Akash Mahajan, profile picture
Uploaded byAkash Mahajan
PPTX, PDF566 views

Web application security

95% of attacks target web servers and applications through SQL injection and other injection attacks, which were used to install malware over 60% of the time. Solutions include secure coding training, code reviews, log monitoring, and awareness of new attacks.

Technologyâ—¦

Embed presentation

Downloaded 23 times
Web Application SecurityFirewalls will not be able to protect youAkashMahajan – Chapter Lead for null Bangalore
What should keep you up at night95% of attacks are against “Web Servers and Web Applications” aka WebsitesThe top 3 verticals compromised were Financial Services, Hospitality and Retail. More than 60% of attacks were caused by external agents.Primary attack vector was SQL Injection and was used to install customized malware.Injection Attacks are #1 critical flaw in applicationsSources Verizon DBIR 2010, Whitehat Sec Statistics, OWASP Top 10 2010
Web App AttacksSQL Injection AttacksNumber plate to foil an automatic license plate scanner!An attack which allows SQL to be executed as part of the input.
Web App AttacksBobby Tables!
Web App AttacksXSS was used to get root on a apache.org server in April 2010A popular shopping website used to sell only books and now sell other stuff as well.That inner window is an iframe injected in a simple search request. Picture courtesy null Keeda Vulnerability Database
Other Critical Flaws/AttacksCross Site Request ForgeryAttacks the user of the applicationClickjackingFacebook Like attackSecurityMis-configurationsDefault passwords in DSL routersInsecure Cryptographic StorageApache AttackTiny URLsEmployees trust and click on anything!
Solutions/MitigationsTraining inSecure Coding for DevelopersCode Reviews by competent security folksRegular mining of web server logsApplication Security PracticeAwareness about new attacksSetup a red team in the company
About nullNull – Indian Open Security Community null.co.inRegistered non-profit society5 active chapters in IndiaWe conduct monthly meetings, regular awareness camps and trainings.More than 1000+ security professionals and enthusiasts in the group.Null Keeda Vulnerability Database http://keeda.nullcon.net
AkashMahajanChapter Lead of null BangaloreWeb Security ConsultantI hack, test, secure web apps and serversHelp companies become secure on AWS cloudWebsite: akashm.comEmail: akashmahajan@gmail.com / aka@null.co.inTwitter: @makashLinkedin: www.linkedin.com/in/akashm

More Related Content

PDF
Web application security
byAkash Mahajan
 
PDF
Top 10 web application security risks akash mahajan
byAkash Mahajan
 
PPTX
Layered API Security: What Hackers Don't Want You To Know
byAaronLieberman5
 
PPTX
Web security
byKaushal Bhavsar
 
PPTX
How secure is your website?
byIan Grey
 
PPTX
Data-driven API Security
byApigee | Google Cloud
 
PDF
OWASP API Security TOP 10 - 2019
byMiguel Angel Falcón Muñoz
 
PPTX
The Quiet Rise of Account Takeover
byIMMUNIO
 
Web application security
byAkash Mahajan
 
Top 10 web application security risks akash mahajan
byAkash Mahajan
 
Layered API Security: What Hackers Don't Want You To Know
byAaronLieberman5
 
Web security
byKaushal Bhavsar
 
How secure is your website?
byIan Grey
 
Data-driven API Security
byApigee | Google Cloud
 
OWASP API Security TOP 10 - 2019
byMiguel Angel Falcón Muñoz
 
The Quiet Rise of Account Takeover
byIMMUNIO
 

What's hot

PDF
Applying API Security at Scale
byNordic APIs
 
PPTX
Data-driven Security: Protect APIs from Adaptive Threats
byApigee | Google Cloud
 
PPTX
Managing Identities in the World of APIs
byApigee | Google Cloud
 
PPTX
Security as an Enabler for the Digital World - CISO Perspective
byApigee | Google Cloud
 
PPTX
Open APIs: Security for Mobile and the Cloud
byCA API Management
 
PPTX
OWASP -Top 5 Jagjit
byJagjit Singh Brar
 
PPTX
Windows Advance Threats - BSides Amman 2019
byAmmar Hasayen
 
PDF
The Dev, Sec and Ops of API Security - NordicAPIs
by42Crunch
 
PPTX
Hacking Samsung's Tizen: The OS of Everything - Hack In the Box 2015
byAjin Abraham
 
PDF
OWASP API Security Top 10 - API World
by42Crunch
 
PDF
Mobile_app_security
byHassan El Hadary
 
PDF
Verizon DMS' Bot Mitigation from Paul Hobbs
byPaul Hobbs
 
PDF
Become a Security Ninja
byPaul Gilzow
 
PPTX
CSS 17: NYC - Stories from the SOC
byAlert Logic
 
PDF
WEBINAR: Positive Security for APIs: What it is and why you need it!
by42Crunch
 
