A penetration test evaluates a system's security by simulating attacks. A web application penetration test focuses on a web application's security. The process involves actively analyzing the application for weaknesses, flaws, or vulnerabilities. Any issues found are reported to the owner along with impact assessments and mitigation proposals.
The document discusses vulnerability assessment and penetration testing (VAPT). It defines vulnerability assessment as systematically finding security issues in a network or system through scanning, and penetration testing as exploiting vulnerabilities to prove they can cause damage. The document outlines the types of VAPT testing, steps in the process, common tools used like Nmap and ZAP, and top vulnerabilities like SQL injection and XSS. It provides examples of specific vulnerabilities found like outdated themes and XML-RPC access, and their potential impacts and solutions.
Synopsis:
The Internal Penetration Test: The Hitchhackers Guide to Discovering Sensitive Information is my research as a Penetration Tester looking at tactics, techniques, and procedures (TTPs) to get at how threat actors (criminals) discover sensitive data post exploitation.
The presentation is designed to encourage security professionals to discover where sensitive data resides within their organization to prevent potential information security incidents and continue to develop a culture of security awareness.
Join Darin Fredde as he presents his talk "Internal Penetration Test: Hitchhacker's Guide to Discovering Sensitive Information". Darin gets to the heart of what is most important in penetration tests, sensitive information. Too often the deliverables on a pentest are running scanners, performing exploits, and providing findings in a report.
Penetration testers sometime focus on getting a reverse shell, privilege escalation, or, single-purpose objectives to gain domain admin. The best tactic for protecting sensitive data is by testing threat actors’ ability to locate and exfiltration data. Therefore, an organization must consider a capability driven security assessment or penetration tests which the focus is on what cybercriminals want most your non-public information.
Reference:
So, How Secure Is Your Sensitive Data in SharePoint? | The .... https://thecybersecurityplace.com/secure-sensitive-data-sharepoint/
This document discusses security challenges in the cloud and Alert Logic's approach to addressing them. It begins by outlining various security services needed in the cloud like monitoring, scanning, and access management. It then describes a hypothetical attack scenario against a web application to illustrate how an attacker may progress from reconnaissance to gaining a persistent foothold. It evaluates what security tools would provide visibility into each stage of the attack. The document concludes by describing Alert Logic's integrated security model which combines infrastructure and application threat visibility, security analytics, and human experts to detect threats across cloud, hosted, and on-premises environments.
The document provides information on vulnerability assessment and penetration testing. It defines vulnerability assessment as a systematic approach to finding security issues in a network or system through manual and automated scanning. Penetration testing involves exploring and exploiting any vulnerabilities that are found to confirm their existence and potential damage. The document outlines the types of testing as blackbox, graybox, and whitebox. It also lists some common tools used for testing like Nmap, ZAP, Nikto, WPScan, and HostedScan. Finally, it provides examples of specific vulnerabilities found and their solutions, such as outdated themes/plugins, backup files being accessible, and SQL injection issues.
The document provides guidelines for secure coding. It discusses the evolution of software markets and increased security threats. Common web attacks like injection, broken authentication, and sensitive data exposure are explained. The OWASP Top 10 list of vulnerabilities is reviewed. The document emphasizes the importance of secure coding practices like input validation, output encoding, and using components with no known vulnerabilities. Following a secure coding lifestyle can help developers write more secure code and protect against attacks.
Realities of Security in the Cloud - CSS ATX 2017Alert Logic
This document discusses security in the cloud and describes Alert Logic's approach to cloud security. It provides an example attack scenario on a classic 3-tier web application and assesses Alert Logic's capabilities in detecting each step of the attack. These include reconnaissance, entry/data exfiltration, command and control, and establishing a persistent foothold. The document outlines how Alert Logic provides asset visibility, network inspection, deep HTTP inspection, and integrated security experts to provide deep threat visibility and coverage across the infrastructure.
A penetration test evaluates a system's security by simulating attacks. A web application penetration test focuses on a web application's security. The process involves actively analyzing the application for weaknesses, flaws, or vulnerabilities. Any issues found are reported to the owner along with impact assessments and mitigation proposals.
The document discusses vulnerability assessment and penetration testing (VAPT). It defines vulnerability assessment as systematically finding security issues in a network or system through scanning, and penetration testing as exploiting vulnerabilities to prove they can cause damage. The document outlines the types of VAPT testing, steps in the process, common tools used like Nmap and ZAP, and top vulnerabilities like SQL injection and XSS. It provides examples of specific vulnerabilities found like outdated themes and XML-RPC access, and their potential impacts and solutions.
Synopsis:
The Internal Penetration Test: The Hitchhackers Guide to Discovering Sensitive Information is my research as a Penetration Tester looking at tactics, techniques, and procedures (TTPs) to get at how threat actors (criminals) discover sensitive data post exploitation.
