Introduction to Web Application Security Professor Larry Heimann Web - PowerPoint PPT Presentation

Jan 04, 2024 •1.19k likes •1.31k views

Introduction to Web Application Security Professor Larry Heimann Web Application Security Information Systems Course Business Course site: https://67327.cmuis.net Schedule Reading Assignments in-class labs -- laptops w/ 272

Introduction to Web Application Security Professor Larry Heimann Web Application Security Information Systems
Course Business • Course site: https://67327.cmuis.net • Schedule • Reading • Assignments • in-class labs -- laptops w/ 272 technology required • summary exercise -- no collaboration at all • final exam • O ffi ce Hours
The Bad News (2014) 78% of enterprises faced cyber attacks 69% of attacks on web applications Reportedly, most companies spent more on co ff ee in 2014 than they did on web application security.
Problems Reported to Apple (2016) 155 web app security problems reported to Apple in a 12 month period Breakdown of issues: • 83 cross-site scripting (XSS) • 12 information disclosure • 10 injection-related • 12 server configuration • 2 path traversals • 1 cross-site request forgery
Threat changes from 2013 to 2017
Triage method for dealing with software risks Likelihood of Risk Realized Low Moderate High Impact of Risk Realized C C B Minimal C B A Moderate B A A Catastrophic
Key Lessons 1. Web application security is hard 2. Securing web applications is a never-ending battle 3. Admit mistakes and quickly correct them 4. Some threats are worse than others 5. Simple threats can still be deadly
“You cannot defend against threats you cannot see.” -- Mr. H, chess coach “You cannot defend against threats you cannot see.” -- Prof. H, 67-327
Comic of the Day...

Download Presentation

Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Introduction to Web Application Security Professor Larry Heimann Web Application Security

Introduction to Web Application Security Professor Larry Heimann Web Application Security Information Systems Course Business Course site: http://67327.cmuis.net Schedule Reading Assignments in-class labs -- laptops w/ 272

981 views • 10 slides

OWASP Most Critical Web Application Security Vulnerabilities Introduction 2 Purpose of

OWASP Most Critical Web Application Security Vulnerabilities Introduction 2 Purpose of Session: - Provide Overview Web Application Security Threats and Defense Using the Open Web Application Security Project (OWASP) Top List, we

830 views • 39 slides

Application Security as a Service: Start Your Application Security Initiative in Less than a Day

Application Security as a Service: Start Your Application Security Initiative in Less than a Day David Harper Practice Principal Fortify on Demand #MicroFocusCyberSummit Agenda The Application Security Problem Security Gate Secure DevOps

37.39k views • 30 slides

Software In-Security Buffer overflows Overview Web Application security Malware OS

Lecture overview Table of contents: Introduction to SW security Software In-Security Buffer overflows Overview Web Application security Malware OS security topics Code scanning Emmanuel Benoist Taught by Ulrich

479 views • 13 slides

Web Application Security Attacks on the Web Attacker Web User Application Web Database Web

IN3210 Network Security Web Application Security Attacks on the Web Attacker Web User Application Web Database Web Server Application 2 The OWASP Foundation The Open Web Application Security Project (OWASP) is a 501(c)(3)

1.21k views • 60 slides

Web Application Security Payloads Andrs Riancho Director of Web Security BlackHat 2011 -

Web Application Security Payloads Andrs Riancho Director of Web Security BlackHat 2011 - Barcelona Topics Short w3af introduction Whats new in w3af Automating Web application exploitation The problem and how other tools are

553 views • 54 slides

Introduction to OWASP Mobile Application Security Verification Standard (MASVS) OWASP Geneva

Introduction to OWASP Mobile Application Security Verification Standard (MASVS) OWASP Geneva 12/12/2016 Jrmy MATOS whois securingapps Developer background Spent last 10 years working between Geneva and Lausanne on security products

867 views • 22 slides

Network Security Where we are in the Course Security crosses all layers Application

Network Security Where we are in the Course Security crosses all layers Application Transport Network Link Physical CSE 461 University of Washington 2 Security Threats Security is like performance Means many things

374 views • 13 slides

Network Security Where we are in the Course Security crosses all layers Application

932 views • 55 slides

Application Security Management (ASM) August 9, 2016 CC Kermen Agenda About Application

Application Security Management (ASM) August 9, 2016 CC Kermen Agenda About Application Security Management (ASM) Features and Benefits Performance Review Ordering Information About Application Security Management (ASM)

618 views • 7 slides

Application security Application security September 25, 2020 Administrative submittal

Application security Application security September 25, 2020 Administrative submittal instructions submittal instructions Administrative answer the lab assignments questions in written report form, as a text, pdf, or Word

566 views • 37 slides

Introduction to Network Security Security Chapter 7 Transport Layer Protocols Dr. Doug

Introduction to Network Security Security Chapter 7 Transport Layer Protocols Dr. Doug Jacobson - Introduction to 1 Network Security - 2009 Topics TCP Layer Responsible for reliable end-to-end transfer of application data.

