defensive programming
play

DEFENSIVE PROGRAMMING Niall Merrigan Capgemini Norway When all you - PowerPoint PPT Presentation

Aug 26, 2023 •443 likes •976 views

DEFENSIVE PROGRAMMING Niall Merrigan Capgemini Norway When all you have is a mallet, everything looks like Justin Bieber If this text is too big you are sitting too close ASP.NET Resources OWASP Top 10 by Troy Hunt -

  1. DEFENSIVE PROGRAMMING Niall Merrigan Capgemini Norway

  12. When all you have is a mallet, everything looks like Justin Bieber

  13. If this text is too big you are sitting too close

  47. ASP.NET Resources • OWASP Top 10 by Troy Hunt - http://www.troyhunt.com/2011/12/free-ebook-owasp-top-10-for- net.html • Basic Security Practices for Web Applications - http://msdn.microsoft.com/en-us/library/zdh19h94(v=vs.100).aspx • ASP.NET MVC Security - http://www.asp.net/mvc/overview/security • Combating ClickJacking With X-Frame-Options - http://blogs.msdn.com/b/ieinternals/archive/2010/03/30/combati ng-clickjacking-with-x-frame-options.aspx • AntiXSS Toolkit - http://wpl.codeplex.com/ • ASafaWeb - https://asafaweb.com/ • ASP.NET Security Wiki - http://wiki.asp.net/page.aspx/27/security/

  48. IIS Resources • Security Guidance for IIS - http://technet.microsoft.com/en-us/library/dd450371.aspx • IIS Lockdown tool - http://technet.microsoft.com/en- us/library/dd450372(v=ws.10).aspx • URLScan – http://www.iis.net/learn/extensions/working- with-urlscan • IIS Configuring security - http://learn.iis.net/page.aspx/88/configuring-security/ • IIS Security Tools - http://www.iis.net/community/Security • Penetration Testing Tools list - http://projects.webappsec.org/w/page/13246988/Web%2 0Application%20Security%20Scanner%20List

  49. Image Credits 1. Security Fail - http://1121fail.blogspot.no/2010/01/fail.html 2. Fail - http://www.japemonster.com/funny-fails-new-selection-47-pics 3. Password - http://klaatu.anastrophe.com/index.php/2007/01/12/passwords-on-post-its-you-bet/ 4. Security Fail #2 - http://www.japemonster.com/funny-fails-new-selection-47-pics 5. Highscore - Gal - http://www.flickr.com/photos/83476873@N00/4116381 6. Twitter - http://joshhealey.org/wp-content/uploads/2012/08/Twitter-funny-cartoon-birds-image.jpg 7. Tank - http://cheezburger.com/3545425664 8. Norwegian Road Patrol - http://cheezburger.com/3833542912 9. G is for Goggles - Don -http://www.flickr.com/photos/60648084@N00/2349550374 10. Family - http://www.awkwardfamilyphotos.com 11. Hacker - http://trynerdy.com/wp-content/uploads/2012/04/hacker.jpg 12. Geek Ipad - http://sfnewtech.com/wp-content/uploads/ipad-geek.jpg 13. Door Slam - http://www.reactiongifs.com/tag/door-slam/ 14. [Taken in Paris (France) - 23Oct11] - philippe leroyer - http://www.flickr.com/photos/52499764@N00/6754312999 15. My favourite record - Mauricio Balvanera - http://www.flickr.com/photos/80039525@N00/491480800 16. Red 10 - darwin Bell- http://www.flickr.com/photos/53611153@N00/412631864 17. Illusion – http://www.cookdandbombd.co.uk/forums/index.php?topic=30742.120 18. Google It – Mez Love - http://www.flickr.com/photos/mezdeathhead/4533915662/ 19. The Nine - Daniel Kulinski- http://www.flickr.com/photos/7729940@N06/4000276979 20. What's your password - Michael Moore - http://www.flickr.com/photos/therealmichaelmoore/6055748207/ 21. Passwords are like underwear - http://thenextweb.com/shareables/2010/02/09/passwords-are-like-underwear/