The presentation is designed to encourage security professionals to discover where sensitive data resides within their organization to prevent potential information security incidents and continue to develop a culture of security awareness.
Join Darin Fredde as he presents his talk "Internal Penetration Test: Hitchhacker's Guide to Discovering Sensitive Information". Darin gets to the heart of what is most important in penetration tests, sensitive information. Too often the deliverables on a pentest are running scanners, performing exploits, and providing findings in a report.
Penetration testers sometime focus on getting a reverse shell, privilege escalation, or, single-purpose objectives to gain domain admin. The best tactic for protecting sensitive data is by testing threat actors’ ability to locate and exfiltration data. Therefore, an organization must consider a capability driven security assessment or penetration tests which the focus is on what cybercriminals want most your non-public information.
Reference:
So, How Secure Is Your Sensitive Data in SharePoint? | The .... https://thecybersecurityplace.com/secure-sensitive-data-sharepoint/
This document discusses security challenges in the cloud and Alert Logic's approach to addressing them. It begins by outlining various security services needed in the cloud like monitoring, scanning, and access management. It then describes a hypothetical attack scenario against a web application to illustrate how an attacker may progress from reconnaissance to gaining a persistent foothold. It evaluates what security tools would provide visibility into each stage of the attack. The document concludes by describing Alert Logic's integrated security model which combines infrastructure and application threat visibility, security analytics, and human experts to detect threats across cloud, hosted, and on-premises environments.
The document provides information on vulnerability assessment and penetration testing. It defines vulnerability assessment as a systematic approach to finding security issues in a network or system through manual and automated scanning. Penetration testing involves exploring and exploiting any vulnerabilities that are found to confirm their existence and potential damage. The document outlines the types of testing as blackbox, graybox, and whitebox. It also lists some common tools used for testing like Nmap, ZAP, Nikto, WPScan, and HostedScan. Finally, it provides examples of specific vulnerabilities found and their solutions, such as outdated themes/plugins, backup files being accessible, and SQL injection issues.
The document provides guidelines for secure coding. It discusses the evolution of software markets and increased security threats. Common web attacks like injection, broken authentication, and sensitive data exposure are explained. The OWASP Top 10 list of vulnerabilities is reviewed. The document emphasizes the importance of secure coding practices like input validation, output encoding, and using components with no known vulnerabilities. Following a secure coding lifestyle can help developers write more secure code and protect against attacks.
Realities of Security in the Cloud - CSS ATX 2017Alert Logic
This document discusses security in the cloud and describes Alert Logic's approach to cloud security. It provides an example attack scenario on a classic 3-tier web application and assesses Alert Logic's capabilities in detecting each step of the attack. These include reconnaissance, entry/data exfiltration, command and control, and establishing a persistent foothold. The document outlines how Alert Logic provides asset visibility, network inspection, deep HTTP inspection, and integrated security experts to provide deep threat visibility and coverage across the infrastructure.
Security Testing Approach for Web Application Testing.pdfAmeliaJonas2
There are numerous web security testing tools available to aid in the process. One such tool is Astra's Pentest Solution. Astra offers a comprehensive suite of Security Testing Services, including vulnerability scanning, penetration testing, and code reviews. It provides automated scanning and analysis of web applications to identify vulnerabilities and suggest remediation measures.
The document discusses security challenges in cloud computing and provides an overview of Alert Logic's security solutions. It begins by noting that security is a challenge that has changed with the cloud model introducing shared responsibility. It then provides examples of security services Alert Logic offers across various areas like access management, patching, monitoring, and network threat detection. The document uses an example attack scenario to illustrate how an attacker may perform reconnaissance, exploit vulnerabilities like path traversal and remote file inclusion, extract data through SQL injection, establish command and control through a webshell, and the visibility different parts of Alert Logic's solution would provide at each stage. It argues integrated solutions covering assets, vulnerabilities, network, and application layers are needed for full threat visibility and coverage.
The document provides information about the Certified Computer Security Analyst (CCSA) program and training. It discusses the trainer, Semi Yulianto's qualifications and experience working with various security training and consulting organizations. It also lists some of the key topics covered in the CCSA training program, including vulnerabilities assessment, penetration testing methodology, security tools, and investigating vulnerabilities.
Using Analyzers to Resolve Security Problemskiansahafi
in this presentation i took a project and used an analyzer(e.g. SonarQube) to detect the security issues with it and reported a the result and after resolving most of those problems i used the same analyzer to get another report and in the process showed how to use such analyzers to detect security issues in the web applications
This document discusses penetration testing, which involves hunting for security vulnerabilities in software. Penetration testing is important because software can have flaws exploited despite performing as specified. The document outlines approaches to penetration testing like acting as an outsider, insider with limited privileges, or insider with full access. It also discusses creating a security testing project including threat modeling, test plans, cases, and postmortems. The goal of penetration testing is to identify vulnerabilities before attackers can exploit them.
