Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Application Security: What Your Developers Don'...

Joe Kuemerle
June 19, 2013
Programming
1
66

Application Security: What Your Developers Don't Know Can Hurt You

From NEOISF on June 19th.

Joe Kuemerle

June 19, 2013
Tweet

More Decks by Joe Kuemerle

See All by Joe Kuemerle
Pilots, Surgeons and Developers - Improving Application Security With Checklists
jkuemerle
0
20
Lightweight Data Access in .NET
jkuemerle
0
43
Defense Against The Dark Arts: Application security and you
jkuemerle
0
37
Is your API leaking? Breaking APIs to increase security.
jkuemerle
0
110
Application Security: What you don't know can hurt you - PrairieDevCon 2015
jkuemerle
0
67
Keeping Secrets: Using Encryption Effectively
jkuemerle
0
110
Keeping Secrets: Using Encryption Effectively - CodeMash 2015
jkuemerle
0
70
Get Rid of Visual SourceSafe??! - NWNUG March 2014
jkuemerle
0
140
Close The Feedback Loop. Using Application Analytics To Improve Agile Development - CodepaLOUsa 2014
jkuemerle
0
72

Other Decks in Programming

See All in Programming
Why Jakarta EE Matters to Spring - and Vice Versa
ivargrimstad
0
1.3k
DevTools extensions で 独自の DevTool を開発する | FlutterKaigi 2024
kokiyoshida
0
130
NSOutlineView何もわからん:( 前編 / I Don't Understand About NSOutlineView :( Pt. 1
usagimaru
0
350
A Journey of Contribution and Collaboration in Open Source
ivargrimstad
0
1.1k
AWS Lambdaから始まった
Serverlessの「熱」とキャリアパス / It started with AWS Lambda Serverless “fever” and career path
seike460
PRO
1
260
React への依存を最小にするフロントエンド設計
takonda
19
5k
「今のプロジェクトいろいろ大変なんですよ、app/services とかもあって……」/After Kaigi on Rails 2024 LT Night
junk0612
5
2.2k
ローコードSaaSのUXを向上させるためのTypeScript
taro28
1
660
Vapor Revolution
kazupon
2
460
Nurturing OpenJDK distribution: Eclipse Temurin Success History and plan
ivargrimstad
0
1.1k
リアーキテクチャxDDD 1年間の取り組みと進化
hsawaji
1
220
イマのCSSでできる
インタラクション最前線 + CSS最新情報
clockmaker
5
2.9k

Featured

See All Featured
Intergalactic Javascript Robots from Outer Space
tanoku
269
27k
RailsConf & Balkan Ruby 2019: The Past, Present, and Future of Rails at GitHub
eileencodes
131
33k
Optimizing for Happiness
mojombo
376
70k
Art, The Web, and Tiny UX
lynnandtonic
297
20k
Bash Introduction
62gerente
608
210k
Thoughts on Productivity
jonyablonski
67
4.3k
Fashionably flexible responsive web design (full day workshop)
malarkey
405
65k
We Have a Design System, Now What?
morganepeng
50
7.2k
Building a Scalable Design System with Sketch
lauravandoore
459
33k
Statistics for Hackers
jakevdp
796
220k
KATA
mclloyd
29
14k
Speed Design
sergeychernyshev
25
620

Transcript

  1. Application Security What your developers don't know can hurt you

    Joe Kuemerle www.kuemerle.com @jkuemerle

  2. @jkuemerle / www.kuemerle.com Joe Kuemerle • Over 15 years of

    development experience with a broad range of technologies • Focused on application and data security, coding best practices and regulatory compliance • Presenter at community, regional and national events.

  3. @jkuemerle / www.kuemerle.com How did Mr. Boddy get hacked?

  4. @jkuemerle / www.kuemerle.com Source: Web Hacking Incident Database http://tinyurl.com/AppAttackStats

  5. @jkuemerle / www.kuemerle.com

  6. @jkuemerle / www.kuemerle.com

  7. @jkuemerle / www.kuemerle.com

  8. @jkuemerle / www.kuemerle.com

  9. @jkuemerle / www.kuemerle.com https://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet http://wpl.codeplex.com

  10. @jkuemerle / www.kuemerle.com

  11. @jkuemerle / www.kuemerle.com

  12. @jkuemerle / www.kuemerle.com

  13. @jkuemerle / www.kuemerle.com

  14. @jkuemerle / www.kuemerle.com

  15. @jkuemerle / www.kuemerle.com *

  16. @jkuemerle / www.kuemerle.com

  17. @jkuemerle / www.kuemerle.com https://www.owasp.org/index.php/OWASP_Mobile_Security_Project

  18. @jkuemerle / www.kuemerle.com Spoofing Tampering Repudiation Information Disclosure Denial of

    Service Elevation of Privilege

  19. @jkuemerle / www.kuemerle.com

  20. @jkuemerle / www.kuemerle.com

  21. @jkuemerle / www.kuemerle.com

  22. @jkuemerle / www.kuemerle.com Photo Credits • http://www.flickr.com/photos/pcoin/4629410478 • http://www.flickr.com/photos/ekreitschmann/3296628124 •

    http://www.flickr.com/photos/quinnanya/3333961881 • http://www.flickr.com/photos/pcambra/3347911070 • http://www.flickr.com/photos/superamit/2491512156 • http://www.flickr.com/photos/terrio/5710831966 • http://www.flickr.com/photos/cliffnordman/6131349171 • http://www.flickr.com/photos/suckamc/4075609940 • http://www.flickr.com/photos/alan-light/211186811 • http://www.flickr.com/photos/marksteele/3766525250 • http://www.flickr.com/photos/petithiboux/4062233946 • http://www.flickr.com/photos/theevilmightyf/1496413769 • http://www.flickr.com/photos/cookylamoo/5059188603 • http://www.flickr.com/photos/phploveme/2911722148

  23. @jkuemerle / www.kuemerle.com References • http://www.troyhunt.com o http://www.troyhunt.com/2011/12/free-ebook-owasp-top-10-for-net.html • http://www.owasp.org

    o http://www.youtube.com/user/AppsecTutorialSeries?feature=watch • http://www.microsoft.com/security/sdl/default.aspx • http://blogs.msdn.com/b/sdl • http://bsimm.com • http://www.amazon.com/Writing-Secure-Second- Michael-Howard/dp/0735617228 • http://www.google.com/reader/bundle/user%2F11 910239077358858577%2Fbundle%2FSecurity

  24. @jkuemerle / www.kuemerle.com Tools • http://wpl.codeplex.com • http://www.backtrack-linux.org • http://www.microsoft.com/download/en/details.as

    px?displaylang=en&id=14719 (Threat Model designer) • http://www.microsoft.com/download/en/details.as px?displaylang=en&id=21769 (File fuzzer) • WebGoat.NET o https://github.com/sempf/WebGoat.NET o https://github.com/jkuemerle/WebGoat.NET

  25. @jkuemerle / www.kuemerle.com http://speakerrate.com/jkuemerle