Application Security: What Your Developers Don't Know Can Hurt You

Application Security What your developers don't know can hurt you
Joe Kuemerle www.kuemerle.com @jkuemerle

@jkuemerle / www.kuemerle.com Joe Kuemerle • Over 15 years of
development experience with a broad range of technologies • Focused on application and data security, coding best practices and regulatory compliance • Presenter at community, regional and national events.

@jkuemerle / www.kuemerle.com How did Mr. Boddy get hacked?

@jkuemerle / www.kuemerle.com Source: Web Hacking Incident Database http://tinyurl.com/AppAttackStats

@jkuemerle / www.kuemerle.com

@jkuemerle / www.kuemerle.com https://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet http://wpl.codeplex.com

@jkuemerle / www.kuemerle.com *

@jkuemerle / www.kuemerle.com https://www.owasp.org/index.php/OWASP_Mobile_Security_Project

@jkuemerle / www.kuemerle.com Spoofing Tampering Repudiation Information Disclosure Denial of
Service Elevation of Privilege

@jkuemerle / www.kuemerle.com Photo Credits • http://www.flickr.com/photos/pcoin/4629410478 • http://www.flickr.com/photos/ekreitschmann/3296628124 •
http://www.flickr.com/photos/quinnanya/3333961881 • http://www.flickr.com/photos/pcambra/3347911070 • http://www.flickr.com/photos/superamit/2491512156 • http://www.flickr.com/photos/terrio/5710831966 • http://www.flickr.com/photos/cliffnordman/6131349171 • http://www.flickr.com/photos/suckamc/4075609940 • http://www.flickr.com/photos/alan-light/211186811 • http://www.flickr.com/photos/marksteele/3766525250 • http://www.flickr.com/photos/petithiboux/4062233946 • http://www.flickr.com/photos/theevilmightyf/1496413769 • http://www.flickr.com/photos/cookylamoo/5059188603 • http://www.flickr.com/photos/phploveme/2911722148

@jkuemerle / www.kuemerle.com References • http://www.troyhunt.com o http://www.troyhunt.com/2011/12/free-ebook-owasp-top-10-for-net.html • http://www.owasp.org
o http://www.youtube.com/user/AppsecTutorialSeries?feature=watch • http://www.microsoft.com/security/sdl/default.aspx • http://blogs.msdn.com/b/sdl • http://bsimm.com • http://www.amazon.com/Writing-Secure-Second- Michael-Howard/dp/0735617228 • http://www.google.com/reader/bundle/user%2F11 910239077358858577%2Fbundle%2FSecurity

@jkuemerle / www.kuemerle.com Tools • http://wpl.codeplex.com • http://www.backtrack-linux.org • http://www.microsoft.com/download/en/details.as
px?displaylang=en&id=14719 (Threat Model designer) • http://www.microsoft.com/download/en/details.as px?displaylang=en&id=21769 (File fuzzer) • WebGoat.NET o https://github.com/sempf/WebGoat.NET o https://github.com/jkuemerle/WebGoat.NET

@jkuemerle / www.kuemerle.com http://speakerrate.com/jkuemerle

Application Security: What Your Developers Don'...

Application Security: What Your Developers Don't Know Can Hurt You

Joe Kuemerle

More Decks by Joe Kuemerle

Other Decks in Programming

Featured

Transcript