SlideShare a Scribd company logo
WhatYou Need to Know About Web
App Security Testing in 2018
Ken De Souza
STP Community Webinar, January 2018
V. 1.4
Twitter: @kgdesouz
blog.tkee.org
Source: http://www.troyhunt.com/2016/02/controlling-vehicle-features-of-nissan.html
GET https://[redacted].com/orchestration_1111/gdc/
BatteryStatusRecordsRequest.php?RegionCode=NE&lg=no-
NO&DCMID=&VIN=SJNFAAZE0U60XXXXX&tz=Europe/
Paris&TimeFrom=2014-09-27T09:15:21
GET https://[redacted].com/orchestration_1111/gdc/
BatteryStatusRecordsRequest.php?RegionCode=NE&lg=no-
NO&DCMID=&VIN=SJNFAAZE0U60XXXXX&tz=Europe/
Paris&TimeFrom=2014-09-27T09:15:21
Source: https://youtu.be/Nt33m7G_42Q
CVE-2017-5638
March 2017
CVE-2017-9805
4 September 2017
Source: https://www.theguardian.com/us-news/2017/sep/07/equifax-credit-breach-hack-social-security, https://
nakedsecurity.sophos.com/2017/09/08/equifax-data-breach-what-you-need-to-know/
Source: https://github.com/mazen160/struts-pwn_CVE-2017-9805
Source: ‪https://news.ycombinator.com/item?id=15233399
Source: https://krebsonsecurity.com/
2017/09/ayuda-help-equifax-has-my-data/
This is a practical / experience talk.
These are the tools I use on a daily(ish)
basis when I'm testing software.
Your mileage may vary.
This topic is HUGE
The tools don’t replace thinking.
Common terminology
Learn something about the threats
Demos of tools
Explain the risks to stake holders
Where to go next
"security, just like disaster recovery, is a
lifestyle, not a checklist"
This is not a black and white problem
Source: https://news.ycombinator.com/item?id=11323849
STRIDE(identification)
DREAD(classification)
OWASP Top 10 (attack vectors)
OWASP ZAP
(Web application vulnerability analysis)
Dependency Check
(3rd party vulnerability analysis)
nmap / Wireshark / tcpdump
(network analysis)
Microsoft Threat
Modeling
(communication)
Application
Security
Risks
Source: https://owasptop10.googlecode.com/files/OWASP%20Top%2010%20-%202013.pdf.
STRIDE
Spoofing Tampering Repudiation
Information
Disclosure
Denial of
Service
Elevation of
Privilege
Source: https://msdn.microsoft.com/en-us/library/ee823878(v=cs.20).aspx
Sources: https://www.owasp.org/index.php/Application_Threat_Modeling
http://www.se.rit.edu/~swen-331/slides/07%20Threat%20Modeling.pptx
Type Security Control Examples
Spoofing Authentication I am Spartacus
Tampering Integrity Looks like Johnny got an A!
Repudiation
Non-
Repudiation
Didn’t Johnny have a B?
Information
disclosure
Confidentiality Johnny’s SSN is…
Denial of
service
Availability Please try again later.
Elevation of
privilege
Authorization sudo rm –rf /home/johnny
DREAD
Damage Reproducibility Exploitability
Affected
users
Discoverability
Source: https://msdn.microsoft.com/en-us/library/aa302419.aspx
Source: https://msdn.microsoft.com/en-us/magazine/ee336031.aspx
Developer point of view….
DREAD
Parameter
Rating Rationale
Damage
Potential
5
An attacker could read and alter data in the
product database.
Reproducibility 10 Can reproduce every time.
Exploitability 2
Easily exploitable by automated tools found on
the Internet.
Affected Users 1 Affects critical administrative users
Discoverability 1
Affected page “admin.aspx” easily guessed by
an attacker.
Overall Rating 3.8
Source: https://msdn.microsoft.com/en-us/magazine/ee336031.aspx
Tester point of view…
DREAD
Parameter
Rating Rationale
Damage
Potential
10
An attacker could read and alter data in the
product database.
Reproducibility 10 Can reproduce every time.
Exploitability 10
Easily exploitable by automated tools found on
the Internet.
Affected Users 10 Affects critical administrative users
Discoverability 10
Affected page “admin.aspx” easily guessed by
an attacker.
Overall Rating 10
STRIDE /
DREAD
Source: https://owasptop10.googlecode.com/files/OWASP%20Top%2010%20-%202013.pdf.
OWASP Top 10,
2017
Source: https://github.com/OWASP/Top10/raw/master/2017/OWASP%20Top%2010%20-%202017%20RC1-English.pdf
OWASP Top 10
Open Web Application Security Project
A1: Injection
http://example.com/app/accountView?
id='
A2: Broken Authentication
Using known passwords (from various
public lists)
Allowing insecure (not strong)
passworrd (e.g.: Password1)
A3: Sensitive Data Exposure
SSL not being used
Meltdown
Bad programming
A4: XML External Entities
(new)
<node attrib='foo''/>
A5: Broken Access Control http://example.com/app/accountInfo?
acct=notmyacct
Source: https://www.owasp.org/images/7/72/OWASP_Top_10-2017_%28en%29.pdf.pdf
A6: Security
Misconfiguration
Default admin account enabled;
directories shown on site;
Stack traces shown to users;
A7: Cross Site Scripting
(XSS)
<script>alert('test');</script>
A8: Insecure Deserialization
(new)
Typical data tampering attacks, such
as access-control-related attacks,
where existing data structures are
used but the content is changed.
A9: Using Components with
known vulnerability
Not patching your 3rd party sh*t
A10: Insufficient Logging &
Monitoring (new)
Monitoring unauthorized access;
Alerting on potential breaches;
Source: https://www.owasp.org/images/7/72/OWASP_Top_10-2017_%28en%29.pdf.pdf
nmap
crt.sh
dig
nmap
what ports are open? Where can you attack?
Source: https://owasptop10.googlecode.com/files/OWASP%20Top%2010%20-%202013.pdf.
Source: crt.sh
Source: dig -f shopify-urls.txt +noall +answer
Source: shodan.io
Wireshark
tcpdump
Network packet / protocol analysis tool
Allows users to capture network traffic
from any interface, like Ethernet,Wifi,
Bluetooth, USB, etc
Why use Wireshark?
It is a great tool to debug your
environment
Help to examine potential security
problems
docker run -e
"SPRING_PROFILES_ACTIVE=hsqldb" -p8080:8080
"dhatanian/ticketmagpie"
	
