SlideShare a Scribd company logo

NET Security Best Practices

Download as PPTX, PDF
Radu Vunvulea
Radu Vunvulea

The document outlines an agenda for a security event, including a session on .NET security from 17:45-19:00 led by Radu Vunvulea, followed by a break and then a session on actor based concurrency in Elixir from 19:30-20:30 led by Adrian Magdas. It then discusses various .NET security topics like the ELMAH error logging module, sensitive information disclosure, known vulnerabilities, and approaches for addressing security vulnerabilities.

Technology
1 of 37
@ITCAMPRO .NET Security Solution Architect , Microsoft Azure MVP iQuest Technologies @Radu Vunvulea
@ITCAMPRO Agenda 17:45 - 18:00 - Registration (coffee and beverages) 18:00 - 19:00 - .NET Security (Radu Vunvulea) 19:00 - 19:30 - Break (coffee and beverages) 19:30 - 20:30 - Actor based concurrency with Elixir (Adrian Magdas) 20:30 - 21:00 - Networking (coffee and beverages) Sponsors
@ITCAMPRO
@ITCAMPRO WHAT IS THE FIRST THINK THAT COMES TO YOUR MIND WHEN YOU SAY SECURITY?
@ITCAMPRO Security Connectivity Transport Communication Payload Data Hardware Security
@ITCAMPRO Look at .NET security from another perspective - Framework and Packages- Scope
@ITCAMPRO
@ITCAMPRO • Error Logging Modules and Handlers • Can be added to an application dynamically • Logs unhandled exceptions • Web page to see: –All exceptions –Details for each exception –Review the yellow/blue screen of death even if you set customsErrors == false ELMAH
@ITCAMPRO • Username • Cookies – Including authentication cookies • Tokens and access keys Sensitive information
@ITCAMPRO • All: https://www.google.ro/search?q=inurl:elmah.axd+AS PXAUTH • SQL Exception: https://www.google.ro/search?q=inurl:elmah.axd+Sq lException • SQL SELECT: • https://www.google.ro/search?q=inurl:elmah.axd+sel ect+where+from Bing on Google
@ITCAMPRO
@ITCAMPRO • After Day 0, ELMAH announced that security guidelines were updated to: – Update web app configuration – Custom handler for this location Post Day 0
@ITCAMPRO The fix
@ITCAMPRO
@ITCAMPRO • More than 190.000 sites were still vulnerable • Internal stack • SQL Queries • Access Tokens • Server variable After the update (January 2013)
@ITCAMPRO
@ITCAMPRO Combine with… Invalid URL
@ITCAMPRO
@ITCAMPRO Layers Communication Layer Transport Layer Session Layer Application Layer Data Layer
@ITCAMPRO • Updates • Security and Updates Procedures that ensures that the vulnerabilities hotfixes are pushed to the production environments with a near-time What was missing on these sites
@ITCAMPRO • Buffer overflow (Collections) • External libraries • Calling unmanaged code • Old cryptographic mechanism • Default, unsafe or shared keys for cryptography • Ignoring security guidelines Other vulnerabilities
@ITCAMPRO • Security bulletin: https://technet.microsoft.com/en- us/library/security/ms14-059 • .NET Vulnerabilities https://www.cvedetails.com/vulnerability- list/vendor_id-26/product_id-2002/Microsoft-.net- Framework.html Known Vulnerabilities List
@ITCAMPRO • Hands-on examples https://www.owasp.org/index.php/.NET_Security_Chea t_Sheet • Security best-practices https://msdn.microsoft.com/en- us/library/fkytk30f(v=vs.110).aspx Checklist
@ITCAMPRO • Type-safe language • Runs on top of .NET platform • You can create a coding vulnerability only if –> .NET platforms has a bug –> External library has a bug –> Execute code outside .NET platform C# - Specific coding security
@ITCAMPRO Scan Prioritize Assess Report Fix Verify Security Vulnerability Procedure Create a list with what software and packages you are using Telerik Example
@ITCAMPRO Application OS .NET Framework NuGet Packages Dependenci es External Refs Things that we shall update
@ITCAMPRO • Active Injection • Passive Injection XSS Session Hijacking • XSS • Confused Deputy Cross Site Request Forgery Over-Posting Over- Redirection Exploiting AP.NET MVC
@ITCAMPRO Cross Site Scripting (XSS) - Active Injection
@ITCAMPRO Cross Site Scripting (XSS) - Passive Injection Runs on the screen of another user
@ITCAMPRO Session Hijacking
@ITCAMPRO http://softpedia.com/account/?newpassword=MyPasswordIsSecret • Posting on a public site (forum): “Did you hear that someone is offering free Uber rides using a special code” • After a while another post comes: “Just found the special code, link” Cross Site Request Forgery
@ITCAMPRO • Somebody can append in the form post “PricePerItem = 1” Over-posting
@ITCAMPRO • Security is important • You will never be bulletproof • Try to assess and prioritize 1st • Use OAWSP resources Conclusion
@ITCAMPRO Question Answers
@ITCAMPRO { “name” : “Radu Vunvulea, “blog” : “vunvulearadu.blogspot.com”, “email” : ”vunvulear@outlook.com”, “socialMedia” : { “twitter” : “@RaduVunvulea”, “fb” : “radu.vunvulea” } }
@ITCAMPRO
@ITCAMPRO { “name” : “Radu Vunvulea, “blog” : “vunvulearadu.blogspot.com”, “email” : ”vunvulear@outlook.com”, “socialMedia” : { “twitter” : “@RaduVunvulea”, “fb” : “radu.vunvulea” } }

