Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
Defending Web
Applications
Who are we?
Overview
What is the OWASP Top 10?
Injection                         Cross Site Scripting


Broken Authentication & Session
       ...
Scene 1 – Attack of the Scanners
Defending Web Applications

§  Implement Monitoring
Scene 2 - Plugin Attacks!
Defending Web Applications

§ Implement Monitoring
§ Patching
§ Penetration Testing
16
Scene 3
Watch out for Admin Interfaces!
Defending Web Applications
§ Implement Monitoring
§ Patching
§ Penetration Testing
§ Strong Authentication
  § For ex...
Denial of Service vs CloudFlare
Summary
§ Implement Monitoring
§ Patching
§ Penetration Testing
§ Strong Authentication
  § For example 2FA
§ Protec...
References
§  www.owasp.org
§  www.portswigger.net (Burp)
§  www.ossec.net
§  www.sucuri.net
§  www.cloudflare.com
§...
Defending web applications AISA Techday 2011 Perth
Defending web applications AISA Techday 2011 Perth
Defending web applications AISA Techday 2011 Perth
Defending web applications AISA Techday 2011 Perth
Defending web applications AISA Techday 2011 Perth
Defending web applications AISA Techday 2011 Perth
Defending web applications AISA Techday 2011 Perth
Defending web applications AISA Techday 2011 Perth
Defending web applications AISA Techday 2011 Perth
Defending web applications AISA Techday 2011 Perth
Defending web applications AISA Techday 2011 Perth
Upcoming SlideShare
Loading in …5
×

of

Defending web applications AISA Techday 2011 Perth Slide 1 Defending web applications AISA Techday 2011 Perth Slide 2 Defending web applications AISA Techday 2011 Perth Slide 3 Defending web applications AISA Techday 2011 Perth Slide 4 Defending web applications AISA Techday 2011 Perth Slide 5 Defending web applications AISA Techday 2011 Perth Slide 6 Defending web applications AISA Techday 2011 Perth Slide 7 Defending web applications AISA Techday 2011 Perth Slide 8 Defending web applications AISA Techday 2011 Perth Slide 9 Defending web applications AISA Techday 2011 Perth Slide 10 Defending web applications AISA Techday 2011 Perth Slide 11 Defending web applications AISA Techday 2011 Perth Slide 12 Defending web applications AISA Techday 2011 Perth Slide 13 Defending web applications AISA Techday 2011 Perth Slide 14 Defending web applications AISA Techday 2011 Perth Slide 15 Defending web applications AISA Techday 2011 Perth Slide 16 Defending web applications AISA Techday 2011 Perth Slide 17 Defending web applications AISA Techday 2011 Perth Slide 18 Defending web applications AISA Techday 2011 Perth Slide 19 Defending web applications AISA Techday 2011 Perth Slide 20 Defending web applications AISA Techday 2011 Perth Slide 21 Defending web applications AISA Techday 2011 Perth Slide 22 Defending web applications AISA Techday 2011 Perth Slide 23 Defending web applications AISA Techday 2011 Perth Slide 24 Defending web applications AISA Techday 2011 Perth Slide 25
Upcoming SlideShare
Shake Hooves With BeEF - OWASP AppSec APAC 2012
Next

0 Likes

Share

Defending web applications AISA Techday 2011 Perth

David Taylor and I gave an AISA Techday presentation in Perth, December 2011.

Related Books

Free with a 30 day trial from Scribd

See all

Related Audiobooks

Free with a 30 day trial from Scribd

See all
  • Be the first to like this

Defending web applications AISA Techday 2011 Perth

  1. 1. Defending Web Applications
  2. 2. Who are we?
  3. 3. Overview
  4. 4. What is the OWASP Top 10? Injection Cross Site Scripting Broken Authentication & Session Insecure Direct Object Reference Management Cross Site Request Forgery Security Misconfiguration Insecure Cryptographic Storage Failure to Restrict URL Access Insufficient Transport Layer Unvalidated Redirects and Protection Forwards
  5. 5. Scene 1 – Attack of the Scanners
  6. 6. Defending Web Applications §  Implement Monitoring
  7. 7. Scene 2 - Plugin Attacks!
  8. 8. Defending Web Applications § Implement Monitoring § Patching § Penetration Testing
  9. 9. 16
  10. 10. Scene 3 Watch out for Admin Interfaces!
  11. 11. Defending Web Applications § Implement Monitoring § Patching § Penetration Testing § Strong Authentication § For example 2FA § Protect Admin Interfaces § Limit access § SSL/TLS § Avoid Password Reuse
  12. 12. Denial of Service vs CloudFlare
  13. 13. Summary § Implement Monitoring § Patching § Penetration Testing § Strong Authentication § For example 2FA § Protect Admin Interfaces § Limit access § SSL/TLS § Avoid Password Reuse
  14. 14. References §  www.owasp.org §  www.portswigger.net (Burp) §  www.ossec.net §  www.sucuri.net §  www.cloudflare.com §  code.google.com/p/google-authenticator/

David Taylor and I gave an AISA Techday presentation in Perth, December 2011.

Views

Total views

947

On Slideshare

0

From embeds

0

Number of embeds

1

Actions

Downloads

0

Shares

0

Comments

0

Likes

0

×