This container has LOTS of vulnerabilities,
designed for learning about web security
Source: Docker running “Ticket magpie” (https://github.com/dhatanian/ticketmagpie)
Wireshark
Look at red/yellow lines between systems
Source: https://owasptop10.googlecode.com/files/OWASP%20Top%2010%20-%202013.pdf.
Demo
tcpdump:
Look at red/yellow lines between systems
Source: https://owasptop10.googlecode.com/files/OWASP%20Top%2010%20-%202013.pdf.
Why use tcpdump?
Use this when you can’t use
Wireshark
Great for servers
tcpdump -lnni eth0 
-w dump -s 65535 host web01
 and port 80
OWASP ZAP
Why use OWASP ZAP?
Can be used to find many of the top 10
exploits
Can be quick integrated into you manual
or automated workflow
Can be used in active or passive mode
OWASP ZAP
Source: https://owasptop10.googlecode.com/files/OWASP%20Top%2010%20-%202013.pdf.
Demo
Dependency Check
What is it?
Checks your application for 3rd party
software
Looks to see if there are any known
vulnerabilities and gives you suggestions
on how to fix them
Threat Modeling
What is it?
A way to analyze and communicate
security related problems
This is a much larger topic than we have
time for
… but I’ll give you the basics
Why do this?
To explain to management
To explain to customers
To explain to developers, architects, etc.
With the tools I just showed you, you now
have the basics to be able to build a model
Threat Modeling:
Communicating it…
Source: https://owasptop10.googlecode.com/files/OWASP%20Top%2010%20-%202013.pdf.
Threat Modeling
Step 1: Enumerate
–  Product functionality
–  Technologies used
–  Processes
–  Listening ports
–  Process to port mappings
–  Users processes that running
–  3rd party applications / installations
Threat Modeling
Step 2: Data flow with boundaries
Source: http://geekswithblogs.net/hroggero/archive/2014/12/18/microsoft-azure-and-threat-
modeling-you-apps.aspx
Demo
Threat Modeling
Can	be	done	at	various	stages	of	the	SDLC	
https://www.checkmarx.com/wp-content/uploads/2014/10/SecurityintheSDLC.png
netstat
nslookup
ps
browser dev tools
BurpSuite
All these tools, help to answer the question
Is your application secure?
Where to go next?
Bug	bounties
Practice
https://thetestdoctor.wordpress.com/2016/10/11/introducing-ticket-magpie/
Practice
https://xss-game.appspot.com
To conclude…
Be aware and prepare yourself for the
worst.
Coming up with a plan is important
Understanding attack vectors is
important
Thanks!
References
•  Preventing CSRF with the same-site cookie attribute: http://www.sjoerdlangkemper.nl/2016/04/14/
preventing-csrf-with-samesite-cookie-attribute/
•  Security Ninjas: An Open Source Application Security Training Program: http://www.slideshare.net/OpenDNS/
security-ninjas-opensource
•  Threat modeling web application: a case study: http://www.slideshare.net/starbuck3000/threat-modeling-
web-application-a-case-study
•  Chapter 3 Threat Modeling: https://msdn.microsoft.com/en-us/library/aa302419.aspx
•  Understanding The Known: OWASP A9 Using Components With Known Vulnerabilities: http://
www.slideshare.net/anantshri/understanding-the-known-owasp-a9-using-components-with-known-
vulnerabilities
•  Real World Application Threat Modelling By Example: http://www.slideshare.net/NCC_Group/real-world-
application-threat-modelling-by-example
•  The BodgeIt Store Part 1: http://resources.infosecinstitute.com/the-bodgeit-store-part-1-2/
•  Threat modeling example: http://www.se.rit.edu/~swen-331/slides/07%20Threat%20Modeling.pptx
•  Struts Bug Explained: https://nakedsecurity.sophos.com/2017/09/06/apache-struts-serialisation-vulnerability-
what-you-need-to-know/

