Artwork

Inhalt bereitgestellt von Black Hat / CMP and Jeff Moss. Alle Podcast-Inhalte, einschließlich Episoden, Grafiken und Podcast-Beschreibungen, werden direkt von Black Hat / CMP and Jeff Moss oder seinem Podcast-Plattformpartner hochgeladen und bereitgestellt. Wenn Sie glauben, dass jemand Ihr urheberrechtlich geschütztes Werk ohne Ihre Erlaubnis nutzt, können Sie dem hier beschriebenen Verfahren folgen https://de.player.fm/legal.
Player FM - Podcast-App
Gehen Sie mit der App Player FM offline!

Andrew van der Stock: World Exclusive - Announcing the OWASP Guide To Securing Web Applications and Services 2.0

53:49
 
Teilen
 

Manage episode 155121506 series 1146744
Inhalt bereitgestellt von Black Hat / CMP and Jeff Moss. Alle Podcast-Inhalte, einschließlich Episoden, Grafiken und Podcast-Beschreibungen, werden direkt von Black Hat / CMP and Jeff Moss oder seinem Podcast-Plattformpartner hochgeladen und bereitgestellt. Wenn Sie glauben, dass jemand Ihr urheberrechtlich geschütztes Werk ohne Ihre Erlaubnis nutzt, können Sie dem hier beschriebenen Verfahren folgen https://de.player.fm/legal.
After three years of community development, the Open Web Application Security Project (OWASP) is proud to introduce the next generation of web application security standards at BlackHat USA 2005. The Guide to Securing Web Applications and Services 2.0 is a major new release - written from the ground up, with many new sections covering common and emerging risks, including: * How to design more secure software * How to conduct a security review using the Guide * How to perform the most difficult web application processes correctly: processing credit cards, interacting with payment gateways (such as PayPayl), and anti-phishing controls * Reorganized and easily navigated chapters on web application controls including: web services, comprehensive authentication and authorization controls, session management, data validation, interpreter injection, and many new controls within existing chapters * Secure configuration and deployment * And software quality assurance. The Guide has adopted and extended the popular OWASP Top 10 approach - security objectives, how to identify if you are at risk, with recommended remediations in three popular frameworks, and further reading. The Guide is platform neutral, and has examples in J2EE, ASP.NET and PHP. The Guide 2.0 is on the conference materials CD-ROM in its entirety. As it is free (as in beer as well as in freedom), you can redistribute or print it as often as you wish. To demonstrate the incredible versatility of the Guide and its pragmatic approach, we will be conducting a live security review of software selected at random by the audience. To perform the review demonstration, we will be using just a few off-the-shelf web development tools with Firefox to demonstrate how easy it is to subvert the average application, and how simple it is to fix issues properly by using the Guide. We expect this talk will be useful to all attendees, but those who set secure coding standards within their organization, manage risk from custom software, manage software development or are software architects or developers will benefit the most from attending this session. Andrew van der Stock is among the many contributors to the OWASP project over the years. Andrew has presented at many conferences, including BlackHat USA, linux.conf.au, and AusCERT, and is a leading Australian web application researcher. He helps run the OWASP Melbourne chapter, started the OWASP Sydney chapter, and is ex-President of SAGE-AU, the System Administrator's Guild of Australia. You can read more about OWASP, the Open Web Application Security Project at http://www.owasp.org/ and you can read more about Andrew at http://www.greebo.net/>
  continue reading

61 Episoden

Artwork
iconTeilen
 
Manage episode 155121506 series 1146744
Inhalt bereitgestellt von Black Hat / CMP and Jeff Moss. Alle Podcast-Inhalte, einschließlich Episoden, Grafiken und Podcast-Beschreibungen, werden direkt von Black Hat / CMP and Jeff Moss oder seinem Podcast-Plattformpartner hochgeladen und bereitgestellt. Wenn Sie glauben, dass jemand Ihr urheberrechtlich geschütztes Werk ohne Ihre Erlaubnis nutzt, können Sie dem hier beschriebenen Verfahren folgen https://de.player.fm/legal.
After three years of community development, the Open Web Application Security Project (OWASP) is proud to introduce the next generation of web application security standards at BlackHat USA 2005. The Guide to Securing Web Applications and Services 2.0 is a major new release - written from the ground up, with many new sections covering common and emerging risks, including: * How to design more secure software * How to conduct a security review using the Guide * How to perform the most difficult web application processes correctly: processing credit cards, interacting with payment gateways (such as PayPayl), and anti-phishing controls * Reorganized and easily navigated chapters on web application controls including: web services, comprehensive authentication and authorization controls, session management, data validation, interpreter injection, and many new controls within existing chapters * Secure configuration and deployment * And software quality assurance. The Guide has adopted and extended the popular OWASP Top 10 approach - security objectives, how to identify if you are at risk, with recommended remediations in three popular frameworks, and further reading. The Guide is platform neutral, and has examples in J2EE, ASP.NET and PHP. The Guide 2.0 is on the conference materials CD-ROM in its entirety. As it is free (as in beer as well as in freedom), you can redistribute or print it as often as you wish. To demonstrate the incredible versatility of the Guide and its pragmatic approach, we will be conducting a live security review of software selected at random by the audience. To perform the review demonstration, we will be using just a few off-the-shelf web development tools with Firefox to demonstrate how easy it is to subvert the average application, and how simple it is to fix issues properly by using the Guide. We expect this talk will be useful to all attendees, but those who set secure coding standards within their organization, manage risk from custom software, manage software development or are software architects or developers will benefit the most from attending this session. Andrew van der Stock is among the many contributors to the OWASP project over the years. Andrew has presented at many conferences, including BlackHat USA, linux.conf.au, and AusCERT, and is a leading Australian web application researcher. He helps run the OWASP Melbourne chapter, started the OWASP Sydney chapter, and is ex-President of SAGE-AU, the System Administrator's Guild of Australia. You can read more about OWASP, the Open Web Application Security Project at http://www.owasp.org/ and you can read more about Andrew at http://www.greebo.net/>
  continue reading

61 Episoden

Alla avsnitt

×
 
Loading …

Willkommen auf Player FM!

Player FM scannt gerade das Web nach Podcasts mit hoher Qualität, die du genießen kannst. Es ist die beste Podcast-App und funktioniert auf Android, iPhone und im Web. Melde dich an, um Abos geräteübergreifend zu synchronisieren.

 

Kurzanleitung