Scaling-up and Automating Web Application Security Tech Talk

•Descargar como PPSX, PDF•

2 recomendaciones•1,979 vistas

These are the slides for the Tech Talk that Netsparker's CEO Ferruh Mavituna delivered at Infosecurity Europe in London. During the presentation, Ferruh first talks about the three stages of the vulnerability detection process: Discovery Identify Automate Then he explained the pre-scan and post-scan challenges of automating the vulnerability detection process, such as; configuring authenticated scans, URL Rewrites, manually verifying false positives and much more. Ferruh also explains how today’s technology allows us to overcome most of these challenges and as he says Automate what can be automated. You can watch the presentation here: https://www.netsparker.com/blog/web-security/infosecurity-europe-tech-talk-automating-web-security/

Internet

Ferruh Mavituna, CEO
Scaling-Up &
Automating Web
Application Security
Netsparker

Scaling-Up and Automating Web Application Security
Discover

Scaling-Up and Automating Web Application Security
• Public Websites
• Mission Critical
• Temporary (i.e. short-term marketing websites)
• Managed by 3rd party
• Internal Websites
• Mission Critical
• Developed in house
• Developed by a 3rd party
• Hardware Management Interfaces
• Staging Websites
• Actively Developed
• 3rd party & will be deployed
Discover & Prioritize

Scaling-Up and Automating Web Application Security
• Process
• Internal asset management
• Introducing a process & policy
• Automated Discovery
• Effectively smart “port scanning”
Discover & Prioritize

Scaling-Up and Automating Web Application Security
Identify

Scaling-Up and Automating Web Application Security
• Configuration Issues
• TLS, Web Server, Unnecessary features…
• Known Vulnerabilities and Out-of-date Dependencies
• Known vulnerabilities in known applications and dependencies
• Out-of-date JS libraries, modules, dependencies, frameworks…
• Unknown Vulnerabilities (zero-days)
• SQL Injection, CSRF, XSS, LFI, RFI and similar vulnerabilities that are not known yet
• Lack of Security Best Practice and Proactive Measures
• CSP, HSTS, Information Disclosure, Insecure Endpoints, Leaking data to 3rd party resources
etc.
Identify Vulnerabilities

Scaling-Up and Automating Web Application Security
Automate

Scaling-Up and Automating Web Application Security
• Automation excels at
• Scaling
• Being consistent
• Enforcing checks
• Finding majority of vulnerabilities
• Eliminating human-errors on repeated checks
• Limitations of automation
• Logical issues
• Extremely design specific & platform specific issues
• Discovering all the flows & processes in websites
Automation

Scaling-Up and Automating Web Application Security
“Automate what can
be automated”

Scaling-Up and Automating Web Application Security
Automation
Challenges

Scaling-Up and Automating Web Application Security
• Authenticated Scans
• URL Rewrite
• Custom 404 Pages
• Form Values
Pre-scan Challenges

Scaling-Up and Automating Web Application Security
• False Positive
• Correlating Results
• Hot-patching vulnerabilities in WAF level
Post-scan Challenges

Scaling-Up and Automating Web Application Security
• How many of the identified vulnerabilities are real?
• What’s the real risk?
• How long would it take to review all vulnerabilities to see which are
False Positives?
• What kind of technical expertise do you need to accomplish this?
10,000 Issues have been identified, Now what?

Scaling-Up and Automating Web Application Security
“Automation without
accuracy cannot scale”

Scaling-Up and Automating Web Application Security
• How is it done manually?
• Can it be automated?
Elimination of False Positives

Scaling-Up and Automating Web Application Security
“If it’s exploitable it
cannot be a false
positive”

Scaling-Up and Automating Web Application Security
• Securing thousands of web applications is possible
• Automate what can be automated
• Use the right tools for the job
• Understand what automation can and cannot do
• Plan for the long term
• Challenge the norm
Conclusion

Más contenido relacionado

La actualidad más candente

Web Application Security with PHP

jikbal

Same-origin Policy (SOP)

Netsparker

This presentation is part of one of talk, I gave in Microsoft .NET Bootcamp. The contents are slightly edited to share the information in public domain. In this presentation, I tried to cover Application Security Tools that can be helpful for analyzing security threats as well as putting up some defense . This presentation will be useful for software architects/Managers,developers and QAs. Do share your feedback in comments.