More Related Content

What's hot

SAP strikes back Your SAP server now counter attacks.
SAP strikes back Your SAP server now counter attacks.SAP strikes back Your SAP server now counter attacks.
SAP strikes back Your SAP server now counter attacks.
Dmitry Iudin
 
Managing Security in External Software Dependencies
Managing Security in External Software DependenciesManaging Security in External Software Dependencies
Managing Security in External Software Dependencies
Tharindu Edirisinghe
 
nullcon 2011 - Vulnerabilities and Malware: Statistics and Research for Malwa...
nullcon 2011 - Vulnerabilities and Malware: Statistics and Research for Malwa...nullcon 2011 - Vulnerabilities and Malware: Statistics and Research for Malwa...
nullcon 2011 - Vulnerabilities and Malware: Statistics and Research for Malwa...
n|u - The Open Security Community
 
CVE-2021-44228 Log4j (and Log4Shell) Executive Explainer by cje@bugcrowd
CVE-2021-44228 Log4j (and Log4Shell) Executive Explainer by cje@bugcrowdCVE-2021-44228 Log4j (and Log4Shell) Executive Explainer by cje@bugcrowd
CVE-2021-44228 Log4j (and Log4Shell) Executive Explainer by cje@bugcrowd
Casey Ellis
 
Secure Software Development with 3rd Party Dependencies
Secure Software Development with 3rd Party DependenciesSecure Software Development with 3rd Party Dependencies
Secure Software Development with 3rd Party Dependencies
thariyarox
 
Secure coding presentation Oct 3 2020
Secure coding presentation Oct 3 2020Secure coding presentation Oct 3 2020
Secure coding presentation Oct 3 2020
Moataz Kamel
 
Penetration testing web application web application (in) security
Penetration testing web application web application (in) securityPenetration testing web application web application (in) security
Penetration testing web application web application (in) security
Nahidul Kibria
 
Simplified Security Code Review Process
Simplified Security Code Review ProcessSimplified Security Code Review Process
Simplified Security Code Review Process
Sherif Koussa
 
Bringing the hacker mindset into requirements and testing by Eapen Thomas and...
Bringing the hacker mindset into requirements and testing by Eapen Thomas and...Bringing the hacker mindset into requirements and testing by Eapen Thomas and...
Bringing the hacker mindset into requirements and testing by Eapen Thomas and...
QA or the Highway
 
Bridging the gap - Security and Software Testing
Bridging the gap - Security and Software TestingBridging the gap - Security and Software Testing
Bridging the gap - Security and Software Testing
Roberto Suggi Liverani
 
Security Analyst Workshop - 20200212
Security Analyst Workshop - 20200212Security Analyst Workshop - 20200212
Security Analyst Workshop - 20200212
Florian Roth
 
Security Analyst Workshop - 20190314
Security Analyst Workshop - 20190314Security Analyst Workshop - 20190314
Security Analyst Workshop - 20190314
Florian Roth
 
Neoito — Secure coding practices
Neoito — Secure coding practicesNeoito — Secure coding practices
Neoito — Secure coding practices
Neoito
 
Software Development Weaknesses - SecOSdays Sofia, 2019
Software Development Weaknesses - SecOSdays Sofia, 2019Software Development Weaknesses - SecOSdays Sofia, 2019
Software Development Weaknesses - SecOSdays Sofia, 2019
Balázs Tatár
 
Ransomware Resistance
Ransomware ResistanceRansomware Resistance
Ransomware Resistance
Florian Roth
 
None More Black - the Dark Side of SEO
None More Black - the Dark Side of SEONone More Black - the Dark Side of SEO
None More Black - the Dark Side of SEO
Roberto Suggi Liverani
 
Introduction to Web Application Penetration Testing
Introduction to Web Application Penetration TestingIntroduction to Web Application Penetration Testing
Introduction to Web Application Penetration Testing
Netsparker
 
The New OWASP Top Ten: Let's Cut to the Chase
The New OWASP Top Ten: Let's Cut to the ChaseThe New OWASP Top Ten: Let's Cut to the Chase
The New OWASP Top Ten: Let's Cut to the Chase
Security Innovation
 
Analyzing the effectivess_and_coverage_of_web_app_scanners
Analyzing the effectivess_and_coverage_of_web_app_scannersAnalyzing the effectivess_and_coverage_of_web_app_scanners
Analyzing the effectivess_and_coverage_of_web_app_scanners
Larry Suto
 

What's hot (19)

SAP strikes back Your SAP server now counter attacks.
SAP strikes back Your SAP server now counter attacks.SAP strikes back Your SAP server now counter attacks.
SAP strikes back Your SAP server now counter attacks.
 