  50. Image Credits 22. Password joke - http://www.freeduh.com/2011/10/05/i-asked-my-dad-where-the-children-came-from/sorry_about_the_idor/ 23. 8 Mosaic – LEOL30 - http://www.flickr.com/photos/lwr/101593950/ 24. Check – http://www.flickr.com/photos/yersinia/2982093881/ 25. Park 7 -Yersinia pestis - holeymoon - http://www.flickr.com/photos/81335564@N00/2004700172 26. Image, à la main, inconnu, ombre, 3456x2848 - http://xn--80aqafcrtq.cc/fr/?p=471951 27. Against the glass – http://www.fantom-xp.com/wp_23_~_Shadowgraph_desktop_backgrounds.html 28. 6 in six seconds – pshutterbug - http://www.flickr.com/photos/95565118@N00/922632392 29. IKEA YSOD - http://www.mikepope.com/blog/AddComment.aspx?blogid=1743 30. Yet Another Helpful Error - http://linkaider.com/category/hacks/ 31. 5 - svenwerk- http://www.flickr.com/photos/11864250@N00/369136782 32. This is Happening without your Permission - What What - http://www.flickr.com/photos/99136715@N00/32022937 33. Quatre - Kat... - http://www.flickr.com/photos/20195637@N00/2277229055 34. Me Burns - http://newarchivist.com/2009/10/01/three-things-i-didnt-learn/ 35. Three - Grant Hutchinson - http://www.flickr.com/photos/13522901@N00/59231687 36. the perfect drug - Dave Campbell - http://www.flickr.com/photos/19365001@N00/223731385 37. Cookie Monster - http://www.mobypicture.com/user/AmpleKing/view/6347653 38. Smiles and Rainbows - Pol Neiman - http://www.flickr.com/photos/37518559@N00/336380075 39. Cookie 2 – http://www.seriouseats.com/2007/07/photo-of-the-day-angry-cookie.html 40. A hit of the bubbly... – Adriane Dizon - http://www.flickr.com/photos/ev0luti0nary/7332541940/ 41. Gimp in a mask.!!! - DigiTaL~NomAd - http://www.flickr.com/photos/39865537@N03/4311168437 42. Bart Hiding behind a wall - http://www.wallpaperswala.com/bart-simpson/ 43. 1 - LEOL30 - http://www.flickr.com/photos/49968232@N00/305130907 44. Head in Hands - Alex Proimos - http://www.flickr.com/photos/34120957@N04/4199675334 45. I Know Who Dies! – Bart - http://www.flickr.com/photos/cayusa/891079569/

  51. Contact • Twitter: @nmerrigan • Blog: http://www.certsandprogs.com • Email – via blog Twitter Contact Details Resources

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Documentatio ion, , testin ing and debugg gging docstring defensive programming

Documentatio ion, , testin ing and debugg gging docstring defensive programming

Documentatio ion, , testin ing and debugg gging docstring defensive programming assert test driven developement assertions testing unittest debugger static type checking (mypy) Ensuring good quality code ?

448 views • 31 slides
11. Validation 1. Defensive Programming 1. Contracts 2. Reviews Prof. Dr. U. Amann 2. Tests

11. Validation 1. Defensive Programming 1. Contracts 2. Reviews Prof. Dr. U. Amann 2. Tests

Fakultt Informatik, Institut fr Software- und Multimediatechnik, Lehrstuhl fr Softwaretechnologie 11. Validation 1. Defensive Programming 1. Contracts 2. Reviews Prof. Dr. U. Amann 2. Tests Technische Universitt Dresden 1. Test

998 views • 73 slides
Handling errors 2.1 Main concepts to be covered Defensive programming. Anticipating that

Handling errors 2.1 Main concepts to be covered Defensive programming. Anticipating that

Objects First With Java A Practical Introduction Using BlueJ Handling errors 2.1 Main concepts to be covered Defensive programming. Anticipating that things could go wrong. Exception handling and throwing. Error reporting.

768 views • 49 slides
Better Prevent Than Cure - Defensive Programming Credits: Fresh Sources Inc. Instructor:

Better Prevent Than Cure - Defensive Programming Credits: Fresh Sources Inc. Instructor:

Better Prevent Than Cure - Defensive Programming Credits: Fresh Sources Inc. Instructor: Peter Baumann email: p.baumann@jacobs-university.de tel: -3178 office: room 88, Research 1 Cannot find REALITY.SYS. Universe halted. 320312

611 views • 27 slides
Exceptions Defensive programming Anticipating that something could go wrong Handling

Exceptions Defensive programming Anticipating that something could go wrong Handling

