Upgrade to Pro — share decks privately, control downloads, hide ads and more …

OWASP Top 10-2017: Sua aplicação está protegida?

Adiel Cristo
April 18, 2018
Programming
0
32

OWASP Top 10-2017: Sua aplicação está protegida?

Muitas vezes, ao trabalhar com prazos apertados, é comum
relegar a segurança da aplicação ao segundo plano, tornando-
a vulnerável a ataques.

Além disso, novas falhas são descobertas frequentemente, as
formas de ataque estão em constante evolução, e as medidas
de segurança precisam acompanhar esta evolução.

Nesta palestra conhecemos os maiores riscos de segurança
para aplicações web, os impactos causados e as medidas de
proteção necessárias, acompanhando a última revisão da
OWASP Top 10.

Adiel Cristo

April 18, 2018
Tweet

More Decks by Adiel Cristo

See All by Adiel Cristo
Entregando Bons Resultados com BDD - PHP Conference Brasil 2019
adielcristo
0
29
Saindo do Legado com os Componentes Symfony - PHP Conference Brasil 2019
adielcristo
0
160
Crawling the Web with the New Symfony Components
adielcristo
0
28
PHP Internals: Primeiros Passos - PHP Community Summit 2019
adielcristo
0
55
NoSQL in the Cloud
adielcristo
0
15
Testando aplicações legadas: por onde começo?
adielcristo
0
82

Other Decks in Programming

See All in Programming
Behind VS Code Extensions for JavaScript / TypeScript Linnting and Formatting
unvalley
5
920
TCAとKMPを用いた新規動画配信アプリ 「ABEMA Live」の設計
tomu28
1
110
効率化に挑戦してみたらモバイル開発が少し快適になった話
ryunakayama
0
130
Komplexe Oberflächen mit SVG und der Web Animation API
joergneumann
0
670
educure_カリキュラム生操作マニュアル.pdf
linew_official
0
800
Milestoner
bkuhlmann
1
410
Site Reliability Engineering for GMO
pyama86
8
1k
if constexpr文はテンプレート世界のラムダ式である
faithandbrave
3
650
エンターテイメント業界で利用されるAWS
demuyan
0
210
初心者のためのRubyKaigi入門/RubyKaigi Introduction
a_matsuda
1
710
VSCodeでのDatabricks開発もお勧めしたい/I would also recommend Databricks development with VSCode.
kazumain
0
260
Rubyでたのしむクリエイティブコーディング/Enjoy Creative coding with Ruby
chobishiba
1
180

Featured

See All Featured
Writing Fast Ruby
sferik
621
60k
Cheating the UX When There Is Nothing More to Optimize - PixelPioneers
stephaniewalter
274
13k
Mobile First: as difficult as doing things right
swwweet
216
8.6k
Understanding Cognitive Biases in Performance Measurement
bluesmoon
7
1k
Agile that works and the tools we love
rasmusluckow
325
20k
A better future with KSS
kneath
231
16k
Thoughts on Productivity
jonyablonski
58
3.8k
Keith and Marios Guide to Fast Websites
keithpitt
408
22k
The Pragmatic Product Professional
lauravandoore
25
5.8k
Producing Creativity
orderedlist
PRO
337
39k
Unsuck your backbone
ammeep
663
57k
Web Components: a chance to create the future
zenorocha
305
41k

Transcript

  1. Globalcode – Open4education OWASP Top 10-2017: Sua aplicação está protegida?

    Adiel Cristo Abril 2018

  2. Globalcode – Open4education Agenda OWASP: É de comer? OWASP Top

    Ten-2017

  3. Globalcode – Open4education OWASP Top Ten-2017 A1:2017 - Injection A2:2017

    - Broken Authentication A3:2017 - Sensitive Data Exposure A4:2017 - XML External Entities (XXE) A5:2017 - Broken Access Control

  4. Globalcode – Open4education OWASP Top Ten-2017 A6:2017 - Security Misconfiguration

    A7:2017 - Cross-Site Scripting (XSS) A8:2017 - Insecure Deserialization A9:2017 - Using Components with Known Vulnerabilities A10:2017 - Insufficient Logging & Monitoring

  5. Globalcode – Open4education A1:2017 - Injection Threat Agents / Attack

    Vectors Security Weakness Impacts

  6. Globalcode – Open4education A1:2017 - Injection Example of Attack: String

    query = "SELECT * FROM accounts WHERE custID='" + request.getParameter("id") + "'"; Query HQLQuery = session.createQuery("FROM accounts WHERE custID='" + request.getParameter("id") + "'"); http://example.com/app/accountView?id=' or '1'='1

  7. Globalcode – Open4education A2:2017 - Broken Authentication Threat Agents /

    Attack Vectors Security Weakness Impacts

  8. Globalcode – Open4education A2:2017 - Broken Authentication Example of Attack:

  9. Globalcode – Open4education References  https://www.owasp.org

  10. Globalcode – Open4education Adiel Cristo Senior PHP Developer http://bit.ly/tdc-floripa-owasp-top-10

  11. None