Application Security Tools

Lalit Kale

Web application security is the process of securing confidential data stored online from unauthorized access and modification. This is accomplished by enforcing stringent policy measures. A web threat is any threat that uses the World Wide Web to facilitate cybercrime. Web threats use multiple types of malware and fraud, all of which utilize HTTP or HTTPS protocols, but may also employ other protocols and components, such as links in email or IM, or malware attachments or on servers that access the Web.

Web Security Attacks

Sajid Hasan

Presentation on Web Attacks

Vivek Sinha Anurag

Api security-testing

n|u - The Open Security Community

The OWASP top 10 is a list of the most prolific security issues facing web developers today. In this talk, Robert, will take you through all 10 and demonstrate the problems (we will hack for real… in a safe way) and talk about the solutions. This is an introductory talk, so no prior experience is needed in web dev or security. Not doing web dev? Many of these apply to all development! So join in for a lively session of demos, learning and fun Video of this talk: https://www.youtube.com/watch?v=p5YCHNnQNyg

OWASP TOP 10

Robert MacLean

Security Testing - Zap It

Manjyot Singh

Learn to pen-test with OWASP ZAP

Paul Ionescu

These slides were used for the live demo, Netsparker's security researcher Sven Morgenroth gave during episode 526 of Paul's Security Weekly. During the live demo Sven shows how to bypass web application firewalls and highlight the importance of fixing vulnerabilities in web applications, regardless of how many layers of security you have protecting your web application. Watch the live demo at the following URL: https://www.netsparker.com/blog/web-security/live-demo-web-application-firewall-bypass/

Bypassing Web Application Firewalls and other security filters

Netsparker

[Wroclaw #6] Introduction to desktop browser add-ons

OWASP

Secure Coding 101 - OWASP University of Ottawa Workshop

Paul Ionescu

Technical Architecture of RASP Technology

Priyanka Aash

Penetration testing web application web application (in) security

Nahidul Kibria

Owasp top 10 2017

ibrahimumer2

Practical tips and heroic war stories on how to secure a large, modern, fast software delivery platform. From building a team to building cool stuff, dealing with organisational setups to dealing with security incidents. Zero Buzzwords Guaranteed. Chris Rutter has spent the last few years obsessed with making security, engineering and the business work together. Starting his career as an engineer, he uses a deep understanding of Agile, Devops, and product delivery to solve security problems in a way that enables teams, rather than hitting them with bricks.

Platform Security IRL: Busting Buzzwords & Building Better

Equal Experts

Outpost24 webinar - Demystifying Web Application Security with Attack Surface...

Outpost24

Web attacks

husnara mohammad

OWASP Secure Coding

bilcorry

Rapid Android Application Security Testing

Nutan Kumar Panda

La actualidad más candente (20)

Web Application Security with PHP

Same-origin Policy (SOP)

Application Security Tools

Web Security Attacks

Presentation on Web Attacks

Api security-testing

OWASP TOP 10

Security Testing - Zap It

Learn to pen-test with OWASP ZAP

Bypassing Web Application Firewalls and other security filters

[Wroclaw #6] Introduction to desktop browser add-ons

Secure Coding 101 - OWASP University of Ottawa Workshop

Technical Architecture of RASP Technology

Penetration testing web application web application (in) security

Owasp top 10 2017

Platform Security IRL: Busting Buzzwords & Building Better

Outpost24 webinar - Demystifying Web Application Security with Attack Surface...

Web attacks

OWASP Secure Coding

Rapid Android Application Security Testing

Similar a Scaling-up and Automating Web Application Security Tech Talk

Security testautomation

Linkesh Kanna Velu

Hacker Proof web app using Functional tests

Ankita Gupta

Chasing web-based malware

FACE

Uweb Meeting Presentation - Website Exploits

tamuwww

Basic fundamentals of web application development

sofyjohnson18

Visual Studio LightSwitch (Beta 1) Overview

Steve Lange

Security Testing - Where Automation Fails

Christiaan Ottow

The OWASP Zed Attack Proxy

Aditya Gupta

CGG and TiE "Officially Supported" by Department of Communications and IT, Government of Andhra Pradesh along with E2labs, Asia's first Anti - Hacking Academy is jointly organizing a 5 days Advanced Program on "Learn - Breaking Down the Security of a Website, Web Application or Company for Real" from Monday, 22nd October to Friday, 26th October at CGG (Centre of Good Governance),Rd# 25,Jubilee Hills, Hyderabad.