Exceptions Defensive programming Anticipating that something could go wrong Handling errors Exception handling and throwing Example: File processing Exception handling and throwing Java: try-catch-finally, throw, throws

420 views • 7 slides
KBC Investment Strategy Presentation Defensive July 2020 Investment strategy Defensive

KBC Investment Strategy Presentation Defensive July 2020 Investment strategy Defensive

KBC Investment Strategy Presentation Defensive July 2020 Investment strategy Defensive Investment climate Key rate trends and outlook The European and US economies are restarting relatively quickly. 3,0 3,0 High-frequency indicators

388 views • 11 slides
KBC Investment Strategy Presentation Defensive June 2020 Investment strategy Defensive

KBC Investment Strategy Presentation Defensive June 2020 Investment strategy Defensive

KBC Investment Strategy Presentation Defensive June 2020 Investment strategy Defensive Investment climate Substantial economic contraction, uncertain outlook Key rate trends and outlook 3,0 3,0 Initial estimates suggest that the euro

457 views • 11 slides
Outline CSci 5271 Bernsteins perspective Introduction to Computer Security Day 8: Defensive

Outline CSci 5271 Bernsteins perspective Introduction to Computer Security Day 8: Defensive

Outline CSci 5271 Bernsteins perspective Introduction to Computer Security Day 8: Defensive programming and design, Announcements intermission part 2 Stephen McCamant Techniques for privilege separation University of Minnesota, Computer

577 views • 5 slides
Buffer Overflow Vulnerabilities Exploits and Defensive Techniques Adam Butcher and Peter

Buffer Overflow Vulnerabilities Exploits and Defensive Techniques Adam Butcher and Peter

Buffer Overflow Vulnerabilities Exploits and Defensive Techniques Adam Butcher and Peter Buchlovsky 8. March 2004 University of Birmingham 1 Contents 1. Call-stacks, shellcode, gets 2. Exploits stack-based, heap-based 3. Defensive

1.56k views • 123 slides
Outline Return-oriented programming (ROP) Control-flow integrity (CFI) CSci 5271 More modern

Outline Return-oriented programming (ROP) Control-flow integrity (CFI) CSci 5271 More modern

Outline Return-oriented programming (ROP) Control-flow integrity (CFI) CSci 5271 More modern exploit techniques Introduction to Computer Security Announcements intermission Day 7: Defensive programming and design, part 1 Saltzer &

579 views • 15 slides
Sentinel Defensive Fund Fund Manager Quarterly Review November 2008 For professional adviser

Sentinel Defensive Fund Fund Manager Quarterly Review November 2008 For professional adviser

Sentinel Defensive Fund Fund Manager Quarterly Review November 2008 For professional adviser use only To watch over and guard Headlines Sentinel Defensive Fund Tough start for the Fund Sentinel Perfect storm Falling

202 views • 17 slides
A Simple Theory of Defensive Patenting Jing-Yuan Chiou March 2005 Working Paper Patent System

A Simple Theory of Defensive Patenting Jing-Yuan Chiou March 2005 Working Paper Patent System

A Simple Theory of Defensive Patenting Jing-Yuan Chiou March 2005 Working Paper Patent System as an incentive scheme Rewards are indirect, and are realized only under credible threat of enforcement The role of Defensive Patents: threat of

255 views • 8 slides
Defensive Coding Techniques (Pt. 1) Engineering Secure Software Last Revised: September 21, 2020

Defensive Coding Techniques (Pt. 1) Engineering Secure Software Last Revised: September 21, 2020

Defensive Coding Techniques (Pt. 1) Engineering Secure Software Last Revised: September 21, 2020 SWEN-331: Engineering Secure Software Benjamin S Meyers 1 Defensive Coding vs. Risk Analysis Risk Analysis All about domain, assets,

561 views • 24 slides
Intellectual Commons as a defensive response to the enclosure of knowledge. A critical view.

Intellectual Commons as a defensive response to the enclosure of knowledge. A critical view.

