Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
First Software Security Netherlands Meet Up - Delft - 18 May 2017
1. Welcome bij
First Software Security Netherlands meet up
Delft, May 18, 2017
Sponsored by:
https://www.meetup.com/SoftwareSecurityNetherlands
2. Goal of this group
Make Software Security challenges visible
Collaborate and learn together the practices across organizations that help them deliver secure
software
Promote defensive programming strategies
3. Introductions
Name :
Role at work :
Work background :
How did you hear the group / event ?
How do you like to contribute to the group ?
What are your expectations ?
4. Today’s Agenda
What’s new in OWASP Top 10 2017?
Introduction to Docker Security
Web Security Automation Strategies / Open House
6. The OWASP Top 10 2017
……… from the beginning of time
2010
2013
2017
…. To raise awareness about application security by identifying some of the most critical risks
facing organizations
7. The Data for OWASP Top 10 2017
11 large datasets: 8 consulting companies, 3 product vendors
Vulnerabilities gathered from over 50,000 real world applications and APIs
Prioritized with exploitability, detectability, and impact
Still in beta stages, the Top 10 list presented here is highly subjected
to change based on community feedback
8.
9. Additions, Deletions, and Merges
2017-A7: Insufficient Attack Protection
2017-A10: Unprotected APIs
2013-A10: Unvalidated Redirects and Forwards
2013-A4: Insecure Direct Object References
+
2013-A7: Missing Funtion Level Access Control 2013-A4: Broken Access Control
18. Docker – Challenges with downloading and installing software
Is there a documentation, tutorials, inconsistent documents
Where is it located? Do I need to run it with a different working directory
How to start, stop?
Is it a service? Do I need to change configuration files?
Dependencies
Security
Shared library updates
Which platform?
Which Operating System?
Portable format?
Executable
Source code download and building it?
19. Hardware
Kernel, Drivers
Libraries
(Win32)
OS Applications
(CMD,
powershell)
Applications
mysql, dotnet
Libraries
(Win32)
OS Applications
(CMD,
powershell)
Applications
mysql, dotnet
Libraries
(Win32)
OS Applications
(CMD,
powershell)
Applications
mysql, dotnet
Libraries
(Win32)
OS Applications
(CMD,
powershell)
Applications
mysql, dotnet
Hardware
Kernel, Drivers
Libraries (Win32)
OS Applications (CMD, powershell)
Applications mysql, dotnet
Isolation is approximately equal to security