software security presentation
play

Software Security Presentation Dr. E. Benoist Spring Semester 2011 - PowerPoint PPT Presentation

Jul 03, 2023 •266 likes •368 views

Berner Fachhochschule - Technik und Informatik Software Security Presentation Dr. E. Benoist Spring Semester 2011 Software Security Presentation 1 Presentation Emmanuel Benoist email: emmanuel.benoist(at)bfh.ch PhD at the

  1. Berner Fachhochschule - Technik und Informatik Software Security Presentation Dr. E. Benoist Spring Semester 2011 Software Security Presentation 1

  2. Presentation ◮ Emmanuel Benoist • email: emmanuel.benoist(at)bfh.ch ◮ PhD at the University of Caen (France) ◮ Professor at the Berner Fachhochschule • Teach Computer Science in Biel since 1999 • Specialties: Algorithmic, Web Programming and Web Security ◮ Web Security and Privacy protection on the Web • Member of the Research Institute on Security in the Information Societey (RISIS) ◮ Web Security ◮ Privacy Protection on the Web ◮ e-Health • Member of the board : Certified Secure Web - CSW GmbH • Member of the OWASP (Open Web Application Security Platform) Swiss Chapter Software Security Presentation 2

  3. Course : Web and Software Security ◮ Goals of the course • The students know the most important dangers for Internet Web sites and their users. • The students have an overview of the measures to take for programming safe web sites. • They can tell which are the basic-principles of Web security. • They have applied these principles and can use them in real applications. • They know how buffer overflow work ◮ Part of the module 7263 • Web Security and Selected Security Topics ◮ Contact • Emmanuel.Benoist (at) bfh.ch : Web Security • Ulrich.Fiedler (at) bfh.ch : Buffer Overflow Software Security Presentation 3

  4. Control of Knowledge ◮ Pa Module • Only one Exam • No Homework, or experience Mark ◮ Examination • Durring the examination week • Details communicated later Software Security Presentation 4

  5. Schedule of the course 1 ◮ Software Security • Presentation of the problematic ◮ Web Security • Owasp Top 10 (overview of the main problems) • XSS - Cross Site Scripting, • CSRF - Cross Site Request Forgery • SQL Injection • Other Injection flows ◮ Buffer Overflow • Teached by Ulrich Fiedler 1 Details are given on http://www.benoist.ch/SoftSec/ Software Security Presentation 5

  6. Information about the Web Security course ◮ ◮ Web site of the course: http://www.benoist.ch/SoftSec/ • Slides • Examples • Exercises • Resources (bibliography and Internet) Software Security Presentation 6

  7. Bibliography ◮ OWASP Top 10 - 2010 http://www.owasp.org/index.php/Category: OWASP_Top_Ten_Project ◮ OWASP Developers Guide http://www.owasp.org/index.php/Category: OWASP_Guide_Project ◮ Web Security Testing Cookbook Paco Hope and Ben Walther , O’Reilly ◮ The Web Application Hacker’s Handbook Dafydd Stuttard and Marcus Pinto , Wiley ◮ How to Break Web Software Mike Andrews and James A. Whittaker , Addison Wesley Software Security Presentation 7

  8. Who are you? ◮ Proficiency in Web Programming? ◮ Proficiency in Security? ◮ German speaking / Frensh speaking ? Software Security Presentation 8

  9. Questions? ? Software Security Presentation 9

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

deel 2 sws1 1 Software and Web Security - 1 & 2 Software is the main source of security

deel 2 sws1 1 Software and Web Security - 1 & 2 Software is the main source of security

Software and Web Security deel 2 sws1 1 Software and Web Security - 1 & 2 Software is the main source of security vulnerabilities esp in systems accessible via a network part 1 security problems in machine code, compiled from C(++)

1.35k views • 67 slides
Software and Web Security deel 2 deel 2 sws1 Software and Web Security - 1 & 2 y Software

Software and Web Security deel 2 deel 2 sws1 Software and Web Security - 1 & 2 y Software

1 Software and Web Security deel 2 deel 2 sws1 Software and Web Security - 1 & 2 y Software is the main source of security vulnerabilities esp in systems accessible via a network i t ibl i t k part 1 part 1 security problems

672 views • 65 slides
Software Security By Hunter Stevenson Khalid Alharbi CSCI 5828 Foundations of Software

Software Security By Hunter Stevenson Khalid Alharbi CSCI 5828 Foundations of Software

Software Security By Hunter Stevenson Khalid Alharbi CSCI 5828 Foundations of Software Engineering Spring 2012 What is the talk NOT about? Cryptography. Database security. Operating Systems security. Network security.