A set of good practices in a Liferay project following some of the OWASP Top 10 Web Application Security Risks recommendations.
The slides were used in a meetup of the Liferay User Group Spain.
Follow @LUGSpain in twitter
Author: @jajcampoy
The document discusses web application security testing techniques. It covers topics like the difference between web sites and applications, security definitions, vulnerabilities like SQL injection and XSS, defense mechanisms, and tools for security testing like Burp Suite. The agenda includes discussing concepts, designing test cases, and practicing security testing techniques manually and using automated tools.
The document discusses various web security attacks and solutions. It begins by noting that developers often focus on features and speed of development over security, leaving vulnerabilities. The top 10 web application attacks are then listed: injection, broken authentication, cross-site scripting, insecure direct object references, security misconfiguration, sensitive data exposure, missing access controls, cross-site request forgery, use of known vulnerable components, and unvalidated redirects/forwards. The document then provides more details on injection attacks like SQL injection and command injection, as well as cross-site scripting and cross-site request forgery attacks. Prevention techniques for these common attacks are also discussed.
This document summarizes the results of 376 penetration tests conducted over the past year across various sectors. It finds that common external vulnerabilities included the absence of two-factor authentication (68%), file upload facilities (33%), and cross-site scripting (23%). Common internal network vulnerabilities included weak passwords (66%), missing patches (56%), default credentials (47%), and default SNMP strings (44%). The document provides details on the impact and fixes for each vulnerability.
Preventing Supply Chain Attacks on Open Source SoftwareAll Things Open
Supply chain attacks on open source software increased 650% in 2021. Software supply chain attacks occur when adversaries manipulate third-party code to compromise downstream applications. Organizations must map dependencies, monitor for vulnerabilities, and quickly patch issues. A Software Bill of Materials (SBOM) provides visibility into components. OWASP Dependency Track helps generate SBOMs and identify vulnerabilities and license risks in dependencies. Implementing standards like the Supply Levels for Software Artifacts (SLSA) can help secure software supply chains and prevent tampering of artifacts.
Avoiding Application Attacks: A Guide to Preventing the OWASP Top 10 from Hap...IBM Security
View the on-demand recording: http://securityintelligence.com/events/avoiding-application-attacks/
Your organization is running fast to build your business. You are developing new applications faster than ever and utilizing new cloud-based development platforms. Your customers and employees expect applications that are powerful, highly usable, and secure. Yet this need for speed coupled with new development techniques is increasing the likelihood of security issues.
How can you meet the needs of speed to market with security? Hear Paul Ionescu, IBM Security, Ethical Hacking Team Lead discuss:
- How application attacks work
- Open Web Application Security Project (OWASP) goals
- How to build defenses into your applications
- The 10 most common web application attacks, including demos of the infamous Shellshock and Heartbleed vulnerabilities
- How to test for and prevent these types of threats
Application Security Vulnerabilities: OWASP Top 10 -2007Vaibhav Gupta
General concepts of web application security vulnerabilities primarily based on OWASP Top 10 list-2007(I know its too old :-))
I, along with Sandeep and Vishal, presented on this at IIIT-Delhi college in April, 2014
Affrontare la sicurezza di una web application è uno dei compiti più difficili che uno sviluppatore deve considerare durante le fasi di sviluppo ed integrazione di un software o di un semplice sito web.
Le minacce presenti sul web sono sempre più numerose e ricercare vulnerabilità e metodi di attacco diventa sempre più semplice, anche per i meno esperti.
Il talk mira a fornire indicazioni utili per cercare di evitare al massimo attacchi sulle proprie applicazioni, analizzando le principali vulnerabilità dei più famosi progetti Open Source.
ENPM808 Independent Study Final Report - amaster 2019Alexander Master
Research involving commonly exploited web application functionality, with analysis of the threats at the application, network, and protocol levels. Provided demonstrations of the exploits, as well as proposed detection techniques using open source tools
Website security is a critical issue that needs to be considered in the web, in order to run your online business healthy and
smoothly. It is very difficult situation when security of website is compromised when a brute force or other kind of attacker attacks on
your web creation. It not only consume all your resources but create heavy log dumps on the server which causes your website stop
working.
Recent studies have suggested some backup and recovery modules that should be installed into your website which can take timely
backups of your website to 3rd party servers which are not under the scope of attacker. The Study also suggested different type of
recovery methods such as incremental backups, decremental backups, differential backups and remote backup.
