SlideShare a Scribd company logo

Introduction to Security Vulnerabilities

vodQA
vodQA

This document provides an introduction to security vulnerabilities. It defines key terms like vulnerability and exploit. It discusses the Open Web Application Security Project (OWASP) which focuses on improving software security and publishes the OWASP Top 10 list of most critical web application risks. The Top 10 from 2013 is presented, including Injection, Broken Authentication, Cross-Site Scripting, and others. Demo attacks are shown for Injection and Cross-Site Scripting. Tools for vulnerability scanning and security testing like ZAP are also mentioned.

1 of 43
Download to read offline
INTRODUCTION TO SECURITY VULNERABILITIES Shirish Padalkar VodQA, Hyderabad, December 2015 1
ABOUT ME 2
AGENDA ▫︎Some vocabulary ▫︎Introduction to OWASP ▫︎OWASP top 10 ▫︎Some demos ▫︎Tools ▫︎References 3
4 VOCABULARY
5 VULNERABILITY
Vulnerability refers to the inability of a system to withstand the effects of a hostile environment. 6
In computer security: A vulnerability is a weakness which allows an attacker to reduce a system's information assurance. 7
8 EXPLOIT
Exploit means to take advantage of something for one's own end, especially unethically or unjustifiably. 9
An exploit is a piece of software that takes advantage of a bug or vulnerability in order to cause unintended behaviour to occur on computer software or hardware 10
11
OWASP ▫︎Open Web Application Security Project ▫︎Not-for-profit charitable organisation ▫︎Focused on improving the security of software ▫︎All materials are available under a FOSS license ▫︎Currently has over 142 active projects 12
13 https://www.owasp.org
OWASP TOP 10 ▫︎List of the 10 most critical web application security risks ▫︎A powerful awareness document ▫︎Reference document for project security analysis ▫︎Published at regular intervals ▫︎Approximately once in 3 years ▫︎Last published in 2013 14
OWASP TOP 10, 2013 1. Injection 2. Broken authentication and session management 3. Cross site scripting (XSS) 4. Insecure direct object references 5. Security misconfiguration 6. Sensitive data exposure 7. Missing function level access control 8. Cross site request forgery (CSRF) 9. Using components with known vulnerability 10.Unvalidated redirects and forwards 15
OWASP TOP 10, 2013 1. Injection 2. Broken authentication and session management 3. Cross site scripting (XSS) 4. Insecure direct object references 5. Security misconfiguration 6. Sensitive data exposure 7. Missing function level access control 8. Cross site request forgery (CSRF) 9. Using components with known vulnerability 10.Unvalidated redirects and forwards 16
17 INJECTION
INJECTION ▫︎SQL Injection ▫︎Most prevalent ▫︎Databases like Oracle, MySQL ▫︎NoSQL Injection ▫︎Comparatively recent ▫︎Databases like MongoDB ▫︎Command Injection ▫︎LDAP Injection 18
19 DEMO
INJECTION 20
INJECTION 21
22 BROKEN AUTHENTICATION
BROKEN AUTHENTICATION ▫︎Session ID in URL or in the referrer header ▫︎PHPSESSID ▫︎JSESSIONID ▫︎Unencrypted passwords in storage or transit ▫︎Login over HTTP ▫︎Email password in plain text (BSNL?) ▫︎Predictable session IDs ▫︎Reusing same session IDs 23
24 CROSS SITE SCRIPTING
CROSS SITE SCRIPTING (XSS) ▫︎Inject client-side script into pages viewed by other users ▫︎No HTML or Javascript escaping ▫︎Can steal cookies, change page location, etc. ▫︎Script executes with same permission as current page 25
XSS TYPES ▫︎Reflected ▫︎Non-persistent ▫︎The most common type ▫︎Is typically delivered via email or a neutral web site ▫︎Display a page of results for a user, without properly sanitising the request. ▫︎Ex. Search result with search term without sanitisation 26
XSS TYPES ▫︎Stored ▫︎Persistent ▫︎A more devastating variant ▫︎Permanently displayed on "normal" pages returned to other users ▫︎Example: Online message boards / Forums, Post on Facebook wall 27
28 DEMO
CROSS SITE SCRIPTING (XSS) 29
CROSS SITE SCRIPTING (XSS) 30
31 INSECURE DIRECT OBJECT REFERENCES
INSECURE DIRECT OBJECT REFERENCES ▫︎Actual name or key of an object when generating web pages ▫︎Don’t verify the user is authorised for the target object ▫︎Attackers can easily manipulate parameter values to access another object ▫︎http://photos.com/download.php?file=personal.jpg ▫︎http://mybank.com/accountInfo?accNumber=123456 32
33 SECURITY MISCONFIGURATION
SECURITY MISCONFIGURATION ▫︎Running the application with debug enabled in production. ▫︎Directory listing enabled on the server ▫︎Running outdated software ▫︎Unnecessary services running on the machine ▫︎Not changing default keys and passwords ▫︎Revealing error handling information to the attackers, such as stack traces. 34
OWASP TOP 10, 2013 1. Injection 2. Broken authentication and session management 3. Cross site scripting (XSS) 4. Insecure direct object references 5. Security misconfiguration 6. Sensitive data exposure 7. Missing function level access control 8. Cross site request forgery (CSRF) 9. Using components with known vulnerability 10.Unvalidated redirects and forwards 35
TOOLS 36
VULNERABILITY SCANNING 37
SECURITY TESTING - ZAP 38
SECURITY TESTING - ZAP 39 https://blog.codecentric.de/files/2013/10/zap-screenshot.png
CONTINUOUS SECURITY TESTING 40
ANY QUESTIONS? 41 @_Garbage_ shirishp@thoughtworks.com
RESOURCES ▫︎https://www.owasp.org/index.php ▫︎https://www.owasp.org/index.php/ OWASP_Zed_Attack_Proxy_Project ▫︎https://en.wikipedia.org/wiki/Cross-site_scripting ▫︎http://www.toptal.com/security/10-most-common-web- security-vulnerabilities 42
ThoughtWorks is hiring. http://www.thoughtworks.com/join THANK YOU!

