introduction to web application security
play

Introduction to Web Application Security Professor Larry Heimann Web - PowerPoint PPT Presentation

Oct 23, 2023 •860 likes •981 views

Introduction to Web Application Security Professor Larry Heimann Web Application Security Information Systems Course Business Course site: http://67327.cmuis.net Schedule Reading Assignments in-class labs -- laptops w/ 272

  1. Introduction to Web Application Security Professor Larry Heimann Web Application Security Information Systems

  2. Course Business • Course site: http://67327.cmuis.net • Schedule • Reading • Assignments • in-class labs -- laptops w/ 272 technology required • summary exercise -- no collaboration at all • final exam • O ffi ce Hours

  3. The Bad News (2014) 78% of enterprises faced cyber attacks 69% of attacks on web applications Sadly, most companies spend more on co ff ee than they do on web application security.

  5. Problems Reported to Apple 155 web app security problems reported to Apple in past 12 months Breakdown of issues: • 83 cross-site scripting (XSS) • 12 information disclosure • 10 injection-related • 12 server configuration • 2 path traversals • 1 cross-site request forgery

  6. OWASP Top Ten Threats 2013 A1: Injection A2: Broken Authentication and Session Management A3: Cross-Site Scripting (XSS) A4: Insecure Direct Object References A5: Security Misconfiguration A6: Sensitive Data Exposure A7: Missing Function Level Access Control A8: Cross-Site Request Forgery (CSRF) A9: Using Components with Known Vulnerabilities A10: Unvalidated Redirects and Forwards

  7. Key Lessons 1. Web application security is hard 2. Securing web applications is a never-ending battle 3. Admit mistakes and quickly correct them 4. Some threats are worse than others 5. Simple threats can still be deadly

  8. “You cannot defend against threats you cannot see.” -- Mr. H, chess coach “You cannot defend against threats you cannot see.” -- Prof. H, 67-327

  9. Comic of the Day...

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Introduction to Web Application Security Professor Larry Heimann Web Application Security

Introduction to Web Application Security Professor Larry Heimann Web Application Security

Introduction to Web Application Security Professor Larry Heimann Web Application Security Information Systems Course Business Course site: https://67327.cmuis.net Schedule Reading Assignments in-class labs -- laptops w/ 272

1.31k views • 11 slides
OWASP Most Critical Web Application Security Vulnerabilities Introduction 2 Purpose of

OWASP Most Critical Web Application Security Vulnerabilities Introduction 2 Purpose of

OWASP Most Critical Web Application Security Vulnerabilities Introduction 2 Purpose of Session: - Provide Overview Web Application Security Threats and Defense Using the Open Web Application Security Project (OWASP) Top List, we

830 views • 39 slides
Application Security as a Service: Start Your Application Security Initiative in Less than a Day

Application Security as a Service: Start Your Application Security Initiative in Less than a Day

Application Security as a Service: Start Your Application Security Initiative in Less than a Day David Harper Practice Principal Fortify on Demand #MicroFocusCyberSummit Agenda The Application Security Problem Security Gate Secure DevOps

37.39k views • 30 slides
Software In-Security Buffer overflows Overview Web Application security Malware OS

Software In-Security Buffer overflows Overview Web Application security Malware OS

Lecture overview Table of contents: Introduction to SW security Software In-Security Buffer overflows Overview Web Application security Malware OS security topics Code scanning Emmanuel Benoist Taught by Ulrich

479 views • 13 slides
Web Application Security Attacks on the Web Attacker Web User Application Web Database Web

Web Application Security Attacks on the Web Attacker Web User Application Web Database Web

IN3210 Network Security Web Application Security Attacks on the Web Attacker Web User Application Web Database Web Server Application 2 The OWASP Foundation The Open Web Application Security Project (OWASP) is a 501(c)(3)

1.21k views • 60 slides
Web Application Security Payloads Andrs Riancho Director of Web Security BlackHat 2011 -

Web Application Security Payloads Andrs Riancho Director of Web Security BlackHat 2011 -

