13 palo alto url web filtering concept
13 palo alto url web filtering concept
Mostafa El Lathy
 
DataPower Security Hardening
DataPower Security HardeningDataPower Security Hardening
DataPower Security Hardening
Shiu-Fun Poon
 
Websphere - Introduction to ssl part ii
Websphere - Introduction to ssl part iiWebsphere - Introduction to ssl part ii
Websphere - Introduction to ssl part ii
Vibrant Technologies & Computers
 
Microservices Security: dos and don'ts
Microservices Security: dos and don'tsMicroservices Security: dos and don'ts
Microservices Security: dos and don'ts
Minded Security
 
OIDF Workshop at Verizon Media -- 9/30/2019 -- OpenID Connect Federation Update
OIDF Workshop at Verizon Media -- 9/30/2019 -- OpenID Connect Federation UpdateOIDF Workshop at Verizon Media -- 9/30/2019 -- OpenID Connect Federation Update
OIDF Workshop at Verizon Media -- 9/30/2019 -- OpenID Connect Federation Update
OpenIDFoundation
 
11 palo alto user-id concepts
11 palo alto user-id concepts11 palo alto user-id concepts
11 palo alto user-id concepts
Mostafa El Lathy
 
Nicolas destor pres_f5agility2018
Nicolas destor pres_f5agility2018Nicolas destor pres_f5agility2018
Nicolas destor pres_f5agility2018
Nicolas Destor
 
2 what is the best firewall (sizing)
2 what is the best firewall (sizing)2 what is the best firewall (sizing)
2 what is the best firewall (sizing)
Mostafa El Lathy
 
CSF18 - The Night is Dark and Full of Hackers - Sami Laiho
CSF18 - The Night is Dark and Full of Hackers - Sami LaihoCSF18 - The Night is Dark and Full of Hackers - Sami Laiho
CSF18 - The Night is Dark and Full of Hackers - Sami Laiho
NCCOMMS
 
4 palo alto licenses
4 palo alto licenses4 palo alto licenses
4 palo alto licenses
Mostafa El Lathy
 
How to integration DataPower with Zos
How to integration DataPower with ZosHow to integration DataPower with Zos
How to integration DataPower with Zos
Shiu-Fun Poon
 
Micro Focus Filr - #MFSummit2017
Micro Focus Filr - #MFSummit2017Micro Focus Filr - #MFSummit2017
Micro Focus Filr - #MFSummit2017
Micro Focus
 
Self-contained Systems: A Different Approach to Microservices
Self-contained Systems: A Different Approach to MicroservicesSelf-contained Systems: A Different Approach to Microservices
Self-contained Systems: A Different Approach to Microservices
Eberhard Wolff
 
Reaching PCI Nirvana: Ensure a Successful Audit & Maintain Continuous Compliance
Reaching PCI Nirvana: Ensure a Successful Audit & Maintain Continuous ComplianceReaching PCI Nirvana: Ensure a Successful Audit & Maintain Continuous Compliance
Reaching PCI Nirvana: Ensure a Successful Audit & Maintain Continuous Compliance
AlgoSec
 
The Share Responsibility Model of Cloud Computing - ILTA Philadelphia
The Share Responsibility Model of Cloud Computing - ILTA PhiladelphiaThe Share Responsibility Model of Cloud Computing - ILTA Philadelphia
The Share Responsibility Model of Cloud Computing - ILTA Philadelphia
Patrick Sklodowski
 
Sync or swim: the challenge of complex offline apps
Sync or swim: the challenge of complex offline appsSync or swim: the challenge of complex offline apps
Sync or swim: the challenge of complex offline apps
OutSystems
 
Training Webinars - Secret hacks for OutSystems 10
Training Webinars - Secret hacks for OutSystems 10Training Webinars - Secret hacks for OutSystems 10
Training Webinars - Secret hacks for OutSystems 10
OutSystems
 

More Related Content

What's hot

Istio Security Overview
Istio Security OverviewIstio Security Overview
Istio Security Overview
Michael Furman
 
How to Deploy WSO2 Enterprise Integrator in Containers
How to Deploy WSO2 Enterprise Integrator in ContainersHow to Deploy WSO2 Enterprise Integrator in Containers
How to Deploy WSO2 Enterprise Integrator in Containers
WSO2
 
SSO with the WSO2 Identity Server
SSO with the WSO2 Identity ServerSSO with the WSO2 Identity Server
SSO with the WSO2 Identity ServerWSO2
 
Security in microservices architectures
Security in microservices architecturesSecurity in microservices architectures
Security in microservices architectures
inovia
 
15 intro to ssl certificate & pki concept
15 intro to ssl certificate & pki concept15 intro to ssl certificate & pki concept
15 intro to ssl certificate & pki concept
Mostafa El Lathy
 
13 palo alto url web filtering concept
13 palo alto url web filtering concept13 palo alto url web filtering concept
13 palo alto url web filtering concept
Mostafa El Lathy
 
DataPower Security Hardening
DataPower Security HardeningDataPower Security Hardening
DataPower Security Hardening
Shiu-Fun Poon
 
Websphere - Introduction to ssl part ii
Websphere - Introduction to ssl part iiWebsphere - Introduction to ssl part ii
Websphere - Introduction to ssl part ii
Vibrant Technologies & Computers
 
Microservices Security: dos and don'ts
Microservices Security: dos and don'tsMicroservices Security: dos and don'ts
Microservices Security: dos and don'ts
Minded Security
 