Recommended

Azure Microservices in Practice - Radu Vunvulea ITCamp Community Timisoara 07...
Azure Microservices in Practice - Radu Vunvulea ITCamp Community Timisoara 07...Azure Microservices in Practice - Radu Vunvulea ITCamp Community Timisoara 07...
Azure Microservices in Practice - Radu Vunvulea ITCamp Community Timisoara 07...Radu Vunvulea
 
Getting Started With Microsoft Azure
Getting Started With Microsoft AzureGetting Started With Microsoft Azure
Getting Started With Microsoft AzureChristos Matskas
 
NashTech - Azure Application Insights
NashTech - Azure Application InsightsNashTech - Azure Application Insights
NashTech - Azure Application InsightsPhi Huynh
 
Serverless security - how to protect what you don't see?
Serverless security - how to protect what you don't see?Serverless security - how to protect what you don't see?
Serverless security - how to protect what you don't see?Sqreen
 
Application Security in a Container World - Akash Mahajan - BCC 2017
Application Security in a Container World - Akash Mahajan - BCC 2017Application Security in a Container World - Akash Mahajan - BCC 2017
Application Security in a Container World - Akash Mahajan - BCC 2017CodeOps Technologies LLP
 
Automating Network Firewall Rule Creation using Powershell and CI/CD
Automating Network Firewall Rule Creation using Powershell and CI/CDAutomating Network Firewall Rule Creation using Powershell and CI/CD
Automating Network Firewall Rule Creation using Powershell and CI/CDNills Franssens
 
Windows iot barone
Windows iot baroneWindows iot barone
Windows iot baroneDotNetCampus
 
Securing Serverless - By Breaking In
Securing Serverless - By Breaking InSecuring Serverless - By Breaking In
Securing Serverless - By Breaking InGuy Podjarny
 

Recommended

Azure Microservices in Practice - Radu Vunvulea ITCamp Community Timisoara 07...
Azure Microservices in Practice - Radu Vunvulea ITCamp Community Timisoara 07...Azure Microservices in Practice - Radu Vunvulea ITCamp Community Timisoara 07...
Azure Microservices in Practice - Radu Vunvulea ITCamp Community Timisoara 07...Radu Vunvulea
 