Moreover these studies also suggested that Rsync is used to reduce the transferred data efficiently. The experimental results show
that the remote backup and recovery system can work fast and it can meet the requirements of website protection. The automatic backup
and recovery system for Web site not only plays an important role in the web defence system but also is the last line for disaster
recovery.
This paper suggests different kind of approaches that can be incorporated in the WordPress CMS to make it healthy, secure and
prepared web attacks. The paper suggests various possibilities of the attacks that can be made on CMS and some of the possible
solutions as well as preventive mechanisms.
Some of the proposed security measures –
1. Secret login screen
2. Blocking bad boats
3. Changing db. prefixes
4. Protecting configuration files
5. 2 factor security
6. Flight mode in Web Servers
7. Protecting htaccess file itself
8. Detecting vulnerabilities
9. Unauthorized access made to the system checker
However, this is to be done by balancing the trade-off between website security and backup recovery modules of a website, as measures
taken to secure web page should not affect the user‟s experience and recovery modules
+ Background & Basics of Web App Security, The HTTP Protocol, Web.
+ Application Insecurities, OWASP Top 10 Vulnerabilities (XSS, SQL Injection, CSRF, etc.)
+ Web App Security Tools (Scanners, Fuzzers, etc), Remediation of Web App
+ Vulnerabilities, Web Application Audits and Risk Assessment.
Web Application Security 101 was conducted by:
Vaibhav Gupta, Vishal Ashtana, Sandeep Singh from Null.
Security Testing Approach for Web Application Testing.pdfAmeliaJonas2
There are numerous web security testing tools available to aid in the process. One such tool is Astra's Pentest Solution. Astra offers a comprehensive suite of Security Testing Services, including vulnerability scanning, penetration testing, and code reviews. It provides automated scanning and analysis of web applications to identify vulnerabilities and suggest remediation measures.
The document discusses security challenges in cloud computing and provides an overview of Alert Logic's security solutions. It begins by noting that security is a challenge that has changed with the cloud model introducing shared responsibility. It then provides examples of security services Alert Logic offers across various areas like access management, patching, monitoring, and network threat detection. The document uses an example attack scenario to illustrate how an attacker may perform reconnaissance, exploit vulnerabilities like path traversal and remote file inclusion, extract data through SQL injection, establish command and control through a webshell, and the visibility different parts of Alert Logic's solution would provide at each stage. It argues integrated solutions covering assets, vulnerabilities, network, and application layers are needed for full threat visibility and coverage.
The document provides information about the Certified Computer Security Analyst (CCSA) program and training. It discusses the trainer, Semi Yulianto's qualifications and experience working with various security training and consulting organizations. It also lists some of the key topics covered in the CCSA training program, including vulnerabilities assessment, penetration testing methodology, security tools, and investigating vulnerabilities.
Using Analyzers to Resolve Security Problemskiansahafi
in this presentation i took a project and used an analyzer(e.g. SonarQube) to detect the security issues with it and reported a the result and after resolving most of those problems i used the same analyzer to get another report and in the process showed how to use such analyzers to detect security issues in the web applications
This document discusses penetration testing, which involves hunting for security vulnerabilities in software. Penetration testing is important because software can have flaws exploited despite performing as specified. The document outlines approaches to penetration testing like acting as an outsider, insider with limited privileges, or insider with full access. It also discusses creating a security testing project including threat modeling, test plans, cases, and postmortems. The goal of penetration testing is to identify vulnerabilities before attackers can exploit them.
A set of good practices in a Liferay project following some of the OWASP Top 10 Web Application Security Risks recommendations.
The slides were used in a meetup of the Liferay User Group Spain.
Follow @LUGSpain in twitter
Author: @jajcampoy
The document discusses web application security testing techniques. It covers topics like the difference between web sites and applications, security definitions, vulnerabilities like SQL injection and XSS, defense mechanisms, and tools for security testing like Burp Suite. The agenda includes discussing concepts, designing test cases, and practicing security testing techniques manually and using automated tools.
The document discusses various web security attacks and solutions. It begins by noting that developers often focus on features and speed of development over security, leaving vulnerabilities. The top 10 web application attacks are then listed: injection, broken authentication, cross-site scripting, insecure direct object references, security misconfiguration, sensitive data exposure, missing access controls, cross-site request forgery, use of known vulnerable components, and unvalidated redirects/forwards. The document then provides more details on injection attacks like SQL injection and command injection, as well as cross-site scripting and cross-site request forgery attacks. Prevention techniques for these common attacks are also discussed.
