SlideShare a Scribd company logo
Keamanan informasi untuk 
aplikasi berbasis web 
Bogor, 18 November 2014
Tentang Pembicara 
 Ivano Aviandi MSc 
 10+ tahun pengalaman IT security: 
 IBM Global security services 
 Unisys 
 PriceWaterhouse Coopers 
 Founder dan CEO dari Digital Security Global, PT 
 Enterprise IT Security Solutions 
 Cybertech Solusindo, CyberDefense Academy, Proctiv 
 Dosen MTI di Universitas Indonesia 
 Keamanan Informasi dan Manajemen Risiko
Konsep Keamanan Informasi 
Informasi 
Kerahasiaan 
Integritas 
Ketersediaan
Insiden Keamanan Informasi 
Lebih dari 40% dari insiden 
keamanan siber berawal dari 
kelemahan dari sisi aplikasi 
berbasis web
Apakah selalu industri finansial?
Penting adanya acuan / 
referensi dalam pengamanan 
aplikasi berbasis web yang 
selalu ter-update
OWASP bukan standard..namun 
adalah sebuah Referensi
Keluaran OWASP adalah 
Top 10 kelemahan aplikasi 
berbasis web
Top 10 OWASP…
Pembahasan didalam dokumen OWASP…
Firewall 
App Server 
Web Server 
Hardened OS 
Firewall 
Databases 
Legacy Systems 
Web Services 
Directories 
Human Resrcs 
Billing 
Custom Code 
APPLICATION 
ATTACK 
Network Layer Application Layer 
Accounts 
Finance 
Administration 
Transactions 
Communication 
Knowledge Mgmt 
E-Commerce 
Bus. Functions 
HTTP 
request 
 
SQL 
query 
 
DB Table 
 
 
HTTP 
response 
 
 
"SELECT * FROM 
Account Summary 
accounts WHERE 
acct=‘’ OR 1=1-- 
Account: 
Account: 
SKU: 
SKU: 
Acct:5424-6066-2134-4334 
Acct:4128-7574-’" 
3921-0192 
Acct:5424-9383-2039-4029 
Acct:4128-0004-1234-0293 
1. Application presents a form 
to the attacker 
2. Attacker sends an attack in 
the form data 
3. Application forwards attack 
to the database in a SQL query 
4. Database runs query 
containing attack and sends 
encrypted results back to 
application 
5. Application decrypts data as 
normal and sends results to 
the user 
14
Recommendations 
• Avoid the interpreter entirely, or 
• Use an interface that supports bind variables (e.g., prepared 
statements, or stored procedures), 
• Bind variables allow the interpreter to distinguish between 
code and data 
• Encode all user input before passing it to the interpreter 
• Always perform ‘white list’ input validation on all user supplied 
input 
• Always minimize database privileges to reduce the impact of a 
flaw 
References 
•For more details, read the 
https://www.owasp.org/index.php/SQL_Injection_Prevention_Cheat_Sheet 
15
Bagaimana menggunakan OWASP? 
 Dokumen OWASP dapat di download di OWASP.ORG 
 Didalam dokumen OWASP terdapat: 
 Ancaman-ancaman terkini 
 Penilaian resiko 
 Penanganan terhadap ancaman 
 Kontributor
OWASP berguna sebagai 
referensi dalam membuat 
aplikasi berbasi web yang aman
1st – Risks 
Assessment 
2nd – Security 
Requirements 
3rd - Security Testing 
4th Continuous 
Monitoring & Review 
SDLC STAGES 
Design Construction S I T U A T Socialization Instal TSD PIR 
SECURITY CONSIDERATION 
Security requirements in Apps development stages 
OWASP requirements
Pengguna OWASP 
 Web Apps Developers 
 Software Quality Assurance 
 Database administrator 
 Web administrator 
 IT security 
 Security Admin 
 Konsultan IT
OWASP tidak mengenal pangsa 
pasar spesifik
OWASP diadopsi pada.. 
 Standard PCI – DSS 
 OSSTMM 
 ISSAF 
 OpenSAMM 
 Vulnerability scanners seperti: 
 Nessus 
 Qualys 
 Rapid7 
 dll

More Related Content

What's hot

Secure Coding 2013
Secure Coding 2013 Secure Coding 2013
Secure Coding 2013
The eCore Group
 
Introduction To OWASP
Introduction To OWASPIntroduction To OWASP
Introduction To OWASP
Marco Morana
 
Owasp
Owasp Owasp
OWASP Top 10 Vulnerabilities 2017- AppTrana
OWASP Top 10 Vulnerabilities 2017- AppTranaOWASP Top 10 Vulnerabilities 2017- AppTrana
OWASP Top 10 Vulnerabilities 2017- AppTrana
Ishan Mathur
 
Oh, WASP! Security Essentials for Web Apps
Oh, WASP! Security Essentials for Web AppsOh, WASP! Security Essentials for Web Apps
Oh, WASP! Security Essentials for Web Apps
TechWell
 
OWASP Top 10 2017
OWASP Top 10 2017OWASP Top 10 2017
OWASP Top 10 2017
Siddharth Phatarphod
 
OWASP Top 10 Project
OWASP Top 10 ProjectOWASP Top 10 Project
OWASP Top 10 Project
Muhammad Shehata
 
Owasp top 10 2017
Owasp top 10 2017Owasp top 10 2017
Owasp top 10 2017
ibrahimumer2
 
Owasp 2017 oveview
Owasp 2017   oveviewOwasp 2017   oveview
Owasp 2017 oveview
Shreyas N
 
Prevoty Integri Datasheet
Prevoty Integri DatasheetPrevoty Integri Datasheet
Prevoty Integri Datasheet
Prevoty
 
Owasp Top 10 Vulnerabilities List
Owasp Top 10 Vulnerabilities ListOwasp Top 10 Vulnerabilities List
Owasp Top 10 Vulnerabilities List
Vamsi K
 
DataMindsConnect2018_SECDEVOPS
DataMindsConnect2018_SECDEVOPSDataMindsConnect2018_SECDEVOPS
DataMindsConnect2018_SECDEVOPS
Tobias Koprowski
 
Application Security Guide for Beginners
Application Security Guide for Beginners Application Security Guide for Beginners
Application Security Guide for Beginners
Checkmarx
 
Unisys_AppDefender_Symantec_CFD_0_1_final
Unisys_AppDefender_Symantec_CFD_0_1_finalUnisys_AppDefender_Symantec_CFD_0_1_final
Unisys_AppDefender_Symantec_CFD_0_1_final
Koko Fontana
 
C01461422
C01461422C01461422
C01461422
IOSR Journals
 
Web Application Firewall (WAF) DAST/SAST combination
Web Application Firewall (WAF) DAST/SAST combinationWeb Application Firewall (WAF) DAST/SAST combination
Web Application Firewall (WAF) DAST/SAST combination
Tjylen Veselyj
 
OpenSouthCode '19 - Application Security Fundamentals [2019-May-25]
OpenSouthCode '19 - Application Security Fundamentals [2019-May-25]OpenSouthCode '19 - Application Security Fundamentals [2019-May-25]
OpenSouthCode '19 - Application Security Fundamentals [2019-May-25]
AngelGomezRomero
 
Looking Forward… and Beyond - Distinctiveness Through Security Excellence
Looking Forward… and Beyond - Distinctiveness Through Security ExcellenceLooking Forward… and Beyond - Distinctiveness Through Security Excellence
Looking Forward… and Beyond - Distinctiveness Through Security Excellence
Ludovic Petit
 