Recommended

Security Vulnerabilities
Security VulnerabilitiesSecurity Vulnerabilities
Security Vulnerabilities
Marius Vorster
 
Database security
Database securityDatabase security
Database security
MaryamAsghar9
 
Database security
Database securityDatabase security
Database security
afzaalkhalid1
 
Malware ppt final.pptx
Malware ppt final.pptxMalware ppt final.pptx
Malware ppt final.pptx
LakshayNRReddy
 
Web Application Security and Awareness
Web Application Security and AwarenessWeb Application Security and Awareness
Web Application Security and Awareness
Abdul Rahman Sherzad
 
Malicious software
Malicious softwareMalicious software
Malicious software
CAS
 
Overview of Vulnerability Scanning.pptx
Overview of Vulnerability Scanning.pptxOverview of Vulnerability Scanning.pptx
Overview of Vulnerability Scanning.pptx
AjayKumar73315
 
Vulnerabilities in modern web applications
Vulnerabilities in modern web applicationsVulnerabilities in modern web applications
Vulnerabilities in modern web applications
Niyas Nazar
 

Recommended

Security Vulnerabilities
Security VulnerabilitiesSecurity Vulnerabilities
Security Vulnerabilities
Marius Vorster
 
Database security
Database securityDatabase security
Database security
MaryamAsghar9
 
Database security
Database securityDatabase security
Database security
afzaalkhalid1
 
Malware ppt final.pptx
Malware ppt final.pptxMalware ppt final.pptx
Malware ppt final.pptx
LakshayNRReddy
 
Web Application Security and Awareness
Web Application Security and AwarenessWeb Application Security and Awareness
Web Application Security and Awareness
Abdul Rahman Sherzad
 
Malicious software
Malicious softwareMalicious software
Malicious software
CAS
 
Overview of Vulnerability Scanning.pptx
Overview of Vulnerability Scanning.pptxOverview of Vulnerability Scanning.pptx
Overview of Vulnerability Scanning.pptx
AjayKumar73315
 
Vulnerabilities in modern web applications
Vulnerabilities in modern web applicationsVulnerabilities in modern web applications
Vulnerabilities in modern web applications
Niyas Nazar
 
Network security
Network securityNetwork security
Network security
Estiak Khan
 
What is keylogger
What is keyloggerWhat is keylogger
What is keylogger
hilarypark97
 
Web application security
Web application securityWeb application security
Web application security
Kapil Sharma
 
Sql injection - security testing
Sql injection - security testingSql injection - security testing
Sql injection - security testing
Napendra Singh
 
Password Attack
Password Attack Password Attack
Password Attack
Sina Manavi
 
Buffer overflow attacks
Buffer overflow attacksBuffer overflow attacks
Buffer overflow attacks
Joe McCarthy
 
SQL INJECTION
SQL INJECTIONSQL INJECTION
SQL INJECTION
Anoop T
 
Database security
Database securityDatabase security
Database security
Arpana shree
 
Web application attacks
Web application attacksWeb application attacks
Web application attacks
hruth
 
Database Security & Encryption
Database Security & EncryptionDatabase Security & Encryption
Database Security & Encryption
Tech Sanhita
 
Detection and prevention of keylogger spyware attacks
Detection and prevention of keylogger spyware attacksDetection and prevention of keylogger spyware attacks
Detection and prevention of keylogger spyware attacks
IAEME Publication
 
Introduction to Malware
Introduction to MalwareIntroduction to Malware
Introduction to Malware
amiable_indian
 