This document summarizes the results of 376 penetration tests conducted over the past year across various sectors. It finds that common external vulnerabilities included the absence of two-factor authentication (68%), file upload facilities (33%), and cross-site scripting (23%). Common internal network vulnerabilities included weak passwords (66%), missing patches (56%), default credentials (47%), and default SNMP strings (44%). The document provides details on the impact and fixes for each vulnerability.
Preventing Supply Chain Attacks on Open Source SoftwareAll Things Open
Supply chain attacks on open source software increased 650% in 2021. Software supply chain attacks occur when adversaries manipulate third-party code to compromise downstream applications. Organizations must map dependencies, monitor for vulnerabilities, and quickly patch issues. A Software Bill of Materials (SBOM) provides visibility into components. OWASP Dependency Track helps generate SBOMs and identify vulnerabilities and license risks in dependencies. Implementing standards like the Supply Levels for Software Artifacts (SLSA) can help secure software supply chains and prevent tampering of artifacts.
Avoiding Application Attacks: A Guide to Preventing the OWASP Top 10 from Hap...IBM Security
View the on-demand recording: http://securityintelligence.com/events/avoiding-application-attacks/
Your organization is running fast to build your business. You are developing new applications faster than ever and utilizing new cloud-based development platforms. Your customers and employees expect applications that are powerful, highly usable, and secure. Yet this need for speed coupled with new development techniques is increasing the likelihood of security issues.
How can you meet the needs of speed to market with security? Hear Paul Ionescu, IBM Security, Ethical Hacking Team Lead discuss:
- How application attacks work
- Open Web Application Security Project (OWASP) goals
- How to build defenses into your applications
- The 10 most common web application attacks, including demos of the infamous Shellshock and Heartbleed vulnerabilities
- How to test for and prevent these types of threats
Application Security Vulnerabilities: OWASP Top 10 -2007Vaibhav Gupta
General concepts of web application security vulnerabilities primarily based on OWASP Top 10 list-2007(I know its too old :-))
I, along with Sandeep and Vishal, presented on this at IIIT-Delhi college in April, 2014
Affrontare la sicurezza di una web application è uno dei compiti più difficili che uno sviluppatore deve considerare durante le fasi di sviluppo ed integrazione di un software o di un semplice sito web.
Le minacce presenti sul web sono sempre più numerose e ricercare vulnerabilità e metodi di attacco diventa sempre più semplice, anche per i meno esperti.
Il talk mira a fornire indicazioni utili per cercare di evitare al massimo attacchi sulle proprie applicazioni, analizzando le principali vulnerabilità dei più famosi progetti Open Source.
ENPM808 Independent Study Final Report - amaster 2019Alexander Master
Research involving commonly exploited web application functionality, with analysis of the threats at the application, network, and protocol levels. Provided demonstrations of the exploits, as well as proposed detection techniques using open source tools
Website security is a critical issue that needs to be considered in the web, in order to run your online business healthy and
smoothly. It is very difficult situation when security of website is compromised when a brute force or other kind of attacker attacks on
your web creation. It not only consume all your resources but create heavy log dumps on the server which causes your website stop
working.
Recent studies have suggested some backup and recovery modules that should be installed into your website which can take timely
backups of your website to 3rd party servers which are not under the scope of attacker. The Study also suggested different type of
recovery methods such as incremental backups, decremental backups, differential backups and remote backup.
Moreover these studies also suggested that Rsync is used to reduce the transferred data efficiently. The experimental results show
that the remote backup and recovery system can work fast and it can meet the requirements of website protection. The automatic backup
and recovery system for Web site not only plays an important role in the web defence system but also is the last line for disaster
recovery.
This paper suggests different kind of approaches that can be incorporated in the WordPress CMS to make it healthy, secure and
prepared web attacks. The paper suggests various possibilities of the attacks that can be made on CMS and some of the possible
solutions as well as preventive mechanisms.
Some of the proposed security measures –
1. Secret login screen
2. Blocking bad boats
3. Changing db. prefixes
4. Protecting configuration files
5. 2 factor security
6. Flight mode in Web Servers
7. Protecting htaccess file itself
8. Detecting vulnerabilities
9. Unauthorized access made to the system checker
However, this is to be done by balancing the trade-off between website security and backup recovery modules of a website, as measures
taken to secure web page should not affect the user‟s experience and recovery modules
+ Background & Basics of Web App Security, The HTTP Protocol, Web.
+ Application Insecurities, OWASP Top 10 Vulnerabilities (XSS, SQL Injection, CSRF, etc.)
+ Web App Security Tools (Scanners, Fuzzers, etc), Remediation of Web App
+ Vulnerabilities, Web Application Audits and Risk Assessment.
Web Application Security 101 was conducted by:
Vaibhav Gupta, Vishal Ashtana, Sandeep Singh from Null.