Managing Security in External Software Dependencies
Managing Security in External Software DependenciesManaging Security in External Software Dependencies
Managing Security in External Software Dependencies
 
nullcon 2011 - Vulnerabilities and Malware: Statistics and Research for Malwa...
nullcon 2011 - Vulnerabilities and Malware: Statistics and Research for Malwa...nullcon 2011 - Vulnerabilities and Malware: Statistics and Research for Malwa...
nullcon 2011 - Vulnerabilities and Malware: Statistics and Research for Malwa...
 
CVE-2021-44228 Log4j (and Log4Shell) Executive Explainer by cje@bugcrowd
CVE-2021-44228 Log4j (and Log4Shell) Executive Explainer by cje@bugcrowdCVE-2021-44228 Log4j (and Log4Shell) Executive Explainer by cje@bugcrowd
CVE-2021-44228 Log4j (and Log4Shell) Executive Explainer by cje@bugcrowd
 
Secure Software Development with 3rd Party Dependencies
Secure Software Development with 3rd Party DependenciesSecure Software Development with 3rd Party Dependencies
Secure Software Development with 3rd Party Dependencies
 
Secure coding presentation Oct 3 2020
Secure coding presentation Oct 3 2020Secure coding presentation Oct 3 2020
Secure coding presentation Oct 3 2020
 
Penetration testing web application web application (in) security
Penetration testing web application web application (in) securityPenetration testing web application web application (in) security
Penetration testing web application web application (in) security
 
Simplified Security Code Review Process
Simplified Security Code Review ProcessSimplified Security Code Review Process
Simplified Security Code Review Process
 
Bringing the hacker mindset into requirements and testing by Eapen Thomas and...
Bringing the hacker mindset into requirements and testing by Eapen Thomas and...Bringing the hacker mindset into requirements and testing by Eapen Thomas and...
Bringing the hacker mindset into requirements and testing by Eapen Thomas and...
 
Bridging the gap - Security and Software Testing
Bridging the gap - Security and Software TestingBridging the gap - Security and Software Testing
Bridging the gap - Security and Software Testing
 
Security Analyst Workshop - 20200212
Security Analyst Workshop - 20200212Security Analyst Workshop - 20200212
Security Analyst Workshop - 20200212
 
Security Analyst Workshop - 20190314
Security Analyst Workshop - 20190314Security Analyst Workshop - 20190314
Security Analyst Workshop - 20190314
 
Neoito — Secure coding practices
Neoito — Secure coding practicesNeoito — Secure coding practices
Neoito — Secure coding practices
 
Software Development Weaknesses - SecOSdays Sofia, 2019
Software Development Weaknesses - SecOSdays Sofia, 2019Software Development Weaknesses - SecOSdays Sofia, 2019
Software Development Weaknesses - SecOSdays Sofia, 2019
 
Ransomware Resistance
Ransomware ResistanceRansomware Resistance
Ransomware Resistance
 
None More Black - the Dark Side of SEO
None More Black - the Dark Side of SEONone More Black - the Dark Side of SEO
None More Black - the Dark Side of SEO
 
Introduction to Web Application Penetration Testing
Introduction to Web Application Penetration TestingIntroduction to Web Application Penetration Testing
Introduction to Web Application Penetration Testing
 
The New OWASP Top Ten: Let's Cut to the Chase
The New OWASP Top Ten: Let's Cut to the ChaseThe New OWASP Top Ten: Let's Cut to the Chase
The New OWASP Top Ten: Let's Cut to the Chase
 
Analyzing the effectivess_and_coverage_of_web_app_scanners
Analyzing the effectivess_and_coverage_of_web_app_scannersAnalyzing the effectivess_and_coverage_of_web_app_scanners
Analyzing the effectivess_and_coverage_of_web_app_scanners
 

Similar to What You Need to Know About Web App Security Testing in 2018

The bare minimum that you should know about web application security testing ...
The bare minimum that you should know about web application security testing ...The bare minimum that you should know about web application security testing ...
The bare minimum that you should know about web application security testing ...
Ken DeSouza
 
Sandbox kiev
Sandbox kievSandbox kiev
Sandbox kiev
uisgslide
 
Im-A-Hacker-Get-Me-Out-Of-Here-Breaking-Network-Segregation-Using-Esoteric-Co...
Im-A-Hacker-Get-Me-Out-Of-Here-Breaking-Network-Segregation-Using-Esoteric-Co...Im-A-Hacker-Get-Me-Out-Of-Here-Breaking-Network-Segregation-Using-Esoteric-Co...
Im-A-Hacker-Get-Me-Out-Of-Here-Breaking-Network-Segregation-Using-Esoteric-Co...
YuChianWu
 
SAP security in figures
SAP security in figuresSAP security in figures
SAP security in figures
ERPScan
 