Athens Owasp workshop Athens Digital Week 2010
Athens Owasp workshop Athens Digital Week 2010Athens Owasp workshop Athens Digital Week 2010
Athens Owasp workshop Athens Digital Week 2010
Poulopoulos Ioannis
 
Web application security I
Web application security IWeb application security I
Web application security I
Md Syed Ahamad
 

What's hot (20)

Secure Coding 2013
Secure Coding 2013 Secure Coding 2013
Secure Coding 2013
 
Introduction To OWASP
Introduction To OWASPIntroduction To OWASP
Introduction To OWASP
 
Owasp
Owasp Owasp
Owasp
 
OWASP Top 10 Vulnerabilities 2017- AppTrana
OWASP Top 10 Vulnerabilities 2017- AppTranaOWASP Top 10 Vulnerabilities 2017- AppTrana
OWASP Top 10 Vulnerabilities 2017- AppTrana
 
Oh, WASP! Security Essentials for Web Apps
Oh, WASP! Security Essentials for Web AppsOh, WASP! Security Essentials for Web Apps
Oh, WASP! Security Essentials for Web Apps
 
OWASP Top 10 2017
OWASP Top 10 2017OWASP Top 10 2017
OWASP Top 10 2017
 
OWASP Top 10 Project
OWASP Top 10 ProjectOWASP Top 10 Project
OWASP Top 10 Project
 
Owasp top 10 2017
Owasp top 10 2017Owasp top 10 2017
Owasp top 10 2017
 
Owasp 2017 oveview
Owasp 2017   oveviewOwasp 2017   oveview
Owasp 2017 oveview
 
Prevoty Integri Datasheet
Prevoty Integri DatasheetPrevoty Integri Datasheet
Prevoty Integri Datasheet
 
Owasp Top 10 Vulnerabilities List
Owasp Top 10 Vulnerabilities ListOwasp Top 10 Vulnerabilities List
Owasp Top 10 Vulnerabilities List
 
DataMindsConnect2018_SECDEVOPS
DataMindsConnect2018_SECDEVOPSDataMindsConnect2018_SECDEVOPS
DataMindsConnect2018_SECDEVOPS
 
Application Security Guide for Beginners
Application Security Guide for Beginners Application Security Guide for Beginners
Application Security Guide for Beginners
 
Unisys_AppDefender_Symantec_CFD_0_1_final
Unisys_AppDefender_Symantec_CFD_0_1_finalUnisys_AppDefender_Symantec_CFD_0_1_final
Unisys_AppDefender_Symantec_CFD_0_1_final
 
C01461422
C01461422C01461422
C01461422
 
Web Application Firewall (WAF) DAST/SAST combination
Web Application Firewall (WAF) DAST/SAST combinationWeb Application Firewall (WAF) DAST/SAST combination
Web Application Firewall (WAF) DAST/SAST combination
 
OpenSouthCode '19 - Application Security Fundamentals [2019-May-25]
OpenSouthCode '19 - Application Security Fundamentals [2019-May-25]OpenSouthCode '19 - Application Security Fundamentals [2019-May-25]
OpenSouthCode '19 - Application Security Fundamentals [2019-May-25]
 
Looking Forward… and Beyond - Distinctiveness Through Security Excellence
Looking Forward… and Beyond - Distinctiveness Through Security ExcellenceLooking Forward… and Beyond - Distinctiveness Through Security Excellence
Looking Forward… and Beyond - Distinctiveness Through Security Excellence
 
Athens Owasp workshop Athens Digital Week 2010
Athens Owasp workshop Athens Digital Week 2010Athens Owasp workshop Athens Digital Week 2010
Athens Owasp workshop Athens Digital Week 2010
 
Web application security I
Web application security IWeb application security I
Web application security I
 

Viewers also liked

Persyaratan perangkat lunak 20141118_18november2014
Persyaratan perangkat lunak 20141118_18november2014Persyaratan perangkat lunak 20141118_18november2014
Persyaratan perangkat lunak 20141118_18november2014
Directorate of Information Security | Ditjen Aptika
 
Penanganan Kasus Cybercrime
Penanganan Kasus CybercrimePenanganan Kasus Cybercrime
Sertifikat Digital - Kasubdit Teknologi Keamanan Informasi
Sertifikat Digital - Kasubdit Teknologi Keamanan InformasiSertifikat Digital - Kasubdit Teknologi Keamanan Informasi
Sertifikat Digital - Kasubdit Teknologi Keamanan Informasi
Directorate of Information Security | Ditjen Aptika
 
Presentasi Sinkronisasi Waktu Sistem Elektronik by Dr. Hasyim Gautama
Presentasi Sinkronisasi Waktu Sistem Elektronik by Dr. Hasyim GautamaPresentasi Sinkronisasi Waktu Sistem Elektronik by Dr. Hasyim Gautama
Presentasi Sinkronisasi Waktu Sistem Elektronik by Dr. Hasyim Gautama
Directorate of Information Security | Ditjen Aptika
 
ISO 27001 LPSE Prov. Jawa Barat_Ika Mardiah (Kepala Balai LPSE Prov. Jawa Barat)
ISO 27001 LPSE Prov. Jawa Barat_Ika Mardiah (Kepala Balai LPSE Prov. Jawa Barat)ISO 27001 LPSE Prov. Jawa Barat_Ika Mardiah (Kepala Balai LPSE Prov. Jawa Barat)
ISO 27001 LPSE Prov. Jawa Barat_Ika Mardiah (Kepala Balai LPSE Prov. Jawa Barat)
Directorate of Information Security | Ditjen Aptika
 
CSIRT Awareness v3_Riki Arif Gunawan
CSIRT Awareness v3_Riki Arif GunawanCSIRT Awareness v3_Riki Arif Gunawan
CSIRT Awareness v3_Riki Arif Gunawan
Directorate of Information Security | Ditjen Aptika
 
Keamanan Transaksi Elektronik-DR. Muhammad Mustafa Sarinanto
Keamanan Transaksi Elektronik-DR. Muhammad Mustafa SarinantoKeamanan Transaksi Elektronik-DR. Muhammad Mustafa Sarinanto
Keamanan Transaksi Elektronik-DR. Muhammad Mustafa Sarinanto
Directorate of Information Security | Ditjen Aptika
 
Welcome Address by Director General of Informatic Application Ministry of Com...
Welcome Address by Director General of Informatic Application Ministry of Com...Welcome Address by Director General of Informatic Application Ministry of Com...
Welcome Address by Director General of Informatic Application Ministry of Com...
Directorate of Information Security | Ditjen Aptika
 
Welcome Address by H.E Tifatul Sembiring Minister for Communication and Infor...
Welcome Address by H.E Tifatul Sembiring Minister for Communication and Infor...Welcome Address by H.E Tifatul Sembiring Minister for Communication and Infor...
Welcome Address by H.E Tifatul Sembiring Minister for Communication and Infor...
Directorate of Information Security | Ditjen Aptika
 
Pengantar Awareness ISMS_Raditya Iryandi
Pengantar Awareness ISMS_Raditya IryandiPengantar Awareness ISMS_Raditya Iryandi
Pengantar Awareness ISMS_Raditya Iryandi
Directorate of Information Security | Ditjen Aptika
 
Pemeringkatan Indeks KAMI 2014_Intan Rahayu
Pemeringkatan Indeks KAMI 2014_Intan RahayuPemeringkatan Indeks KAMI 2014_Intan Rahayu
Pemeringkatan Indeks KAMI 2014_Intan Rahayu
Directorate of Information Security | Ditjen Aptika
 
