Enviar búsqueda
Cargar
Chaos Report - Web Security Version
•
Descargar como KEY, PDF
•
0 recomendaciones
•
833 vistas
Eduardo Bohrer
Seguir
Slides do Lightning Talk apresentado no Segundo TTLabs Summit em 11/11/2011.
Leer menos
Leer más
Tecnología
Denunciar
Compartir
Denunciar
Compartir
1 de 19
Descargar ahora
Recomendados
Sophos introduces the Threat Landscape
Sophos introduces the Threat Landscape
Sophos Benelux
Malware self protection-matrix
Malware self protection-matrix
Cyphort
Virus Informáticos
Virus Informáticos
yaya2404
Mmw mac malware-mac
Mmw mac malware-mac
Cyphort
Asw clntg
Asw clntg
Madhu Priya
Cybersecurity 5 road_blocks
Cybersecurity 5 road_blocks
Cyphort
Malware's Most Wanted: Malvertising Attacks on Huffingtonpost, Yahoo, AOL
Malware's Most Wanted: Malvertising Attacks on Huffingtonpost, Yahoo, AOL
Cyphort
The Wannacry Effect - Provided by Raconteur
The Wannacry Effect - Provided by Raconteur
Gary Chambers
Recomendados
Sophos introduces the Threat Landscape
Sophos introduces the Threat Landscape
Sophos Benelux
Malware self protection-matrix
Malware self protection-matrix
Cyphort
Virus Informáticos
Virus Informáticos
yaya2404
Mmw mac malware-mac
Mmw mac malware-mac
Cyphort
Asw clntg
Asw clntg
Madhu Priya
Cybersecurity 5 road_blocks
Cybersecurity 5 road_blocks
Cyphort
Malware's Most Wanted: Malvertising Attacks on Huffingtonpost, Yahoo, AOL
Malware's Most Wanted: Malvertising Attacks on Huffingtonpost, Yahoo, AOL
Cyphort
The Wannacry Effect - Provided by Raconteur
The Wannacry Effect - Provided by Raconteur
Gary Chambers
Delitos informáticos
Delitos informáticos
Carlos Javier Sanbri
Most notable apt_ attacks_of_2015_and_2016 predictions
Most notable apt_ attacks_of_2015_and_2016 predictions
Cyphort
Malware's Most Wanted: Financial Trojans
Malware's Most Wanted: Financial Trojans
Cyphort
Malware's Most Wanted: The Many Faces of Malware
Malware's Most Wanted: The Many Faces of Malware
Cyphort
MMW June 2016: The Rise and Fall of Angler
MMW June 2016: The Rise and Fall of Angler
Marci Bontadelli
Antivirus weakness
Antivirus weakness
abdesslem amri
What? Why? Who? How? Of Application Security Testing
What? Why? Who? How? Of Application Security Testing
TEST Huddle
Today's malware aint what you think
Today's malware aint what you think
Nathan Winters
20160713 2016 the honeynet projct annual workshop focus and global trends
20160713 2016 the honeynet projct annual workshop focus and global trends
Yi-Lang Tsai
Sucuri website-hacked-report-2016 q1
Sucuri website-hacked-report-2016 q1
Roel Palmaers
The Dangers of Lapto
The Dangers of Lapto
Infosec Europe
2016 Bad Bot Report: Quantifying the Risk and Economic Impact of Bad Bots
2016 Bad Bot Report: Quantifying the Risk and Economic Impact of Bad Bots
Distil Networks
Quick heal threat_report_q3_2016
Quick heal threat_report_q3_2016
Andrey Apuhtin
Protect Yourself Against Today's Cybercriminals and Hackers
Protect Yourself Against Today's Cybercriminals and Hackers
Kaseya
Threats, Threat Modeling and Analysis
Threats, Threat Modeling and Analysis
Ian G
RSA Europe 2013 OWASP Training
RSA Europe 2013 OWASP Training
Jim Manico
En msft-scrty-cntnt-e book-cybersecurity
En msft-scrty-cntnt-e book-cybersecurity
Online Business
2016 Trends in Security
2016 Trends in Security
Ioannis Aligizakis, M.Sc.