Getting Started With Microsoft Azure
Getting Started With Microsoft AzureGetting Started With Microsoft Azure
Getting Started With Microsoft AzureChristos Matskas
 
NashTech - Azure Application Insights
NashTech - Azure Application InsightsNashTech - Azure Application Insights
NashTech - Azure Application InsightsPhi Huynh
 
Serverless security - how to protect what you don't see?
Serverless security - how to protect what you don't see?Serverless security - how to protect what you don't see?
Serverless security - how to protect what you don't see?Sqreen
 
Application Security in a Container World - Akash Mahajan - BCC 2017
Application Security in a Container World - Akash Mahajan - BCC 2017Application Security in a Container World - Akash Mahajan - BCC 2017
Application Security in a Container World - Akash Mahajan - BCC 2017CodeOps Technologies LLP
 
Automating Network Firewall Rule Creation using Powershell and CI/CD
Automating Network Firewall Rule Creation using Powershell and CI/CDAutomating Network Firewall Rule Creation using Powershell and CI/CD
Automating Network Firewall Rule Creation using Powershell and CI/CDNills Franssens
 
Windows iot barone
Windows iot baroneWindows iot barone
Windows iot baroneDotNetCampus
 
Securing Serverless - By Breaking In
Securing Serverless - By Breaking InSecuring Serverless - By Breaking In
Securing Serverless - By Breaking InGuy Podjarny
 
Developing reliable applications with .net core and AKS
Developing reliable applications with .net core and AKSDeveloping reliable applications with .net core and AKS
Developing reliable applications with .net core and AKSAlessandro Melchiori
 
Implementing iam for (k8s) pods in aws
Implementing iam for (k8s) pods in awsImplementing iam for (k8s) pods in aws
Implementing iam for (k8s) pods in awsMikhail Advani
 
Basics of Microservice Architecture
Basics of Microservice ArchitectureBasics of Microservice Architecture
Basics of Microservice ArchitectureSouvikGhosh139
 
Tune your App Perf (and get fit for summer)
Tune your App Perf (and get fit for summer)Tune your App Perf (and get fit for summer)
Tune your App Perf (and get fit for summer)Sqreen
 
Implementing Fast IT Deploying Applications at the Pace of Innovation
Implementing Fast IT Deploying Applications at the Pace of Innovation Implementing Fast IT Deploying Applications at the Pace of Innovation
Implementing Fast IT Deploying Applications at the Pace of Innovation Cisco DevNet
 
Serverless Security: What's Left To Protect
Serverless Security: What's Left To ProtectServerless Security: What's Left To Protect
Serverless Security: What's Left To ProtectGuy Podjarny
 
Azure Functions 101
Azure Functions 101Azure Functions 101
Azure Functions 101Martin Abbott
 
Deep dive into Conversational Ai development
Deep dive into Conversational Ai developmentDeep dive into Conversational Ai development
Deep dive into Conversational Ai developmentMarco Parenzan
 
Building and Monitoring Services at Lithium
Building and Monitoring Services at LithiumBuilding and Monitoring Services at Lithium
Building and Monitoring Services at LithiumPaul Cichonski
 
CloudBrew 2017 - Security + DevOps + Azure = Awesomeness
CloudBrew 2017 - Security + DevOps + Azure = AwesomenessCloudBrew 2017 - Security + DevOps + Azure = Awesomeness
CloudBrew 2017 - Security + DevOps + Azure = AwesomenessKarl Ots
 
Quick introduction to nodeJs
Quick introduction to nodeJsQuick introduction to nodeJs
Quick introduction to nodeJsAram Rafeq
 
Hexagonal architecture with Spring Boot
Hexagonal architecture with Spring BootHexagonal architecture with Spring Boot
Hexagonal architecture with Spring BootMikalai Alimenkou
 