Presentasi Metrologi LIPI_Standardisasi Waktu_by Bapak Mego
Presentasi Metrologi LIPI_Standardisasi Waktu_by Bapak MegoPresentasi Metrologi LIPI_Standardisasi Waktu_by Bapak Mego
Presentasi Metrologi LIPI_Standardisasi Waktu_by Bapak Mego
Directorate of Information Security | Ditjen Aptika
 
RPM Sistem Manajemen Pengamanan Informasi
RPM Sistem Manajemen Pengamanan InformasiRPM Sistem Manajemen Pengamanan Informasi
RPM Sistem Manajemen Pengamanan Informasi
Directorate of Information Security | Ditjen Aptika
 
Peningkatan Keamanan Informasi Layanan Publik melalui Indeks KAMI- Kasubdit B...
Peningkatan Keamanan Informasi Layanan Publik melalui Indeks KAMI- Kasubdit B...Peningkatan Keamanan Informasi Layanan Publik melalui Indeks KAMI- Kasubdit B...
Peningkatan Keamanan Informasi Layanan Publik melalui Indeks KAMI- Kasubdit B...
Directorate of Information Security | Ditjen Aptika
 
Cybersecurity Policy - Director of Information Security
Cybersecurity Policy - Director of Information SecurityCybersecurity Policy - Director of Information Security
Cybersecurity Policy - Director of Information Security
Directorate of Information Security | Ditjen Aptika
 
Panduan Kuesioner SMPI_Hasyim Gautama
Panduan Kuesioner SMPI_Hasyim GautamaPanduan Kuesioner SMPI_Hasyim Gautama
Panduan Kuesioner SMPI_Hasyim Gautama
Directorate of Information Security | Ditjen Aptika
 
Strategi dan Penerapan Manajemen Risiko Keamanan Informasi PSE Layanan Publik
Strategi dan Penerapan Manajemen Risiko Keamanan Informasi PSE Layanan PublikStrategi dan Penerapan Manajemen Risiko Keamanan Informasi PSE Layanan Publik
Strategi dan Penerapan Manajemen Risiko Keamanan Informasi PSE Layanan Publik
Directorate of Information Security | Ditjen Aptika
 
Sosialisasi Aplikasi Indeks KAMI-Intan Rahayu
Sosialisasi Aplikasi Indeks KAMI-Intan RahayuSosialisasi Aplikasi Indeks KAMI-Intan Rahayu
Sosialisasi Aplikasi Indeks KAMI-Intan Rahayu
Directorate of Information Security | Ditjen Aptika
 
ISMS Awareness_Intan Rahayu
ISMS Awareness_Intan RahayuISMS Awareness_Intan Rahayu

Viewers also liked (20)

Persyaratan perangkat lunak 20141118_18november2014
Persyaratan perangkat lunak 20141118_18november2014Persyaratan perangkat lunak 20141118_18november2014
Persyaratan perangkat lunak 20141118_18november2014
 
RPM SMPI
RPM SMPIRPM SMPI
RPM SMPI
 
Penanganan Kasus Cybercrime
Penanganan Kasus CybercrimePenanganan Kasus Cybercrime
Penanganan Kasus Cybercrime
 
Sertifikat Digital - Kasubdit Teknologi Keamanan Informasi
Sertifikat Digital - Kasubdit Teknologi Keamanan InformasiSertifikat Digital - Kasubdit Teknologi Keamanan Informasi
Sertifikat Digital - Kasubdit Teknologi Keamanan Informasi
 
Presentasi Sinkronisasi Waktu Sistem Elektronik by Dr. Hasyim Gautama
Presentasi Sinkronisasi Waktu Sistem Elektronik by Dr. Hasyim GautamaPresentasi Sinkronisasi Waktu Sistem Elektronik by Dr. Hasyim Gautama
Presentasi Sinkronisasi Waktu Sistem Elektronik by Dr. Hasyim Gautama
 
ISO 27001 LPSE Prov. Jawa Barat_Ika Mardiah (Kepala Balai LPSE Prov. Jawa Barat)
ISO 27001 LPSE Prov. Jawa Barat_Ika Mardiah (Kepala Balai LPSE Prov. Jawa Barat)ISO 27001 LPSE Prov. Jawa Barat_Ika Mardiah (Kepala Balai LPSE Prov. Jawa Barat)
ISO 27001 LPSE Prov. Jawa Barat_Ika Mardiah (Kepala Balai LPSE Prov. Jawa Barat)
 
CSIRT Awareness v3_Riki Arif Gunawan
CSIRT Awareness v3_Riki Arif GunawanCSIRT Awareness v3_Riki Arif Gunawan
CSIRT Awareness v3_Riki Arif Gunawan
 
Keamanan Transaksi Elektronik-DR. Muhammad Mustafa Sarinanto
Keamanan Transaksi Elektronik-DR. Muhammad Mustafa SarinantoKeamanan Transaksi Elektronik-DR. Muhammad Mustafa Sarinanto
Keamanan Transaksi Elektronik-DR. Muhammad Mustafa Sarinanto
 
Welcome Address by Director General of Informatic Application Ministry of Com...
Welcome Address by Director General of Informatic Application Ministry of Com...Welcome Address by Director General of Informatic Application Ministry of Com...
Welcome Address by Director General of Informatic Application Ministry of Com...
 
Welcome Address by H.E Tifatul Sembiring Minister for Communication and Infor...
Welcome Address by H.E Tifatul Sembiring Minister for Communication and Infor...Welcome Address by H.E Tifatul Sembiring Minister for Communication and Infor...
Welcome Address by H.E Tifatul Sembiring Minister for Communication and Infor...
 
Pengantar Awareness ISMS_Raditya Iryandi
Pengantar Awareness ISMS_Raditya IryandiPengantar Awareness ISMS_Raditya Iryandi
Pengantar Awareness ISMS_Raditya Iryandi
 
Pemeringkatan Indeks KAMI 2014_Intan Rahayu
Pemeringkatan Indeks KAMI 2014_Intan RahayuPemeringkatan Indeks KAMI 2014_Intan Rahayu
Pemeringkatan Indeks KAMI 2014_Intan Rahayu
 
Presentasi Metrologi LIPI_Standardisasi Waktu_by Bapak Mego
Presentasi Metrologi LIPI_Standardisasi Waktu_by Bapak MegoPresentasi Metrologi LIPI_Standardisasi Waktu_by Bapak Mego
Presentasi Metrologi LIPI_Standardisasi Waktu_by Bapak Mego
 
RPM Sistem Manajemen Pengamanan Informasi
RPM Sistem Manajemen Pengamanan InformasiRPM Sistem Manajemen Pengamanan Informasi
RPM Sistem Manajemen Pengamanan Informasi
 
Peningkatan Keamanan Informasi Layanan Publik melalui Indeks KAMI- Kasubdit B...
Peningkatan Keamanan Informasi Layanan Publik melalui Indeks KAMI- Kasubdit B...Peningkatan Keamanan Informasi Layanan Publik melalui Indeks KAMI- Kasubdit B...
Peningkatan Keamanan Informasi Layanan Publik melalui Indeks KAMI- Kasubdit B...
 
