Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Defending web applications AISA Techday 2011 Perth

794 views

Published on

David Taylor and I gave an AISA Techday presentation in Perth, December 2011.

Published in: Technology, Education
  • Be the first to comment

  • Be the first to like this

Defending web applications AISA Techday 2011 Perth

  1. 1. Defending WebApplications
  2. 2. Who are we?
  3. 3. Overview
  4. 4. What is the OWASP Top 10?Injection Cross Site ScriptingBroken Authentication & Session Insecure Direct Object ReferenceManagementCross Site Request Forgery Security MisconfigurationInsecure Cryptographic Storage Failure to Restrict URL AccessInsufficient Transport Layer Unvalidated Redirects andProtection Forwards
  5. 5. Scene 1 – Attack of the Scanners
  6. 6. Defending Web Applications§  Implement Monitoring
  7. 7. Scene 2 - Plugin Attacks!
  8. 8. Defending Web Applications§ Implement Monitoring§ Patching§ Penetration Testing
  9. 9. 16
  10. 10. Scene 3Watch out for Admin Interfaces!
  11. 11. Defending Web Applications§ Implement Monitoring§ Patching§ Penetration Testing§ Strong Authentication § For example 2FA§ Protect Admin Interfaces § Limit access § SSL/TLS§ Avoid Password Reuse
  12. 12. Denial of Service vs CloudFlare
  13. 13. Summary§ Implement Monitoring§ Patching§ Penetration Testing§ Strong Authentication § For example 2FA§ Protect Admin Interfaces § Limit access § SSL/TLS§ Avoid Password Reuse
  14. 14. References§  www.owasp.org§  www.portswigger.net (Burp)§  www.ossec.net§  www.sucuri.net§  www.cloudflare.com§  code.google.com/p/google-authenticator/

×