Elasticsearch on Azure
Elasticsearch on AzureElasticsearch on Azure
Elasticsearch on AzureElasticsearch
 
Open faas and linkerd
Open faas and linkerdOpen faas and linkerd
Open faas and linkerdKeiran Smith
 
Reporting
ReportingReporting
ReportingAravindan A
 
Using cloud providers in new light for the brave new API-first world of devel...
Using cloud providers in new light for the brave new API-first world of devel...Using cloud providers in new light for the brave new API-first world of devel...
Using cloud providers in new light for the brave new API-first world of devel...Shamasis Bhattacharya
 
GeekOut 2017 - Microservices in action at the Dutch National Police
GeekOut 2017 - Microservices in action at the Dutch National PoliceGeekOut 2017 - Microservices in action at the Dutch National Police
GeekOut 2017 - Microservices in action at the Dutch National PoliceBert Jan Schrijver
 
IoT with SignalR & .NET Gadgeteer - NetMF@Work
IoT with SignalR & .NET Gadgeteer - NetMF@WorkIoT with SignalR & .NET Gadgeteer - NetMF@Work
IoT with SignalR & .NET Gadgeteer - NetMF@WorkMirco Vanini
 
Empower every Azure Function to achieve more!!
Empower every Azure Function to achieve more!!Empower every Azure Function to achieve more!!
Empower every Azure Function to achieve more!!Massimo Bonanni
 
Full Stack Application Monitoring for AWS Powered by AI
Full Stack Application Monitoring for AWS Powered by AIFull Stack Application Monitoring for AWS Powered by AI
Full Stack Application Monitoring for AWS Powered by AIDynatrace
 
Scada Strangelove - 29c3
Scada Strangelove - 29c3Scada Strangelove - 29c3
Scada Strangelove - 29c3qqlan
 
Modern cybersecurity threats, and shiny new tools to help deal with them
Modern cybersecurity threats, and shiny new tools to help deal with themModern cybersecurity threats, and shiny new tools to help deal with them
Modern cybersecurity threats, and shiny new tools to help deal with themTudor Damian
 

More Related Content

What's hot

Developing reliable applications with .net core and AKS
Developing reliable applications with .net core and AKSDeveloping reliable applications with .net core and AKS
Developing reliable applications with .net core and AKSAlessandro Melchiori
 
Implementing iam for (k8s) pods in aws
Implementing iam for (k8s) pods in awsImplementing iam for (k8s) pods in aws
Implementing iam for (k8s) pods in awsMikhail Advani
 
Basics of Microservice Architecture
Basics of Microservice ArchitectureBasics of Microservice Architecture
Basics of Microservice ArchitectureSouvikGhosh139
 
Tune your App Perf (and get fit for summer)
Tune your App Perf (and get fit for summer)Tune your App Perf (and get fit for summer)
Tune your App Perf (and get fit for summer)Sqreen
 
Implementing Fast IT Deploying Applications at the Pace of Innovation
Implementing Fast IT Deploying Applications at the Pace of Innovation Implementing Fast IT Deploying Applications at the Pace of Innovation
Implementing Fast IT Deploying Applications at the Pace of Innovation Cisco DevNet
 
Serverless Security: What's Left To Protect
Serverless Security: What's Left To ProtectServerless Security: What's Left To Protect
Serverless Security: What's Left To ProtectGuy Podjarny
 
Deep dive into Conversational Ai development
Deep dive into Conversational Ai developmentDeep dive into Conversational Ai development
Deep dive into Conversational Ai developmentMarco Parenzan
 
Building and Monitoring Services at Lithium
Building and Monitoring Services at LithiumBuilding and Monitoring Services at Lithium
Building and Monitoring Services at LithiumPaul Cichonski
 
CloudBrew 2017 - Security + DevOps + Azure = Awesomeness
CloudBrew 2017 - Security + DevOps + Azure = AwesomenessCloudBrew 2017 - Security + DevOps + Azure = Awesomeness
CloudBrew 2017 - Security + DevOps + Azure = AwesomenessKarl Ots
 