OIDF Workshop at Verizon Media -- 9/30/2019 -- OpenID Connect Federation Update
OIDF Workshop at Verizon Media -- 9/30/2019 -- OpenID Connect Federation UpdateOIDF Workshop at Verizon Media -- 9/30/2019 -- OpenID Connect Federation Update
OIDF Workshop at Verizon Media -- 9/30/2019 -- OpenID Connect Federation Update
OpenIDFoundation
 
11 palo alto user-id concepts
11 palo alto user-id concepts11 palo alto user-id concepts
11 palo alto user-id concepts
Mostafa El Lathy
 
Nicolas destor pres_f5agility2018
Nicolas destor pres_f5agility2018Nicolas destor pres_f5agility2018
Nicolas destor pres_f5agility2018
Nicolas Destor
 
2 what is the best firewall (sizing)
2 what is the best firewall (sizing)2 what is the best firewall (sizing)
2 what is the best firewall (sizing)
Mostafa El Lathy
 
CSF18 - The Night is Dark and Full of Hackers - Sami Laiho
CSF18 - The Night is Dark and Full of Hackers - Sami LaihoCSF18 - The Night is Dark and Full of Hackers - Sami Laiho
CSF18 - The Night is Dark and Full of Hackers - Sami Laiho
NCCOMMS
 
4 palo alto licenses
4 palo alto licenses4 palo alto licenses
4 palo alto licenses
Mostafa El Lathy
 
How to integration DataPower with Zos
How to integration DataPower with ZosHow to integration DataPower with Zos
How to integration DataPower with Zos
Shiu-Fun Poon
 
Micro Focus Filr - #MFSummit2017
Micro Focus Filr - #MFSummit2017Micro Focus Filr - #MFSummit2017
Micro Focus Filr - #MFSummit2017
Micro Focus
 
Self-contained Systems: A Different Approach to Microservices
Self-contained Systems: A Different Approach to MicroservicesSelf-contained Systems: A Different Approach to Microservices
Self-contained Systems: A Different Approach to Microservices
Eberhard Wolff
 
Reaching PCI Nirvana: Ensure a Successful Audit & Maintain Continuous Compliance
Reaching PCI Nirvana: Ensure a Successful Audit & Maintain Continuous ComplianceReaching PCI Nirvana: Ensure a Successful Audit & Maintain Continuous Compliance
Reaching PCI Nirvana: Ensure a Successful Audit & Maintain Continuous Compliance
AlgoSec
 
The Share Responsibility Model of Cloud Computing - ILTA Philadelphia
The Share Responsibility Model of Cloud Computing - ILTA PhiladelphiaThe Share Responsibility Model of Cloud Computing - ILTA Philadelphia
The Share Responsibility Model of Cloud Computing - ILTA Philadelphia
Patrick Sklodowski
 

What's hot (20)

Istio Security Overview
Istio Security OverviewIstio Security Overview
Istio Security Overview
 
How to Deploy WSO2 Enterprise Integrator in Containers
How to Deploy WSO2 Enterprise Integrator in ContainersHow to Deploy WSO2 Enterprise Integrator in Containers
How to Deploy WSO2 Enterprise Integrator in Containers
 
SSO with the WSO2 Identity Server
SSO with the WSO2 Identity ServerSSO with the WSO2 Identity Server
SSO with the WSO2 Identity Server
 
Security in microservices architectures
Security in microservices architecturesSecurity in microservices architectures
Security in microservices architectures
 
15 intro to ssl certificate & pki concept
15 intro to ssl certificate & pki concept15 intro to ssl certificate & pki concept
15 intro to ssl certificate & pki concept
 
13 palo alto url web filtering concept
13 palo alto url web filtering concept13 palo alto url web filtering concept
13 palo alto url web filtering concept
 
DataPower Security Hardening
DataPower Security HardeningDataPower Security Hardening
DataPower Security Hardening
 
Websphere - Introduction to ssl part ii
Websphere - Introduction to ssl part iiWebsphere - Introduction to ssl part ii
Websphere - Introduction to ssl part ii
 
Microservices Security: dos and don'ts
Microservices Security: dos and don'tsMicroservices Security: dos and don'ts
Microservices Security: dos and don'ts
 
OIDF Workshop at Verizon Media -- 9/30/2019 -- OpenID Connect Federation Update
OIDF Workshop at Verizon Media -- 9/30/2019 -- OpenID Connect Federation UpdateOIDF Workshop at Verizon Media -- 9/30/2019 -- OpenID Connect Federation Update
OIDF Workshop at Verizon Media -- 9/30/2019 -- OpenID Connect Federation Update
 
11 palo alto user-id concepts
11 palo alto user-id concepts11 palo alto user-id concepts
11 palo alto user-id concepts
 
Nicolas destor pres_f5agility2018
Nicolas destor pres_f5agility2018Nicolas destor pres_f5agility2018
Nicolas destor pres_f5agility2018
 
2 what is the best firewall (sizing)
2 what is the best firewall (sizing)2 what is the best firewall (sizing)
2 what is the best firewall (sizing)
 
CSF18 - The Night is Dark and Full of Hackers - Sami Laiho
CSF18 - The Night is Dark and Full of Hackers - Sami LaihoCSF18 - The Night is Dark and Full of Hackers - Sami Laiho
CSF18 - The Night is Dark and Full of Hackers - Sami Laiho
 