PPTX
Mobile security, OWASP Mobile Top 10, OWASP Seraphimdroid
byNikola Milosevic
 
PPTX
Secure Modern Workplace With Microsoft 365 Threat Protection
byAmmar Hasayen
 
PDF
OWASP Top 10 - 2017
byHackerOne
 
PDF
CIS13: APIs, Identity, and Securing the Enterprise
byCloudIDSummit
 
PPTX
API Abuse - The Anatomy of An Attack
byNordic APIs
 
Applying API Security at Scale
byNordic APIs
 
Data-driven Security: Protect APIs from Adaptive Threats
byApigee | Google Cloud
 
Managing Identities in the World of APIs
byApigee | Google Cloud
 
Security as an Enabler for the Digital World - CISO Perspective
byApigee | Google Cloud
 
Open APIs: Security for Mobile and the Cloud
byCA API Management
 
OWASP -Top 5 Jagjit
byJagjit Singh Brar
 
Windows Advance Threats - BSides Amman 2019
byAmmar Hasayen
 
The Dev, Sec and Ops of API Security - NordicAPIs
by42Crunch
 
Hacking Samsung's Tizen: The OS of Everything - Hack In the Box 2015
byAjin Abraham
 
OWASP API Security Top 10 - API World
by42Crunch
 
Mobile_app_security
byHassan El Hadary
 
Verizon DMS' Bot Mitigation from Paul Hobbs
byPaul Hobbs
 
Become a Security Ninja
byPaul Gilzow
 
CSS 17: NYC - Stories from the SOC
byAlert Logic
 
WEBINAR: Positive Security for APIs: What it is and why you need it!
by42Crunch
 
Mobile security, OWASP Mobile Top 10, OWASP Seraphimdroid
byNikola Milosevic
 
Secure Modern Workplace With Microsoft 365 Threat Protection
byAmmar Hasayen
 
OWASP Top 10 - 2017
byHackerOne
 
CIS13: APIs, Identity, and Securing the Enterprise
byCloudIDSummit
 
API Abuse - The Anatomy of An Attack
byNordic APIs
 

Similar to Web application security

ODP
Null who and_where (1)
byPrajwal Panchmahalkar
 
PDF
Owasp top 10 2013
byEdouard de Lansalut
 
PDF
Web Application Security with PHP
byjikbal
 
PDF
Top Application Security Threats
byColumnInformationSecurity
 
PDF
Web Security
byKHOANGUYNNGANH
 
PDF
Web hackingtools cf-summit2014
byColdFusionConference
 
PPTX
owasp features in secure coding techniques
bySri Latha
 
PDF
Software Security - Vulnerability&Attack
byEmanuela BoroČ™
 
PPTX
Securing the Web @RivieraDev2016
bySumanth Damarla
 
PPT
Web Application Testing for Today’s Biggest and Emerging Threats
byAlan Kan
 
PPTX
Thoughts on Defensive Development for Sitecore
byPINT Inc
 
PPTX
Web and Mobile Application Security
byPrateek Jain
 
PPTX
Top Application Security Trends of 2012
byDaveEdwards12
 
PDF
Web vulnerabilities
byKrishna Gehlot
 
PPT
DEVSECOPS_the_beginning.ppt
byschwarz10
 
PDF
Top 10 Web App Security Risks
bySperasoft
 
PPT
Secure by design and secure software development
byBill Ross
 
PDF
Rich Web App Security - Keeping your application safe
byJeremiah Grossman
 
PPTX
Application security
byHagar Alaa el-din
 
PDF
Jonathan Singer - Wheezing The Juice.pdf
byJonathan Singer
 
Null who and_where (1)
byPrajwal Panchmahalkar
 
Owasp top 10 2013
byEdouard de Lansalut
 
Web Application Security with PHP
byjikbal
 
Top Application Security Threats
byColumnInformationSecurity
 
Web Security
byKHOANGUYNNGANH
 
Web hackingtools cf-summit2014
byColdFusionConference
 
owasp features in secure coding techniques
bySri Latha
 
Software Security - Vulnerability&Attack
byEmanuela BoroČ™
 
Securing the Web @RivieraDev2016
bySumanth Damarla
 
Web Application Testing for Today’s Biggest and Emerging Threats
byAlan Kan
 
Thoughts on Defensive Development for Sitecore
byPINT Inc
 
Web and Mobile Application Security
byPrateek Jain
 
Top Application Security Trends of 2012
byDaveEdwards12
 
Web vulnerabilities
byKrishna Gehlot
 
DEVSECOPS_the_beginning.ppt