Brute force attack
Brute force attackBrute force attack
Brute force attackjoycruiser
 
DoS or DDoS attack
DoS or DDoS attackDoS or DDoS attack
DoS or DDoS attackstollen_fusion
 
Android Hacking
Android HackingAndroid Hacking
Android Hacking
antitree
 
Network security
Network securityNetwork security
Network security
mena kaheel
 
Error,Failure and Risk
Error,Failure and RiskError,Failure and Risk
Error,Failure and Risk
Nazrul Islam
 
Image Steganography Project Report
Image Steganography Project ReportImage Steganography Project Report
Image Steganography Project Report
VijayMaheshwari12
 
Keyloggers.ppt
Keyloggers.pptKeyloggers.ppt
Keyloggers.ppt
Chetanmalviya8
 
Password Cracking
Password CrackingPassword Cracking
Password Cracking
Hajer alriyami
 
Network security policies
Network security policiesNetwork security policies
Network security policiesUsman Mukhtar
 
Classification of vulnerabilities
Classification of vulnerabilitiesClassification of vulnerabilities
Classification of vulnerabilities
Mayur Mehta
 

More Related Content

What's hot

Network security
Network securityNetwork security
Network security
Estiak Khan
 
What is keylogger
What is keyloggerWhat is keylogger
What is keylogger
hilarypark97
 
Web application security
Web application securityWeb application security
Web application security
Kapil Sharma
 
Sql injection - security testing
Sql injection - security testingSql injection - security testing
Sql injection - security testing
Napendra Singh
 
Password Attack
Password Attack Password Attack
Password Attack
Sina Manavi
 
Buffer overflow attacks
Buffer overflow attacksBuffer overflow attacks
Buffer overflow attacks
Joe McCarthy
 
SQL INJECTION
SQL INJECTIONSQL INJECTION
SQL INJECTION
Anoop T
 
Database security
Database securityDatabase security
Database security
Arpana shree
 
Web application attacks
Web application attacksWeb application attacks
Web application attacks
hruth
 
Database Security & Encryption
Database Security & EncryptionDatabase Security & Encryption
Database Security & Encryption
Tech Sanhita
 
Detection and prevention of keylogger spyware attacks
Detection and prevention of keylogger spyware attacksDetection and prevention of keylogger spyware attacks
Detection and prevention of keylogger spyware attacks
IAEME Publication
 
Introduction to Malware
Introduction to MalwareIntroduction to Malware
Introduction to Malware
amiable_indian
 
Brute force attack
Brute force attackBrute force attack
Brute force attackjoycruiser
 
Android Hacking
Android HackingAndroid Hacking
Android Hacking
antitree
 
Network security
Network securityNetwork security
Network security
mena kaheel
 
Error,Failure and Risk
Error,Failure and RiskError,Failure and Risk
Error,Failure and Risk
Nazrul Islam
 
Image Steganography Project Report
Image Steganography Project ReportImage Steganography Project Report
Image Steganography Project Report
VijayMaheshwari12
 
Keyloggers.ppt
Keyloggers.pptKeyloggers.ppt
Keyloggers.ppt
Chetanmalviya8
 
Password Cracking
Password CrackingPassword Cracking
Password Cracking
Hajer alriyami
 

What's hot (20)

Network security
Network securityNetwork security
Network security
 
What is keylogger
What is keyloggerWhat is keylogger
What is keylogger
 
Web application security
Web application securityWeb application security
Web application security
 
Sql injection - security testing
Sql injection - security testingSql injection - security testing
Sql injection - security testing
 
Password Attack
Password Attack Password Attack
Password Attack
 
Buffer overflow attacks
Buffer overflow attacksBuffer overflow attacks
Buffer overflow attacks
 
SQL INJECTION
SQL INJECTIONSQL INJECTION
SQL INJECTION
 
Database security
Database securityDatabase security
Database security
 
Web application attacks
Web application attacksWeb application attacks
Web application attacks
 
Database Security & Encryption
Database Security & EncryptionDatabase Security & Encryption
Database Security & Encryption
 
Detection and prevention of keylogger spyware attacks
Detection and prevention of keylogger spyware attacksDetection and prevention of keylogger spyware attacks
Detection and prevention of keylogger spyware attacks
 
Introduction to Malware
Introduction to MalwareIntroduction to Malware
Introduction to Malware
 
Brute force attack
Brute force attackBrute force attack
Brute force attack
 
DoS or DDoS attack
DoS or DDoS attackDoS or DDoS attack
DoS or DDoS attack
 
Android Hacking
Android HackingAndroid Hacking
Android Hacking
 
Network security
Network securityNetwork security
Network security
 
Error,Failure and Risk
Error,Failure and RiskError,Failure and Risk
Error,Failure and Risk
 