Web Application Security Payloads Andrs Riancho Director of Web Security BlackHat 2011 - Barcelona Topics Short w3af introduction Whats new in w3af Automating Web application exploitation The problem and how other tools are

553 views • 54 slides
Introduction to OWASP Mobile Application Security Verification Standard (MASVS) OWASP Geneva

Introduction to OWASP Mobile Application Security Verification Standard (MASVS) OWASP Geneva

Introduction to OWASP Mobile Application Security Verification Standard (MASVS) OWASP Geneva 12/12/2016 Jrmy MATOS whois securingapps Developer background Spent last 10 years working between Geneva and Lausanne on security products

867 views • 22 slides
Network Security Where we are in the Course Security crosses all layers Application

Network Security Where we are in the Course Security crosses all layers Application

Network Security Where we are in the Course Security crosses all layers Application Transport Network Link Physical CSE 461 University of Washington 2 Security Threats Security is like performance Means many things

374 views • 13 slides
Network Security Where we are in the Course Security crosses all layers Application

Network Security Where we are in the Course Security crosses all layers Application

Network Security Where we are in the Course Security crosses all layers Application Transport Network Link Physical CSE 461 University of Washington 2 Security Threats Security is like performance Means many things

932 views • 55 slides
Application Security Management (ASM) August 9, 2016 CC Kermen Agenda About Application

Application Security Management (ASM) August 9, 2016 CC Kermen Agenda About Application

Application Security Management (ASM) August 9, 2016 CC Kermen Agenda About Application Security Management (ASM) Features and Benefits Performance Review Ordering Information About Application Security Management (ASM)

618 views • 7 slides
Application security Application security September 25, 2020 Administrative submittal

Application security Application security September 25, 2020 Administrative submittal

Application security Application security September 25, 2020 Administrative submittal instructions submittal instructions Administrative answer the lab assignments questions in written report form, as a text, pdf, or Word

566 views • 37 slides
Introduction to Network Security Security Chapter 7 Transport Layer Protocols Dr. Doug

Introduction to Network Security Security Chapter 7 Transport Layer Protocols Dr. Doug

Introduction to Network Security Security Chapter 7 Transport Layer Protocols Dr. Doug Jacobson - Introduction to 1 Network Security - 2009 Topics TCP Layer Responsible for reliable end-to-end transfer of application data.

632 views • 32 slides
Introduction to SQL Injection Professor Larry Heimann Web Application Security Information Systems

Introduction to SQL Injection Professor Larry Heimann Web Application Security Information Systems

Introduction to SQL Injection Professor Larry Heimann Web Application Security Information Systems Lab 4 Review Fastest crackers Jake Correa Achal Channarasappa Swathi Anand Peter Podniesinski Chanamon Ratanalert Review

472 views • 22 slides
Web Security [Web Application Security] Spring 2020 Franziska (Franzi) Roesner

Web Security [Web Application Security] Spring 2020 Franziska (Franzi) Roesner

CSE 484 / CSE M 584: Computer Security and Privacy Web Security [Web Application Security] Spring 2020 Franziska (Franzi) Roesner franzi@cs.washington.edu Thanks to Dan Boneh, Dieter Gollmann, Dan Halperin, Yoshi Kohno, Ada Lerner, John

540 views • 29 slides
OWASP Top 10 OWASP Top Ten meets JSF Andreas Hartmann Application Security Komponente

OWASP Top 10 OWASP Top Ten meets JSF Andreas Hartmann Application Security Komponente

Agenda Application Security OWASP Top 10 OWASP Top Ten meets JSF Andreas Hartmann Application Security Komponente Application Security Startup 04.04.2013 04.04.2013 2 OWASP Top 10 Agenda Application Security Was ist Application Security

234 views • 8 slides
The Intersection of Application and Security Architecture Through the lens of distributed

The Intersection of Application and Security Architecture Through the lens of distributed