Intellectual Commons as a defensive response to the enclosure of knowledge. A critical view. Mikel Dez Sarasola Third International Conference on Cultural Political Economy 7-8 September 2017, Lancaster University, UK Emergence of multiple

309 views • 9 slides
Building an IPS solution for inline usage during Red Teaming Repurposing defensive technologies

Building an IPS solution for inline usage during Red Teaming Repurposing defensive technologies

Building an IPS solution for inline usage during Red Teaming Repurposing defensive technologies for offensive Red Team operations K. Mladenov A. Zismer { kmladenov,azismer } @os3.nl Master Students in System and Network Engineering University

692 views • 57 slides
Agenda Thinking about the concept Introduction Types of defensive technology

Agenda Thinking about the concept Introduction Types of defensive technology

Agenda Thinking about the concept Introduction Types of defensive technology Raising the bar Typical assessment methodology Attacks Examples Conclusion Thinking about the concept Were from South Africa:

833 views • 26 slides
Motivation in Bend It Like Beckham Beth Eby Overview of Model Amotivation: A Lack of

Motivation in Bend It Like Beckham Beth Eby Overview of Model Amotivation: A Lack of

Vallerands Continuum of Intrinsic and Extrinsic Motivation in Bend It Like Beckham Beth Eby Overview of Model Amotivation: A Lack of purpose and intentionality in ones action, or relative absence of motivation When feeling

359 views • 11 slides
Product Types Dr. Mattox Beckman University of Illinois at Urbana-Champaign Department of

Product Types Dr. Mattox Beckman University of Illinois at Urbana-Champaign Department of

Introduction Tuples Records Details Product Types Dr. Mattox Beckman University of Illinois at Urbana-Champaign Department of Computer Science Introduction Tuples Records Details Algebraic Data Types We want to be able to build new

392 views • 10 slides
Link Prediction Based on Graph Neural Networks Muhan Zhang and Yixin Chen, NeurIPS 2018 Link

Link Prediction Based on Graph Neural Networks Muhan Zhang and Yixin Chen, NeurIPS 2018 Link

Link Prediction Based on Graph Neural Networks Muhan Zhang and Yixin Chen, NeurIPS 2018 Link Prediction (LP) Problem Given an incomplete network, predict whether two nodes are likely to have a link. Applications: Friend recommendation in

987 views • 11 slides
Iron Triangle Express Saturday, May 21, 2016 Div. 7 Members + Spouse/Guest Dont Miss Out -

Iron Triangle Express Saturday, May 21, 2016 Div. 7 Members + Spouse/Guest Dont Miss Out -

Cincinnati Div. 7 NMRA Spring Bus Trip Iron Triangle Express Saturday, May 21, 2016 Div. 7 Members + Spouse/Guest Dont Miss Out - Sign Up Today ! Deluxe Motor Coach Tour Fostorias Iron Triangle Rail Park! 6 Tracks with over 100 trains

294 views • 4 slides
www.privitar.com Engineering Privacy London, UK WHY ARE ORGANISATIONS SLOW TO ADOPT PETS?

www.privitar.com Engineering Privacy London, UK WHY ARE ORGANISATIONS SLOW TO ADOPT PETS?

www.privitar.com Engineering Privacy London, UK WHY ARE ORGANISATIONS SLOW TO ADOPT PETS? Differential Privacy as a case study Theresa Stadler, SuRI at EPFL 2018 What are you talking about? Everybody wants data privacy as fast as

604 views • 38 slides
Section 2.7.7 Malik Ghallab, Dana Nau HTN Planning and Paolo Traverso

Section 2.7.7 Malik Ghallab, Dana Nau HTN Planning and Paolo Traverso

Last update: February 14, 2017 Automated Planning and Acting Section 2.7.7 Malik Ghallab, Dana Nau HTN Planning and Paolo Traverso http://www.laas.fr/planning Dana S. Nau University of Maryland Nau Lecture slides for Automated Planning

636 views • 19 slides
CSC2542 Domain-Customized Planning Sheila McIlraith Department of Computer Science University

CSC2542 Domain-Customized Planning Sheila McIlraith Department of Computer Science University

Caveat The placement of this material doesnt follow the conceptual flow of the rest of the material Ive presented, but this information may be useful to some of you for conception of your projects, so were taking a brief sojourn from

790 views • 24 slides
Hierarchical Task Network (HTN) Planning Jos Luis Ambite* [* Based in part on presentations by

Hierarchical Task Network (HTN) Planning Jos Luis Ambite* [* Based in part on presentations by

Hierarchical Task Network (HTN) Planning Jos Luis Ambite* [* Based in part on presentations by Dana Nau and Rao Kambhampati] 1 Hierarchical Decomposition 2 Task Reduction 3 Hierarchical Planning Brief History Originally developed about

545 views • 35 slides

More recommend