The Web Hacking Incidents Database Annual
The Web Hacking Incidents Database Annual
guest376352
DevSecCon London 2019: Are Open Source Developers Security’s New Front Line?
DevSecCon London 2019: Are Open Source Developers Security’s New Front Line?
DevSecCon
Web Application Security
Web Application Security
sudip pudasaini
Indiancybercrimescene
Indiancybercrimescene
Rahul Mohandas
Más contenido relacionado
La actualidad más candente
Delitos informáticos
Delitos informáticos
Carlos Javier Sanbri
Most notable apt_ attacks_of_2015_and_2016 predictions
Most notable apt_ attacks_of_2015_and_2016 predictions
Cyphort
Malware's Most Wanted: Financial Trojans
Malware's Most Wanted: Financial Trojans
Cyphort
Malware's Most Wanted: The Many Faces of Malware
Malware's Most Wanted: The Many Faces of Malware
Cyphort
MMW June 2016: The Rise and Fall of Angler
MMW June 2016: The Rise and Fall of Angler
Marci Bontadelli
Antivirus weakness
Antivirus weakness
abdesslem amri
La actualidad más candente
(6)
Delitos informáticos
Delitos informáticos
Most notable apt_ attacks_of_2015_and_2016 predictions
Most notable apt_ attacks_of_2015_and_2016 predictions
Malware's Most Wanted: Financial Trojans
Malware's Most Wanted: Financial Trojans
Malware's Most Wanted: The Many Faces of Malware
Malware's Most Wanted: The Many Faces of Malware
MMW June 2016: The Rise and Fall of Angler
MMW June 2016: The Rise and Fall of Angler
Antivirus weakness
Antivirus weakness
Similar a Chaos Report - Web Security Version
What? Why? Who? How? Of Application Security Testing
What? Why? Who? How? Of Application Security Testing
TEST Huddle
Today's malware aint what you think
Today's malware aint what you think
Nathan Winters
20160713 2016 the honeynet projct annual workshop focus and global trends
20160713 2016 the honeynet projct annual workshop focus and global trends
Yi-Lang Tsai
Sucuri website-hacked-report-2016 q1
Sucuri website-hacked-report-2016 q1
Roel Palmaers
The Dangers of Lapto
The Dangers of Lapto
Infosec Europe
2016 Bad Bot Report: Quantifying the Risk and Economic Impact of Bad Bots
2016 Bad Bot Report: Quantifying the Risk and Economic Impact of Bad Bots
Distil Networks
Quick heal threat_report_q3_2016
Quick heal threat_report_q3_2016
Andrey Apuhtin
Protect Yourself Against Today's Cybercriminals and Hackers
Protect Yourself Against Today's Cybercriminals and Hackers
Kaseya
Threats, Threat Modeling and Analysis
Threats, Threat Modeling and Analysis
Ian G
RSA Europe 2013 OWASP Training
RSA Europe 2013 OWASP Training
Jim Manico
En msft-scrty-cntnt-e book-cybersecurity
En msft-scrty-cntnt-e book-cybersecurity
Online Business
2016 Trends in Security
2016 Trends in Security
Ioannis Aligizakis, M.Sc.
The Web Hacking Incidents Database Annual
The Web Hacking Incidents Database Annual
guest376352
DevSecCon London 2019: Are Open Source Developers Security’s New Front Line?
DevSecCon London 2019: Are Open Source Developers Security’s New Front Line?
