Introduction to Web Application Security Professor Larry Heimann Web - - PowerPoint PPT Presentation

▶

Oct 23, 2023 860 likes •985 views

Introduction to Web Application Security Professor Larry Heimann Web Application Security Information Systems Course Business Course site: http://67327.cmuis.net Schedule Reading Assignments in-class labs -- laptops w/ 272

SLIDE 1

Introduction to Web Application Security

Professor Larry Heimann Web Application Security Information Systems

SLIDE 2

Course Business

Course site: http://67327.cmuis.net
Schedule
Reading
Assignments
in-class labs -- laptops w/ 272 technology required
summary exercise -- no collaboration at all
final exam
Office Hours

SLIDE 3

The Bad News (2014)

78% of enterprises faced cyber attacks 69% of attacks on web applications

Sadly, most companies spend more on coffee than they do on web application security.

SLIDE 4

SLIDE 5

Problems Reported to Apple

155 web app security problems reported to Apple in past 12 months

Breakdown of issues:

83 cross-site scripting (XSS)
12 information disclosure
10 injection-related
12 server configuration
2 path traversals
1 cross-site request forgery

SLIDE 6

OWASP Top Ten Threats 2013

A1: Injection A2: Broken Authentication and Session Management A3: Cross-Site Scripting (XSS) A4: Insecure Direct Object References A5: Security Misconfiguration A6: Sensitive Data Exposure A7: Missing Function Level Access Control A8: Cross-Site Request Forgery (CSRF) A9: Using Components with Known Vulnerabilities A10: Unvalidated Redirects and Forwards

SLIDE 7

Key Lessons

1. Web application security is hard
2. Securing web applications is a never-ending battle
3. Admit mistakes and quickly correct them
4. Some threats are worse than others
5. Simple threats can still be deadly

SLIDE 8

“You cannot defend against threats you cannot see.”

- Mr. H, chess coach

“You cannot defend against threats you cannot see.”

- Prof. H, 67-327

SLIDE 9

Comic of the Day...

SLIDE 10