E2 Labs: ADVANCED PROGRAM ON: THE SECURITY OF A WEBSITE

e2-labs

Unified Security Governance

Can Demirel

Web App Security Presentation by Ryan Holland - 05-31-2017

TriNimbus

CSS 17: NYC - Protecting your Web Applications

Alert Logic

www.webre24h.com - Ajax security

webre24h

Join the CASC Wednesday April 30 for a Google+ hangout on the Heartbleed Bug. We’ll cover everything from what the bug does to how to tell if your site is at risk and how certificate authorities are responding. Panel of CASC members: • Robin Alden- Comodo • Jeremy Rowley- DigiCert • Bruce Morton- Entrust • Rick Andrews- Symantec • Wayne Thayer- Go Daddy Watch the recording: http://bit.ly/1jAQCtk

Heartbleed Bug Vulnerability: Discovery, Impact and Solution

CASCouncil

Troubleshooting application problems is never easy. There’s always a blame game going on between App Dev, IT Ops and DevOps teams to decide where an application problem originated and who owns it. There could be a code-level issue in the application, a long-running query can slow application processing, slow third-party calls are another common problem in the application framework. In the latest update of our IT monitoring solution, eG Enterprise version 6.3, we’ve introduced new application performance monitoring (APM) capabilities to deliver code-level and query-level visibility for Java and .NET environments. Join this session and learn how the new capabilities will help you extend performance monitoring to solve more complex IT problems. Key topics to be covered in the webinar: Real User Monitoring: Track user experience issues in real time Business Transaction Tracing: Analyze application transactions and identify code-level issues Converged App & Infra Monitoring: Get correlated insight to pinpoint the root cause of problems: Network? Database? Virtualization? App code?

How to Monitor Your Java & .NET Applications with eG Enterprise

eG Innovations

Keeping the wolf from 1000 doors.

Eoin Keary

Google App engine

Indika Munaweera Kankanamge

Are WAFs the best approach for defending your website against malicious bots? How can you optimize your WAF for bot detection and mitigation? Watch this webinar and learn practical tips on how to defend your web infrastructure against the OWASP Top 10 as well as brute force attacks, web scraping, unauthorized vulnerability scans, fraud, spam and man-in-the-middle attacks. World renowned expert and author of Web Application Firewalls: A Practical Approach, John Stauffacher, shares his expertise. He has over 17 years of experience in IT Security and is a certified Network Security and Engineering specialist. Learn more : http://resources.distilnetworks.com/h/i/95930604-tune-in-for-the-ultimate-waf-torture-test-bots-attack/177622

Tune in for the Ultimate WAF Torture Test: Bots Attack!

Distil Networks

In the ever-evolving, fast-paced Agile development world, application security has not scaled well. Incorporating application security and testing into the current development process is difficult, leading to incomplete tooling or unorthodox stoppages due to the required manual security assessments. Development teams are working with a backlog of stories—stories that are typically focused on features and functionality instead of security. Traditionally, security was viewed as a prevention of progress, but there are ways to incorporate security activities without hindering development. There are many types of security activities you can bake into your current development lifecycles—tooling, assessments, stories, scrums, iterative reviews, repo and bug tracking integrations—every organization has a unique solution and there are positives and negatives to each of them. In this slide deck, we go through the various solutions to help build security into the development process.

AppSec in an Agile World

David Lindner

Css sf azure_8-9-17-protecting_web_apps_stephen coty_al

Alert Logic

Similar a Scaling-up and Automating Web Application Security Tech Talk (20)

Security testautomation

Hacker Proof web app using Functional tests

Chasing web-based malware

Uweb Meeting Presentation - Website Exploits

Basic fundamentals of web application development

Visual Studio LightSwitch (Beta 1) Overview

Security Testing - Where Automation Fails

The OWASP Zed Attack Proxy

E2 Labs: ADVANCED PROGRAM ON: THE SECURITY OF A WEBSITE

Unified Security Governance

Web App Security Presentation by Ryan Holland - 05-31-2017

CSS 17: NYC - Protecting your Web Applications

www.webre24h.com - Ajax security

Heartbleed Bug Vulnerability: Discovery, Impact and Solution

How to Monitor Your Java & .NET Applications with eG Enterprise

Keeping the wolf from 1000 doors.