4 palo alto licenses
4 palo alto licenses4 palo alto licenses
4 palo alto licenses
 
How to integration DataPower with Zos
How to integration DataPower with ZosHow to integration DataPower with Zos
How to integration DataPower with Zos
 
Micro Focus Filr - #MFSummit2017
Micro Focus Filr - #MFSummit2017Micro Focus Filr - #MFSummit2017
Micro Focus Filr - #MFSummit2017
 
Self-contained Systems: A Different Approach to Microservices
Self-contained Systems: A Different Approach to MicroservicesSelf-contained Systems: A Different Approach to Microservices
Self-contained Systems: A Different Approach to Microservices
 
Reaching PCI Nirvana: Ensure a Successful Audit & Maintain Continuous Compliance
Reaching PCI Nirvana: Ensure a Successful Audit & Maintain Continuous ComplianceReaching PCI Nirvana: Ensure a Successful Audit & Maintain Continuous Compliance
Reaching PCI Nirvana: Ensure a Successful Audit & Maintain Continuous Compliance
 
The Share Responsibility Model of Cloud Computing - ILTA Philadelphia
The Share Responsibility Model of Cloud Computing - ILTA PhiladelphiaThe Share Responsibility Model of Cloud Computing - ILTA Philadelphia
The Share Responsibility Model of Cloud Computing - ILTA Philadelphia
 

Viewers also liked

Sync or swim: the challenge of complex offline apps
Sync or swim: the challenge of complex offline appsSync or swim: the challenge of complex offline apps
Sync or swim: the challenge of complex offline apps
OutSystems
 
Training Webinars - Secret hacks for OutSystems 10
Training Webinars - Secret hacks for OutSystems 10Training Webinars - Secret hacks for OutSystems 10
Training Webinars - Secret hacks for OutSystems 10
OutSystems
 
Training Webinar: Enterprise application performance with server push technol...
Training Webinar: Enterprise application performance with server push technol...Training Webinar: Enterprise application performance with server push technol...
Training Webinar: Enterprise application performance with server push technol...
OutSystems
 
OutSystems - Bimodal Bakeoff
OutSystems - Bimodal Bakeoff OutSystems - Bimodal Bakeoff
OutSystems - Bimodal Bakeoff
OutSystems
 
Training Webinar - Wireframing made easy
Training Webinar - Wireframing made easyTraining Webinar - Wireframing made easy
Training Webinar - Wireframing made easy
OutSystems
 
OutSystems - Go Fast or Go Home
OutSystems - Go Fast or Go Home OutSystems - Go Fast or Go Home
OutSystems - Go Fast or Go Home
OutSystems
 
State of application development - 2017 research report
State of application development - 2017 research reportState of application development - 2017 research report
State of application development - 2017 research report
OutSystems
 
OutSystems - Digital Realities Webinar
OutSystems - Digital Realities WebinarOutSystems - Digital Realities Webinar
OutSystems - Digital Realities Webinar
OutSystems
 
Training Webinar: Enterprise application performance with distributed caching
Training Webinar: Enterprise application performance with distributed cachingTraining Webinar: Enterprise application performance with distributed caching
Training Webinar: Enterprise application performance with distributed caching
OutSystems
 
Training Webinar: Fitting OutSystems applications into Enterprise Architecture
Training Webinar: Fitting OutSystems applications into Enterprise ArchitectureTraining Webinar: Fitting OutSystems applications into Enterprise Architecture
Training Webinar: Fitting OutSystems applications into Enterprise Architecture
OutSystems
 
Training Webinar: Top front-end techniques for OutSystems
Training Webinar: Top front-end techniques for OutSystems Training Webinar: Top front-end techniques for OutSystems
Training Webinar: Top front-end techniques for OutSystems
OutSystems
 
Training Webinar: From a bad to an awesome user experience - Training Webinar
Training Webinar: From a bad to an awesome user experience - Training WebinarTraining Webinar: From a bad to an awesome user experience - Training Webinar
Training Webinar: From a bad to an awesome user experience - Training Webinar
OutSystems
 
App Development Disrupted: Answers and results from the 2017 State Of App Dev...
App Development Disrupted: Answers and results from the 2017 State Of App Dev...App Development Disrupted: Answers and results from the 2017 State Of App Dev...
App Development Disrupted: Answers and results from the 2017 State Of App Dev...
OutSystems
 
Technical Webinar: By the (Play) Book: The Agile Practice at OutSystems
Technical Webinar: By the (Play) Book: The Agile Practice at OutSystemsTechnical Webinar: By the (Play) Book: The Agile Practice at OutSystems
Technical Webinar: By the (Play) Book: The Agile Practice at OutSystems
OutSystems
 
Application Lifetime Management
Application Lifetime ManagementApplication Lifetime Management
Application Lifetime Management
OutSystems Technical Knowledge
 
Security Webinar: Harden the Heart of Your WordPress SiteSe
Security Webinar: Harden the Heart of Your WordPress SiteSeSecurity Webinar: Harden the Heart of Your WordPress SiteSe
Security Webinar: Harden the Heart of Your WordPress SiteSe
WP Engine
 

Viewers also liked (16)

Sync or swim: the challenge of complex offline apps
Sync or swim: the challenge of complex offline appsSync or swim: the challenge of complex offline apps
Sync or swim: the challenge of complex offline apps
 
Training Webinars - Secret hacks for OutSystems 10
Training Webinars - Secret hacks for OutSystems 10Training Webinars - Secret hacks for OutSystems 10
Training Webinars - Secret hacks for OutSystems 10
 
Training Webinar: Enterprise application performance with server push technol...
Training Webinar: Enterprise application performance with server push technol...Training Webinar: Enterprise application performance with server push technol...
Training Webinar: Enterprise application performance with server push technol...
 