Open Source Contributions to Postgres: The Basics POSETTE 2024ElizabethGarrettChri
Postgres is the most advanced open-source database in the world and it's supported by a community, not a single company. So how does this work? How does code actually get into Postgres? I recently had a patch submitted and committed and I want to share what I learned in that process. I’ll give you an overview of Postgres versions and how the underlying project codebase functions. I’ll also show you the process for submitting a patch and getting that tested and committed.
The Ipsos - AI - Monitor 2024 Report.pdfSocial Samosa
According to Ipsos AI Monitor's 2024 report, 65% Indians said that products and services using AI have profoundly changed their daily life in the past 3-5 years.
Learn SQL from basic queries to Advance queriesmanishkhaire30
Dive into the world of data analysis with our comprehensive guide on mastering SQL! This presentation offers a practical approach to learning SQL, focusing on real-world applications and hands-on practice. Whether you're a beginner or looking to sharpen your skills, this guide provides the tools you need to extract, analyze, and interpret data effectively.
Key Highlights:
Foundations of SQL: Understand the basics of SQL, including data retrieval, filtering, and aggregation.
Advanced Queries: Learn to craft complex queries to uncover deep insights from your data.
Data Trends and Patterns: Discover how to identify and interpret trends and patterns in your datasets.
Practical Examples: Follow step-by-step examples to apply SQL techniques in real-world scenarios.
Actionable Insights: Gain the skills to derive actionable insights that drive informed decision-making.
Join us on this journey to enhance your data analysis capabilities and unlock the full potential of SQL. Perfect for data enthusiasts, analysts, and anyone eager to harness the power of data!
#DataAnalysis #SQL #LearningSQL #DataInsights #DataScience #Analytics
End-to-end pipeline agility - Berlin Buzzwords 2024Lars Albertsson
We describe how we achieve high change agility in data engineering by eliminating the fear of breaking downstream data pipelines through end-to-end pipeline testing, and by using schema metaprogramming to safely eliminate boilerplate involved in changes that affect whole pipelines.
A quick poll on agility in changing pipelines from end to end indicated a huge span in capabilities. For the question "How long time does it take for all downstream pipelines to be adapted to an upstream change," the median response was 6 months, but some respondents could do it in less than a day. When quantitative data engineering differences between the best and worst are measured, the span is often 100x-1000x, sometimes even more.
A long time ago, we suffered at Spotify from fear of changing pipelines due to not knowing what the impact might be downstream. We made plans for a technical solution to test pipelines end-to-end to mitigate that fear, but the effort failed for cultural reasons. We eventually solved this challenge, but in a different context. In this presentation we will describe how we test full pipelines effectively by manipulating workflow orchestration, which enables us to make changes in pipelines without fear of breaking downstream.
Making schema changes that affect many jobs also involves a lot of toil and boilerplate. Using schema-on-read mitigates some of it, but has drawbacks since it makes it more difficult to detect errors early. We will describe how we have rejected this tradeoff by applying schema metaprogramming, eliminating boilerplate but keeping the protection of static typing, thereby further improving agility to quickly modify data pipelines without fear.
Codeless Generative AI Pipelines
(GenAI with Milvus)
https://ml.dssconf.pl/user.html#!/lecture/DSSML24-041a/rate
Discover the potential of real-time streaming in the context of GenAI as we delve into the intricacies of Apache NiFi and its capabilities. Learn how this tool can significantly simplify the data engineering workflow for GenAI applications, allowing you to focus on the creative aspects rather than the technical complexities. I will guide you through practical examples and use cases, showing the impact of automation on prompt building. From data ingestion to transformation and delivery, witness how Apache NiFi streamlines the entire pipeline, ensuring a smooth and hassle-free experience.
Timothy Spann
https://www.youtube.com/@FLaNK-Stack
https://medium.com/@tspann
https://www.datainmotion.dev/
milvus, unstructured data, vector database, zilliz, cloud, vectors, python, deep learning, generative ai, genai, nifi, kafka, flink, streaming, iot, edge
4th Modern Marketing Reckoner by MMA Global India & Group M: 60+ experts on W...Social Samosa
The Modern Marketing Reckoner (MMR) is a comprehensive resource packed with POVs from 60+ industry leaders on how AI is transforming the 4 key pillars of marketing – product, place, price and promotions.
2. 1 Executive Summary
The penetration testing of the testphp.vulnweb.com website identified several critical and high-severity
vulnerabilities that could pose a significant risk to the security of the site and its users.
1.1 Assessment Summary
The most severe vulnerabilities discovered were SQL Injection and File Inclusion vulnerabilities, which
could allow an attacker to gain unauthorized access to sensitive data or execute arbitrary code on the
server. Additionally, the website's outdated PHP version and weak password policy were also classified
as critical vulnerabilities that need to be addressed urgently.