byschwarz10
 
Top 10 Web App Security Risks
bySperasoft
 
Secure by design and secure software development
byBill Ross
 
Rich Web App Security - Keeping your application safe
byJeremiah Grossman
 
Application security
byHagar Alaa el-din
 
Jonathan Singer - Wheezing The Juice.pdf
byJonathan Singer
 

More from Akash Mahajan

PDF
On Writing Well - A talk given at WinjaBlogs Session
byAkash Mahajan
 
PDF
App sec in the time of docker containers
byAkash Mahajan
 
PPTX
Venom vulnerability Overview and a basic demo
byAkash Mahajan
 
PPTX
Security in the cloud Workshop HSTC 2014
byAkash Mahajan
 
ODP
INCOMPLETE - OUTLINE for RootConf 2014 - The little-servcie-which-wasn't-there
byAkash Mahajan
 
PPTX
The real incident of stealing a droid app+data
byAkash Mahajan
 
PPTX
Believe It Or Not SSL Attacks
byAkash Mahajan
 
PPTX
I haz your mouse clicks and key strokes
byAkash Mahajan
 
PPTX
Hackers versus Developers and Secure Web Programming
byAkash Mahajan
 
PPTX
Secure HTTP Headers c0c0n 2011 Akash Mahajan
byAkash Mahajan
 
PPTX
Php security
byAkash Mahajan
 
PPTX
Secure passwords-theory-and-practice
byAkash Mahajan
 
PPTX
Web application security
byAkash Mahajan
 
PPTX
Secure Programming In Php
byAkash Mahajan
 
PPT
Startups Security
byAkash Mahajan
 
On Writing Well - A talk given at WinjaBlogs Session
byAkash Mahajan
 
App sec in the time of docker containers
byAkash Mahajan
 
Venom vulnerability Overview and a basic demo
byAkash Mahajan
 
Security in the cloud Workshop HSTC 2014
byAkash Mahajan
 
INCOMPLETE - OUTLINE for RootConf 2014 - The little-servcie-which-wasn't-there
byAkash Mahajan
 
The real incident of stealing a droid app+data
byAkash Mahajan
 
Believe It Or Not SSL Attacks
byAkash Mahajan
 
I haz your mouse clicks and key strokes
byAkash Mahajan
 
Hackers versus Developers and Secure Web Programming
byAkash Mahajan
 
Secure HTTP Headers c0c0n 2011 Akash Mahajan
byAkash Mahajan
 
Php security
byAkash Mahajan
 
Secure passwords-theory-and-practice
byAkash Mahajan
 
Web application security
byAkash Mahajan
 
Secure Programming In Php
byAkash Mahajan
 
Startups Security
byAkash Mahajan
 

Recently uploaded

PPTX
Understanding-Search-Algorithms_09-12-25.pptx
byshaikmahammedtauheed
 
PDF
Agentic-Document-Extraction-2026-Presentation.pdf
byTamanna
 
PDF
Certified AI-Native Foundations Professional.pdf
byMarc Entsminger SPC6, RTE, SSM, SA, SDP
 
PDF
Skills to Pass the UiPath Agentic Automation Associate (UiAAA) Certification
byUiPathCommunity
 
PDF
EU regulations for the North American book supply chain - Tech Forum 2026
byBookNet Canada
 
PDF
Web3 - Applications and Architectures - History and Horizons
byGokul Alex
 
PDF
Fortinet Certified Fundamentals in Cybersecurity
byVICTOR MAESTRE RAMIREZ
 
PDF
Real-Time AI Masterclass: Vector Search at Scale
byScyllaDB
 
PDF
Transcript: EU regulations for the North American book supply chain - Tech Fo...
byBookNet Canada
 
PDF
ICT500 - CRITICAL AND CREATIVE THINKING FOR INFORMATION TECHNOLOGY SOLUTIONS:...
by2024432452
 
PDF
How PayPal Account Verification Works – Complete Guide for Online Businesses
byjhdhj3989
 
PDF
Getting the Best of TrueDEM – January News & Updates
bypanagenda
 
PPTX
TechSprint WinterHack — Top 10 Teams Pitching Session we are excited for pit...
bybajpaitusharoffon678
 
PDF
When Drones Decide for Themselves_ Inside the Rise of Machine-Led Flight.pdf
byLyra Anderson
 
PPTX
API Gateway Architecture - Technical Report 2026
byPowersoft2026
 
PDF
"Painless Major Upgrade: A Strategy for Updating Large Codebases", Andrii Yat...
byFwdays
 