OutSystems - Bimodal Bakeoff
OutSystems - Bimodal Bakeoff OutSystems - Bimodal Bakeoff
OutSystems - Bimodal Bakeoff
 
Training Webinar - Wireframing made easy
Training Webinar - Wireframing made easyTraining Webinar - Wireframing made easy
Training Webinar - Wireframing made easy
 
OutSystems - Go Fast or Go Home
OutSystems - Go Fast or Go Home OutSystems - Go Fast or Go Home
OutSystems - Go Fast or Go Home
 
State of application development - 2017 research report
State of application development - 2017 research reportState of application development - 2017 research report
State of application development - 2017 research report
 
OutSystems - Digital Realities Webinar
OutSystems - Digital Realities WebinarOutSystems - Digital Realities Webinar
OutSystems - Digital Realities Webinar
 
Training Webinar: Enterprise application performance with distributed caching
Training Webinar: Enterprise application performance with distributed cachingTraining Webinar: Enterprise application performance with distributed caching
Training Webinar: Enterprise application performance with distributed caching
 
Training Webinar: Fitting OutSystems applications into Enterprise Architecture
Training Webinar: Fitting OutSystems applications into Enterprise ArchitectureTraining Webinar: Fitting OutSystems applications into Enterprise Architecture
Training Webinar: Fitting OutSystems applications into Enterprise Architecture
 
Training Webinar: Top front-end techniques for OutSystems
Training Webinar: Top front-end techniques for OutSystems Training Webinar: Top front-end techniques for OutSystems
Training Webinar: Top front-end techniques for OutSystems
 
Training Webinar: From a bad to an awesome user experience - Training Webinar
Training Webinar: From a bad to an awesome user experience - Training WebinarTraining Webinar: From a bad to an awesome user experience - Training Webinar
Training Webinar: From a bad to an awesome user experience - Training Webinar
 
App Development Disrupted: Answers and results from the 2017 State Of App Dev...
App Development Disrupted: Answers and results from the 2017 State Of App Dev...App Development Disrupted: Answers and results from the 2017 State Of App Dev...
App Development Disrupted: Answers and results from the 2017 State Of App Dev...
 
Technical Webinar: By the (Play) Book: The Agile Practice at OutSystems
Technical Webinar: By the (Play) Book: The Agile Practice at OutSystemsTechnical Webinar: By the (Play) Book: The Agile Practice at OutSystems
Technical Webinar: By the (Play) Book: The Agile Practice at OutSystems
 
Application Lifetime Management
Application Lifetime ManagementApplication Lifetime Management
Application Lifetime Management
 
Security Webinar: Harden the Heart of Your WordPress SiteSe
Security Webinar: Harden the Heart of Your WordPress SiteSeSecurity Webinar: Harden the Heart of Your WordPress SiteSe
Security Webinar: Harden the Heart of Your WordPress SiteSe
 

Similar to Training Webinar: Cover your bases - a security webinar

Secure coding guidelines
Secure coding guidelinesSecure coding guidelines
Secure coding guidelines
Zakaria SMAHI
 
Web Security Overview
Web Security OverviewWeb Security Overview
Web Security Overview
Noah Jaehnert
 
Ledingkart Meetup #3: Security Basics for Developers
Ledingkart Meetup #3: Security Basics for DevelopersLedingkart Meetup #3: Security Basics for Developers
Ledingkart Meetup #3: Security Basics for Developers
Mukesh Singh
 
SC-900 Concepts of Security, Compliance, and Identity
SC-900 Concepts of Security, Compliance, and IdentitySC-900 Concepts of Security, Compliance, and Identity
SC-900 Concepts of Security, Compliance, and Identity
FredBrandonAuthorMCP
 
The 5 Layers of Security Testing by Alan Koch
The 5 Layers of Security Testing by Alan KochThe 5 Layers of Security Testing by Alan Koch
The 5 Layers of Security Testing by Alan Koch
QA or the Highway
 
The 5 Layers of Security Testing by Alan Koch
The 5 Layers of Security Testing by Alan KochThe 5 Layers of Security Testing by Alan Koch
The 5 Layers of Security Testing by Alan Koch
QA or the Highway
 
Azure Fundamentals Part 3
Azure Fundamentals Part 3Azure Fundamentals Part 3
Azure Fundamentals Part 3
CCG
 
How to Test for The OWASP Top Ten
How to Test for The OWASP Top Ten How to Test for The OWASP Top Ten
How to Test for The OWASP Top Ten
Security Innovation
 
Solvay secure application layer v2015 seba
Solvay secure application layer v2015 sebaSolvay secure application layer v2015 seba
Solvay secure application layer v2015 seba
Sebastien Deleersnyder
 
Network security
Network securityNetwork security
Network security
Sri Manakula Vinayagar Engineering College
 
AW-Infs201101067.pptx
AW-Infs201101067.pptxAW-Infs201101067.pptx
AW-Infs201101067.pptx
AnonymousDevil2
 
Introduction to security testing raj
Introduction to security testing rajIntroduction to security testing raj
Introduction to security testing raj
Rajakrishnan S, MCA,MBA,MA Phil,PMP,CSM,ISTQB-Test Mgr,ITIL
 