Cybersecurity Policy - Director of Information Security
Cybersecurity Policy - Director of Information SecurityCybersecurity Policy - Director of Information Security
Cybersecurity Policy - Director of Information Security
 
Panduan Kuesioner SMPI_Hasyim Gautama
Panduan Kuesioner SMPI_Hasyim GautamaPanduan Kuesioner SMPI_Hasyim Gautama
Panduan Kuesioner SMPI_Hasyim Gautama
 
Strategi dan Penerapan Manajemen Risiko Keamanan Informasi PSE Layanan Publik
Strategi dan Penerapan Manajemen Risiko Keamanan Informasi PSE Layanan PublikStrategi dan Penerapan Manajemen Risiko Keamanan Informasi PSE Layanan Publik
Strategi dan Penerapan Manajemen Risiko Keamanan Informasi PSE Layanan Publik
 
Sosialisasi Aplikasi Indeks KAMI-Intan Rahayu
Sosialisasi Aplikasi Indeks KAMI-Intan RahayuSosialisasi Aplikasi Indeks KAMI-Intan Rahayu
Sosialisasi Aplikasi Indeks KAMI-Intan Rahayu
 
ISMS Awareness_Intan Rahayu
ISMS Awareness_Intan RahayuISMS Awareness_Intan Rahayu
ISMS Awareness_Intan Rahayu
 

Similar to Infosec for web apps 2014_18november2014

OWASP API Security TOP 10 - 2019
OWASP API Security TOP 10 - 2019OWASP API Security TOP 10 - 2019
OWASP API Security TOP 10 - 2019
Miguel Angel Falcón Muñoz
 
Test and Protect Your API
Test and Protect Your APITest and Protect Your API
Test and Protect Your API
SmartBear
 
OWASP - Building Secure Web Applications
OWASP - Building Secure Web ApplicationsOWASP - Building Secure Web Applications
OWASP - Building Secure Web Applications
alexbe
 
Secure Application Development Training
Secure Application Development TrainingSecure Application Development Training
Secure Application Development Training
pivotalsecurity
 
Application Security on a Dime: A Practical Guide to Using Functional Open So...
Application Security on a Dime: A Practical Guide to Using Functional Open So...Application Security on a Dime: A Practical Guide to Using Functional Open So...
Application Security on a Dime: A Practical Guide to Using Functional Open So...
POSSCON
 
What the New OWASP Top 10 2013 and Latest X-Force Report Mean for App Sec
What the New OWASP Top 10 2013 and Latest X-Force Report Mean for App SecWhat the New OWASP Top 10 2013 and Latest X-Force Report Mean for App Sec
What the New OWASP Top 10 2013 and Latest X-Force Report Mean for App Sec
IBM Security
 
White Paper: Leveraging The OWASP Top Ten to Simplify application security a...
White Paper: Leveraging The OWASP Top Ten to  Simplify application security a...White Paper: Leveraging The OWASP Top Ten to  Simplify application security a...
White Paper: Leveraging The OWASP Top Ten to Simplify application security a...
Security Innovation
 
Empowering Application Security Protection in the World of DevOps
Empowering Application Security Protection in the World of DevOpsEmpowering Application Security Protection in the World of DevOps
Empowering Application Security Protection in the World of DevOps
Black Duck by Synopsys
 
Empowering Application Security Protection in the World of DevOps
Empowering Application Security Protection in the World of DevOpsEmpowering Application Security Protection in the World of DevOps
Empowering Application Security Protection in the World of DevOps
IBM Security
 
Owasp top 10_proactive_controls_v3
Owasp top 10_proactive_controls_v3Owasp top 10_proactive_controls_v3
Owasp top 10_proactive_controls_v3
RazaMehmood7
 
OWASP Overview of Projects You Can Use Today - DefCamp 2012
OWASP Overview of Projects You Can Use Today - DefCamp 2012OWASP Overview of Projects You Can Use Today - DefCamp 2012
OWASP Overview of Projects You Can Use Today - DefCamp 2012
DefCamp
 
Standards and methodology for application security assessment
Standards and methodology for application security assessment Standards and methodology for application security assessment
Standards and methodology for application security assessment
Mykhailo Antonishyn
 
Outpost24 webinar - Api security
Outpost24 webinar - Api securityOutpost24 webinar - Api security
Outpost24 webinar - Api security
Outpost24
 
OWASP -Top 5 Jagjit
OWASP -Top 5 JagjitOWASP -Top 5 Jagjit
OWASP -Top 5 Jagjit
Jagjit Singh Brar
 
Matteo meucci Software Security - Napoli 10112016
Matteo meucci   Software Security - Napoli 10112016Matteo meucci   Software Security - Napoli 10112016
Matteo meucci Software Security - Napoli 10112016
Minded Security
 
Matteo Meucci Software Security in practice - Aiea torino - 30-10-2015
Matteo Meucci   Software Security in practice - Aiea torino - 30-10-2015Matteo Meucci   Software Security in practice - Aiea torino - 30-10-2015
Matteo Meucci Software Security in practice - Aiea torino - 30-10-2015
Minded Security
 
Securing your web applications a pragmatic approach
Securing your web applications a pragmatic approachSecuring your web applications a pragmatic approach
Securing your web applications a pragmatic approach
Antonio Parata
 
Running an app sec program with OWASP projects_ Defcon AppSec Village
Running an app sec program with OWASP projects_ Defcon AppSec VillageRunning an app sec program with OWASP projects_ Defcon AppSec Village
Running an app sec program with OWASP projects_ Defcon AppSec Village
Vandana Verma
 
Secure DevOPS Implementation Guidance
Secure DevOPS Implementation GuidanceSecure DevOPS Implementation Guidance
Secure DevOPS Implementation Guidance
Tej Luthra
 
How PCI And PA DSS will change enterprise applications
How PCI And PA DSS will change enterprise applicationsHow PCI And PA DSS will change enterprise applications
How PCI And PA DSS will change enterprise applications
Ben Rothke
 

Similar to Infosec for web apps 2014_18november2014 (20)

OWASP API Security TOP 10 - 2019
OWASP API Security TOP 10 - 2019OWASP API Security TOP 10 - 2019
OWASP API Security TOP 10 - 2019
 
Test and Protect Your API
Test and Protect Your APITest and Protect Your API
Test and Protect Your API
 
OWASP - Building Secure Web Applications
OWASP - Building Secure Web ApplicationsOWASP - Building Secure Web Applications
OWASP - Building Secure Web Applications
 
Secure Application Development Training
Secure Application Development TrainingSecure Application Development Training
Secure Application Development Training
 
Application Security on a Dime: A Practical Guide to Using Functional Open So...
Application Security on a Dime: A Practical Guide to Using Functional Open So...Application Security on a Dime: A Practical Guide to Using Functional Open So...
Application Security on a Dime: A Practical Guide to Using Functional Open So...
 
What the New OWASP Top 10 2013 and Latest X-Force Report Mean for App Sec
What the New OWASP Top 10 2013 and Latest X-Force Report Mean for App SecWhat the New OWASP Top 10 2013 and Latest X-Force Report Mean for App Sec
What the New OWASP Top 10 2013 and Latest X-Force Report Mean for App Sec
 
White Paper: Leveraging The OWASP Top Ten to Simplify application security a...
White Paper: Leveraging The OWASP Top Ten to  Simplify application security a...White Paper: Leveraging The OWASP Top Ten to  Simplify application security a...
White Paper: Leveraging The OWASP Top Ten to Simplify application security a...
 
