Download to read offline
Uploaded byRon van der Molen
Practical security
This document discusses practical information security topics for web development. It begins with an introduction of the author and defines information security as protecting data from unauthorized access, use, disclosure, disruption or destruction. It then discusses how rapid web development can introduce security risks if new tools are not fully understood. The document outlines several common attacks like XSS, SQL injection, brute forcing and social engineering. It provides examples of each attack and emphasizes that social engineering is effective because it manipulates human psychology. The document concludes by advising the reader on how to prevent attacks through security awareness training and ethical hacking assessments.
![Cyber security[1118]](https://cdn.slidesharecdn.com/ss_thumbnails/cybersecurity1118-220310180915-thumbnail.jpg?width=640&height=640&fit=bounds)
Practical security
- 1. Practical Security Ron vander Molen Wizkunde Ron van der Molen 2014 - Wizkunde.nl
- 2. About me Ronvan der Molen Father of a son, always learning @RonvdMolen (twitter) RonXS (IRC Freenode) ron@wizkunde.nl Wizkunde My History Ron van der Molen 2014 - Wizkunde.nl
- 3. What is information security? The practice of defending information from unauthorized access, use, disclosure, disruption, modification, perusal, inspection, recording or destruction CIA Confidentiality Integrity Availability Ron van der Molen 2014 - Wizkunde.nl
- 4. Impact of Information Securityon WebDev A rapid process, where innovation is one of the largest contradictions to information security Building better, more stable, feature rich applications by implementing new tools/frameworks everyday, without knowing the full extent of knowledge that the developers have who are writing the code. Ron van der Molen 2014 - Wizkunde.nl
- 5. Impact of Information Securityon WebDev Use the tools to build code Maintainable Updateable Reusable Interchangeable Educationable This can also include secure, if the developers at hand, invest time in good coding practices and good security strategies Ron van der Molen 2014 - Wizkunde.nl
- 6. Most used attacks Cross Site Scripting (XSS) Cross Site Request Forgery (XSRF) SQL Injection Time Based Attacks Sessions Fixation Brute Forcing Ron van der Molen 2014 - Wizkunde.nl
- 7. Cross Site Scripting Abusing the fact that a user trusts a website Trusted content Output is said to be genuine Example Ron van der Molen 2014 - Wizkunde.nl
- 8. Cross-Site Request Forgery Abusingthe fact that a website trusts a browser (Also called “reversed XSS”) Example Ron van der Molen 2014 - Wizkunde.nl
- 9. SQL Injection Abusingbad coding practises to inject SQL Retreive information Get unauthorized access Damage the system Example Ron van der Molen 2014 - Wizkunde.nl
- 10. Time Based Attacks Profiling the system, to get data disclosure without needing explicit access to the software itself Abusing facts or other security flaws get easier like this Example Ron van der Molen 2014 - Wizkunde.nl
- 11. Session Fixation Abusinganother users session to get unauthorized access Cookie Hijacking XSS Scripting Sometimes refered to as persistent XSS Example Ron van der Molen 2014 - Wizkunde.nl
- 12. Bruteforcing Send ahuge amount of requests to the server, and force your way in by trial and error. This can be more effective as you might think In combination with time based attacks! Example Ron van der Molen 2014 - Wizkunde.nl
- 13. More Attacks CodeInjection Denial of Service (I.E. Syn Flooding) Lower layer architectural attacks Stack Overflow attacks Heap Overflow attacks Many many more known and unknown attacks! Ron van der Molen 2014 - Wizkunde.nl
- 14. Social Engineering What isit? Using social skills, to change facts or hack and manipulate your way into a normally secured situation Yes, its also social engineering if you manipulate or LIE to a person by changing facts to alter the outcome of a problem / situation Ron van der Molen 2014 - Wizkunde.nl
- 15. Social Engineering What isit? Where is this an issue? Everywhere!!! Larger organisations Inter organisation collaboration So how does it work? Ron van der Molen 2014 - Wizkunde.nl
- 16. Social Engineering How doesit work? Psychology Small Talk Common Sense Brutality Insecurity / Uncertainty Emotions Ron van der Molen 2014 - Wizkunde.nl
- 17. Social Engineering How doesit work? Reverse Psychology The problem solver The damsel in distress Information by incentives Random rewards to buy information Discount websites to buy information Ron van der Molen 2014 - Wizkunde.nl
- 18. Social Engineering How doesit work? Toolkit of a social engineer Guts His mouth, you need to be able to talk Knowing the targets habits Social Media Screen Reading Sticky notes Ron van der Molen 2014 - Wizkunde.nl
- 19. Social Engineering Who doesthis? Everybody, including you and me Lie Cheat Manipulate Self preservation Ron van der Molen 2014 - Wizkunde.nl
- 20. Social Engineering How isthat even lucrative? Information has value, and with value comes buyers Kevin mitnick – The Art of Deception Slot Machine example Ron van der Molen 2014 - Wizkunde.nl
- 21. Social Engineering How toprevent it? Security through obscurity Create security regulations for your company Train employees on a regular basis Assess your organisation by ethical hackers It will not rule out Social Engineers! Ron van der Molen 2014 - Wizkunde.nl
- 22. Information Security Dontoverdo it! Ron van der Molen 2014 - Wizkunde.nl
- 23. Practical Security Whatwill you start doing tomorrow to improve? Questions? Ron van der Molen 2014 - Wizkunde.nl