1.37k views • 121 slides
Software Security: Defenses & Principles CS 161: Computer Security Prof. Vern Paxson TAs:

Software Security: Defenses & Principles CS 161: Computer Security Prof. Vern Paxson TAs:

Software Security: Defenses & Principles CS 161: Computer Security Prof. Vern Paxson TAs: Devdatta Akhawe, Mobin Javed & Matthias Vallentin http://inst.eecs.berkeley.edu/~cs161/ January 25, 2011 Testing for Software Security Issues

444 views • 42 slides
Engineering Secure Software The Basics of Software Security Terminology Vulnerabilities Trust

Engineering Secure Software The Basics of Software Security Terminology Vulnerabilities Trust

Engineering Secure Software The Basics of Software Security Terminology Vulnerabilities Trust Boundary Attacks Threats Application Attacker Exploit Vulnerability : a software defect with security consequences Threat : a potential danger to

1.54k views • 80 slides
Software In-Security Buffer overflows Overview Web Application security Malware OS

Software In-Security Buffer overflows Overview Web Application security Malware OS

Lecture overview Table of contents: Introduction to SW security Software In-Security Buffer overflows Overview Web Application security Malware OS security topics Code scanning Emmanuel Benoist Taught by Ulrich

479 views • 13 slides
CS-412 Software Security Introduction Mathias Payer EPFL, Spring 2019 Mathias Payer CS-412

CS-412 Software Security Introduction Mathias Payer EPFL, Spring 2019 Mathias Payer CS-412

CS-412 Software Security Introduction Mathias Payer EPFL, Spring 2019 Mathias Payer CS-412 Software Security Course outline Secure software lifecycle Security policies Attack vectors Defense strategies: mitigations and testing Case

681 views • 49 slides
CS412 Software Security Secure Software Lifecycle Mathias Payer EPFL, Spring 2019 Mathias Payer

CS412 Software Security Secure Software Lifecycle Mathias Payer EPFL, Spring 2019 Mathias Payer

CS412 Software Security Secure Software Lifecycle Mathias Payer EPFL, Spring 2019 Mathias Payer CS412 Software Security Software liveliness Software is not a one-shot effort Software development, production, and maintenance are cost/labor

449 views • 23 slides
CS412 Software Security Web Security Mathias Payer EPFL, Spring 2019 Mathias Payer CS412

CS412 Software Security Web Security Mathias Payer EPFL, Spring 2019 Mathias Payer CS412

CS412 Software Security Web Security Mathias Payer EPFL, Spring 2019 Mathias Payer CS412 Software Security Web (and internet) security: two views Just a long running network service Complex application with multiple layers and components.

577 views • 47 slides
Introduction Gang Tan Penn State University Spring 2019 CMPSC 447: Software Security Why a

Introduction Gang Tan Penn State University Spring 2019 CMPSC 447: Software Security Why a

Introduction Gang Tan Penn State University Spring 2019 CMPSC 447: Software Security Why a course on software security? Software plays a major role in the modern society But is a major source of security problems. Software is the

659 views • 30 slides
Secure Software Development TDDC90 Software Security Ulf Kargn Institutionen fr

Secure Software Development TDDC90 Software Security Ulf Kargn Institutionen fr

Secure Software Development TDDC90 Software Security Ulf Kargn Institutionen fr Datavetenskap (IDA) Avdelningen fr Databas- och Informationsteknik (ADIT) Original slides by Marcus Bendtsen Agenda Securing the software

1.91k views • 65 slides
Chapter 11 Software Security Secure programs Security implies some degree of trust that the

Chapter 11 Software Security Secure programs Security implies some degree of trust that the

Chapter 11 Software Security Secure programs Security implies some degree of trust that the program enforces expected C onfidentiality I ntegrity A vailability How can we look at software component and assess its

837 views • 49 slides
CS527 Software Security Secure Software Lifecycle Mathias Payer Purdue University, Spring 2018

CS527 Software Security Secure Software Lifecycle Mathias Payer Purdue University, Spring 2018

CS527 Software Security Secure Software Lifecycle Mathias Payer Purdue University, Spring 2018 Mathias Payer CS527 Software Security Software liveliness Software is not a one-shot effort Software development, production, and maintenance are

725 views • 23 slides
Web Security TDDC90 Software Security Ulf Kargn Institutionen fr Datavetenskap (IDA)

Web Security TDDC90 Software Security Ulf Kargn Institutionen fr Datavetenskap (IDA)

Web Security TDDC90 Software Security Ulf Kargn Institutionen fr Datavetenskap (IDA) Avdelningen fr Databas- och Informationsteknik (ADIT) Original slides by Marcus Bendtsen Some recent attacks 2 A game changer The Internet