The Intersection of Application and Security Architecture Through the lens of distributed systems Walt Williams Who is this bloke? Author of Security for Service Oriented Architecture, CRC press 2014 Director of Information Security,

1.12k views • 55 slides
Web Application Fault Classification An Exploratory Study Yuepu Guo, Sreedevi Sampath

Web Application Fault Classification An Exploratory Study Yuepu Guo, Sreedevi Sampath

Web Application Fault Classification An Exploratory Study Yuepu Guo, Sreedevi Sampath University of Maryland Baltimore County presentation by Daniel Kellenberger 01.06.2010 Why Do We Need (Another) Fault Classification? Fault-based

647 views • 16 slides
Crawling-based Web Application Testing Jun-Wei Lin (UC-Irvine) Farn Wang (National Taiwan

Crawling-based Web Application Testing Jun-Wei Lin (UC-Irvine) Farn Wang (National Taiwan

Using Semantic Similarity in Crawling-based Web Application Testing Jun-Wei Lin (UC-Irvine) Farn Wang (National Taiwan Univ.) Paul Chu (QNAP, Inc) Crawling-based Web App Testing the web app under test as a black-box interacting with

826 views • 24 slides
Welcome to the course! Building Web Applications in R with Shiny Building Web Applications in R

Welcome to the course! Building Web Applications in R with Shiny Building Web Applications in R

BUILDING WEB APPLICATIONS IN R WITH SHINY Welcome to the course! Building Web Applications in R with Shiny Building Web Applications in R with Shiny Background You are familiar with R as a programming language. You are familiar with

705 views • 43 slides
EVE: verifying correct execution of cloud-hosted web applications Suman Jana Vitaly Shmatikov

EVE: verifying correct execution of cloud-hosted web applications Suman Jana Vitaly Shmatikov

EVE: verifying correct execution of cloud-hosted web applications Suman Jana Vitaly Shmatikov The University of Texas at Austin Running interactive web-apps in the cloud Running interactive web-apps in the cloud Running interactive web-apps

442 views • 31 slides
CSE 127: Introduction to Security Lecture 13: Network Attacks Deian Stefan UCSD Fall 2020

CSE 127: Introduction to Security Lecture 13: Network Attacks Deian Stefan UCSD Fall 2020

CSE 127: Introduction to Security Lecture 13: Network Attacks Deian Stefan UCSD Fall 2020 Material from Nadia Heninger, Stefan Savage, David Wagner, and Nick Weaver Threat modeling for network attacks Basic security goals:

1.11k views • 39 slides
Favorite Free (or cheap) Fundraising Tools @fundraiserchad Thanks for attending! Well get

Favorite Free (or cheap) Fundraising Tools @fundraiserchad Thanks for attending! Well get

Favorite Free (or cheap) Fundraising Tools @fundraiserchad Thanks for attending! Well get started in approximately 10 minutes. @fundraiserchad Favorite Free (or cheap) Fundraising Tools @fundraiserchad Thanks for attending! Well get

1.05k views • 80 slides
Leaning based regional magnification of digital displays Sohair Altwal , Remon Vogel Interaction

Leaning based regional magnification of digital displays Sohair Altwal , Remon Vogel Interaction

Leaning based regional magnification of digital displays Sohair Altwal , Remon Vogel Interaction Engineering - WS 19/20 Augsburg University of Applied Sciences Prof. Dr. Michael Kipp 1. Motivation Zooming with mouse a habit, but maybe

306 views • 12 slides
5 th TF-NOC Meeting Dubrovnik Flash presentation ACOnet Harald Michl - harald.michl@univie.ac.at

5 th TF-NOC Meeting Dubrovnik Flash presentation ACOnet Harald Michl - harald.michl@univie.ac.at

5 th TF-NOC Meeting Dubrovnik Flash presentation ACOnet Harald Michl - harald.michl@univie.ac.at 1 NOC responsibilities ACOnet www.aco.net Austrian Academic Computer Network VIX www.vix.at Vienna Internet eXchange 5 th

299 views • 10 slides

More recommend