Web Application SECURITY - PowerPoint PPT Presentation

About This Presentation
Title:

Web Application SECURITY

Description:

... http://www.imperva.com/application_defense_center/papers/how_safe_is_it.html [2] Jeremiah Grossman, Website Vulnerabilities Revealed: What everyone knew, ... – PowerPoint PPT presentation

Number of Views:59
Avg rating:3.0/5.0
Slides: 12
Provided by: soroushSe
Category:

less

Transcript and Presenter's Notes

Title: Web Application SECURITY


1
Web Application SECURITY
  • Importance of

in 5 minutes
Soroush Dalili 9 Dec. 2008 Computer Security MSc.
of Birmingham University
2
  • Which part of network should be more secure than
    the others?
  • By the risk assessment?

3
Security
  • is like a chain
  • is only as strong as the weakest link.

RAS Server
4
Some interesting facts
  • 95 of websites are vulnerable 1
  • Average of 7 vulnerabilities per website 2
  • No one wants to use a web application if there is
    a possibility of information compromise to
    unauthorized people
  • On average, more than 10 security vulnerabilities
    in web applications are published everyday.

5
Gartner Rule
Security
Spending
of Attacks
of Dollars
Only
10
Web Applications
75
90
Network Servers
25
6
Key Problem Factors 4
  • Immature Security Awareness
  • In-House Development
  • Deceptive Simplicity
  • Rapidly Evolving Threat Profile
  • Resource and Time Constraints

7
Solution
  • SSL, Firewall, or any specific tools? NO!
  • Secure Design
  • Secure Programming
  • Periodic Penetration Tests
  • Source Code Audit

8
The best free web applications security reference
  • WWW.OWASP.ORG
  • The Open Web Application Security Project
  • Focused on improving the security of application
    software.
  • More than 100 categorized vulnerabilities in the
    web applications!

9
Yesterdays News about web application security
(8-12-2008) 5
  • SquirrelMail Insecure Cookie Disclosure
    Weakness
  • IBM Rational ClearQuest Web Multiple
    Unspecified Cross Site Scripting Vulnerabilities
  • Apple iPhone Configuration Web Utility for
    Windows Directory Traversal Vulnerability
  • TikiWiki Multiple Unspecified Vulnerabilities
  • Secure Downloads for vBulletin 'fileinfo.php'
    SQL Injection Vulnerability
  • XOOPS Local File Include and HTML Injection
    Vulnerabilities

10
Thank you very much
  • Questions?

11
References
  • 1 Studies from numerous penetration tests by
    Imperva, http//www.imperva.com/application_defens
    e_center/papers/how_safe_is_it.html
  • 2 Jeremiah Grossman, Website Vulnerabilities
    Revealed What everyone knew, but afraid to
    believe, WhiteHat Security 2008
  • 3 Gartner, Nov 2005, http//gartner.com
  • 4 Stuttard Dafydd, Pinto Marcus, "The Web
    Application Hacker's Handbook Discovering and
    Exploiting Security Flaws", Wiley Publishing
    Inc., 2008
  • 5 Http//www.securityfocus.com
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Web Application SECURITY" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!