The Media Project öffentlich
[search 0]
Mehr
Download the App!
show episodes
 
Loading …
show series
 
Web security is increasingly an opt-in approach, leaving developers with both the opportunity and the responsibility to protect their applications. This talk will explore why and how developers can secure their sites against evolving threats.We'll delve into the nuances of cross-site leaks (xs-leaks) and discuss the Cross-Origin Resource Policy (CO…
  continue reading
 
Web security is increasingly an opt-in approach, leaving developers with both the opportunity and the responsibility to protect their applications. This talk will explore why and how developers can secure their sites against evolving threats.We'll delve into the nuances of cross-site leaks (xs-leaks) and discuss the Cross-Origin Resource Policy (CO…
  continue reading
 
Web security is increasingly an opt-in approach, leaving developers with both the opportunity and the responsibility to protect their applications. This talk will explore why and how developers can secure their sites against evolving threats.We'll delve into the nuances of cross-site leaks (xs-leaks) and discuss the Cross-Origin Resource Policy (CO…
  continue reading
 
Browser extensions are powerful tools that enhance the web browsing experience, offering their users a wide range of functionalities. However, these features can also introduce security and privacy issues for their users, mainly through a technique known as extension fingerprinting — where malicious websites track users based on the extensions they…
  continue reading
 
Browser extensions are powerful tools that enhance the web browsing experience, offering their users a wide range of functionalities. However, these features can also introduce security and privacy issues for their users, mainly through a technique known as extension fingerprinting — where malicious websites track users based on the extensions they…
  continue reading
 
Browser extensions are powerful tools that enhance the web browsing experience, offering their users a wide range of functionalities. However, these features can also introduce security and privacy issues for their users, mainly through a technique known as extension fingerprinting — where malicious websites track users based on the extensions they…
  continue reading
 
Recent developments in web technologies have seen a paradigm shift from monolithic server-based applications to REST-based microservices with feature-rich browser-based frontends. This progression has brought with it novel classes of security flaws. In this talk we review how client-side variants of injection vulnerabilities such as cross-site scri…
  continue reading
 
Recent developments in web technologies have seen a paradigm shift from monolithic server-based applications to REST-based microservices with feature-rich browser-based frontends. This progression has brought with it novel classes of security flaws. In this talk we review how client-side variants of injection vulnerabilities such as cross-site scri…
  continue reading
 
Recent developments in web technologies have seen a paradigm shift from monolithic server-based applications to REST-based microservices with feature-rich browser-based frontends. This progression has brought with it novel classes of security flaws. In this talk we review how client-side variants of injection vulnerabilities such as cross-site scri…
  continue reading
 
Web apps use Server-Side Requests to request data from other servers, e.g., for link previews. However, they are exploited by attackers who might request internal resources or non-public services. This attack is called Server-Side Request Forgery (SSRF).The talk explains what SSRF is, how it can be used to exploit servers, and how to defend against…
  continue reading
 
Web apps use Server-Side Requests to request data from other servers, e.g., for link previews. However, they are exploited by attackers who might request internal resources or non-public services. This attack is called Server-Side Request Forgery (SSRF).The talk explains what SSRF is, how it can be used to exploit servers, and how to defend against…
  continue reading
 
Web apps use Server-Side Requests to request data from other servers, e.g., for link previews. However, they are exploited by attackers who might request internal resources or non-public services. This attack is called Server-Side Request Forgery (SSRF).The talk explains what SSRF is, how it can be used to exploit servers, and how to defend against…
  continue reading
 
The need for comprehensive measurements of security and privacy risks on the Web is undeniable as it helps developers in focusing on emerging trends in security. However, large-scale scans for server-side vulnerabilities remains a sensitive topic, due to their potential to harm servers, disrupt services, and incur financial losses. Even smaller, si…
  continue reading
 
The need for comprehensive measurements of security and privacy risks on the Web is undeniable as it helps developers in focusing on emerging trends in security. However, large-scale scans for server-side vulnerabilities remains a sensitive topic, due to their potential to harm servers, disrupt services, and incur financial losses. Even smaller, si…
  continue reading
 
The need for comprehensive measurements of security and privacy risks on the Web is undeniable as it helps developers in focusing on emerging trends in security. However, large-scale scans for server-side vulnerabilities remains a sensitive topic, due to their potential to harm servers, disrupt services, and incur financial losses. Even smaller, si…
  continue reading
 
As organizations increasingly rely on SAP systems to manage critical business processes, the security of these environments is an increasing challenge for companies and has also been recognized by the OWASP Core Business Application Security (CBAS) project. This talk will explore the security of SAP systems from an attacker's perspective, uncoverin…
  continue reading
 