The following table represents the penetration testing in-scope items and breaks down the issues, which
were identified and classified by severity of risk. (Note that this summary table does not include the
informational items):
Phase Description Critical High Medium Low Total
1 Web Penetration Testing 3 1 2 1 7
Total 3 1 2 1 7
The graphs below represent a summary of the total number of vulnerabilities found up until issuing this
current report:
Vulnerabilities
0 1 2 3 4 5 6
Critical High Medium Low
Strategic Recommendations
Overall, the testing process was effective in identifying the security weaknesses in the website, and the
results should be used to prioritize and address the Critical and High vulnerabilities to protect the site
and its users from potential attacks
1.2 Findings Overview
All the issues identified during the assessment are listed below with a brief description and risk rating for
each issue.
Ref Description Risk
SQLI-1-1 SQL Injection vulnerabilities CRITICAL
PHP-1-2 Outdated PHP version CRITICAL
WP-1-3 Weak Password CRITICAL
XSS-1-4 Cross-Site Scripting (XSS) vulnerabilities HIGH
SFD-1-5 Sensitive files disclosure MEDIUM
DID-1-6 Directory Index disclosure MEDIUM
ID-1-8 Personally Identifiable Information Disclosure LOW
5
3
3. 2 Technical Details
2.1 SQL Injection vulnerabilities
It has been discovered that the system is vulnerable to SQL injection attacks, which could allow a
malicious user to retrieve sensitive information such as usernames, passwords, and other confidential
data stored in the database. This poses a significant risk to the confidentiality and integrity of the
system's data, as well as the privacy of the users whose information may be exposed.
Vulnerability Details:
Affects: https:// http://testphp.vulnweb.com/listproducts.php?cat=1
Parameter(s) union select 1,2,3,4,5,6,group_concat(uname," ",pass," ",cc," ",address,
"__",email),8,9,10,11 from users
Finding vulnerable URLs
Evidence
A successful attack would consist in the following:
1. Identifying the vulnerable URL.
2. Injecting the SQL parameter’s “union select 1,2,3,4,5,6,group_concat(uname," ",pass," ",cc," ",address,
"__",email),8,9,10,11 from users” in our case.
CRITICAL
Ref ID: SQLI-1-1
4. Remediation Guidance:
1-Input Validation: Validate user input on the server-side. ensuring that any input received from the
user, such as form data or query parameters, is properly formatted and validated before being used in a
SQL query.
2-Parameterized Queries: Use parameterized queries to create SQL queries Instead of concatenating
user input directly into the SQL query.
3-Least Privilege: Database users should only have the minimum permissions necessary to perform
their specific tasks.
5. 2.2 Outdated PHP version
The system is currently running an older version of PHP (5.1.6) that’s vulnerable to security threats. As
a result, there is a risk that malicious actors may be able to exploit known vulnerabilities in the PHP
version to access sensitive data, compromise the application's stability, or even gain unauthorized
access to the system.
Vulnerability Details:
Affects: http://testphp.vulnweb.com/
Attack Vectors The possibility to gain access to multiple functionality in the website.
References: https://www.cvedetails.com/version/399025/PHP-PHP-5.1.6.html
Evidence
phpinfo.php in one of the URL (/secured) found by dribuster
(http://testphp.vulnweb.com/secured/phpinfo.php).
Multiple Vulnerability discovered in this version
A successful attack would consist in the following:
-Utilizing the information provided by cvedetails to do the different types of attacks.
CRITICAL
Ref ID: PHP-1-2
6. Remediation Guidance:
1-Upgrade to the latest version: The most effective way to address vulnerabilities caused by outdated
PHP versions is to upgrade to the latest version of PHP.
2-Apply security patches: Applying security patches that have not been released for your version of
PHP.
3-Use a web application firewall (WAF): A WAF can provide an additional layer of security by monitoring
incoming traffic and blocking any requests that are deemed suspicious or potentially malicious.
7. 2.3 Weak Password
The User have weak password, making it vulnerable to attacks by brute force. Weak passwords can be
easily guessed or cracked, providing unauthorized access to sensitive data stored on the system. This
poses a serious threat to the confidentiality and integrity of data, potentially resulting in compromised
user accounts, loss of critical information, and overall system instability.
As we found out before the password is very weak and found in almost all wordlists and cracking it
won’t take too much time.
Vulnerability Details:
Affects: http://testphp.vulnweb.com/login.php
Attack Vectors Users with weak passwords
Evidence
A successful attack would consist in the following:
-Using any brute force tools to test weak passwords(ex: burp suite).