GNUCITIZEN Dwk Owasp Day September 2007
GNUCITIZEN Dwk Owasp Day   September 2007GNUCITIZEN Dwk Owasp Day   September 2007
GNUCITIZEN Dwk Owasp Day September 2007
guest20ab09
 
Managing Security in External Software Dependencies
Managing Security in External Software DependenciesManaging Security in External Software Dependencies
Managing Security in External Software Dependencies
thariyarox
 
Web application penetration testing lab setup guide
Web application penetration testing lab setup guideWeb application penetration testing lab setup guide
Web application penetration testing lab setup guide
Sudhanshu Chauhan
 
Demystify Information Security & Threats for Data-Driven Platforms With Cheta...
Demystify Information Security & Threats for Data-Driven Platforms With Cheta...Demystify Information Security & Threats for Data-Driven Platforms With Cheta...
Demystify Information Security & Threats for Data-Driven Platforms With Cheta...
Chetan Khatri
 
New Era of Software with modern Application Security v1.0
New Era of Software with modern Application Security v1.0New Era of Software with modern Application Security v1.0
New Era of Software with modern Application Security v1.0
Dinis Cruz
 
Owasp web application security trends
Owasp web application security trendsOwasp web application security trends
Owasp web application security trends
beched
 
[2.1] Web application Security Trends - Omar Ganiev
[2.1] Web application Security Trends - Omar Ganiev[2.1] Web application Security Trends - Omar Ganiev
[2.1] Web application Security Trends - Omar Ganiev
OWASP Russia
 
Cyber ppt
Cyber pptCyber ppt
Cyber ppt
karthik menon
 
OSMC 2016 | Application Performance Management with Open-Source-Tooling by Ma...
OSMC 2016 | Application Performance Management with Open-Source-Tooling by Ma...OSMC 2016 | Application Performance Management with Open-Source-Tooling by Ma...
OSMC 2016 | Application Performance Management with Open-Source-Tooling by Ma...
NETWAYS
 
OSMC 2016 - Application Performance Management with Open-Source-Tooling by M...
OSMC 2016 -  Application Performance Management with Open-Source-Tooling by M...OSMC 2016 -  Application Performance Management with Open-Source-Tooling by M...
OSMC 2016 - Application Performance Management with Open-Source-Tooling by M...
NETWAYS
 
Automated Detection of HPP Vulnerabilities in Web Applications Version 0.3, B...
Automated Detection of HPP Vulnerabilities in Web Applications Version 0.3, B...Automated Detection of HPP Vulnerabilities in Web Applications Version 0.3, B...
Automated Detection of HPP Vulnerabilities in Web Applications Version 0.3, B...
Marco Balduzzi
 
Hands-On Lab: Quickly and Easily Monitor Applications using CA Application Pe...
Hands-On Lab: Quickly and Easily Monitor Applications using CA Application Pe...Hands-On Lab: Quickly and Easily Monitor Applications using CA Application Pe...
Hands-On Lab: Quickly and Easily Monitor Applications using CA Application Pe...
CA Technologies
 
Spring Boot & Spring Cloud on PAS- Nate Schutta (1/2)
Spring Boot & Spring Cloud on PAS- Nate Schutta (1/2)Spring Boot & Spring Cloud on PAS- Nate Schutta (1/2)
Spring Boot & Spring Cloud on PAS- Nate Schutta (1/2)
VMware Tanzu
 
A little bit about code injection in WebApplication Frameworks (CVE-2018-1466...
A little bit about code injection in WebApplication Frameworks (CVE-2018-1466...A little bit about code injection in WebApplication Frameworks (CVE-2018-1466...
A little bit about code injection in WebApplication Frameworks (CVE-2018-1466...
ufpb
 
Owasp top 10 web application security hazards part 2
Owasp top 10 web application security hazards part 2Owasp top 10 web application security hazards part 2
Owasp top 10 web application security hazards part 2
Abhinav Sejpal
 
GDD Japan 2009 - Designing OpenSocial Apps For Speed and Scale
GDD Japan 2009 - Designing OpenSocial Apps For Speed and ScaleGDD Japan 2009 - Designing OpenSocial Apps For Speed and Scale
GDD Japan 2009 - Designing OpenSocial Apps For Speed and Scale
Patrick Chanezon
 

Similar to What You Need to Know About Web App Security Testing in 2018 (20)

The bare minimum that you should know about web application security testing ...
The bare minimum that you should know about web application security testing ...The bare minimum that you should know about web application security testing ...
The bare minimum that you should know about web application security testing ...
 
Sandbox kiev
Sandbox kievSandbox kiev
Sandbox kiev
 
Im-A-Hacker-Get-Me-Out-Of-Here-Breaking-Network-Segregation-Using-Esoteric-Co...
Im-A-Hacker-Get-Me-Out-Of-Here-Breaking-Network-Segregation-Using-Esoteric-Co...Im-A-Hacker-Get-Me-Out-Of-Here-Breaking-Network-Segregation-Using-Esoteric-Co...
Im-A-Hacker-Get-Me-Out-Of-Here-Breaking-Network-Segregation-Using-Esoteric-Co...
 