632 views • 32 slides

Introduction to SQL Injection Professor Larry Heimann Web Application Security Information Systems

Introduction to SQL Injection Professor Larry Heimann Web Application Security Information Systems Lab 4 Review Fastest crackers Jake Correa Achal Channarasappa Swathi Anand Peter Podniesinski Chanamon Ratanalert Review

472 views • 22 slides

Web Security [Web Application Security] Spring 2020 Franziska (Franzi) Roesner

CSE 484 / CSE M 584: Computer Security and Privacy Web Security [Web Application Security] Spring 2020 Franziska (Franzi) Roesner franzi@cs.washington.edu Thanks to Dan Boneh, Dieter Gollmann, Dan Halperin, Yoshi Kohno, Ada Lerner, John

540 views • 29 slides

OWASP Top 10 OWASP Top Ten meets JSF Andreas Hartmann Application Security Komponente

Agenda Application Security OWASP Top 10 OWASP Top Ten meets JSF Andreas Hartmann Application Security Komponente Application Security Startup 04.04.2013 04.04.2013 2 OWASP Top 10 Agenda Application Security Was ist Application Security

234 views • 8 slides

The Intersection of Application and Security Architecture Through the lens of distributed

The Intersection of Application and Security Architecture Through the lens of distributed systems Walt Williams Who is this bloke? Author of Security for Service Oriented Architecture, CRC press 2014 Director of Information Security,

1.12k views • 55 slides

User authentication on the web Joseph Bonneau

User authentication on the web Joseph Bonneau Computer Laboratory Part II Security lecture 2012 J. Bonneau (U. of Cambridge) User authentication on the web February 22, 2012 1 / 41

1.72k views • 132 slides

Browser Security Part 2 Recap XSS 3 different types Common aim/theme Steal user

Browser Security Part 2 Recap XSS 3 different types Common aim/theme Steal user credentials (session ID, cookies, etc.) CSRF Cross-Site Request Forgery is an attack that forces an end user to execute unwanted actions on a

428 views • 23 slides

Reining in the Web with Content Security Policy Sid Stamm Brandon Sterne Gervase Markham

Reining in the Web with Content Security Policy Sid Stamm Brandon Sterne Gervase Markham Mozilla Mash-ups Anyone? But how do I stop malicious content? Content Injection DOM attacks and Defacement XSS All your page is belong to us!

605 views • 37 slides

About me Trevor Bryant Security minded DevOps nerd Knight of NIST Auditor,

About me Trevor Bryant Security minded DevOps nerd Knight of NIST Auditor, Analyst, Engineer, Architect Tech policy Instructor @DC_TOOOL Conference Organizer / Volunteer apporima.com @apporima api_security I

204 views • 17 slides

Search Snippet Evaluation Mikhail Lebedev, Pavel Braslavski, Denis Savenkov CLEF 2011 CLEF 2011

Search Snippet Evaluation Mikhail Lebedev, Pavel Braslavski, Denis Savenkov CLEF 2011 CLEF 2011 What is a snippet What is a snippet # Why is it so important Why is it so important Search is ranking & representation Bad snippets spoil good

359 views • 19 slides

Common Vulnerability Scoring System Engineering Secure Software Last Revised: November 13, 2020

Common Vulnerability Scoring System Engineering Secure Software Last Revised: November 13, 2020 SWEN-331: Engineering Secure Software Benjamin S Meyers 1 How Bad is Bad? Weve seen many vulnerabilities Many of them can do catastrophic

541 views • 35 slides

Build Better Products with HYPOTHESIS TRACKER KALPESH SHAH KSHAH@INTRAEDGE.COM Kalpesh Shah

Build Better Products with HYPOTHESIS TRACKER KALPESH SHAH KSHAH@INTRAEDGE.COM Kalpesh Shah Digital Product Coach, Speaker and Trainer Director of Agile/Digital Transformation at IntraEdge. Working with clients ranging from Fortune 50

275 views • 24 slides

Recent Progresses in Visual Segmentation Yunchao Wei ReLER, Australian Artificial Intelligence

VALSE Web Webinar nar Recent Progresses in Visual Segmentation Yunchao Wei ReLER, Australian Artificial Intelligence Institute University of Technology Sydney The importance of visual segmentation Medical Agriculture Autonomous Vehicle

867 views • 69 slides