Empowering Application Security Protection in the World of DevOps
Empowering Application Security Protection in the World of DevOpsEmpowering Application Security Protection in the World of DevOps
Empowering Application Security Protection in the World of DevOps
 
Empowering Application Security Protection in the World of DevOps
Empowering Application Security Protection in the World of DevOpsEmpowering Application Security Protection in the World of DevOps
Empowering Application Security Protection in the World of DevOps
 
Owasp top 10_proactive_controls_v3
Owasp top 10_proactive_controls_v3Owasp top 10_proactive_controls_v3
Owasp top 10_proactive_controls_v3
 
OWASP Overview of Projects You Can Use Today - DefCamp 2012
OWASP Overview of Projects You Can Use Today - DefCamp 2012OWASP Overview of Projects You Can Use Today - DefCamp 2012
OWASP Overview of Projects You Can Use Today - DefCamp 2012
 
Standards and methodology for application security assessment
Standards and methodology for application security assessment Standards and methodology for application security assessment
Standards and methodology for application security assessment
 
Outpost24 webinar - Api security
Outpost24 webinar - Api securityOutpost24 webinar - Api security
Outpost24 webinar - Api security
 
OWASP -Top 5 Jagjit
OWASP -Top 5 JagjitOWASP -Top 5 Jagjit
OWASP -Top 5 Jagjit
 
Matteo meucci Software Security - Napoli 10112016
Matteo meucci   Software Security - Napoli 10112016Matteo meucci   Software Security - Napoli 10112016
Matteo meucci Software Security - Napoli 10112016
 
Matteo Meucci Software Security in practice - Aiea torino - 30-10-2015
Matteo Meucci   Software Security in practice - Aiea torino - 30-10-2015Matteo Meucci   Software Security in practice - Aiea torino - 30-10-2015
Matteo Meucci Software Security in practice - Aiea torino - 30-10-2015
 
Securing your web applications a pragmatic approach
Securing your web applications a pragmatic approachSecuring your web applications a pragmatic approach
Securing your web applications a pragmatic approach
 
Running an app sec program with OWASP projects_ Defcon AppSec Village
Running an app sec program with OWASP projects_ Defcon AppSec VillageRunning an app sec program with OWASP projects_ Defcon AppSec Village
Running an app sec program with OWASP projects_ Defcon AppSec Village
 
Secure DevOPS Implementation Guidance
Secure DevOPS Implementation GuidanceSecure DevOPS Implementation Guidance
Secure DevOPS Implementation Guidance
 
How PCI And PA DSS will change enterprise applications
How PCI And PA DSS will change enterprise applicationsHow PCI And PA DSS will change enterprise applications
How PCI And PA DSS will change enterprise applications
 

More from Directorate of Information Security | Ditjen Aptika

Sosialisasi Keamanan Informasi_Sektor Kesehatan
Sosialisasi Keamanan Informasi_Sektor KesehatanSosialisasi Keamanan Informasi_Sektor Kesehatan
Sosialisasi Keamanan Informasi_Sektor Kesehatan
Directorate of Information Security | Ditjen Aptika
 
Sosialisasi Keamanan Informasi_Penyelenggaraan Telekomunikasi
Sosialisasi Keamanan Informasi_Penyelenggaraan TelekomunikasiSosialisasi Keamanan Informasi_Penyelenggaraan Telekomunikasi
Sosialisasi Keamanan Informasi_Penyelenggaraan Telekomunikasi
Directorate of Information Security | Ditjen Aptika
 
Sosialisasi Keamanan Informasi_Sektor Tranportasi
Sosialisasi Keamanan Informasi_Sektor TranportasiSosialisasi Keamanan Informasi_Sektor Tranportasi
Sosialisasi Keamanan Informasi_Sektor Tranportasi
Directorate of Information Security | Ditjen Aptika
 
Sosialisasi Keamanan Informasi_Bidang Perhubungan Udara
Sosialisasi Keamanan Informasi_Bidang Perhubungan UdaraSosialisasi Keamanan Informasi_Bidang Perhubungan Udara
Sosialisasi Keamanan Informasi_Bidang Perhubungan Udara
Directorate of Information Security | Ditjen Aptika
 
Sosialisasi Keamanan Informasi_Bidang Mineral dan Batubara
Sosialisasi Keamanan Informasi_Bidang Mineral dan BatubaraSosialisasi Keamanan Informasi_Bidang Mineral dan Batubara
Sosialisasi Keamanan Informasi_Bidang Mineral dan Batubara
Directorate of Information Security | Ditjen Aptika
 
Sosialisasi Keamanan Informasi_Bidang Ketenagalistrikan
Sosialisasi Keamanan Informasi_Bidang KetenagalistrikanSosialisasi Keamanan Informasi_Bidang Ketenagalistrikan
Sosialisasi Keamanan Informasi_Bidang Ketenagalistrikan
Directorate of Information Security | Ditjen Aptika
 
Sosialisasi Keamanan Informasi_Bidang Energi Baru, Terbarukan dan Konservasi ...
Sosialisasi Keamanan Informasi_Bidang Energi Baru, Terbarukan dan Konservasi ...Sosialisasi Keamanan Informasi_Bidang Energi Baru, Terbarukan dan Konservasi ...
Sosialisasi Keamanan Informasi_Bidang Energi Baru, Terbarukan dan Konservasi ...
Directorate of Information Security | Ditjen Aptika
 
Fetri Miftach_Uji publik rpm tata kelola
Fetri Miftach_Uji publik rpm tata kelolaFetri Miftach_Uji publik rpm tata kelola
Fetri Miftach_Uji publik rpm tata kelola
Directorate of Information Security | Ditjen Aptika
 
Hasyim Gautama_Tata kelola tik 20151118
Hasyim Gautama_Tata kelola tik 20151118Hasyim Gautama_Tata kelola tik 20151118
Hasyim Gautama_Tata kelola tik 20151118
Directorate of Information Security | Ditjen Aptika
 
Standar rujukan keamanan informasi sub sektor perangkat telekomunikasi
Standar rujukan keamanan informasi sub sektor perangkat telekomunikasiStandar rujukan keamanan informasi sub sektor perangkat telekomunikasi
Standar rujukan keamanan informasi sub sektor perangkat telekomunikasi
Directorate of Information Security | Ditjen Aptika
 
Diskusi Publik RPM Perangkat Lunak Sistem Elektronik_I Made Wiryawan
Diskusi Publik RPM Perangkat Lunak Sistem Elektronik_I Made WiryawanDiskusi Publik RPM Perangkat Lunak Sistem Elektronik_I Made Wiryawan
Diskusi Publik RPM Perangkat Lunak Sistem Elektronik_I Made Wiryawan
Directorate of Information Security | Ditjen Aptika
 
Diskusi Publik RPM Perangkat Lunak Sistem Elektronik_Junior Lazuardi
Diskusi Publik RPM Perangkat Lunak Sistem Elektronik_Junior LazuardiDiskusi Publik RPM Perangkat Lunak Sistem Elektronik_Junior Lazuardi
Diskusi Publik RPM Perangkat Lunak Sistem Elektronik_Junior Lazuardi
Directorate of Information Security | Ditjen Aptika
 
Diskusi Publik RPM Perangkat Lunak Sistem Elektronik_DR Hasyim Gautama
Diskusi Publik RPM Perangkat Lunak Sistem Elektronik_DR Hasyim GautamaDiskusi Publik RPM Perangkat Lunak Sistem Elektronik_DR Hasyim Gautama
Diskusi Publik RPM Perangkat Lunak Sistem Elektronik_DR Hasyim Gautama
Directorate of Information Security | Ditjen Aptika
 
Teguh arifiyadi ls skse
Teguh arifiyadi ls skseTeguh arifiyadi ls skse
Konny sagala skema kelaikan se
Konny sagala skema kelaikan seKonny sagala skema kelaikan se
Intan rahayu tata cara sertifikasi kelaikan sistem elektronik
Intan rahayu tata cara sertifikasi kelaikan sistem elektronikIntan rahayu tata cara sertifikasi kelaikan sistem elektronik
Intan rahayu tata cara sertifikasi kelaikan sistem elektronik
Directorate of Information Security | Ditjen Aptika
 
Uji Publik RPM SMPI Fetri Miftah
Uji Publik RPM SMPI  Fetri MiftahUji Publik RPM SMPI  Fetri Miftah
Uji Publik RPM SMPI Fetri Miftah
Directorate of Information Security | Ditjen Aptika
 