CRITICAL
Ref ID: WP -1-3
8. Remediation Guidance:
1-Require strong passwords: Implement a password policy that requires users to create strong
passwords, with a minimum length of 12 characters, a combination of upper and lowercase letters,
numbers, and symbols.
2-Enforce password complexity: Configure the system to enforce password complexity rules, such as
disallowing commonly used passwords or requiring passwords to be changed regularly.
3-Use multi-factor authentication: Implement multi-factor authentication (MFA) to provide an additional
layer of security. MFA requires users to provide two or more authentication factors, such as a password
and a fingerprint or a one-time code sent to their phone.
9. 2.4 Cross-Site Scripting (XSS) vulnerabilities
the system is exposed to XSS attacks due to inadequate measures in input validation and output
encoding. This makes it possible for attackers to inject harmful scripts or code into the web pages.
Vulnerability Details:
Affects: http://testphp.vulnweb.com/search.php
http://testphp.vulnweb.com/guestbook.php
Parameter(s): <marquee onstart=alert(1)>XSS</marquee>
Request.:
As we can see we can use any XSS payload in the search bar
Evidence:
Remediation Guidance:
1-Input validation: Implement strict input validation policies to ensure that user input is sanitized and
free from any malicious code or script.
2-Output encoding: Encode output data using appropriate methods, such as HTML entity encoding or
JavaScript escaping, to prevent script injection.
3-Content Security Policy (CSP): Utilize a CSP to restrict the execution of untrusted scripts and to
mitigate the impact of any successful XSS attacks.
HIGH
Ref ID: XSS-1-4
10. 2.5 Sensitive files disclosure
It has been discovered that the system is vulnerable to sensitive files disclosure, which could allow an
unauthorized user to gain access to confidential information. This poses a significant risk to the privacy
and security of the system's data, as well as the individuals whose information may be exposed
Vulnerability Details:
Affects: http://testphp.vulnweb.com/admin/
http://testphp.vulnweb.com/CVS/Root
http://testphp.vulnweb.com/secured/phpinfo.php
References: https://github.com/v0re/dirb/blob/master/wordlists/common.txt
Request.:
We used burp suit to find Critical Files Disclosure
Evidnce:
MEDIUM
Ref ID: SFD-1-5
11. Remediation Guidance:
1-Conduct a risk assessment: Conduct a thorough risk assessment to identify all sensitive files and
data -in the system, including where they are stored, who has access to them, and the potential risks
associated with them.
2-Implement access controls: Ensure that sensitive files are only accessible to authorized personnel
who require access to perform their job duties. Use role-based access controls to limit access to
sensitive files and data.
3-Use encryption: Implement encryption to protect sensitive files both at rest and in transit. This can
include encryption of file storage, database encryption, and encrypted file transfers.
12. 2.6 Directory Index disclosure
It has been identified that the system is susceptible to Directory Index disclosure, which could enable
an unauthorized user to access sensitive information such as system configuration files, source code,
and other critical data stored in the web server's directories.
Vulnerability Details:
Affects: http://testphp.vulnweb.com/Flash/
http://testphp.vulnweb.com/CVS/
http://testphp.vulnweb.com/.idea/
References: https://github.com/v0re/dirb/blob/master/wordlists/common.txt
Request.:
Same as before we used burp suit to find Directory Index Disclosure
Evidence:
Remediation Guidance:
1-Disable directory indexing: Disable directory indexing on the server to prevent sensitive information
from being exposed. This can be done by modifying the server configuration files or using web server
modules or plugins.
2-Implement access controls: Ensure that sensitive directories and files are only accessible to
authorized personnel who require access to perform their job duties. Use role-based access controls to
limit access to sensitive files and data.
MEDIUM
Ref ID: SFD-1-6
13. 2.7 Personally Identifiable Information Disclosure
Information disclosure of personally identifiable information (PII) such as credit card numbers, addresses,
full names, and phone numbers can be a serious security threat that can lead to identity theft, financial
loss, and reputational damage.
Vulnerability Details:
Affects: http://testphp.vulnweb.com/Flash/
http://testphp.vulnweb.com/CVS/
http://testphp.vulnweb.com/.idea/
References: https://github.com/v0re/dirb/blob/master/wordlists/common.txt
Evidence:
Remediation Guidance:
1-Limit data retention: Implement policies to limit the retention of sensitive data to only what is
necessary for business purposes. This can reduce the amount of data that is at risk of being exposed in
the event of a security breach.
2-Conduct regular security audits: Regular security audits can help to identify vulnerabilities and
security gaps in the system. This can help to identify areas where information disclosure may occur.
3-Use data masking: Implement data masking techniques to hide sensitive information from
unauthorized users. This can include using techniques such as redaction or encryption to mask
sensitive data
MEDIUM
Ref ID: PIID-1-7