Quick introduction to nodeJs
Quick introduction to nodeJsQuick introduction to nodeJs
Quick introduction to nodeJsAram Rafeq
 
Hexagonal architecture with Spring Boot
Hexagonal architecture with Spring BootHexagonal architecture with Spring Boot
Hexagonal architecture with Spring BootMikalai Alimenkou
 
Elasticsearch on Azure
Elasticsearch on AzureElasticsearch on Azure
Elasticsearch on AzureElasticsearch
 
Open faas and linkerd
Open faas and linkerdOpen faas and linkerd
Open faas and linkerdKeiran Smith
 
Using cloud providers in new light for the brave new API-first world of devel...
Using cloud providers in new light for the brave new API-first world of devel...Using cloud providers in new light for the brave new API-first world of devel...
Using cloud providers in new light for the brave new API-first world of devel...Shamasis Bhattacharya
 
GeekOut 2017 - Microservices in action at the Dutch National Police
GeekOut 2017 - Microservices in action at the Dutch National PoliceGeekOut 2017 - Microservices in action at the Dutch National Police
GeekOut 2017 - Microservices in action at the Dutch National PoliceBert Jan Schrijver
 
IoT with SignalR & .NET Gadgeteer - NetMF@Work
IoT with SignalR & .NET Gadgeteer - NetMF@WorkIoT with SignalR & .NET Gadgeteer - NetMF@Work
IoT with SignalR & .NET Gadgeteer - NetMF@WorkMirco Vanini
 
Empower every Azure Function to achieve more!!
Empower every Azure Function to achieve more!!Empower every Azure Function to achieve more!!
Empower every Azure Function to achieve more!!Massimo Bonanni
 
Full Stack Application Monitoring for AWS Powered by AI
Full Stack Application Monitoring for AWS Powered by AIFull Stack Application Monitoring for AWS Powered by AI
Full Stack Application Monitoring for AWS Powered by AIDynatrace
 

What's hot (20)

Developing reliable applications with .net core and AKS
Developing reliable applications with .net core and AKSDeveloping reliable applications with .net core and AKS
Developing reliable applications with .net core and AKS
 
Implementing iam for (k8s) pods in aws
Implementing iam for (k8s) pods in awsImplementing iam for (k8s) pods in aws
Implementing iam for (k8s) pods in aws
 
Basics of Microservice Architecture
Basics of Microservice ArchitectureBasics of Microservice Architecture
Basics of Microservice Architecture
 
Tune your App Perf (and get fit for summer)
Tune your App Perf (and get fit for summer)Tune your App Perf (and get fit for summer)
Tune your App Perf (and get fit for summer)
 
Implementing Fast IT Deploying Applications at the Pace of Innovation
Implementing Fast IT Deploying Applications at the Pace of Innovation Implementing Fast IT Deploying Applications at the Pace of Innovation
Implementing Fast IT Deploying Applications at the Pace of Innovation
 
Serverless Security: What's Left To Protect
Serverless Security: What's Left To ProtectServerless Security: What's Left To Protect
Serverless Security: What's Left To Protect
 
Azure Functions 101
Azure Functions 101Azure Functions 101
Azure Functions 101
 
Deep dive into Conversational Ai development
Deep dive into Conversational Ai developmentDeep dive into Conversational Ai development
Deep dive into Conversational Ai development
 
Building and Monitoring Services at Lithium
Building and Monitoring Services at LithiumBuilding and Monitoring Services at Lithium
Building and Monitoring Services at Lithium
 
CloudBrew 2017 - Security + DevOps + Azure = Awesomeness
CloudBrew 2017 - Security + DevOps + Azure = AwesomenessCloudBrew 2017 - Security + DevOps + Azure = Awesomeness
CloudBrew 2017 - Security + DevOps + Azure = Awesomeness
 