2.1 Web Vulnerabilities.pptx
2.1 Web Vulnerabilities.pptx2.1 Web Vulnerabilities.pptx
2.1 Web Vulnerabilities.pptx
MiteshVyas16
 
Cortana Analytics Workshop: Cortana Analytics -- Security, Privacy & Compliance
Cortana Analytics Workshop: Cortana Analytics -- Security, Privacy & ComplianceCortana Analytics Workshop: Cortana Analytics -- Security, Privacy & Compliance
Cortana Analytics Workshop: Cortana Analytics -- Security, Privacy & Compliance
MSAdvAnalytics
 
CSS17: Houston - Azure Shared Security Model Overview
CSS17: Houston - Azure Shared Security Model OverviewCSS17: Houston - Azure Shared Security Model Overview
CSS17: Houston - Azure Shared Security Model Overview
Alert Logic
 
C01461422
C01461422C01461422
C01461422
IOSR Journals
 
Implementing an improved security for collin’s database and telecommuters
Implementing an improved security for collin’s database and telecommutersImplementing an improved security for collin’s database and telecommuters
Implementing an improved security for collin’s database and telecommuters
Rishabh Gupta
 
Cyber Security # Lec 5
Cyber Security # Lec 5Cyber Security # Lec 5
Cyber Security # Lec 5
Kabul Education University
 
7 Step Checklist for Web Application Security.pptx
7 Step Checklist for Web Application Security.pptx7 Step Checklist for Web Application Security.pptx
7 Step Checklist for Web Application Security.pptx
Probely
 
Web security uploadv1
Web security uploadv1Web security uploadv1
Web security uploadv1
Setia Juli Irzal Ismail
 

Similar to Training Webinar: Cover your bases - a security webinar (20)

Secure coding guidelines
Secure coding guidelinesSecure coding guidelines
Secure coding guidelines
 
Web Security Overview
Web Security OverviewWeb Security Overview
Web Security Overview
 
Ledingkart Meetup #3: Security Basics for Developers
Ledingkart Meetup #3: Security Basics for DevelopersLedingkart Meetup #3: Security Basics for Developers
Ledingkart Meetup #3: Security Basics for Developers
 
SC-900 Concepts of Security, Compliance, and Identity
SC-900 Concepts of Security, Compliance, and IdentitySC-900 Concepts of Security, Compliance, and Identity
SC-900 Concepts of Security, Compliance, and Identity
 
The 5 Layers of Security Testing by Alan Koch
The 5 Layers of Security Testing by Alan KochThe 5 Layers of Security Testing by Alan Koch
The 5 Layers of Security Testing by Alan Koch
 
The 5 Layers of Security Testing by Alan Koch
The 5 Layers of Security Testing by Alan KochThe 5 Layers of Security Testing by Alan Koch
The 5 Layers of Security Testing by Alan Koch
 
Azure Fundamentals Part 3
Azure Fundamentals Part 3Azure Fundamentals Part 3
Azure Fundamentals Part 3
 
How to Test for The OWASP Top Ten
How to Test for The OWASP Top Ten How to Test for The OWASP Top Ten
How to Test for The OWASP Top Ten
 
Solvay secure application layer v2015 seba
Solvay secure application layer v2015 sebaSolvay secure application layer v2015 seba
Solvay secure application layer v2015 seba
 
Network security
Network securityNetwork security
Network security
 
AW-Infs201101067.pptx
AW-Infs201101067.pptxAW-Infs201101067.pptx
AW-Infs201101067.pptx
 
Introduction to security testing raj
Introduction to security testing rajIntroduction to security testing raj
Introduction to security testing raj
 
2.1 Web Vulnerabilities.pptx
2.1 Web Vulnerabilities.pptx2.1 Web Vulnerabilities.pptx
2.1 Web Vulnerabilities.pptx
 
Cortana Analytics Workshop: Cortana Analytics -- Security, Privacy & Compliance
Cortana Analytics Workshop: Cortana Analytics -- Security, Privacy & ComplianceCortana Analytics Workshop: Cortana Analytics -- Security, Privacy & Compliance
Cortana Analytics Workshop: Cortana Analytics -- Security, Privacy & Compliance
 
CSS17: Houston - Azure Shared Security Model Overview
CSS17: Houston - Azure Shared Security Model OverviewCSS17: Houston - Azure Shared Security Model Overview
CSS17: Houston - Azure Shared Security Model Overview
 
C01461422
C01461422C01461422
C01461422
 
Implementing an improved security for collin’s database and telecommuters
Implementing an improved security for collin’s database and telecommutersImplementing an improved security for collin’s database and telecommuters
Implementing an improved security for collin’s database and telecommuters
 
Cyber Security # Lec 5
Cyber Security # Lec 5Cyber Security # Lec 5
Cyber Security # Lec 5
 
7 Step Checklist for Web Application Security.pptx
7 Step Checklist for Web Application Security.pptx7 Step Checklist for Web Application Security.pptx
7 Step Checklist for Web Application Security.pptx
 
Web security uploadv1
Web security uploadv1Web security uploadv1
Web security uploadv1
 

More from OutSystems

Innovating at the Speed of Business in the High-Bandwidth World of Digital Media
Innovating at the Speed of Business in the High-Bandwidth World of Digital MediaInnovating at the Speed of Business in the High-Bandwidth World of Digital Media
Innovating at the Speed of Business in the High-Bandwidth World of Digital Media
OutSystems
 