As organizations increasingly rely on SAP systems to manage critical business processes, the security of these environments is an increasing challenge for companies and has also been recognized by the OWASP Core Business Application Security (CBAS) project. This talk will explore the security of SAP systems from an attacker's perspective, uncoverin…
  continue reading
 
As organizations increasingly rely on SAP systems to manage critical business processes, the security of these environments is an increasing challenge for companies and has also been recognized by the OWASP Core Business Application Security (CBAS) project. This talk will explore the security of SAP systems from an attacker's perspective, uncoverin…
  continue reading
 
Network fingerprinting exists for a while and some methods such as JA3 have achieved wide adoption across the industry. Introducing network fingerprinting into login flows can help you stave off attackers. However, there are various challenges that you need to overcome: technical, organizational and regulatory.In this talk we will take a look at th…
  continue reading
 
Network fingerprinting exists for a while and some methods such as JA3 have achieved wide adoption across the industry. Introducing network fingerprinting into login flows can help you stave off attackers. However, there are various challenges that you need to overcome: technical, organizational and regulatory.In this talk we will take a look at th…
  continue reading
 
Network fingerprinting exists for a while and some methods such as JA3 have achieved wide adoption across the industry. Introducing network fingerprinting into login flows can help you stave off attackers. However, there are various challenges that you need to overcome: technical, organizational and regulatory.In this talk we will take a look at th…
  continue reading
 
In early 2024, hundreds of DKIM setups still used cryptographic keys vulnerable to a bug from 2008 in Debian's OpenSSL package. Vulnerable hosts included prominent names like Cisco, Oracle, Skype, and Github.In 2022, it was discovered that printers generated TLS keys that could be trivially broken with an over 300-year-old algorithm by Pierre de Fe…
  continue reading
 
In early 2024, hundreds of DKIM setups still used cryptographic keys vulnerable to a bug from 2008 in Debian's OpenSSL package. Vulnerable hosts included prominent names like Cisco, Oracle, Skype, and Github.In 2022, it was discovered that printers generated TLS keys that could be trivially broken with an over 300-year-old algorithm by Pierre de Fe…
  continue reading
 
In early 2024, hundreds of DKIM setups still used cryptographic keys vulnerable to a bug from 2008 in Debian's OpenSSL package. Vulnerable hosts included prominent names like Cisco, Oracle, Skype, and Github.In 2022, it was discovered that printers generated TLS keys that could be trivially broken with an over 300-year-old algorithm by Pierre de Fe…
  continue reading
 
Viele Teams stehen vor der Herausforderung, beim Threat Modeling relevante Bedrohungen zu identifizieren, insbesondere wenn nur wenig Security-Expertise vorhanden ist. Die Auswahl und Bewertung von potenziellen Risiken kann für Nicht-Experten schwierig sein. Dieser Lightning Talk zeigt, wie Generative AI (GenAI) hier unterstützen kann, indem sie Be…
  continue reading
 
Viele Teams stehen vor der Herausforderung, beim Threat Modeling relevante Bedrohungen zu identifizieren, insbesondere wenn nur wenig Security-Expertise vorhanden ist. Die Auswahl und Bewertung von potenziellen Risiken kann für Nicht-Experten schwierig sein. Dieser Lightning Talk zeigt, wie Generative AI (GenAI) hier unterstützen kann, indem sie Be…
  continue reading
 
Viele Teams stehen vor der Herausforderung, beim Threat Modeling relevante Bedrohungen zu identifizieren, insbesondere wenn nur wenig Security-Expertise vorhanden ist. Die Auswahl und Bewertung von potenziellen Risiken kann für Nicht-Experten schwierig sein. Dieser Lightning Talk zeigt, wie Generative AI (GenAI) hier unterstützen kann, indem sie Be…
  continue reading
 
The presentation explores the security challenges and opportunities posed by Generative AI (GenAI). While GenAI offers tremendous potential, it also has a darker side, such as its use in creating deepfakes that can spread misinformation, manipulate political events, or facilitate fraud, as demonstrated in a live deepfake example. Malicious variants…
  continue reading
 
The presentation explores the security challenges and opportunities posed by Generative AI (GenAI). While GenAI offers tremendous potential, it also has a darker side, such as its use in creating deepfakes that can spread misinformation, manipulate political events, or facilitate fraud, as demonstrated in a live deepfake example. Malicious variants…
  continue reading
 
The presentation explores the security challenges and opportunities posed by Generative AI (GenAI). While GenAI offers tremendous potential, it also has a darker side, such as its use in creating deepfakes that can spread misinformation, manipulate political events, or facilitate fraud, as demonstrated in a live deepfake example. Malicious variants…
  continue reading
 