RPM SMPI 20150805 Hasim Gautama
RPM SMPI 20150805 Hasim GautamaRPM SMPI 20150805 Hasim Gautama
SNI ISO 27001 Anwar Siregar
SNI ISO 27001 Anwar SiregarSNI ISO 27001 Anwar Siregar
Pengamanan Jaringan dengan Honeynet-Charles Lim
Pengamanan Jaringan dengan Honeynet-Charles LimPengamanan Jaringan dengan Honeynet-Charles Lim
Pengamanan Jaringan dengan Honeynet-Charles Lim
Directorate of Information Security | Ditjen Aptika
 

More from Directorate of Information Security | Ditjen Aptika (20)

Sosialisasi Keamanan Informasi_Sektor Kesehatan
Sosialisasi Keamanan Informasi_Sektor KesehatanSosialisasi Keamanan Informasi_Sektor Kesehatan
Sosialisasi Keamanan Informasi_Sektor Kesehatan
 
Sosialisasi Keamanan Informasi_Penyelenggaraan Telekomunikasi
Sosialisasi Keamanan Informasi_Penyelenggaraan TelekomunikasiSosialisasi Keamanan Informasi_Penyelenggaraan Telekomunikasi
Sosialisasi Keamanan Informasi_Penyelenggaraan Telekomunikasi
 
Sosialisasi Keamanan Informasi_Sektor Tranportasi
Sosialisasi Keamanan Informasi_Sektor TranportasiSosialisasi Keamanan Informasi_Sektor Tranportasi
Sosialisasi Keamanan Informasi_Sektor Tranportasi
 
Sosialisasi Keamanan Informasi_Bidang Perhubungan Udara
Sosialisasi Keamanan Informasi_Bidang Perhubungan UdaraSosialisasi Keamanan Informasi_Bidang Perhubungan Udara
Sosialisasi Keamanan Informasi_Bidang Perhubungan Udara
 
Sosialisasi Keamanan Informasi_Bidang Mineral dan Batubara
Sosialisasi Keamanan Informasi_Bidang Mineral dan BatubaraSosialisasi Keamanan Informasi_Bidang Mineral dan Batubara
Sosialisasi Keamanan Informasi_Bidang Mineral dan Batubara
 
Sosialisasi Keamanan Informasi_Bidang Ketenagalistrikan
Sosialisasi Keamanan Informasi_Bidang KetenagalistrikanSosialisasi Keamanan Informasi_Bidang Ketenagalistrikan
Sosialisasi Keamanan Informasi_Bidang Ketenagalistrikan
 
Sosialisasi Keamanan Informasi_Bidang Energi Baru, Terbarukan dan Konservasi ...
Sosialisasi Keamanan Informasi_Bidang Energi Baru, Terbarukan dan Konservasi ...Sosialisasi Keamanan Informasi_Bidang Energi Baru, Terbarukan dan Konservasi ...
Sosialisasi Keamanan Informasi_Bidang Energi Baru, Terbarukan dan Konservasi ...
 
Fetri Miftach_Uji publik rpm tata kelola
Fetri Miftach_Uji publik rpm tata kelolaFetri Miftach_Uji publik rpm tata kelola
Fetri Miftach_Uji publik rpm tata kelola
 
Hasyim Gautama_Tata kelola tik 20151118
Hasyim Gautama_Tata kelola tik 20151118Hasyim Gautama_Tata kelola tik 20151118
Hasyim Gautama_Tata kelola tik 20151118
 
Standar rujukan keamanan informasi sub sektor perangkat telekomunikasi
Standar rujukan keamanan informasi sub sektor perangkat telekomunikasiStandar rujukan keamanan informasi sub sektor perangkat telekomunikasi
Standar rujukan keamanan informasi sub sektor perangkat telekomunikasi
 
Diskusi Publik RPM Perangkat Lunak Sistem Elektronik_I Made Wiryawan
Diskusi Publik RPM Perangkat Lunak Sistem Elektronik_I Made WiryawanDiskusi Publik RPM Perangkat Lunak Sistem Elektronik_I Made Wiryawan
Diskusi Publik RPM Perangkat Lunak Sistem Elektronik_I Made Wiryawan
 
Diskusi Publik RPM Perangkat Lunak Sistem Elektronik_Junior Lazuardi
Diskusi Publik RPM Perangkat Lunak Sistem Elektronik_Junior LazuardiDiskusi Publik RPM Perangkat Lunak Sistem Elektronik_Junior Lazuardi
Diskusi Publik RPM Perangkat Lunak Sistem Elektronik_Junior Lazuardi
 
Diskusi Publik RPM Perangkat Lunak Sistem Elektronik_DR Hasyim Gautama
Diskusi Publik RPM Perangkat Lunak Sistem Elektronik_DR Hasyim GautamaDiskusi Publik RPM Perangkat Lunak Sistem Elektronik_DR Hasyim Gautama
Diskusi Publik RPM Perangkat Lunak Sistem Elektronik_DR Hasyim Gautama
 
Teguh arifiyadi ls skse
Teguh arifiyadi ls skseTeguh arifiyadi ls skse
Teguh arifiyadi ls skse
 
Konny sagala skema kelaikan se
Konny sagala skema kelaikan seKonny sagala skema kelaikan se
Konny sagala skema kelaikan se
 
Intan rahayu tata cara sertifikasi kelaikan sistem elektronik
Intan rahayu tata cara sertifikasi kelaikan sistem elektronikIntan rahayu tata cara sertifikasi kelaikan sistem elektronik
Intan rahayu tata cara sertifikasi kelaikan sistem elektronik
 
Uji Publik RPM SMPI Fetri Miftah
Uji Publik RPM SMPI  Fetri MiftahUji Publik RPM SMPI  Fetri Miftah
Uji Publik RPM SMPI Fetri Miftah
 
RPM SMPI 20150805 Hasim Gautama
RPM SMPI 20150805 Hasim GautamaRPM SMPI 20150805 Hasim Gautama
RPM SMPI 20150805 Hasim Gautama
 
SNI ISO 27001 Anwar Siregar
SNI ISO 27001 Anwar SiregarSNI ISO 27001 Anwar Siregar
SNI ISO 27001 Anwar Siregar
 
Pengamanan Jaringan dengan Honeynet-Charles Lim
Pengamanan Jaringan dengan Honeynet-Charles LimPengamanan Jaringan dengan Honeynet-Charles Lim
Pengamanan Jaringan dengan Honeynet-Charles Lim
 

Recently uploaded

Competition and Regulation in Professions and Occupations – OECD – June 2024 ...
Competition and Regulation in Professions and Occupations – OECD – June 2024 ...Competition and Regulation in Professions and Occupations – OECD – June 2024 ...
Competition and Regulation in Professions and Occupations – OECD – June 2024 ...
OECD Directorate for Financial and Enterprise Affairs
 
The Intersection between Competition and Data Privacy – CAPEL – June 2024 OEC...
The Intersection between Competition and Data Privacy – CAPEL – June 2024 OEC...The Intersection between Competition and Data Privacy – CAPEL – June 2024 OEC...
The Intersection between Competition and Data Privacy – CAPEL – June 2024 OEC...
OECD Directorate for Financial and Enterprise Affairs
 
Proposal: The Ark Project and The BEEP Inc
Proposal: The Ark Project and The BEEP IncProposal: The Ark Project and The BEEP Inc
Proposal: The Ark Project and The BEEP Inc
Raheem Muhammad
 