Image Steganography Project Report
Image Steganography Project ReportImage Steganography Project Report
Image Steganography Project Report
 
Keyloggers.ppt
Keyloggers.pptKeyloggers.ppt
Keyloggers.ppt
 
Password Cracking
Password CrackingPassword Cracking
Password Cracking
 

Viewers also liked

Network security policies
Network security policiesNetwork security policies
Network security policiesUsman Mukhtar
 
Classification of vulnerabilities
Classification of vulnerabilitiesClassification of vulnerabilities
Classification of vulnerabilities
Mayur Mehta
 
Vulnerability Assessment Presentation
Vulnerability Assessment PresentationVulnerability Assessment Presentation
Vulnerability Assessment Presentation
Lionel Medina
 
Security threats
Security threatsSecurity threats
Security threats
Qamar Farooq
 
Power point 5 media
Power point 5 mediaPower point 5 media
Power point 5 mediajackthompson
 
Cpp 0x kimRyungee
Cpp 0x kimRyungeeCpp 0x kimRyungee
Cpp 0x kimRyungeescor7910
 
김태윤 LTI 프로젝트
김태윤 LTI 프로젝트김태윤 LTI 프로젝트
김태윤 LTI 프로젝트
주완 김
 
Barack obama na półmetku prezydentury
Barack obama na półmetku prezydenturyBarack obama na półmetku prezydentury
Barack obama na półmetku prezydenturysknsz
 
S'15 salidos barcelona
S'15 salidos barcelonaS'15 salidos barcelona
S'15 salidos barcelonaAnam
 
äänenhuoltoa oppaille
äänenhuoltoa oppailleäänenhuoltoa oppaille
äänenhuoltoa oppailleHeidi Jakkula
 
Power point 3 media
Power point 3 mediaPower point 3 media
Power point 3 mediajackthompson
 
Common assesment
Common assesmentCommon assesment
Common assesmentSooyeon79
 
Seminarium prawa dla ludzi reguły dla biznesu
Seminarium prawa dla ludzi reguły dla biznesuSeminarium prawa dla ludzi reguły dla biznesu
Seminarium prawa dla ludzi reguły dla biznesusknsz
 
Web norte
Web norteWeb norte
Web norteAnam
 
Llista provisional d'inscrits vn'12
Llista provisional d'inscrits vn'12Llista provisional d'inscrits vn'12
Llista provisional d'inscrits vn'12Anam
 
Tom palmer
Tom palmerTom palmer
Tom palmersknsz
 

Viewers also liked (20)

Network security policies
Network security policiesNetwork security policies
Network security policies
 
Classification of vulnerabilities
Classification of vulnerabilitiesClassification of vulnerabilities
Classification of vulnerabilities
 
Vulnerability Assessment Presentation
Vulnerability Assessment PresentationVulnerability Assessment Presentation
Vulnerability Assessment Presentation
 
Security threats
Security threatsSecurity threats
Security threats
 
Power point 5 media
Power point 5 mediaPower point 5 media
Power point 5 media
 
Revista computer hoy sept 2013
Revista computer hoy sept 2013Revista computer hoy sept 2013
Revista computer hoy sept 2013
 
Proxy Squid amb Debian Squeeze
Proxy Squid amb Debian SqueezeProxy Squid amb Debian Squeeze
Proxy Squid amb Debian Squeeze
 
Cpp 0x kimRyungee
Cpp 0x kimRyungeeCpp 0x kimRyungee
Cpp 0x kimRyungee
 
김태윤 LTI 프로젝트
김태윤 LTI 프로젝트김태윤 LTI 프로젝트
김태윤 LTI 프로젝트
 
Barack obama na półmetku prezydentury
Barack obama na półmetku prezydenturyBarack obama na półmetku prezydentury
Barack obama na półmetku prezydentury
 
S'15 salidos barcelona
S'15 salidos barcelonaS'15 salidos barcelona
S'15 salidos barcelona
 
äänenhuoltoa oppaille
äänenhuoltoa oppailleäänenhuoltoa oppaille
äänenhuoltoa oppaille
 
Power point 3 media
Power point 3 mediaPower point 3 media
Power point 3 media
 
Edge 2 Architecture
Edge 2 ArchitectureEdge 2 Architecture
Edge 2 Architecture
 
Presentation3
Presentation3Presentation3
Presentation3
 
Common assesment
Common assesmentCommon assesment
Common assesment
 
Seminarium prawa dla ludzi reguły dla biznesu
Seminarium prawa dla ludzi reguły dla biznesuSeminarium prawa dla ludzi reguły dla biznesu
Seminarium prawa dla ludzi reguły dla biznesu
 
Web norte
Web norteWeb norte
Web norte
 
Llista provisional d'inscrits vn'12
Llista provisional d'inscrits vn'12Llista provisional d'inscrits vn'12
Llista provisional d'inscrits vn'12
 