Beyond “Location”: Informing Real-Estate Decisions Through Innovative Technology
Beyond “Location”: Informing Real-Estate Decisions Through Innovative TechnologyBeyond “Location”: Informing Real-Estate Decisions Through Innovative Technology
Beyond “Location”: Informing Real-Estate Decisions Through Innovative Technology
OutSystems
 
Beyond Digital Transformation: A Mandate for Disruptive Innovation in the Age...
Beyond Digital Transformation: A Mandate for Disruptive Innovation in the Age...Beyond Digital Transformation: A Mandate for Disruptive Innovation in the Age...
Beyond Digital Transformation: A Mandate for Disruptive Innovation in the Age...
OutSystems
 
From Core Systems to Mobile Apps: Digital Transformation from the Inside-Out
From Core Systems to Mobile Apps: Digital Transformation from the Inside-OutFrom Core Systems to Mobile Apps: Digital Transformation from the Inside-Out
From Core Systems to Mobile Apps: Digital Transformation from the Inside-Out
OutSystems
 
Orchestrating the Art of the Impossible Using Low-Code to Automate Manual Wor...
Orchestrating the Art of the Impossible Using Low-Code to Automate Manual Wor...Orchestrating the Art of the Impossible Using Low-Code to Automate Manual Wor...
Orchestrating the Art of the Impossible Using Low-Code to Automate Manual Wor...
OutSystems
 
Fast and Furious: Modernizing Clinical Application
Fast and Furious: Modernizing Clinical ApplicationFast and Furious: Modernizing Clinical Application
Fast and Furious: Modernizing Clinical Application
OutSystems
 
What Is Light BPT and How Can You Use it for Parallel Processing?
What Is Light BPT and How Can You Use it for Parallel Processing?What Is Light BPT and How Can You Use it for Parallel Processing?
What Is Light BPT and How Can You Use it for Parallel Processing?
OutSystems
 
Enrich Visually Google Map Information With Layers
Enrich Visually Google Map Information With LayersEnrich Visually Google Map Information With Layers
Enrich Visually Google Map Information With Layers
OutSystems
 
Using Processes and Timers for Long-Running Asynchronous Tasks
Using Processes and Timers for Long-Running Asynchronous TasksUsing Processes and Timers for Long-Running Asynchronous Tasks
Using Processes and Timers for Long-Running Asynchronous Tasks
OutSystems
 
Unattended OutSystems Installation
Unattended OutSystems InstallationUnattended OutSystems Installation
Unattended OutSystems Installation
OutSystems
 
The 4-Layer Architecture in Practice
The 4-Layer Architecture in PracticeThe 4-Layer Architecture in Practice
The 4-Layer Architecture in Practice
OutSystems
 
Speed up Development by Turning Web Blocks Into First-Class Citizens
Speed up Development by Turning Web Blocks Into First-Class CitizensSpeed up Development by Turning Web Blocks Into First-Class Citizens
Speed up Development by Turning Web Blocks Into First-Class Citizens
OutSystems
 
Service Actions
Service ActionsService Actions
Service Actions
OutSystems
 
Responsive Ui with Realtime Database
Responsive Ui with Realtime DatabaseResponsive Ui with Realtime Database
Responsive Ui with Realtime Database
OutSystems
 
Reactive Web Best Practices
Reactive Web Best PracticesReactive Web Best Practices
Reactive Web Best Practices
OutSystems
 
RADS - Rapid Application Design Sprint
RADS - Rapid Application Design SprintRADS - Rapid Application Design Sprint
RADS - Rapid Application Design Sprint
OutSystems
 
Pragmatic Innovation
Pragmatic InnovationPragmatic Innovation
Pragmatic Innovation
OutSystems
 
Troubleshooting Dashboard Performance
Troubleshooting Dashboard PerformanceTroubleshooting Dashboard Performance
Troubleshooting Dashboard Performance
OutSystems
 
OutSystems Tips and Tricks
OutSystems Tips and TricksOutSystems Tips and Tricks
OutSystems Tips and Tricks
OutSystems
 
No API? No Problem! Let the Robot Do Your Work! Web Scraping and Automation W...
No API? No Problem! Let the Robot Do Your Work! Web Scraping and Automation W...No API? No Problem! Let the Robot Do Your Work! Web Scraping and Automation W...
No API? No Problem! Let the Robot Do Your Work! Web Scraping and Automation W...
OutSystems
 

More from OutSystems (20)

Innovating at the Speed of Business in the High-Bandwidth World of Digital Media
Innovating at the Speed of Business in the High-Bandwidth World of Digital MediaInnovating at the Speed of Business in the High-Bandwidth World of Digital Media
Innovating at the Speed of Business in the High-Bandwidth World of Digital Media
 
Beyond “Location”: Informing Real-Estate Decisions Through Innovative Technology
Beyond “Location”: Informing Real-Estate Decisions Through Innovative TechnologyBeyond “Location”: Informing Real-Estate Decisions Through Innovative Technology
Beyond “Location”: Informing Real-Estate Decisions Through Innovative Technology
 
Beyond Digital Transformation: A Mandate for Disruptive Innovation in the Age...
Beyond Digital Transformation: A Mandate for Disruptive Innovation in the Age...Beyond Digital Transformation: A Mandate for Disruptive Innovation in the Age...
Beyond Digital Transformation: A Mandate for Disruptive Innovation in the Age...
 