Quick introduction to nodeJs
Quick introduction to nodeJsQuick introduction to nodeJs
Quick introduction to nodeJs
 
Hexagonal architecture with Spring Boot
Hexagonal architecture with Spring BootHexagonal architecture with Spring Boot
Hexagonal architecture with Spring Boot
 
Elasticsearch on Azure
Elasticsearch on AzureElasticsearch on Azure
Elasticsearch on Azure
 
Open faas and linkerd
Open faas and linkerdOpen faas and linkerd
Open faas and linkerd
 
Reporting
ReportingReporting
Reporting
 
Using cloud providers in new light for the brave new API-first world of devel...
Using cloud providers in new light for the brave new API-first world of devel...Using cloud providers in new light for the brave new API-first world of devel...
Using cloud providers in new light for the brave new API-first world of devel...
 
GeekOut 2017 - Microservices in action at the Dutch National Police
GeekOut 2017 - Microservices in action at the Dutch National PoliceGeekOut 2017 - Microservices in action at the Dutch National Police
GeekOut 2017 - Microservices in action at the Dutch National Police
 
IoT with SignalR & .NET Gadgeteer - NetMF@Work
IoT with SignalR & .NET Gadgeteer - NetMF@WorkIoT with SignalR & .NET Gadgeteer - NetMF@Work
IoT with SignalR & .NET Gadgeteer - NetMF@Work
 
Empower every Azure Function to achieve more!!
Empower every Azure Function to achieve more!!Empower every Azure Function to achieve more!!
Empower every Azure Function to achieve more!!
 
Full Stack Application Monitoring for AWS Powered by AI
Full Stack Application Monitoring for AWS Powered by AIFull Stack Application Monitoring for AWS Powered by AI
Full Stack Application Monitoring for AWS Powered by AI
 

Similar to NET Security Best Practices

Scada Strangelove - 29c3
Scada Strangelove - 29c3Scada Strangelove - 29c3
Scada Strangelove - 29c3qqlan
 
Modern cybersecurity threats, and shiny new tools to help deal with them
Modern cybersecurity threats, and shiny new tools to help deal with themModern cybersecurity threats, and shiny new tools to help deal with them
Modern cybersecurity threats, and shiny new tools to help deal with themTudor Damian
 
Modern cybersecurity threats, and shiny new tools to help deal with them - T...
Modern cybersecurity threats, and shiny new tools to help deal with them - T... Modern cybersecurity threats, and shiny new tools to help deal with them - T...
Modern cybersecurity threats, and shiny new tools to help deal with them - T...ITCamp
 
PT-DTS SCADA Security using MaxPatrol
PT-DTS SCADA Security using MaxPatrolPT-DTS SCADA Security using MaxPatrol
PT-DTS SCADA Security using MaxPatrolShah Sheikh
 
CIS 2015 How to secure the Internet of Things? Hannes Tschofenig
CIS 2015 How to secure the Internet of Things? Hannes TschofenigCIS 2015 How to secure the Internet of Things? Hannes Tschofenig
CIS 2015 How to secure the Internet of Things? Hannes TschofenigCloudIDSummit
 
Provisioning Windows instances at scale on Azure, AWS and OpenStack - Adrian ...
Provisioning Windows instances at scale on Azure, AWS and OpenStack - Adrian ...Provisioning Windows instances at scale on Azure, AWS and OpenStack - Adrian ...
Provisioning Windows instances at scale on Azure, AWS and OpenStack - Adrian ...ITCamp
 
ITCamp 2018 - Tobiasz Koprowski - Secure your data at rest - on demand, now!
ITCamp 2018 - Tobiasz Koprowski - Secure your data at rest - on demand, now!ITCamp 2018 - Tobiasz Koprowski - Secure your data at rest - on demand, now!
ITCamp 2018 - Tobiasz Koprowski - Secure your data at rest - on demand, now!ITCamp
 