Tom palmer
Tom palmerTom palmer
Tom palmer
 

Similar to Introduction to Security Vulnerabilities

Owasp top 10 2013
Owasp top 10 2013Owasp top 10 2013
Owasp top 10 2013
Edouard de Lansalut
 
Presentation on Top 10 Vulnerabilities in Web Application
Presentation on Top 10 Vulnerabilities in Web ApplicationPresentation on Top 10 Vulnerabilities in Web Application
Presentation on Top 10 Vulnerabilities in Web Application
Md Mahfuzur Rahman
 
Oh, WASP! Security Essentials for Web Apps
Oh, WASP! Security Essentials for Web AppsOh, WASP! Security Essentials for Web Apps
Oh, WASP! Security Essentials for Web Apps
TechWell
 
Why WordPress Works
Why WordPress WorksWhy WordPress Works
Why WordPress Works
bekee
 
Digital Forensics and Incident Response in The Cloud
Digital Forensics and Incident Response in The CloudDigital Forensics and Incident Response in The Cloud
Digital Forensics and Incident Response in The Cloud
Velocidex Enterprises
 
Modern Security with OAuth 2.0 and JWT and Spring by Dmitry Buzdin
Modern Security with OAuth 2.0 and JWT and Spring by Dmitry BuzdinModern Security with OAuth 2.0 and JWT and Spring by Dmitry Buzdin
Modern Security with OAuth 2.0 and JWT and Spring by Dmitry Buzdin
Java User Group Latvia
 
Ghost in the Browser: Broad-Scale Espionage with Bitsquatting
Ghost in the Browser: Broad-Scale Espionage with Bitsquatting Ghost in the Browser: Broad-Scale Espionage with Bitsquatting
Ghost in the Browser: Broad-Scale Espionage with Bitsquatting
Bishop Fox
 
Bp101-Can Domino Be Hacked
Bp101-Can Domino Be HackedBp101-Can Domino Be Hacked
Bp101-Can Domino Be Hacked
Howard Greenberg
 
Problems with parameters b sides-msp
Problems with parameters b sides-mspProblems with parameters b sides-msp
Problems with parameters b sides-msp
Mike Saunders
 
Web Application Vulnerabilities
Web Application VulnerabilitiesWeb Application Vulnerabilities
Web Application Vulnerabilities
Preetish Panda
 
Reliable and fast security audits - The modern and offensive way-Mohan Gandhi
Reliable and fast security audits - The modern and offensive way-Mohan GandhiReliable and fast security audits - The modern and offensive way-Mohan Gandhi
Reliable and fast security audits - The modern and offensive way-Mohan Gandhibhumika2108
 
BlueHat v17 || “_____ Is Not a Security Boundary." Things I Have Learned and...
BlueHat v17 || “_____ Is Not a Security Boundary." Things I Have Learned and...BlueHat v17 || “_____ Is Not a Security Boundary." Things I Have Learned and...
BlueHat v17 || “_____ Is Not a Security Boundary." Things I Have Learned and...
BlueHat Security Conference
 
Securing sensitive data with Azure Key Vault
Securing sensitive data with Azure Key VaultSecuring sensitive data with Azure Key Vault
Securing sensitive data with Azure Key Vault
Tom Kerkhove
 
Web.dev - Web Privacy and Security Recipe
Web.dev - Web Privacy and Security RecipeWeb.dev - Web Privacy and Security Recipe
Web.dev - Web Privacy and Security Recipe
Mark Robin
 
Website hacking and prevention (All Tools,Topics & Technique )
Website hacking and prevention (All Tools,Topics & Technique )Website hacking and prevention (All Tools,Topics & Technique )
Website hacking and prevention (All Tools,Topics & Technique )
Jay Nagar
 
Cyber ppt
Cyber pptCyber ppt
Cyber ppt
karthik menon
 
Insecurity-In-Security version.1 (2010)
Insecurity-In-Security version.1 (2010)Insecurity-In-Security version.1 (2010)
Insecurity-In-Security version.1 (2010)
Abhishek Kumar
 
A security note for web developers
A security note for web developersA security note for web developers
A security note for web developers
John Ombagi
 
“_____ Is Not a Security Boundary: Things I Have Learned and Things That Have...
“_____ Is Not a Security Boundary: Things I Have Learned and Things That Have...“_____ Is Not a Security Boundary: Things I Have Learned and Things That Have...
“_____ Is Not a Security Boundary: Things I Have Learned and Things That Have...
enigma0x3
 
Android P Security Updates: What You Need to Know
Android P Security Updates: What You Need to KnowAndroid P Security Updates: What You Need to Know
Android P Security Updates: What You Need to Know
NowSecure
 