SAP security in figures
SAP security in figuresSAP security in figures
SAP security in figures
 
GNUCITIZEN Dwk Owasp Day September 2007
GNUCITIZEN Dwk Owasp Day   September 2007GNUCITIZEN Dwk Owasp Day   September 2007
GNUCITIZEN Dwk Owasp Day September 2007
 
Managing Security in External Software Dependencies
Managing Security in External Software DependenciesManaging Security in External Software Dependencies
Managing Security in External Software Dependencies
 
Web application penetration testing lab setup guide
Web application penetration testing lab setup guideWeb application penetration testing lab setup guide
Web application penetration testing lab setup guide
 
Demystify Information Security & Threats for Data-Driven Platforms With Cheta...
Demystify Information Security & Threats for Data-Driven Platforms With Cheta...Demystify Information Security & Threats for Data-Driven Platforms With Cheta...
Demystify Information Security & Threats for Data-Driven Platforms With Cheta...
 
New Era of Software with modern Application Security v1.0
New Era of Software with modern Application Security v1.0New Era of Software with modern Application Security v1.0
New Era of Software with modern Application Security v1.0
 
Owasp web application security trends
Owasp web application security trendsOwasp web application security trends
Owasp web application security trends
 
[2.1] Web application Security Trends - Omar Ganiev
[2.1] Web application Security Trends - Omar Ganiev[2.1] Web application Security Trends - Omar Ganiev
[2.1] Web application Security Trends - Omar Ganiev
 
Cyber ppt
Cyber pptCyber ppt
Cyber ppt
 
OSMC 2016 | Application Performance Management with Open-Source-Tooling by Ma...
OSMC 2016 | Application Performance Management with Open-Source-Tooling by Ma...OSMC 2016 | Application Performance Management with Open-Source-Tooling by Ma...
OSMC 2016 | Application Performance Management with Open-Source-Tooling by Ma...
 
OSMC 2016 - Application Performance Management with Open-Source-Tooling by M...
OSMC 2016 -  Application Performance Management with Open-Source-Tooling by M...OSMC 2016 -  Application Performance Management with Open-Source-Tooling by M...
OSMC 2016 - Application Performance Management with Open-Source-Tooling by M...
 
Automated Detection of HPP Vulnerabilities in Web Applications Version 0.3, B...
Automated Detection of HPP Vulnerabilities in Web Applications Version 0.3, B...Automated Detection of HPP Vulnerabilities in Web Applications Version 0.3, B...
Automated Detection of HPP Vulnerabilities in Web Applications Version 0.3, B...
 
Hands-On Lab: Quickly and Easily Monitor Applications using CA Application Pe...
Hands-On Lab: Quickly and Easily Monitor Applications using CA Application Pe...Hands-On Lab: Quickly and Easily Monitor Applications using CA Application Pe...
Hands-On Lab: Quickly and Easily Monitor Applications using CA Application Pe...
 
Spring Boot & Spring Cloud on PAS- Nate Schutta (1/2)
Spring Boot & Spring Cloud on PAS- Nate Schutta (1/2)Spring Boot & Spring Cloud on PAS- Nate Schutta (1/2)
Spring Boot & Spring Cloud on PAS- Nate Schutta (1/2)
 
A little bit about code injection in WebApplication Frameworks (CVE-2018-1466...
A little bit about code injection in WebApplication Frameworks (CVE-2018-1466...A little bit about code injection in WebApplication Frameworks (CVE-2018-1466...
A little bit about code injection in WebApplication Frameworks (CVE-2018-1466...
 
Owasp top 10 web application security hazards part 2
Owasp top 10 web application security hazards part 2Owasp top 10 web application security hazards part 2
Owasp top 10 web application security hazards part 2
 
GDD Japan 2009 - Designing OpenSocial Apps For Speed and Scale
GDD Japan 2009 - Designing OpenSocial Apps For Speed and ScaleGDD Japan 2009 - Designing OpenSocial Apps For Speed and Scale
GDD Japan 2009 - Designing OpenSocial Apps For Speed and Scale
 

Recently uploaded

UI5con 2024 - Boost Your Development Experience with UI5 Tooling Extensions
UI5con 2024 - Boost Your Development Experience with UI5 Tooling ExtensionsUI5con 2024 - Boost Your Development Experience with UI5 Tooling Extensions
UI5con 2024 - Boost Your Development Experience with UI5 Tooling Extensions
Peter Muessig
 
Energy consumption of Database Management - Florina Jonuzi
Energy consumption of Database Management - Florina JonuziEnergy consumption of Database Management - Florina Jonuzi
Energy consumption of Database Management - Florina Jonuzi
Green Software Development
 
All you need to know about Spring Boot and GraalVM
All you need to know about Spring Boot and GraalVMAll you need to know about Spring Boot and GraalVM
All you need to know about Spring Boot and GraalVM
Alina Yurenko
 