PDF
Quick Learn Laravel for Beginner from Zero to Survive
byiDev Semarang
 
PDF
Certified AI-Empowered SAFe 6 Scrum Master.pdf
byMarc Entsminger SPC6, RTE, SSM, SA, SDP
 
PDF
"When every team does things "right", but together it turns into chaos", Yozh...
byFwdays
 
PPTX
The Lex Wire Precedent: A Technical Standard for Machine-Mediated Authority ...
byJeff Howell
 
Understanding-Search-Algorithms_09-12-25.pptx
byshaikmahammedtauheed
 
Agentic-Document-Extraction-2026-Presentation.pdf
byTamanna
 
Certified AI-Native Foundations Professional.pdf
byMarc Entsminger SPC6, RTE, SSM, SA, SDP
 
Skills to Pass the UiPath Agentic Automation Associate (UiAAA) Certification
byUiPathCommunity
 
EU regulations for the North American book supply chain - Tech Forum 2026
byBookNet Canada
 
Web3 - Applications and Architectures - History and Horizons
byGokul Alex
 
Fortinet Certified Fundamentals in Cybersecurity
byVICTOR MAESTRE RAMIREZ
 
Real-Time AI Masterclass: Vector Search at Scale
byScyllaDB
 
Transcript: EU regulations for the North American book supply chain - Tech Fo...
byBookNet Canada
 
ICT500 - CRITICAL AND CREATIVE THINKING FOR INFORMATION TECHNOLOGY SOLUTIONS:...
by2024432452
 
How PayPal Account Verification Works – Complete Guide for Online Businesses
byjhdhj3989
 
Getting the Best of TrueDEM – January News & Updates
bypanagenda
 
TechSprint WinterHack — Top 10 Teams Pitching Session we are excited for pit...
bybajpaitusharoffon678
 
When Drones Decide for Themselves_ Inside the Rise of Machine-Led Flight.pdf
byLyra Anderson
 
API Gateway Architecture - Technical Report 2026
byPowersoft2026
 
"Painless Major Upgrade: A Strategy for Updating Large Codebases", Andrii Yat...
byFwdays
 
Quick Learn Laravel for Beginner from Zero to Survive
byiDev Semarang
 
Certified AI-Empowered SAFe 6 Scrum Master.pdf
byMarc Entsminger SPC6, RTE, SSM, SA, SDP
 
"When every team does things "right", but together it turns into chaos", Yozh...
byFwdays
 
The Lex Wire Precedent: A Technical Standard for Machine-Mediated Authority ...
byJeff Howell
 

Web application security

  • 1.
    Web Application SecurityFirewallswill not be able to protect youAkashMahajan – Chapter Lead for null Bangalore
  • 2.
    What should keepyou up at night95% of attacks are against “Web Servers and Web Applications” aka WebsitesThe top 3 verticals compromised were Financial Services, Hospitality and Retail. More than 60% of attacks were caused by external agents.Primary attack vector was SQL Injection and was used to install customized malware.Injection Attacks are #1 critical flaw in applicationsSources Verizon DBIR 2010, Whitehat Sec Statistics, OWASP Top 10 2010
  • 3.
    Web App AttacksSQLInjection AttacksNumber plate to foil an automatic license plate scanner!An attack which allows SQL to be executed as part of the input.
  • 4.
  • 5.
    Web App AttacksXSSwas used to get root on a apache.org server in April 2010A popular shopping website used to sell only books and now sell other stuff as well.That inner window is an iframe injected in a simple search request. Picture courtesy null Keeda Vulnerability Database
  • 6.
    Other Critical Flaws/AttacksCrossSite Request ForgeryAttacks the user of the applicationClickjackingFacebook Like attackSecurityMis-configurationsDefault passwords in DSL routersInsecure Cryptographic StorageApache AttackTiny URLsEmployees trust and click on anything!
  • 7.
    Solutions/MitigationsTraining inSecure Codingfor DevelopersCode Reviews by competent security folksRegular mining of web server logsApplication Security PracticeAwareness about new attacksSetup a red team in the company
  • 8.
    About nullNull –Indian Open Security Community null.co.inRegistered non-profit society5 active chapters in IndiaWe conduct monthly meetings, regular awareness camps and trainings.More than 1000+ security professionals and enthusiasts in the group.Null Keeda Vulnerability Database http://keeda.nullcon.net
  • 9.
    AkashMahajanChapter Lead ofnull BangaloreWeb Security ConsultantI hack, test, secure web apps and serversHelp companies become secure on AWS cloudWebsite: akashm.comEmail: akashmahajan@gmail.com / aka@null.co.inTwitter: @makashLinkedin: www.linkedin.com/in/akashm