Similar to Introduction to Security Vulnerabilities (20)

Owasp top 10 2013
Owasp top 10 2013Owasp top 10 2013
Owasp top 10 2013
 
Presentation on Top 10 Vulnerabilities in Web Application
Presentation on Top 10 Vulnerabilities in Web ApplicationPresentation on Top 10 Vulnerabilities in Web Application
Presentation on Top 10 Vulnerabilities in Web Application
 
Oh, WASP! Security Essentials for Web Apps
Oh, WASP! Security Essentials for Web AppsOh, WASP! Security Essentials for Web Apps
Oh, WASP! Security Essentials for Web Apps
 
Why WordPress Works
Why WordPress WorksWhy WordPress Works
Why WordPress Works
 
Digital Forensics and Incident Response in The Cloud
Digital Forensics and Incident Response in The CloudDigital Forensics and Incident Response in The Cloud
Digital Forensics and Incident Response in The Cloud
 
Modern Security with OAuth 2.0 and JWT and Spring by Dmitry Buzdin
Modern Security with OAuth 2.0 and JWT and Spring by Dmitry BuzdinModern Security with OAuth 2.0 and JWT and Spring by Dmitry Buzdin
Modern Security with OAuth 2.0 and JWT and Spring by Dmitry Buzdin
 
Ghost in the Browser: Broad-Scale Espionage with Bitsquatting
Ghost in the Browser: Broad-Scale Espionage with Bitsquatting Ghost in the Browser: Broad-Scale Espionage with Bitsquatting
Ghost in the Browser: Broad-Scale Espionage with Bitsquatting
 
Bp101-Can Domino Be Hacked
Bp101-Can Domino Be HackedBp101-Can Domino Be Hacked
Bp101-Can Domino Be Hacked
 
Problems with parameters b sides-msp
Problems with parameters b sides-mspProblems with parameters b sides-msp
Problems with parameters b sides-msp
 
Web Application Vulnerabilities
Web Application VulnerabilitiesWeb Application Vulnerabilities
Web Application Vulnerabilities
 
Reliable and fast security audits - The modern and offensive way-Mohan Gandhi
Reliable and fast security audits - The modern and offensive way-Mohan GandhiReliable and fast security audits - The modern and offensive way-Mohan Gandhi
Reliable and fast security audits - The modern and offensive way-Mohan Gandhi
 
BlueHat v17 || “_____ Is Not a Security Boundary." Things I Have Learned and...
BlueHat v17 || “_____ Is Not a Security Boundary." Things I Have Learned and...BlueHat v17 || “_____ Is Not a Security Boundary." Things I Have Learned and...
BlueHat v17 || “_____ Is Not a Security Boundary." Things I Have Learned and...
 
Securing sensitive data with Azure Key Vault
Securing sensitive data with Azure Key VaultSecuring sensitive data with Azure Key Vault
Securing sensitive data with Azure Key Vault
 
Web.dev - Web Privacy and Security Recipe
Web.dev - Web Privacy and Security RecipeWeb.dev - Web Privacy and Security Recipe
Web.dev - Web Privacy and Security Recipe
 
Website hacking and prevention (All Tools,Topics & Technique )
Website hacking and prevention (All Tools,Topics & Technique )Website hacking and prevention (All Tools,Topics & Technique )
Website hacking and prevention (All Tools,Topics & Technique )
 
Cyber ppt
Cyber pptCyber ppt
Cyber ppt
 
Insecurity-In-Security version.1 (2010)
Insecurity-In-Security version.1 (2010)Insecurity-In-Security version.1 (2010)
Insecurity-In-Security version.1 (2010)
 
A security note for web developers
A security note for web developersA security note for web developers
A security note for web developers
 
“_____ Is Not a Security Boundary: Things I Have Learned and Things That Have...
“_____ Is Not a Security Boundary: Things I Have Learned and Things That Have...“_____ Is Not a Security Boundary: Things I Have Learned and Things That Have...
“_____ Is Not a Security Boundary: Things I Have Learned and Things That Have...
 
Android P Security Updates: What You Need to Know
Android P Security Updates: What You Need to KnowAndroid P Security Updates: What You Need to Know
Android P Security Updates: What You Need to Know
 

More from vodQA

Performance Testing
Performance TestingPerformance Testing
Performance Testing
vodQA
 
Testing Strategy in Micro Frontend architecture
Testing Strategy in Micro Frontend architectureTesting Strategy in Micro Frontend architecture
Testing Strategy in Micro Frontend architecture
vodQA
 
Api testing libraries using java script an overview
Api testing libraries using java script an overviewApi testing libraries using java script an overview
Api testing libraries using java script an overview
vodQA
 
Testing face authentication on mobile
Testing face authentication on mobileTesting face authentication on mobile
Testing face authentication on mobile
vodQA
 