Malibou Pitch Deck For Its €3M Seed Round
Malibou Pitch Deck For Its €3M Seed RoundMalibou Pitch Deck For Its €3M Seed Round
Malibou Pitch Deck For Its €3M Seed Round
sjcobrien
 
What next after learning python programming basics
What next after learning python programming basicsWhat next after learning python programming basics
What next after learning python programming basics
Rakesh Kumar R
 
How to write a program in any programming language
How to write a program in any programming languageHow to write a program in any programming language
How to write a program in any programming language
Rakesh Kumar R
 
Modelling Up - DDDEurope 2024 - Amsterdam
Modelling Up - DDDEurope 2024 - AmsterdamModelling Up - DDDEurope 2024 - Amsterdam
Modelling Up - DDDEurope 2024 - Amsterdam
Alberto Brandolini
 
在线购买加拿大英属哥伦比亚大学毕业证本科学位证书原版一模一样
在线购买加拿大英属哥伦比亚大学毕业证本科学位证书原版一模一样在线购买加拿大英属哥伦比亚大学毕业证本科学位证书原版一模一样
在线购买加拿大英属哥伦比亚大学毕业证本科学位证书原版一模一样
mz5nrf0n
 
J-Spring 2024 - Going serverless with Quarkus, GraalVM native images and AWS ...
J-Spring 2024 - Going serverless with Quarkus, GraalVM native images and AWS ...J-Spring 2024 - Going serverless with Quarkus, GraalVM native images and AWS ...
J-Spring 2024 - Going serverless with Quarkus, GraalVM native images and AWS ...
Bert Jan Schrijver
 
一比一原版(USF毕业证)旧金山大学毕业证如何办理
一比一原版(USF毕业证)旧金山大学毕业证如何办理一比一原版(USF毕业证)旧金山大学毕业证如何办理
一比一原版(USF毕业证)旧金山大学毕业证如何办理
dakas1
 
KuberTENes Birthday Bash Guadalajara - Introducción a Argo CD
KuberTENes Birthday Bash Guadalajara - Introducción a Argo CDKuberTENes Birthday Bash Guadalajara - Introducción a Argo CD
KuberTENes Birthday Bash Guadalajara - Introducción a Argo CD
rodomar2
 
GreenCode-A-VSCode-Plugin--Dario-Jurisic
GreenCode-A-VSCode-Plugin--Dario-JurisicGreenCode-A-VSCode-Plugin--Dario-Jurisic
GreenCode-A-VSCode-Plugin--Dario-Jurisic
Green Software Development
 
SMS API Integration in Saudi Arabia| Best SMS API Service
SMS API Integration in Saudi Arabia| Best SMS API ServiceSMS API Integration in Saudi Arabia| Best SMS API Service
SMS API Integration in Saudi Arabia| Best SMS API Service
Yara Milbes
 
Microservice Teams - How the cloud changes the way we work
Microservice Teams - How the cloud changes the way we workMicroservice Teams - How the cloud changes the way we work
Microservice Teams - How the cloud changes the way we work
Sven Peters
 
Using Xen Hypervisor for Functional Safety
Using Xen Hypervisor for Functional SafetyUsing Xen Hypervisor for Functional Safety
Using Xen Hypervisor for Functional Safety
Ayan Halder
 
Measures in SQL (SIGMOD 2024, Santiago, Chile)
Measures in SQL (SIGMOD 2024, Santiago, Chile)Measures in SQL (SIGMOD 2024, Santiago, Chile)
Measures in SQL (SIGMOD 2024, Santiago, Chile)
Julian Hyde
 
Artificia Intellicence and XPath Extension Functions
Artificia Intellicence and XPath Extension FunctionsArtificia Intellicence and XPath Extension Functions
Artificia Intellicence and XPath Extension Functions
Octavian Nadolu
 
Top Benefits of Using Salesforce Healthcare CRM for Patient Management.pdf
Top Benefits of Using Salesforce Healthcare CRM for Patient Management.pdfTop Benefits of Using Salesforce Healthcare CRM for Patient Management.pdf
Top Benefits of Using Salesforce Healthcare CRM for Patient Management.pdf
VALiNTRY360
 
2024 eCommerceDays Toulouse - Sylius 2.0.pdf
2024 eCommerceDays Toulouse - Sylius 2.0.pdf2024 eCommerceDays Toulouse - Sylius 2.0.pdf
2024 eCommerceDays Toulouse - Sylius 2.0.pdf
Łukasz Chruściel
 
Mobile App Development Company In Noida | Drona Infotech
Mobile App Development Company In Noida | Drona InfotechMobile App Development Company In Noida | Drona Infotech
Mobile App Development Company In Noida | Drona Infotech
Drona Infotech
 

Recently uploaded (20)

UI5con 2024 - Boost Your Development Experience with UI5 Tooling Extensions
UI5con 2024 - Boost Your Development Experience with UI5 Tooling ExtensionsUI5con 2024 - Boost Your Development Experience with UI5 Tooling Extensions
UI5con 2024 - Boost Your Development Experience with UI5 Tooling Extensions
 