DevSecCon
Web Application Security
Web Application Security
sudip pudasaini
Indiancybercrimescene
Indiancybercrimescene
Rahul Mohandas
Vinoo thomas rahul_mohandas__indian_cybercrime_scene - ClubHack2009
Vinoo thomas rahul_mohandas__indian_cybercrime_scene - ClubHack2009
ClubHack
Cisco Web and Email Security Overview
Cisco Web and Email Security Overview
Cisco Security
Renaud Bido & Mohammad Shams - Hijacking web servers & clients
Renaud Bido & Mohammad Shams - Hijacking web servers & clients
nooralmousa
Threat Check for Struts Released, Equifax Breach Dominates News
Threat Check for Struts Released, Equifax Breach Dominates News
Black Duck by Synopsys
Similar a Chaos Report - Web Security Version
(20)
What? Why? Who? How? Of Application Security Testing
What? Why? Who? How? Of Application Security Testing
Today's malware aint what you think
Today's malware aint what you think
20160713 2016 the honeynet projct annual workshop focus and global trends
20160713 2016 the honeynet projct annual workshop focus and global trends
Sucuri website-hacked-report-2016 q1
Sucuri website-hacked-report-2016 q1
The Dangers of Lapto
The Dangers of Lapto
2016 Bad Bot Report: Quantifying the Risk and Economic Impact of Bad Bots
2016 Bad Bot Report: Quantifying the Risk and Economic Impact of Bad Bots
Quick heal threat_report_q3_2016
Quick heal threat_report_q3_2016
Protect Yourself Against Today's Cybercriminals and Hackers
Protect Yourself Against Today's Cybercriminals and Hackers
Threats, Threat Modeling and Analysis
Threats, Threat Modeling and Analysis
RSA Europe 2013 OWASP Training
RSA Europe 2013 OWASP Training
En msft-scrty-cntnt-e book-cybersecurity
En msft-scrty-cntnt-e book-cybersecurity
2016 Trends in Security
2016 Trends in Security
The Web Hacking Incidents Database Annual
The Web Hacking Incidents Database Annual
DevSecCon London 2019: Are Open Source Developers Security’s New Front Line?
DevSecCon London 2019: Are Open Source Developers Security’s New Front Line?
Web Application Security
Web Application Security
Indiancybercrimescene
Indiancybercrimescene
Vinoo thomas rahul_mohandas__indian_cybercrime_scene - ClubHack2009
Vinoo thomas rahul_mohandas__indian_cybercrime_scene - ClubHack2009
Cisco Web and Email Security Overview
Cisco Web and Email Security Overview
Renaud Bido & Mohammad Shams - Hijacking web servers & clients
Renaud Bido & Mohammad Shams - Hijacking web servers & clients
Threat Check for Struts Released, Equifax Breach Dominates News
Threat Check for Struts Released, Equifax Breach Dominates News
Más de Eduardo Bohrer
Monitorando sistemas distribuidos
Monitorando sistemas distribuidos
Eduardo Bohrer
Kubernetes - ThoughtWorks Tech Radar 18
Kubernetes - ThoughtWorks Tech Radar 18
Eduardo Bohrer
Refatoração - XPConfBR 2015
Refatoração - XPConfBR 2015
Eduardo Bohrer
Node.JS - Workshop do básico ao avançado
Node.JS - Workshop do básico ao avançado
Eduardo Bohrer
Builds e Pipelines - A arte de automatizar a entrega de software!
Builds e Pipelines - A arte de automatizar a entrega de software!
Eduardo Bohrer
Git para quem gosta de git
Git para quem gosta de git
Eduardo Bohrer
NoSQL and AWS Dynamodb
NoSQL and AWS Dynamodb
Eduardo Bohrer
uMov.me API - Do básico ao avançado
uMov.me API - Do básico ao avançado
Eduardo Bohrer
XSS (Cross site scripting)
XSS (Cross site scripting)
Eduardo Bohrer
Memória e Garbage Collection na JVM
Memória e Garbage Collection na JVM
Eduardo Bohrer
Más de Eduardo Bohrer
(10)
Monitorando sistemas distribuidos
Monitorando sistemas distribuidos
Kubernetes - ThoughtWorks Tech Radar 18
Kubernetes - ThoughtWorks Tech Radar 18
Refatoração - XPConfBR 2015
Refatoração - XPConfBR 2015
Node.JS - Workshop do básico ao avançado
Node.JS - Workshop do básico ao avançado
Builds e Pipelines - A arte de automatizar a entrega de software!