Testing cna
Testing cnaTesting cna
Testing cna
vodQA
 
Etl engine testing with scala
Etl engine testing with scalaEtl engine testing with scala
Etl engine testing with scala
vodQA
 
EDA for QAs
EDA for QAsEDA for QAs
EDA for QAs
vodQA
 
vodQA Pune (2019) - Browser automation using dev tools
vodQA Pune (2019) - Browser automation using dev toolsvodQA Pune (2019) - Browser automation using dev tools
vodQA Pune (2019) - Browser automation using dev tools
vodQA
 
vodQA Pune (2019) - Augmented reality overview and testing challenges
vodQA Pune (2019) - Augmented reality overview and testing challengesvodQA Pune (2019) - Augmented reality overview and testing challenges
vodQA Pune (2019) - Augmented reality overview and testing challenges
vodQA
 
vodQA Pune (2019) - Testing AI,ML applications
vodQA Pune (2019) - Testing AI,ML applicationsvodQA Pune (2019) - Testing AI,ML applications
vodQA Pune (2019) - Testing AI,ML applications
vodQA
 
vodQA Pune (2019) - Design patterns in test automation
vodQA Pune (2019) - Design patterns in test automationvodQA Pune (2019) - Design patterns in test automation
vodQA Pune (2019) - Design patterns in test automation
vodQA
 
vodQA Pune (2019) - Testing ethereum smart contracts
vodQA Pune (2019) - Testing ethereum smart contractsvodQA Pune (2019) - Testing ethereum smart contracts
vodQA Pune (2019) - Testing ethereum smart contracts
vodQA
 
vodQA Pune (2019) - Insights into big data testing
vodQA Pune (2019) - Insights into big data testingvodQA Pune (2019) - Insights into big data testing
vodQA Pune (2019) - Insights into big data testing
vodQA
 
vodQA Pune (2019) - Performance testing cloud deployments
vodQA Pune (2019) - Performance testing cloud deploymentsvodQA Pune (2019) - Performance testing cloud deployments
vodQA Pune (2019) - Performance testing cloud deployments
vodQA
 
vodQA Pune (2019) - Jenkins pipeline As code
vodQA Pune (2019) - Jenkins pipeline As codevodQA Pune (2019) - Jenkins pipeline As code
vodQA Pune (2019) - Jenkins pipeline As code
vodQA
 
vodQA(Pune) 2018 - Consumer driven contract testing using pact
vodQA(Pune) 2018 - Consumer driven contract testing using pactvodQA(Pune) 2018 - Consumer driven contract testing using pact
vodQA(Pune) 2018 - Consumer driven contract testing using pact
vodQA
 
vodQA(Pune) 2018 - Visual testing of web apps in headless environment manis...
vodQA(Pune) 2018 - Visual testing of web apps in headless environment manis...vodQA(Pune) 2018 - Visual testing of web apps in headless environment manis...
vodQA(Pune) 2018 - Visual testing of web apps in headless environment manis...
vodQA
 
vodQA(Pune) 2018 - Enhancing the capabilities of testing team preparing for...
vodQA(Pune) 2018 - Enhancing the capabilities of testing team preparing for...vodQA(Pune) 2018 - Enhancing the capabilities of testing team preparing for...
vodQA(Pune) 2018 - Enhancing the capabilities of testing team preparing for...
vodQA
 
vodQA(Pune) 2018 - QAing the security way
vodQA(Pune) 2018 - QAing the security wayvodQA(Pune) 2018 - QAing the security way
vodQA(Pune) 2018 - QAing the security way
vodQA
 
vodQA(Pune) 2018 - Docker in Testing
vodQA(Pune) 2018 - Docker in TestingvodQA(Pune) 2018 - Docker in Testing
vodQA(Pune) 2018 - Docker in Testing
vodQA
 

More from vodQA (20)

Performance Testing
Performance TestingPerformance Testing
Performance Testing
 
Testing Strategy in Micro Frontend architecture
Testing Strategy in Micro Frontend architectureTesting Strategy in Micro Frontend architecture
Testing Strategy in Micro Frontend architecture
 
Api testing libraries using java script an overview
Api testing libraries using java script an overviewApi testing libraries using java script an overview
Api testing libraries using java script an overview
 
Testing face authentication on mobile
Testing face authentication on mobileTesting face authentication on mobile
Testing face authentication on mobile
 
Testing cna
Testing cnaTesting cna
Testing cna
 
Etl engine testing with scala
Etl engine testing with scalaEtl engine testing with scala
Etl engine testing with scala
 
