Download as PDF, PPTX
Uploaded byMažvydas Skuodas
Owasp and friends
This document discusses application security and the OWASP Top 10 list of vulnerabilities. It covers topics like injection flaws, broken authentication, sensitive data exposure, and denial of service attacks. Application security involves adequately defending against easy-to-find vulnerabilities to achieve Level 1 certification. The OWASP Top 10 lists the most critical web app security risks, including injection, XSS, broken access control, and using components with known vulnerabilities. Denial of service attacks work by consuming limited resources like bandwidth or database connections to prevent legitimate use.
More Related Content
![[OWASP Poland Day] Security in developer's life](https://cdn.slidesharecdn.com/ss_thumbnails/tarasivaschenkosecurityindeveloperslife-171003211503-thumbnail.jpg?width=640&height=640&fit=bounds)
![529 owasp top 10 2013 - rc1[1]](https://cdn.slidesharecdn.com/ss_thumbnails/529owasptop10-2013-rc11-140124144020-phpapp02-thumbnail.jpg?width=640&height=640&fit=bounds)
![529 owasp top 10 2013 - rc1[1]](https://cdn.slidesharecdn.com/ss_thumbnails/529owasptop10-2013-rc11-140124144158-phpapp02-thumbnail.jpg?width=640&height=640&fit=bounds)
Owasp and friends
- 1. OWASP and Friends (DDoSincluded) Mažvydas Skuodas @ Helis LT
- 3.
- 4.
- 5.
- 9.
- 10. Level 1: Opportunistic Anapplication achieves Level 1 (or Opportunistic) certification if it adequately defends against application security vulnerabilities that are easy to discover.
- 13.
- 14. OWASP Top 102013
- 15.
- 16. OWASP Top 102017 - Whats new?
- 19.
- 20.
- 21. Broken Authentication andSession ManagementA2
- 22. Broken Authentication andSession ManagementA2
- 23.
- 24.
- 25.
- 26.
- 27.
- 28.
- 29.
- 30.
- 31.
- 32.
- 33.
- 34.
- 35. Using Components withKnown VulnerabilitiesA9
- 36. Using Components withKnown VulnerabilitiesA9
- 37.
- 38.
- 42. Application Denial ofService • Once an attacker can consume all of some required resource, they can prevent legitimate users from using the system. • Some resources that are limited include bandwidth, database connections, disk storage, CPU, memory, threads, or application specific resources. All of these resources can be consumed by attacks that target them.
- 43. Application Denial ofService • Defending against denial of service attacks is difficult, as there is no way to protect against these attacks perfectly. • As a general rule, you should limit the resources allocated to any user to a bare minimum.
- 44. In Short: • Filterinput • Escape output • Be paranoid!