ITCamp 2018 - Damian Widera - SQL Server 2016. Meet the Row Level Security. P...
ITCamp 2018 - Damian Widera - SQL Server 2016. Meet the Row Level Security. P...ITCamp 2018 - Damian Widera - SQL Server 2016. Meet the Row Level Security. P...
ITCamp 2018 - Damian Widera - SQL Server 2016. Meet the Row Level Security. P...ITCamp
 
Attacking SCADA systems: Story Of SCADASTRANGELOVE
Attacking SCADA systems: Story Of SCADASTRANGELOVEAttacking SCADA systems: Story Of SCADASTRANGELOVE
Attacking SCADA systems: Story Of SCADASTRANGELOVEAleksandr Timorin
 
Null mumbai-reversing-IoT-firmware
Null mumbai-reversing-IoT-firmwareNull mumbai-reversing-IoT-firmware
Null mumbai-reversing-IoT-firmwareNitesh Malviya
 
CONFidence 2014: Alexander Timorin: SCADA deep inside: protocols and security...
CONFidence 2014: Alexander Timorin: SCADA deep inside: protocols and security...CONFidence 2014: Alexander Timorin: SCADA deep inside: protocols and security...
CONFidence 2014: Alexander Timorin: SCADA deep inside: protocols and security...PROIDEA
 
SCADA deep inside: protocols and security mechanisms
SCADA deep inside: protocols and security mechanismsSCADA deep inside: protocols and security mechanisms
SCADA deep inside: protocols and security mechanismsAleksandr Timorin
 
BruCON 2015 - Pentesting ICS 101
BruCON 2015 - Pentesting ICS 101BruCON 2015 - Pentesting ICS 101
BruCON 2015 - Pentesting ICS 101Wavestone
 
Mark Horowitz - Stanford Engineering - Securing the Internet of Things
Mark Horowitz - Stanford Engineering - Securing the Internet of ThingsMark Horowitz - Stanford Engineering - Securing the Internet of Things
Mark Horowitz - Stanford Engineering - Securing the Internet of ThingsStanford School of Engineering
 
EAS-SEC Project
EAS-SEC ProjectEAS-SEC Project
EAS-SEC ProjectERPScan
 
Meetup DotNetCode Owasp
Meetup DotNetCode Owasp Meetup DotNetCode Owasp
Meetup DotNetCode Owasp dotnetcode
 
Can We Prevent Use-after-free Attacks?
Can We Prevent Use-after-free Attacks?Can We Prevent Use-after-free Attacks?
Can We Prevent Use-after-free Attacks?inaz2
 
Automatski - The Internet of Things - Security in IoT
Automatski - The Internet of Things - Security in IoTAutomatski - The Internet of Things - Security in IoT
Automatski - The Internet of Things - Security in IoTautomatskicorporation
 

Similar to NET Security Best Practices (20)

Scada Strangelove - 29c3
Scada Strangelove - 29c3Scada Strangelove - 29c3
Scada Strangelove - 29c3
 
Modern cybersecurity threats, and shiny new tools to help deal with them
Modern cybersecurity threats, and shiny new tools to help deal with themModern cybersecurity threats, and shiny new tools to help deal with them
Modern cybersecurity threats, and shiny new tools to help deal with them
 
Modern cybersecurity threats, and shiny new tools to help deal with them - T...
Modern cybersecurity threats, and shiny new tools to help deal with them - T... Modern cybersecurity threats, and shiny new tools to help deal with them - T...
Modern cybersecurity threats, and shiny new tools to help deal with them - T...
 