From Core Systems to Mobile Apps: Digital Transformation from the Inside-Out
From Core Systems to Mobile Apps: Digital Transformation from the Inside-OutFrom Core Systems to Mobile Apps: Digital Transformation from the Inside-Out
From Core Systems to Mobile Apps: Digital Transformation from the Inside-Out
 
Orchestrating the Art of the Impossible Using Low-Code to Automate Manual Wor...
Orchestrating the Art of the Impossible Using Low-Code to Automate Manual Wor...Orchestrating the Art of the Impossible Using Low-Code to Automate Manual Wor...
Orchestrating the Art of the Impossible Using Low-Code to Automate Manual Wor...
 
Fast and Furious: Modernizing Clinical Application
Fast and Furious: Modernizing Clinical ApplicationFast and Furious: Modernizing Clinical Application
Fast and Furious: Modernizing Clinical Application
 
What Is Light BPT and How Can You Use it for Parallel Processing?
What Is Light BPT and How Can You Use it for Parallel Processing?What Is Light BPT and How Can You Use it for Parallel Processing?
What Is Light BPT and How Can You Use it for Parallel Processing?
 
Enrich Visually Google Map Information With Layers
Enrich Visually Google Map Information With LayersEnrich Visually Google Map Information With Layers
Enrich Visually Google Map Information With Layers
 
Using Processes and Timers for Long-Running Asynchronous Tasks
Using Processes and Timers for Long-Running Asynchronous TasksUsing Processes and Timers for Long-Running Asynchronous Tasks
Using Processes and Timers for Long-Running Asynchronous Tasks
 
Unattended OutSystems Installation
Unattended OutSystems InstallationUnattended OutSystems Installation
Unattended OutSystems Installation
 
The 4-Layer Architecture in Practice
The 4-Layer Architecture in PracticeThe 4-Layer Architecture in Practice
The 4-Layer Architecture in Practice
 
Speed up Development by Turning Web Blocks Into First-Class Citizens
Speed up Development by Turning Web Blocks Into First-Class CitizensSpeed up Development by Turning Web Blocks Into First-Class Citizens
Speed up Development by Turning Web Blocks Into First-Class Citizens
 
Service Actions
Service ActionsService Actions
Service Actions
 
Responsive Ui with Realtime Database
Responsive Ui with Realtime DatabaseResponsive Ui with Realtime Database
Responsive Ui with Realtime Database
 
Reactive Web Best Practices
Reactive Web Best PracticesReactive Web Best Practices
Reactive Web Best Practices
 
RADS - Rapid Application Design Sprint
RADS - Rapid Application Design SprintRADS - Rapid Application Design Sprint
RADS - Rapid Application Design Sprint
 
Pragmatic Innovation
Pragmatic InnovationPragmatic Innovation
Pragmatic Innovation
 
Troubleshooting Dashboard Performance
Troubleshooting Dashboard PerformanceTroubleshooting Dashboard Performance
Troubleshooting Dashboard Performance
 
OutSystems Tips and Tricks
OutSystems Tips and TricksOutSystems Tips and Tricks
OutSystems Tips and Tricks
 
No API? No Problem! Let the Robot Do Your Work! Web Scraping and Automation W...
No API? No Problem! Let the Robot Do Your Work! Web Scraping and Automation W...No API? No Problem! Let the Robot Do Your Work! Web Scraping and Automation W...
No API? No Problem! Let the Robot Do Your Work! Web Scraping and Automation W...
 

Recently uploaded

FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdfFIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance
 
Essentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with ParametersEssentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with Parameters
Safe Software
 
Connector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a buttonConnector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a button
DianaGray10
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
Alan Dix
 
When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...
Elena Simperl
 
Leading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdfLeading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdf
OnBoard
 
How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...
Product School
 
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 previewState of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
Prayukth K V
 
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
DanBrown980551
 
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
James Anderson
 
UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4
DianaGray10
 
ODC, Data Fabric and Architecture User Group
ODC, Data Fabric and Architecture User GroupODC, Data Fabric and Architecture User Group
ODC, Data Fabric and Architecture User Group
CatarinaPereira64715
 
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdfFIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance
 
JMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and GrafanaJMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and Grafana
RTTS
 
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
Product School
 
Accelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish CachingAccelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish Caching
Thijs Feryn
 
"Impact of front-end architecture on development cost", Viktor Turskyi
"Impact of front-end architecture on development cost", Viktor Turskyi"Impact of front-end architecture on development cost", Viktor Turskyi
"Impact of front-end architecture on development cost", Viktor Turskyi
Fwdays
 
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Thierry Lestable
 
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMsTo Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
Paul Groth
 
Neuro-symbolic is not enough, we need neuro-*semantic*
Neuro-symbolic is not enough, we need neuro-*semantic*Neuro-symbolic is not enough, we need neuro-*semantic*
Neuro-symbolic is not enough, we need neuro-*semantic*
Frank van Harmelen
 

Recently uploaded (20)

FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdfFIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
 
Essentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with ParametersEssentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with Parameters
 
Connector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a buttonConnector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a button
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
 
When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...
 
Leading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdfLeading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdf
 
How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...
 