The OWASP AI Exchange provides a comprehensive framework to address the evolving security challenges presented by AI systems. As artificial intelligence continues to transform industries, securing these systems against emerging threats has become a top priority. This presentation will offer an in-depth overview of the OWASP AI Exchange, focusing on…
  continue reading
 
The OWASP AI Exchange provides a comprehensive framework to address the evolving security challenges presented by AI systems. As artificial intelligence continues to transform industries, securing these systems against emerging threats has become a top priority. This presentation will offer an in-depth overview of the OWASP AI Exchange, focusing on…
  continue reading
 
The OWASP AI Exchange provides a comprehensive framework to address the evolving security challenges presented by AI systems. As artificial intelligence continues to transform industries, securing these systems against emerging threats has become a top priority. This presentation will offer an in-depth overview of the OWASP AI Exchange, focusing on…
  continue reading
 
Die NIS2-Richtlinie (Network and Information Security Directive) der Europäischen Union stellt eine Weiterentwicklung der bestehenden Cybersicherheitsanforderungen dar und zielt darauf ab, die Resilienz und Sicherheit kritischer Infrastrukturen in der EU zu stärken. In Deutschland liegt derzeit mit dem NIS2UmsuCG (NIS-2-Umsetzungs- und Cybersicherh…
  continue reading
 
Die NIS2-Richtlinie (Network and Information Security Directive) der Europäischen Union stellt eine Weiterentwicklung der bestehenden Cybersicherheitsanforderungen dar und zielt darauf ab, die Resilienz und Sicherheit kritischer Infrastrukturen in der EU zu stärken. In Deutschland liegt derzeit mit dem NIS2UmsuCG (NIS-2-Umsetzungs- und Cybersicherh…
  continue reading
 
Die NIS2-Richtlinie (Network and Information Security Directive) der Europäischen Union stellt eine Weiterentwicklung der bestehenden Cybersicherheitsanforderungen dar und zielt darauf ab, die Resilienz und Sicherheit kritischer Infrastrukturen in der EU zu stärken. In Deutschland liegt derzeit mit dem NIS2UmsuCG (NIS-2-Umsetzungs- und Cybersicherh…
  continue reading
 
In the coming years, all EU member states will be required to provide their citizens with a digital identity wallet, as mandated by the European Union. The EU Digital Identity Wallet (EUDI Wallet) represents the largest implementation of its kind to date and brings with it significant challenges, particularly in terms of security, privacy, and inte…
  continue reading
 
In the coming years, all EU member states will be required to provide their citizens with a digital identity wallet, as mandated by the European Union. The EU Digital Identity Wallet (EUDI Wallet) represents the largest implementation of its kind to date and brings with it significant challenges, particularly in terms of security, privacy, and inte…
  continue reading
 
In the coming years, all EU member states will be required to provide their citizens with a digital identity wallet, as mandated by the European Union. The EU Digital Identity Wallet (EUDI Wallet) represents the largest implementation of its kind to date and brings with it significant challenges, particularly in terms of security, privacy, and inte…
  continue reading
 
OAuth 2.0 has become the backbone of secure delegated authorization on the web, enabling users to grant third-party applications access to their data without revealing their credentials. It's also foundational for federated authentication via OpenID Connect and plays a critical role in emerging technologies like wallet ecosystems. However, despite …
  continue reading
 
OAuth 2.0 has become the backbone of secure delegated authorization on the web, enabling users to grant third-party applications access to their data without revealing their credentials. It's also foundational for federated authentication via OpenID Connect and plays a critical role in emerging technologies like wallet ecosystems. However, despite …
  continue reading
 
OAuth 2.0 has become the backbone of secure delegated authorization on the web, enabling users to grant third-party applications access to their data without revealing their credentials. It's also foundational for federated authentication via OpenID Connect and plays a critical role in emerging technologies like wallet ecosystems. However, despite …
  continue reading
 
Once upon a time, developers and security experts relied on mostly server-side rendered vulnerable applications to train their web hacking skills. In 2014 the Juice Shop entered the stage as one of the first Rich Internet Application representatives. What started as a personal pet project with two dozen hacking challenges, became an OWASP Flagship …
  continue reading
 
Once upon a time, developers and security experts relied on mostly server-side rendered vulnerable applications to train their web hacking skills. In 2014 the Juice Shop entered the stage as one of the first Rich Internet Application representatives. What started as a personal pet project with two dozen hacking challenges, became an OWASP Flagship …
  continue reading
 
Once upon a time, developers and security experts relied on mostly server-side rendered vulnerable applications to train their web hacking skills. In 2014 the Juice Shop entered the stage as one of the first Rich Internet Application representatives. What started as a personal pet project with two dozen hacking challenges, became an OWASP Flagship …
  continue reading
 
Loading …

Kurzanleitung