ICS Threat Scenarios
ICS Threat ScenariosICS Threat Scenarios
ICS Threat Scenarios
 
PT-DTS SCADA Security using MaxPatrol
PT-DTS SCADA Security using MaxPatrolPT-DTS SCADA Security using MaxPatrol
PT-DTS SCADA Security using MaxPatrol
 
CIS 2015 How to secure the Internet of Things? Hannes Tschofenig
CIS 2015 How to secure the Internet of Things? Hannes TschofenigCIS 2015 How to secure the Internet of Things? Hannes Tschofenig
CIS 2015 How to secure the Internet of Things? Hannes Tschofenig
 
Provisioning Windows instances at scale on Azure, AWS and OpenStack - Adrian ...
Provisioning Windows instances at scale on Azure, AWS and OpenStack - Adrian ...Provisioning Windows instances at scale on Azure, AWS and OpenStack - Adrian ...
Provisioning Windows instances at scale on Azure, AWS and OpenStack - Adrian ...
 
ITCamp 2018 - Tobiasz Koprowski - Secure your data at rest - on demand, now!
ITCamp 2018 - Tobiasz Koprowski - Secure your data at rest - on demand, now!ITCamp 2018 - Tobiasz Koprowski - Secure your data at rest - on demand, now!
ITCamp 2018 - Tobiasz Koprowski - Secure your data at rest - on demand, now!
 
ITCamp 2018 - Damian Widera - SQL Server 2016. Meet the Row Level Security. P...
ITCamp 2018 - Damian Widera - SQL Server 2016. Meet the Row Level Security. P...ITCamp 2018 - Damian Widera - SQL Server 2016. Meet the Row Level Security. P...
ITCamp 2018 - Damian Widera - SQL Server 2016. Meet the Row Level Security. P...
 
Attacking SCADA systems: Story Of SCADASTRANGELOVE
Attacking SCADA systems: Story Of SCADASTRANGELOVEAttacking SCADA systems: Story Of SCADASTRANGELOVE
Attacking SCADA systems: Story Of SCADASTRANGELOVE
 
Null mumbai-reversing-IoT-firmware
Null mumbai-reversing-IoT-firmwareNull mumbai-reversing-IoT-firmware
Null mumbai-reversing-IoT-firmware
 
CONFidence 2014: Alexander Timorin: SCADA deep inside: protocols and security...
CONFidence 2014: Alexander Timorin: SCADA deep inside: protocols and security...CONFidence 2014: Alexander Timorin: SCADA deep inside: protocols and security...
CONFidence 2014: Alexander Timorin: SCADA deep inside: protocols and security...
 
SCADA deep inside: protocols and security mechanisms
SCADA deep inside: protocols and security mechanismsSCADA deep inside: protocols and security mechanisms
SCADA deep inside: protocols and security mechanisms
 
BruCON 2015 - Pentesting ICS 101
BruCON 2015 - Pentesting ICS 101BruCON 2015 - Pentesting ICS 101
BruCON 2015 - Pentesting ICS 101
 
Mark Horowitz - Stanford Engineering - Securing the Internet of Things
Mark Horowitz - Stanford Engineering - Securing the Internet of ThingsMark Horowitz - Stanford Engineering - Securing the Internet of Things
Mark Horowitz - Stanford Engineering - Securing the Internet of Things
 
EAS-SEC Project
EAS-SEC ProjectEAS-SEC Project
EAS-SEC Project
 
Meetup DotNetCode Owasp
Meetup DotNetCode Owasp Meetup DotNetCode Owasp
Meetup DotNetCode Owasp
 
Can We Prevent Use-after-free Attacks?
Can We Prevent Use-after-free Attacks?Can We Prevent Use-after-free Attacks?
Can We Prevent Use-after-free Attacks?
 
Automatski - The Internet of Things - Security in IoT
Automatski - The Internet of Things - Security in IoTAutomatski - The Internet of Things - Security in IoT
Automatski - The Internet of Things - Security in IoT
 
IOT Exploitation
IOT Exploitation IOT Exploitation
IOT Exploitation
 

Recently uploaded

Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxLBM Solutions
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 

Recently uploaded (20)

Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 

NET Security Best Practices

Editor's Notes

  1. http://bonusroundapi.azurewebsites.net/elmah.axd