EDA for QAs
EDA for QAsEDA for QAs
EDA for QAs
 
vodQA Pune (2019) - Browser automation using dev tools
vodQA Pune (2019) - Browser automation using dev toolsvodQA Pune (2019) - Browser automation using dev tools
vodQA Pune (2019) - Browser automation using dev tools
 
vodQA Pune (2019) - Augmented reality overview and testing challenges
vodQA Pune (2019) - Augmented reality overview and testing challengesvodQA Pune (2019) - Augmented reality overview and testing challenges
vodQA Pune (2019) - Augmented reality overview and testing challenges
 
vodQA Pune (2019) - Testing AI,ML applications
vodQA Pune (2019) - Testing AI,ML applicationsvodQA Pune (2019) - Testing AI,ML applications
vodQA Pune (2019) - Testing AI,ML applications
 
vodQA Pune (2019) - Design patterns in test automation
vodQA Pune (2019) - Design patterns in test automationvodQA Pune (2019) - Design patterns in test automation
vodQA Pune (2019) - Design patterns in test automation
 
vodQA Pune (2019) - Testing ethereum smart contracts
vodQA Pune (2019) - Testing ethereum smart contractsvodQA Pune (2019) - Testing ethereum smart contracts
vodQA Pune (2019) - Testing ethereum smart contracts
 
vodQA Pune (2019) - Insights into big data testing
vodQA Pune (2019) - Insights into big data testingvodQA Pune (2019) - Insights into big data testing
vodQA Pune (2019) - Insights into big data testing
 
vodQA Pune (2019) - Performance testing cloud deployments
vodQA Pune (2019) - Performance testing cloud deploymentsvodQA Pune (2019) - Performance testing cloud deployments
vodQA Pune (2019) - Performance testing cloud deployments
 
vodQA Pune (2019) - Jenkins pipeline As code
vodQA Pune (2019) - Jenkins pipeline As codevodQA Pune (2019) - Jenkins pipeline As code
vodQA Pune (2019) - Jenkins pipeline As code
 
vodQA(Pune) 2018 - Consumer driven contract testing using pact
vodQA(Pune) 2018 - Consumer driven contract testing using pactvodQA(Pune) 2018 - Consumer driven contract testing using pact
vodQA(Pune) 2018 - Consumer driven contract testing using pact
 
vodQA(Pune) 2018 - Visual testing of web apps in headless environment manis...
vodQA(Pune) 2018 - Visual testing of web apps in headless environment manis...vodQA(Pune) 2018 - Visual testing of web apps in headless environment manis...
vodQA(Pune) 2018 - Visual testing of web apps in headless environment manis...
 
vodQA(Pune) 2018 - Enhancing the capabilities of testing team preparing for...
vodQA(Pune) 2018 - Enhancing the capabilities of testing team preparing for...vodQA(Pune) 2018 - Enhancing the capabilities of testing team preparing for...
vodQA(Pune) 2018 - Enhancing the capabilities of testing team preparing for...
 
vodQA(Pune) 2018 - QAing the security way
vodQA(Pune) 2018 - QAing the security wayvodQA(Pune) 2018 - QAing the security way
vodQA(Pune) 2018 - QAing the security way
 
vodQA(Pune) 2018 - Docker in Testing
vodQA(Pune) 2018 - Docker in TestingvodQA(Pune) 2018 - Docker in Testing
vodQA(Pune) 2018 - Docker in Testing
 

Recently uploaded

FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdfFIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance
 
Assuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyesAssuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyes
ThousandEyes
 
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
Product School
 
GraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge GraphGraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge Graph
Guy Korland
 
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
James Anderson
 
Knowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and backKnowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and back
Elena Simperl
 
How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...
Product School
 
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Tobias Schneck
 
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
Product School
 
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 previewState of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
Prayukth K V
 
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
Product School
 
Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...
Product School
 
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
Product School
 
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdfFIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance
 
Elevating Tactical DDD Patterns Through Object Calisthenics
Elevating Tactical DDD Patterns Through Object CalisthenicsElevating Tactical DDD Patterns Through Object Calisthenics
Elevating Tactical DDD Patterns Through Object Calisthenics
Dorra BARTAGUIZ
 
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
DanBrown980551
 
UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3
DianaGray10
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
Alan Dix
 
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Jeffrey Haguewood
 
The Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and SalesThe Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and Sales
Laura Byrne
 

Recently uploaded (20)

FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdfFIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
 
Assuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyesAssuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyes
 
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
 
GraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge GraphGraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge Graph
 
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
 
Knowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and backKnowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and back
 
How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...
 
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
 
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
 
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 previewState of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
 
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
 
Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...
 
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
 
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdfFIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
 
Elevating Tactical DDD Patterns Through Object Calisthenics
Elevating Tactical DDD Patterns Through Object CalisthenicsElevating Tactical DDD Patterns Through Object Calisthenics
Elevating Tactical DDD Patterns Through Object Calisthenics
 
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
 
UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
 
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
 
The Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and SalesThe Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and Sales
 

Introduction to Security Vulnerabilities