PPT-Web Application Security

Grant Murphy CISSP VP Enterprise Solutions Cenzic Barracuda Ponemon Research Study February 2011 The State of Web Application Security 2 Barracuda Networks Ponenon Research Key Findings. Each web connection provides a potential entry point for infection malicious in57375ltration and corporate risk McAfee SaaS Web Protection offers easy featurerich vital defenses against dynamic webbased malware attacks using extensive uptotheminute Adding the lock to the gate. Jairam Ramesh. Security Research Consultant . |. Microsoft Corporation. v-jairar@microsoft.com. Agenda. Internet Attacks. IIS 7 and comparison with its predecessors. Counteracting the various attacks!. Presented by Justin Samuel. For UW CSE 504, Spring ‘10. Instructor: Ben Livshits. Finding Security Vulnerabilities in Java Applications with Static Analysis. V. Benjamin Livshits and Monica S. Lam. Part 1. Authors: Marco . Cova. , . et al.. Presented by: Brett Parker and Tyler Maclean. Outline. Intro, Background, Trends. Technologies. Attacks. Vulnerability Analysis. Why web applications?. Growth of web-based applications over the years. Chris Edwards. Quintin Cutts. Steve McIntosh. http://xkcd.com/327/. SQL Injection . Example:. Look up customer details, one at a time, via customer ID.. $. mysqli. = new . mysqli. ($host,$. dbuser. ,$. testin. g. tools . for web-based system. CS577b Individual Research. Shi-. Xuan. . Zeng. 04/23/2012. 1. Outline. Introduce security testing. Web . application/system . security testing. Web application/system security risks. BUILDING APPSEC ALL ALONG . THE WEB APPLICATION LIFECYCLE. Mikael Le Gall. Security Sales Engineer EMEA, Rapid7. Application Security Testing, Application Development, Vulnerability Management, Incident Detection & Response. WEBP security. 1. What do we mean by secure?. 100% security. Trading off security versus convenience. Particular vulnerabilities of the Internet. The "wild west". WEBP security. 2. Vulnerability of web systems. R2. Rick Claus. Microsoft Sr. Technical Evangelist. Corey Hynes. Lead Technical Architect, . holSystems. Jump Start Target Agenda. Web Application & Platform with Windows Server 2012 R2. DOWNLOAD Windows Server 2012 R2 Preview. Introduction. Dave Comeaux, Web Services Librarian at Tulane University. Co-Authored a 2006 research paper studying web site accessibility. Finishing up a follow-up study (research conducted in 2010). June 27, 2014. 1. Pillars of Mobile Operating System (OS) Security. Traditional Access Control. Seek to protect devices using techniques such as passwords and idle-time screen locking.. Encryption. conceal data on the device to address device loss or theft.. A Brief History. Steven Richards. IBM. “The three golden rules to ensure computer security are: . do not own a computer; do not power it on; and do not use it.”. Hacker fun….. “What’s my computer saying to me?”. JSON Web Signature (JWS). JSON Web Encryption (JWE). JSON Web Key (JWK). Mike Jones. Standards . Architect – . Microsoft. IETF 82 – November 14, 2011. Motivation. Clear need for industry-standard JSON-based:. 1. AJ Dexter . Sr. Security Consultant. A little about me... Sr. Security Consultant at Cigital. Former Lead Mobile Security Architect @ US Bank.. Mobile Platform & Application SME. Mobile Development Liaison for Security.