Builds e Pipelines - A arte de automatizar a entrega de software!
Git para quem gosta de git
Git para quem gosta de git
NoSQL and AWS Dynamodb
NoSQL and AWS Dynamodb
uMov.me API - Do básico ao avançado
uMov.me API - Do básico ao avançado
XSS (Cross site scripting)
XSS (Cross site scripting)
Memória e Garbage Collection na JVM
Memória e Garbage Collection na JVM
Último
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
Sri Ambati
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
Alfredo García Lavilla
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
Mark Billinghurst
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
Curtis Poe
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Mark Simos
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
gvaughan
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level piece
charlottematthew16
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
Stephanie Beckett
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
UiPathCommunity
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
Fwdays
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
Rizwan Syed
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
Commit University
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
ScyllaDB
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
Hervé Boutemy
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
Lorenzo Miniero
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
Fwdays
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
Sergiu Bodiu
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
Enterprise Knowledge
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
Lonnie McRorey
Último
(20)
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level piece
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
Chaos Report - Web Security Version
1.
The Chaos
Report Web Security Version Eduardo Bohrer - @nbluis eduardobohrer.com.br
2.
Você tem tido
o devido cuidado?
3.
O nosso inimigo
está armado e parapetado!
4.
Os números de
2010
5.
Os números de
2010 93% mais ataques web 15~20 milhões de ataques por dia 1+ milhão bots 42% mais ataques mobile 260+ milhões novos malwares Brasil 4 colocado em atividade maliciosa Fonte: Symantec Security Threat Report Volume 16
6.
7.
6
8.
30 vulnerabilidades mais
recorrentes. 84% websites do mundo são susceptíveis. Fonte: Whitehat website security statistics report 2011. 6
9.
30 vulnerabilidades 84% websites
do mundo Fonte: Whitehat website security statistics report 2011. 6
10.
11.
Quem poderá nos
defender?
12.
Sem fins lucrativos
13.
Diversos apoiadores
14.
Muitos projetos e
material de estudo
15.
Muitos projetos e
material de estudo OWASP Top 10 OWASP Testing Guide ESAPI Web Goat WebScarab OWASP Development Guide
16.
Grupo de discussão; Organização
de eventos; Fez a organização do AppSec Latin America 2011.
17.
18.
Referencias http://www.symantec.com/business/threatreport/ https://www.whitehatsec.com/assets/WPstats_winter11_11th.pdf https://www.owasp.org/index.php/Main_Page https://www.owasp.org/index.php/Category:OWASP_Project https://www.owasp.org/index.php/Porto_Alegre https://www.owasp.org/index.php/Category:OWASP_WebScarab_Project https://www.owasp.org/index.php/Category:OWASP_Guide_Project https://www.owasp.org/index.php/Category:OWASP_Testing_Project https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project https://www.owasp.org/index.php/Category:OWASP_WebGoat_Project https://www.owasp.org/index.php/Category:OWASP_Enterprise_Security_API
19.
Imagens http://3.bp.blogspot.com/_Na4CPVnGtCk/TT8o77X2PxI/AAAAAAAAZ6c/xfQtTtZxM_w/s400/ apontando_o_dedo.jpg http://1.bp.blogspot.com/_TBFrVWg5uOM/TF_9R41sK7I/AAAAAAAAB1U/elW_A1ning8/s1600/chapolin.jpg http://www.yaboukir.com/wp-content/uploads/2011/09/owasp.png https://www.owasp.org/images/c/c1/Owasp-poa-eng.png http://wallpapergravity.com/wallpapers2/650/650912.jpg http://i277.photobucket.com/albums/kk65/darinaldi/fuuu.png http://fak3r.com/wp-content/blogs.dir/12/files/ challenge_accepted_Amazing_Feats_Fails_WIns_Lolz_and_A_Contest-s325x265-158648-535.png http://osprofanos.com/wp-content/uploads/2011/02/
Notas del editor
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
Descargar ahora