Submit Search
Upload
OWASP Pune Chapter : Dive Into The Profound Web Attacks
•
Download as PPTX, PDF
•
4 likes
•
2,203 views
Narendra Bhati
Follow
OWASP Pune Chapter 18th Feb 2016 At - Avaya India, Pune.
Read less
Read more
Technology
Report
Share
Report
Share
1 of 42
Download now
Recommended
Published On Exploit DB Papers https://www.exploit-db.com/docs/38193.pdf
Abusing Windows Opener To Bypass CSRF Protection
Abusing Windows Opener To Bypass CSRF Protection
Narendra Bhati
How I won the ClubHack'11 Precon CTF - A Walkthru A Write-up
Club hack 2011 precon ctf walkthrough
Club hack 2011 precon ctf walkthrough
n|u - The Open Security Community
Basic programming practices to ensure secure PHP web applications.
Secure Programming In Php
Secure Programming In Php
Akash Mahajan
Presentation which describes entity provider selection confusion attacks in JAX-RS applications for RESTEasy and Jersey frameworks.
Entity provider selection confusion attacks in JAX-RS applications
Entity provider selection confusion attacks in JAX-RS applications
Mikhail Egorov
Basic overview of PHP security for a local Meetup group
Intro to Php Security
Intro to Php Security
Dave Ross
Unusual Web Bugs
Unusual Web Bugs
amiable_indian
A case study of security features inside the popular python-based web framework, Django. Made by Mohammed ALDOUB (@Voulnet)
Case Study of Django: Web Frameworks that are Secure by Default
Case Study of Django: Web Frameworks that are Secure by Default
Mohammed ALDOUB
Presentation from Zero Nights 2017 - https://2017.zeronights.ru/report/tryuki-dlya-obhoda-csrf-zashhity/.
Neat tricks to bypass CSRF-protection
Neat tricks to bypass CSRF-protection
Mikhail Egorov
Recommended
Published On Exploit DB Papers https://www.exploit-db.com/docs/38193.pdf
Abusing Windows Opener To Bypass CSRF Protection
Abusing Windows Opener To Bypass CSRF Protection
Narendra Bhati
How I won the ClubHack'11 Precon CTF - A Walkthru A Write-up
Club hack 2011 precon ctf walkthrough
Club hack 2011 precon ctf walkthrough
n|u - The Open Security Community
Basic programming practices to ensure secure PHP web applications.
Secure Programming In Php
Secure Programming In Php
Akash Mahajan
Presentation which describes entity provider selection confusion attacks in JAX-RS applications for RESTEasy and Jersey frameworks.
Entity provider selection confusion attacks in JAX-RS applications
Entity provider selection confusion attacks in JAX-RS applications
Mikhail Egorov
Basic overview of PHP security for a local Meetup group
Intro to Php Security
Intro to Php Security
Dave Ross
Unusual Web Bugs
Unusual Web Bugs
amiable_indian
A case study of security features inside the popular python-based web framework, Django. Made by Mohammed ALDOUB (@Voulnet)
Case Study of Django: Web Frameworks that are Secure by Default
Case Study of Django: Web Frameworks that are Secure by Default
Mohammed ALDOUB
Presentation from Zero Nights 2017 - https://2017.zeronights.ru/report/tryuki-dlya-obhoda-csrf-zashhity/.
Neat tricks to bypass CSRF-protection
Neat tricks to bypass CSRF-protection
Mikhail Egorov
A talk on top 10 Security Vulnerabilities based on OWASP Top Ten Project: https://www.owasp.org/index.php/OWASP_Top_Ten_Project. The presentation is available under Creative Commons Attribution-ShareAlike 2.5 Generic License: https://creativecommons.org/licenses/by-sa/2.5/.
Top 10 Security Vulnerabilities (2006)
Top 10 Security Vulnerabilities (2006)
Susam Pal
Seminar on various security issues faced by PHP developers and ways to avoid them. The Examples used in the seminar can be downloaded from -> http://www.sanisoft.com/blog/wp-content/uploads/2009/08/security.tar.gz
Security In PHP Applications
Security In PHP Applications
Aditya Mooley
Presentation that contrasts static and dynamic analysis of web applications for security vulnerabilities. Describes a technique to combine static and dynamic analysis called hybrid analysis. (SummerCon 2008)
Static Analysis: The Art of Fighting without Fighting
Static Analysis: The Art of Fighting without Fighting
Rob Ragan
http://www.powerofcommunity.net/pastcon_2008.html & http://xcon.xfocus.org/XCon2008/index.html The Same Origin Policy is the most talked about security policy which relates to web applications, it is the constraint within browsers that ideally stops active content from different origins arbitrarily communicating with each other. This policy has given rise to the class of bugs known as Cross-Site Scripting (XSS) vulnerabilities, though a more accurate term is usually JavaScript injection, where the ability to force an application to echo crafted data gives an attacker the ability to execute JavaScript within the context of the vulnerable origin. This talk takes the view that the biggest weakness with the Same Origin Policy is that it must be implemented by every component of the browser independently, and if any component implements it differently to other components then the security posture of the browser is altered. As such this talk will examine how the 'Same Origin Policy' is implemented in different circumstances, especially in active content, and where the Same Origin Policy is not really enforced at all.
Same Origin Policy Weaknesses
Same Origin Policy Weaknesses
kuza55
JUG Basel
OAuth Hacks A gentle introduction to OAuth 2 and Apache Oltu
OAuth Hacks A gentle introduction to OAuth 2 and Apache Oltu
Antonio Sanso
This talk was presented at packet hacking village in Defcon 2015 - https://www.defcon.org/html/defcon-23/dc-23-village-talks.html#pcapvillage
Hacker's Practice Ground - Wall of Sheep workshops - Defcon 2015
Hacker's Practice Ground - Wall of Sheep workshops - Defcon 2015
lokeshpidawekar
Today security filters can be found on our network perimeter, on our servers, in our frameworks and applications. As our network perimeter becomes more secure, applications become more of a target. Security filters such as IDS and WAF are relied upon to protect applications. Intrusion detection evasion techniques were pioneered over a decade ago. How are today's filters withstanding ever evolving evasion tactics? The presentation will examine how evasion techniques worked in the past and provide insight into how these techniques can still work today; with a focus on HTTP attacks. A practical new way to bypass Snort will be demonstrated. A tool to test other IDS for the vulnerability in Snort will be demonstrated. (Outerz0ne 2009) Video of this presentation at Outerz0ne 5: http://www.irongeek.com/i.php?page=videos/rob-ragan-filter-evasion-houdini-on-the-wire
Filter Evasion: Houdini on the Wire
Filter Evasion: Houdini on the Wire
Rob Ragan
* Django is a Web Application Framework, written in Python * Allows rapid, secure and agile web development. * Write better web applications in less time & effort.
Django (Web Applications that are Secure by Default )