Energy consumption of Database Management - Florina Jonuzi
Energy consumption of Database Management - Florina JonuziEnergy consumption of Database Management - Florina Jonuzi
Energy consumption of Database Management - Florina Jonuzi
 
All you need to know about Spring Boot and GraalVM
All you need to know about Spring Boot and GraalVMAll you need to know about Spring Boot and GraalVM
All you need to know about Spring Boot and GraalVM
 
Malibou Pitch Deck For Its €3M Seed Round
Malibou Pitch Deck For Its €3M Seed RoundMalibou Pitch Deck For Its €3M Seed Round
Malibou Pitch Deck For Its €3M Seed Round
 
What next after learning python programming basics
What next after learning python programming basicsWhat next after learning python programming basics
What next after learning python programming basics
 
How to write a program in any programming language
How to write a program in any programming languageHow to write a program in any programming language
How to write a program in any programming language
 
Modelling Up - DDDEurope 2024 - Amsterdam
Modelling Up - DDDEurope 2024 - AmsterdamModelling Up - DDDEurope 2024 - Amsterdam
Modelling Up - DDDEurope 2024 - Amsterdam
 
在线购买加拿大英属哥伦比亚大学毕业证本科学位证书原版一模一样
在线购买加拿大英属哥伦比亚大学毕业证本科学位证书原版一模一样在线购买加拿大英属哥伦比亚大学毕业证本科学位证书原版一模一样
在线购买加拿大英属哥伦比亚大学毕业证本科学位证书原版一模一样
 
J-Spring 2024 - Going serverless with Quarkus, GraalVM native images and AWS ...
J-Spring 2024 - Going serverless with Quarkus, GraalVM native images and AWS ...J-Spring 2024 - Going serverless with Quarkus, GraalVM native images and AWS ...
J-Spring 2024 - Going serverless with Quarkus, GraalVM native images and AWS ...
 
一比一原版(USF毕业证)旧金山大学毕业证如何办理
一比一原版(USF毕业证)旧金山大学毕业证如何办理一比一原版(USF毕业证)旧金山大学毕业证如何办理
一比一原版(USF毕业证)旧金山大学毕业证如何办理
 
KuberTENes Birthday Bash Guadalajara - Introducción a Argo CD
KuberTENes Birthday Bash Guadalajara - Introducción a Argo CDKuberTENes Birthday Bash Guadalajara - Introducción a Argo CD
KuberTENes Birthday Bash Guadalajara - Introducción a Argo CD
 
GreenCode-A-VSCode-Plugin--Dario-Jurisic
GreenCode-A-VSCode-Plugin--Dario-JurisicGreenCode-A-VSCode-Plugin--Dario-Jurisic
GreenCode-A-VSCode-Plugin--Dario-Jurisic
 
SMS API Integration in Saudi Arabia| Best SMS API Service
SMS API Integration in Saudi Arabia| Best SMS API ServiceSMS API Integration in Saudi Arabia| Best SMS API Service
SMS API Integration in Saudi Arabia| Best SMS API Service
 
Microservice Teams - How the cloud changes the way we work
Microservice Teams - How the cloud changes the way we workMicroservice Teams - How the cloud changes the way we work
Microservice Teams - How the cloud changes the way we work
 
Using Xen Hypervisor for Functional Safety
Using Xen Hypervisor for Functional SafetyUsing Xen Hypervisor for Functional Safety
Using Xen Hypervisor for Functional Safety
 
Measures in SQL (SIGMOD 2024, Santiago, Chile)
Measures in SQL (SIGMOD 2024, Santiago, Chile)Measures in SQL (SIGMOD 2024, Santiago, Chile)
Measures in SQL (SIGMOD 2024, Santiago, Chile)
 
Artificia Intellicence and XPath Extension Functions
Artificia Intellicence and XPath Extension FunctionsArtificia Intellicence and XPath Extension Functions
Artificia Intellicence and XPath Extension Functions
 
Top Benefits of Using Salesforce Healthcare CRM for Patient Management.pdf
Top Benefits of Using Salesforce Healthcare CRM for Patient Management.pdfTop Benefits of Using Salesforce Healthcare CRM for Patient Management.pdf
Top Benefits of Using Salesforce Healthcare CRM for Patient Management.pdf
 
2024 eCommerceDays Toulouse - Sylius 2.0.pdf
2024 eCommerceDays Toulouse - Sylius 2.0.pdf2024 eCommerceDays Toulouse - Sylius 2.0.pdf
2024 eCommerceDays Toulouse - Sylius 2.0.pdf
 
Mobile App Development Company In Noida | Drona Infotech
Mobile App Development Company In Noida | Drona InfotechMobile App Development Company In Noida | Drona Infotech
Mobile App Development Company In Noida | Drona Infotech
 

What You Need to Know About Web App Security Testing in 2018