The Intersection between Competition and Data Privacy – OECD – June 2024 OECD...
The Intersection between Competition and Data Privacy – OECD – June 2024 OECD...The Intersection between Competition and Data Privacy – OECD – June 2024 OECD...
The Intersection between Competition and Data Privacy – OECD – June 2024 OECD...
OECD Directorate for Financial and Enterprise Affairs
 
Disaster Management project for holidays homework and other uses
Disaster Management project for holidays homework and other usesDisaster Management project for holidays homework and other uses
Disaster Management project for holidays homework and other uses
RIDHIMAGARG21
 
怎么办理(lincoln学位证书)英国林肯大学毕业证文凭学位证书原版一模一样
怎么办理(lincoln学位证书)英国林肯大学毕业证文凭学位证书原版一模一样怎么办理(lincoln学位证书)英国林肯大学毕业证文凭学位证书原版一模一样
怎么办理(lincoln学位证书)英国林肯大学毕业证文凭学位证书原版一模一样
kekzed
 
Artificial Intelligence, Data and Competition – ČORBA – June 2024 OECD discus...
Artificial Intelligence, Data and Competition – ČORBA – June 2024 OECD discus...Artificial Intelligence, Data and Competition – ČORBA – June 2024 OECD discus...
Artificial Intelligence, Data and Competition – ČORBA – June 2024 OECD discus...
OECD Directorate for Financial and Enterprise Affairs
 
BRIC_2024_2024-06-06-11:30-haunschild_archival_version.pdf
BRIC_2024_2024-06-06-11:30-haunschild_archival_version.pdfBRIC_2024_2024-06-06-11:30-haunschild_archival_version.pdf
BRIC_2024_2024-06-06-11:30-haunschild_archival_version.pdf
Robin Haunschild
 
Using-Presentation-Software-to-the-Fullf.pptx
Using-Presentation-Software-to-the-Fullf.pptxUsing-Presentation-Software-to-the-Fullf.pptx
Using-Presentation-Software-to-the-Fullf.pptx
kainatfatyma9
 
Artificial Intelligence, Data and Competition – OECD – June 2024 OECD discussion
Artificial Intelligence, Data and Competition – OECD – June 2024 OECD discussionArtificial Intelligence, Data and Competition – OECD – June 2024 OECD discussion
Artificial Intelligence, Data and Competition – OECD – June 2024 OECD discussion
OECD Directorate for Financial and Enterprise Affairs
 
Why Psychological Safety Matters for Software Teams - ACE 2024 - Ben Linders.pdf
Why Psychological Safety Matters for Software Teams - ACE 2024 - Ben Linders.pdfWhy Psychological Safety Matters for Software Teams - ACE 2024 - Ben Linders.pdf
Why Psychological Safety Matters for Software Teams - ACE 2024 - Ben Linders.pdf
Ben Linders
 
nationalismineurope-230420140400-1c53f60e.pptx
nationalismineurope-230420140400-1c53f60e.pptxnationalismineurope-230420140400-1c53f60e.pptx
nationalismineurope-230420140400-1c53f60e.pptx
silki0908
 
The Intersection between Competition and Data Privacy – KEMP – June 2024 OECD...
The Intersection between Competition and Data Privacy – KEMP – June 2024 OECD...The Intersection between Competition and Data Privacy – KEMP – June 2024 OECD...
The Intersection between Competition and Data Privacy – KEMP – June 2024 OECD...
OECD Directorate for Financial and Enterprise Affairs
 
Competition and Regulation in Professions and Occupations – ROBSON – June 202...
Competition and Regulation in Professions and Occupations – ROBSON – June 202...Competition and Regulation in Professions and Occupations – ROBSON – June 202...
Competition and Regulation in Professions and Occupations – ROBSON – June 202...
OECD Directorate for Financial and Enterprise Affairs
 
Artificial Intelligence, Data and Competition – LIM – June 2024 OECD discussion
Artificial Intelligence, Data and Competition – LIM – June 2024 OECD discussionArtificial Intelligence, Data and Competition – LIM – June 2024 OECD discussion
Artificial Intelligence, Data and Competition – LIM – June 2024 OECD discussion
OECD Directorate for Financial and Enterprise Affairs
 
ServiceNow CIS-ITSM Exam Dumps & Questions [2024]
ServiceNow CIS-ITSM Exam Dumps & Questions [2024]ServiceNow CIS-ITSM Exam Dumps & Questions [2024]
ServiceNow CIS-ITSM Exam Dumps & Questions [2024]
SkillCertProExams
 
Pro-competitive Industrial Policy – LANE – June 2024 OECD discussion
Pro-competitive Industrial Policy – LANE – June 2024 OECD discussionPro-competitive Industrial Policy – LANE – June 2024 OECD discussion
Pro-competitive Industrial Policy – LANE – June 2024 OECD discussion
OECD Directorate for Financial and Enterprise Affairs
 
XP 2024 presentation: A New Look to Leadership
XP 2024 presentation: A New Look to LeadershipXP 2024 presentation: A New Look to Leadership
XP 2024 presentation: A New Look to Leadership
samililja
 
IEEE CIS Webinar Sustainable futures.pdf
IEEE CIS Webinar Sustainable futures.pdfIEEE CIS Webinar Sustainable futures.pdf
IEEE CIS Webinar Sustainable futures.pdf
Claudio Gallicchio
 
Artificial Intelligence, Data and Competition – SCHREPEL – June 2024 OECD dis...
Artificial Intelligence, Data and Competition – SCHREPEL – June 2024 OECD dis...Artificial Intelligence, Data and Competition – SCHREPEL – June 2024 OECD dis...
Artificial Intelligence, Data and Competition – SCHREPEL – June 2024 OECD dis...
OECD Directorate for Financial and Enterprise Affairs
 

Recently uploaded (20)

Competition and Regulation in Professions and Occupations – OECD – June 2024 ...
Competition and Regulation in Professions and Occupations – OECD – June 2024 ...Competition and Regulation in Professions and Occupations – OECD – June 2024 ...
Competition and Regulation in Professions and Occupations – OECD – June 2024 ...
 
The Intersection between Competition and Data Privacy – CAPEL – June 2024 OEC...
The Intersection between Competition and Data Privacy – CAPEL – June 2024 OEC...The Intersection between Competition and Data Privacy – CAPEL – June 2024 OEC...
The Intersection between Competition and Data Privacy – CAPEL – June 2024 OEC...
 
Proposal: The Ark Project and The BEEP Inc
Proposal: The Ark Project and The BEEP IncProposal: The Ark Project and The BEEP Inc
Proposal: The Ark Project and The BEEP Inc
 
The Intersection between Competition and Data Privacy – OECD – June 2024 OECD...
The Intersection between Competition and Data Privacy – OECD – June 2024 OECD...The Intersection between Competition and Data Privacy – OECD – June 2024 OECD...
The Intersection between Competition and Data Privacy – OECD – June 2024 OECD...
 
Disaster Management project for holidays homework and other uses
Disaster Management project for holidays homework and other usesDisaster Management project for holidays homework and other uses
Disaster Management project for holidays homework and other uses
 
怎么办理(lincoln学位证书)英国林肯大学毕业证文凭学位证书原版一模一样
怎么办理(lincoln学位证书)英国林肯大学毕业证文凭学位证书原版一模一样怎么办理(lincoln学位证书)英国林肯大学毕业证文凭学位证书原版一模一样
怎么办理(lincoln学位证书)英国林肯大学毕业证文凭学位证书原版一模一样
 
Artificial Intelligence, Data and Competition – ČORBA – June 2024 OECD discus...
Artificial Intelligence, Data and Competition – ČORBA – June 2024 OECD discus...Artificial Intelligence, Data and Competition – ČORBA – June 2024 OECD discus...
Artificial Intelligence, Data and Competition – ČORBA – June 2024 OECD discus...
 