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 previewState of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
 
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
 
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
 
UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4
 
ODC, Data Fabric and Architecture User Group
ODC, Data Fabric and Architecture User GroupODC, Data Fabric and Architecture User Group
ODC, Data Fabric and Architecture User Group
 
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdfFIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
 
JMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and GrafanaJMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and Grafana
 
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
 
Accelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish CachingAccelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish Caching
 
"Impact of front-end architecture on development cost", Viktor Turskyi
"Impact of front-end architecture on development cost", Viktor Turskyi"Impact of front-end architecture on development cost", Viktor Turskyi
"Impact of front-end architecture on development cost", Viktor Turskyi
 
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
 
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMsTo Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
 
Neuro-symbolic is not enough, we need neuro-*semantic*
Neuro-symbolic is not enough, we need neuro-*semantic*Neuro-symbolic is not enough, we need neuro-*semantic*
Neuro-symbolic is not enough, we need neuro-*semantic*
 

Training Webinar: Cover your bases - a security webinar

  • 1. Cover Your Bases A Security Webinar
  • 2. Ivo Gonçalves Platform Operations Expert Services ivo.goncalves@outsystems.com https://www.linkedin.com/in/ivomgoncalves Paulo Costa Platform Operations Expert Services paulo.costa@outsystems.com https://www.linkedin.com/in/pauloalex
  • 3. Agenda • What is IT security? • Layered security. • Secure your infrastructure and your application with OutSystems recommendations: ○ 7 common vulnerabilities. ■ Vulnerability explanation and mitigation.
  • 4. What is IT security? “IT Security is the process of implementing measures and systems designed to securely protect and safeguard information (...) against any unauthorized access, misuse, malfunction, modification, destruction, or improper disclosure (...)” Sans Institute Confidentiality Availability Integrity CIA Triad Confidentiality Prevent unauthorized parties to access the information. Integrity Prevent data manipulation and deletion by unauthorized parties. Availability Information is always available to authorized parties.
  • 5. Layered security “Layered security combines multiple security measures to make sure that you don't have all your security eggs in one basket. This protects you from different sources and different types of threats.” Fortinet blog, 14 January 2014 Application Application Servers Systems and Network Development practices Security configurations deployed in the surrounding infrastructure Security configurations deployed in the application servers
  • 6. Security and OutSystems ● Generated code is subject of advanced vulnerability scanning. ○ OutSystems applications are mostly secure. ● Exploits on user code can still be present. ● Application Servers and Systems and Network layers may have vulnerabilities. ● No system is 100% secure.
  • 7. Security assessment Improve your applications security
  • 9. Description Open communication channels • Information exchanged in plain text. • Network monitoring: ○ Eavesdropping and tampering.
  • 11. Mitigation — HTTPS Application Server Layer • Acquire a digital certificate. • Configure your application server to support HTTPS. • Disable SSL 2.0 and 3.0. • Prevent BEAST attacks. • Mobile requires valid and trusted certificates.
  • 12. • Enforce HSTS headers. Mitigation — HTTPS Application Server Layer Service Center Lifetime
  • 13. • HTTPS for all screens and integrations. Mitigation — HTTPS Application Server Layer Service Center Lifetime
  • 14. • HTTPS for all screens and integrations. Mitigation — HTTPS Application Layer Web Screens Integrations Web Flows
  • 15. 2) Session cookies without “secure” flag
  • 16. Description Session cookie without “secure” flag • Session cookies transmitted in plain text: ○ E.g. Session ID. • Session hijack.
  • 17. Mitigation — Secure Session Cookies Application Layer • Set ‘secure’ flag for session cookies. ○ Factory Configuration.
  • 19. Description Session Fixation • Session ID doesn’t change. • Session hijack.
  • 20. Mitigation — Session Fixation Application Layer • Implement Token-based authentication and session ID regeneration.
  • 22. Description Injection/Code injection • Application handles untrusted data poorly. • Application allows relaying malicious code to other systems (e.g. SQL Injection). • Application allows injecting code that is then interpreted/executed (e.g. XSS, HTML injection).
  • 23. Mitigation — Injection/Code Injection Application Layer • Escape content. • Encode/Sanitize content. • Mobile apps escape all inputted content.
  • 25. Description Open redirect • AKA Unvalidated Redirects and Forwards. • Application allows redirect requests to an untrusted URL. • Commonly used for phishing attacks.
  • 26. Mitigation — Open Redirect Application Layer • Don’t use dynamic URL redirects from input. • If you do, use built-in functions: ○ ReplaceURLDomain • If you need to redirect to other domains, check the input URL against a whitelist.
  • 27. 6) Sensitive user forms with autocomplete
  • 28. Description Sensitive user forms with autocomplete • User forms cache sensitive information (e.g. credit card number, email, etc). • Allows retrieving previously used data.
  • 29. Mitigation — Sensitive Information User Forms Application Layer • Disable autocomplete for sensitive user forms.
  • 31. Description User enumeration • Application reveals if the username exists. • Dictionary attack. • OutSystems 10 has built-in brute force login protection.
  • 32. Mitigation — User Enumeration Application Layer • Display generic messages. • Update the code that reveals user information.
  • 33. OWASP 10 Matrix OWASP Reference Webinar Reference A1 Injection 4) Injections A2 Broken Authentication and Session Management 1) Open communication channels 2) Session cookies without “secure” flag 3) Session fixation A3 Cross-Site Scripting 4) Injections A6 Sensitive Data Exposure 6) Sensitive user forms with autocomplete 7) User Enumeration A10 Unvalidated Redirects and Forward 5) Open redirect