Downloaded 15 times
Uploaded byShahed Chowdhuri
Web App Security
This document summarizes common web application security issues and solutions. It discusses SQL injection, where malicious SQL code can be inserted into username/password fields, and demonstrates how to inject SQL. It also covers cross-site scripting (XSS), where script code can be submitted and run on a site. Potential data exposure issues are overviewed. The document recommends using framework features and error codes without unnecessary information. It promotes attending trainings from Microsoft leaders to enhance knowledge of cutting edge technologies.
More Related Content
More from Shahed Chowdhuri
Web App Security
- 1. Web Application Security ShahedChowdhuri Sr. Technical Evangelist @ Microsoft @shahedC WakeUpAndCode.com in the Real World
- 2. Agenda Overview SQLInjection Cross-Site Scripting (XSS) Data Exposure Next Steps Q&A
- 3. Overview of WebApplications Database Web Server Internet Users
- 4. SQL Injection Enter yourusername and password… Username Password Submit myusername ' or 1=1)# … but what if you can inject SQL code in the input field?
- 5. SQL Injection Democodebashing.com/sql_demo
- 6. SQL Injection inthe Real World Link 1 Link 2 Link 3 Link 4
- 7. Solutions for SQLInjection Use framework-specific features
- 8. Cross-Site Scripting (XSS) Entersome text and submit it… Enter text: Text Submitted: Submit Hello World! Hello World! … but what if you could submit script code?
- 9.
- 10. Cross-Site Scripting inthe Real World Link 1 Link 2 Link 3
- 11. Solutions for XSS Useframework-specific features
- 12. Data Exposure Perform anaction that causes an error… Enter item: Text Submitted: Submit Error: servername.dbname in code file, line 21 New Item?!! … unnecessary information is displayed!
- 13. Solutions for DataExposure Provide an error code for troubleshooting
- 14. Next Steps: OWASPTop 10 OWASP Top 10
- 15. HP WebInpsect &Fortify Tools http://hp.com/go/fortify
- 16. Gartner Magic Quadrantfor AST http://www.gartner.com/doc/reprints?id=1-2KU6OUB&ct=150806&st=sb
- 18. Does this describeyou? Passionate about technology! Tech-savvy! Thrilled to learn new skills! Actively involved with student orgs! You could be the Microsoft rock star on campus! To apply for the Microsoft Student Partners program: Go to: http://aka.ms/mspapply2016 As an MSP, you will: build apps and demos demonstrate the newest technologies and host tech events on your campus acquire the tools and training to lead technology discussions on your campus build your global network with industry experts connect with like-minded students and faculty around the world attend trainings from Microsoft leaders to enhance your knowledge about cutting edge technologies be the one on your campus with insight and answers on Microsoft technologies Contact: SHAHED CHOWDHURI, Sr. Technical Evangelist @ Microsoft shchowd@microsoft.com • http://WakeUpAndCode.com/msp
- 19. Email: shchowd@microsoft.com Twitter: @shahedC