BRIC_2024_2024-06-06-11:30-haunschild_archival_version.pdf
BRIC_2024_2024-06-06-11:30-haunschild_archival_version.pdfBRIC_2024_2024-06-06-11:30-haunschild_archival_version.pdf
BRIC_2024_2024-06-06-11:30-haunschild_archival_version.pdf
 
Using-Presentation-Software-to-the-Fullf.pptx
Using-Presentation-Software-to-the-Fullf.pptxUsing-Presentation-Software-to-the-Fullf.pptx
Using-Presentation-Software-to-the-Fullf.pptx
 
Artificial Intelligence, Data and Competition – OECD – June 2024 OECD discussion
Artificial Intelligence, Data and Competition – OECD – June 2024 OECD discussionArtificial Intelligence, Data and Competition – OECD – June 2024 OECD discussion
Artificial Intelligence, Data and Competition – OECD – June 2024 OECD discussion
 
Why Psychological Safety Matters for Software Teams - ACE 2024 - Ben Linders.pdf
Why Psychological Safety Matters for Software Teams - ACE 2024 - Ben Linders.pdfWhy Psychological Safety Matters for Software Teams - ACE 2024 - Ben Linders.pdf
Why Psychological Safety Matters for Software Teams - ACE 2024 - Ben Linders.pdf
 
nationalismineurope-230420140400-1c53f60e.pptx
nationalismineurope-230420140400-1c53f60e.pptxnationalismineurope-230420140400-1c53f60e.pptx
nationalismineurope-230420140400-1c53f60e.pptx
 
The Intersection between Competition and Data Privacy – KEMP – June 2024 OECD...
The Intersection between Competition and Data Privacy – KEMP – June 2024 OECD...The Intersection between Competition and Data Privacy – KEMP – June 2024 OECD...
The Intersection between Competition and Data Privacy – KEMP – June 2024 OECD...
 
Competition and Regulation in Professions and Occupations – ROBSON – June 202...
Competition and Regulation in Professions and Occupations – ROBSON – June 202...Competition and Regulation in Professions and Occupations – ROBSON – June 202...
Competition and Regulation in Professions and Occupations – ROBSON – June 202...
 
Artificial Intelligence, Data and Competition – LIM – June 2024 OECD discussion
Artificial Intelligence, Data and Competition – LIM – June 2024 OECD discussionArtificial Intelligence, Data and Competition – LIM – June 2024 OECD discussion
Artificial Intelligence, Data and Competition – LIM – June 2024 OECD discussion
 
ServiceNow CIS-ITSM Exam Dumps & Questions [2024]
ServiceNow CIS-ITSM Exam Dumps & Questions [2024]ServiceNow CIS-ITSM Exam Dumps & Questions [2024]
ServiceNow CIS-ITSM Exam Dumps & Questions [2024]
 
Pro-competitive Industrial Policy – LANE – June 2024 OECD discussion
Pro-competitive Industrial Policy – LANE – June 2024 OECD discussionPro-competitive Industrial Policy – LANE – June 2024 OECD discussion
Pro-competitive Industrial Policy – LANE – June 2024 OECD discussion
 
XP 2024 presentation: A New Look to Leadership
XP 2024 presentation: A New Look to LeadershipXP 2024 presentation: A New Look to Leadership
XP 2024 presentation: A New Look to Leadership
 
IEEE CIS Webinar Sustainable futures.pdf
IEEE CIS Webinar Sustainable futures.pdfIEEE CIS Webinar Sustainable futures.pdf
IEEE CIS Webinar Sustainable futures.pdf
 
Artificial Intelligence, Data and Competition – SCHREPEL – June 2024 OECD dis...
Artificial Intelligence, Data and Competition – SCHREPEL – June 2024 OECD dis...Artificial Intelligence, Data and Competition – SCHREPEL – June 2024 OECD dis...
Artificial Intelligence, Data and Competition – SCHREPEL – June 2024 OECD dis...
 

Infosec for web apps 2014_18november2014

  • 1. Keamanan informasi untuk aplikasi berbasis web Bogor, 18 November 2014
  • 2. Tentang Pembicara  Ivano Aviandi MSc  10+ tahun pengalaman IT security:  IBM Global security services  Unisys  PriceWaterhouse Coopers  Founder dan CEO dari Digital Security Global, PT  Enterprise IT Security Solutions  Cybertech Solusindo, CyberDefense Academy, Proctiv  Dosen MTI di Universitas Indonesia  Keamanan Informasi dan Manajemen Risiko
  • 3. Konsep Keamanan Informasi Informasi Kerahasiaan Integritas Ketersediaan
  • 4. Insiden Keamanan Informasi Lebih dari 40% dari insiden keamanan siber berawal dari kelemahan dari sisi aplikasi berbasis web
  • 5.
  • 6.
  • 8. Penting adanya acuan / referensi dalam pengamanan aplikasi berbasis web yang selalu ter-update
  • 9.
  • 10. OWASP bukan standard..namun adalah sebuah Referensi
  • 11. Keluaran OWASP adalah Top 10 kelemahan aplikasi berbasis web
  • 14. Firewall App Server Web Server Hardened OS Firewall Databases Legacy Systems Web Services Directories Human Resrcs Billing Custom Code APPLICATION ATTACK Network Layer Application Layer Accounts Finance Administration Transactions Communication Knowledge Mgmt E-Commerce Bus. Functions HTTP request  SQL query  DB Table   HTTP response   "SELECT * FROM Account Summary accounts WHERE acct=‘’ OR 1=1-- Account: Account: SKU: SKU: Acct:5424-6066-2134-4334 Acct:4128-7574-’" 3921-0192 Acct:5424-9383-2039-4029 Acct:4128-0004-1234-0293 1. Application presents a form to the attacker 2. Attacker sends an attack in the form data 3. Application forwards attack to the database in a SQL query 4. Database runs query containing attack and sends encrypted results back to application 5. Application decrypts data as normal and sends results to the user 14
  • 15. Recommendations • Avoid the interpreter entirely, or • Use an interface that supports bind variables (e.g., prepared statements, or stored procedures), • Bind variables allow the interpreter to distinguish between code and data • Encode all user input before passing it to the interpreter • Always perform ‘white list’ input validation on all user supplied input • Always minimize database privileges to reduce the impact of a flaw References •For more details, read the https://www.owasp.org/index.php/SQL_Injection_Prevention_Cheat_Sheet 15
  • 16. Bagaimana menggunakan OWASP?  Dokumen OWASP dapat di download di OWASP.ORG  Didalam dokumen OWASP terdapat:  Ancaman-ancaman terkini  Penilaian resiko  Penanganan terhadap ancaman  Kontributor
  • 17. OWASP berguna sebagai referensi dalam membuat aplikasi berbasi web yang aman
  • 18. 1st – Risks Assessment 2nd – Security Requirements 3rd - Security Testing 4th Continuous Monitoring & Review SDLC STAGES Design Construction S I T U A T Socialization Instal TSD PIR SECURITY CONSIDERATION Security requirements in Apps development stages OWASP requirements
  • 19. Pengguna OWASP  Web Apps Developers  Software Quality Assurance  Database administrator  Web administrator  IT security  Security Admin  Konsultan IT
  • 20. OWASP tidak mengenal pangsa pasar spesifik
  • 21. OWASP diadopsi pada..  Standard PCI – DSS  OSSTMM  ISSAF  OpenSAMM  Vulnerability scanners seperti:  Nessus  Qualys  Rapid7  dll