Secure Software Development

Transcript

1. Secure Web Application Development Ulugbek Miniyarov Software Architect @ ENUYGUN

2. Importance of Secure Web Application Development

3. OWASP Top 10 - 2017 The Ten Most Critical Web

   Application Security Risks Injection Flaw - SQL, NoSQL, OS and LDAP Broken Authentication - Incorrect OAuth, JWT or Session configuration Sensitive Data Exposure - Not properly protecting Credit Card, Identity Data XML External Entities - Poorly configured XML Processors Broken Access Control - Unauthorized access to authenticated users Security Misconfiguration - Insecure, incomplete default configurations Cross-Site Scripting - Not properly sanitized user provided data Insecure Deserialization - Leads to Remote Code Execution Using Components with Known Vulnerabilities - Not up-to-date components, libraries Insufficient Logging & Monitoring - Missing or ineffective integration

4. Injection Flaw - Never ever trust user input!

5. Broken Authentication

6. Sensitive Data Exposure

7. XML External Entities

8. Broken Access Control

9. Security Misconfiguration

10. Cross-Site Scripting (XSS)

11. Insecure Deserialization

12. Using Components with Known Vulnerabilities

13. Insufficient Logging & Monitoring

14. Thanks Resources: https://www.owasp.org/index.php/Main_Page https://paragonie.com/blog/2017/12/2018-guide-building-secure-php-software https://www.phptherightway.com/ https://www.evonide.com/how-we-broke-php-hacked-pornhub-and-earned-20000-dollar/ https://haveibeenpwned.com/