1.17k views • 87 slides
Software Security Return to Libc and ROP Jan Nordholz Prof. Jean-Pierre Seifert Security in

Software Security Return to Libc and ROP Jan Nordholz Prof. Jean-Pierre Seifert Security in

Software Security Return to Libc and ROP Jan Nordholz Prof. Jean-Pierre Seifert Security in Telecommunications TU Berlin SoSe 2014 jan (sect) Software Security SoSe 2014 1 / 13 Recap: Overflow Bugs Ingredients: fixed-size buffer on the

429 views • 13 slides
CS527 Software Security Web Security Mathias Payer Purdue University, Spring 2018 Mathias Payer

CS527 Software Security Web Security Mathias Payer Purdue University, Spring 2018 Mathias Payer

CS527 Software Security Web Security Mathias Payer Purdue University, Spring 2018 Mathias Payer CS527 Software Security Daemons / Services / Servers A daemon is a long running service that serves outside requests. A web server, a mail

503 views • 31 slides
Fortify Integration & User Experience Fortify Partner Integration Integration with both

Fortify Integration & User Experience Fortify Partner Integration Integration with both

Fortify Integration & User Experience Fortify Partner Integration Integration with both Fortify on Demand and Software Security Center (v18.2). Get Training provides Fortify User with real-time interactive training in Secure

527 views • 31 slides
Embedding of External Content from Non-trusted Sources Alexandre Miguel Ferreira University of

Embedding of External Content from Non-trusted Sources Alexandre Miguel Ferreira University of

Embedding of External Content from Non-trusted Sources Alexandre Miguel Ferreira University of Amsterdam Research Project II July 5, 2012 Agenda Introduction Research Question Background How to embed content? Most

434 views • 17 slides
As global commodity super-cycle ends, Africans continue uprising against Africa Rising By

As global commodity super-cycle ends, Africans continue uprising against Africa Rising By

As global commodity super-cycle ends, Africans continue uprising against Africa Rising By Patrick Bond presented to Mapungubwe Institute for Strategic Reflection (Mistra) Great Recession Colloquium, University of South Africa, Pretoria,

344 views • 21 slides
FORWARD LOOKING STATEMENTS This presentation contains forward -looking statements, within the

FORWARD LOOKING STATEMENTS This presentation contains forward -looking statements, within the

V an S par RENTIAN PROJECT XIUSHUI VANADIUM REGION JIANGXI, CHINA LONG TERM, HIGH QUALITY VANADIUM PRODUCTION FOR THE FLOW BATTERY, STEEL AND CHEMICAL INDUSTRIES AUGUST 2018 VanSpar Mining Inc. a subsidiary of FORWARD

373 views • 24 slides
The Life of Breached Data & The Dark Side of Security. Jarrod Overson @jsoverson QCon SF

The Life of Breached Data & The Dark Side of Security. Jarrod Overson @jsoverson QCon SF

The Life of Breached Data & The Dark Side of Security. Jarrod Overson @jsoverson QCon SF 2016 It's more than just massive breaches from large companies, too. It's small continuous, streams of exploitable data 2.2 Billion Leaked

1.07k views • 82 slides
Domain System Threat Landscape Pablo Rodriguez Nic.pr Janelle McAlister - MarkMonitor

Domain System Threat Landscape Pablo Rodriguez Nic.pr Janelle McAlister - MarkMonitor

Domain System Threat Landscape Pablo Rodriguez Nic.pr Janelle McAlister - MarkMonitor Agenda n History n Nic.PR Case Study q Registrar Perspective q Registry Perspective n Future solutions History n Over the past few years

643 views • 26 slides
Project Plan Connected Appliances Analytics Dashboard The Capstone Experience Team Whirlpool

Project Plan Connected Appliances Analytics Dashboard The Capstone Experience Team Whirlpool

Project Plan Connected Appliances Analytics Dashboard The Capstone Experience Team Whirlpool Derrick Neier Jim Solce Zach Taylor Joe Tuohey Department of Computer Science and Engineering Michigan State University Fall 2012 From Students

447 views • 17 slides
Momchil Karov VanSecSIG Best Buy Canada Oct 12, 2018 1 PRESENTED BY: (A.K.A. THE

Momchil Karov VanSecSIG Best Buy Canada Oct 12, 2018 1 PRESENTED BY: (A.K.A. THE

HOW TO EMBED SECURITY INTO AGILE? Momchil Karov VanSecSIG Best Buy Canada Oct 12, 2018 1 PRESENTED BY: (A.K.A. THE WHO AM I SLIDE) Momchil Karov, MSc., CISSP Principal Security Architect Enterprise Risk and Compliance Best

777 views • 44 slides

More recommend