Google App engine

Tune in for the Ultimate WAF Torture Test: Bots Attack!

AppSec in an Agile World

Css sf azure_8-9-17-protecting_web_apps_stephen coty_al

Último

Call Girls Sangvi Call Me 7737669865 Budget Friendly No Advance Booking Booking Now open +91- 7737669865 Why you Choose Us- +91- 7737669865 HOT⇄ 7737669865 Mr ashu ji Call Mr ashu Ji +91- 7737669865 (V020524]N) 𝐇𝐨𝐭𝐞𝐥 𝐑𝐨𝐨𝐦𝐬 𝐈𝐧𝐜𝐥𝐮𝐝𝐢𝐧𝐠 𝐑𝐚𝐭𝐞 𝐒𝐡𝐨𝐭𝐬/𝐇𝐨𝐮𝐫𝐲🆓 .█▬█⓿▀█▀ 𝐈𝐍𝐃𝐄𝐏𝐄𝐍𝐃𝐄𝐍𝐓 𝐆𝐈𝐑𝐋 𝐕𝐈𝐏 𝐄𝐒𝐂𝐎𝐑𝐓 Hello Guys ! High Profiles young Beauties and Good Looking standard Profiles Available , Enquire Now if you are interested in Hifi Service and want to get connect with someone who can understand your needs. Service offers you the most beautiful High Profile sexy independent female Escorts in genuine ✔✔✔ To enjoy with hot and sexy girls ✔✔✔ ★providing:- • Models • vip Models • Russian Models

Call Girls Sangvi Call Me 7737669865 Budget Friendly No Advance BookingCall G...

roncy bisnoi

All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445 Why you Choose Us- +91-6378878445 Bangalore Escort Service includes providing maximum physical satisfaction to their clients as well as engaging conversation that keeps your time enjoyable and entertaining. Plus they look fabulously elegant; making an impressionable I Have Extremely Beautiful Broad Minded Cute Sexy & Hot Call Girls and Escorts, We Are Located in 3* 4* 5* Hotels. Safe & Secure High Class Services Affordable Rate 100% Satisfaction, Unlimited Enjoyment. Any Time for Model/Teens Escort in Delhi High class luxury and premium escorts agency. CALL US High Class Luxury and Premium Escort Service We Provide Well Educated,Royal Class Female,High-Class Escort Service Offering a Top High Class Escort Service In The & Several Nearby All Places of . (L030524]k)

All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445

ruhi

Microsoft Azure Arc Customer Deck Microsoft

AanSulistiyo

Real Men Wear Diapers T Shirts sweatshirt

rahman018755

📱Dehradun Call Girls Service 📱☎️ +91'905,3900,678 ☎️📱 Call Girls In Dehradun 📱 (๏ 人 ๏) Dehradun Call Girls provide you with erotic massage therapy Dehradun Call Girls are well-trained in courtship and seduction. They can offer you true love and companionship. They can also. They can help you forget your problems and frustrations. They are also experts in playing several roles. ( • )( • )ԅ(≖⌣≖ԅ) Call Girls Dehradun is also available for special occasions. They can take you to business meetings or business tours. They can also take you to public functions or any special occasion. These ladies are ready to serve their clients with care and respect. They have a wide range of experience and can also offer customized services. College Call Girls Dehradun These websites can help you find escorts in your area. You can also find reviews about them and get recommendations. Their expertise allows them to reach the sensational areas of a man's body and release feelings more intensely with touches and adult words. You can full your all deserts with Dehradun Call Girls Dehradun Call Girls you can find the best escort girls to meet your sexual desires. There are many options, from cute college girls to sexy models. However, you should be careful when choosing an escort service because some will not offer quality services. Independent Call Girls Dehradun will offer companionship services in addition to their sexual services. They can also accompany you to dinner or other social events. In addition, some escorts will perform intimate massages to increase your sensual pleasure another option is to hire a hot Russian escort. These girls are not only beautiful but also very talented in sex. In addition to orgasm, they can offer various erotic positions. These sexy babes are a perfect choice for a sexy night in town. They know all the sexy positions and will make you moan in delight. They can also play with your dick in the deep throat position and lick it like ice cream. There are plenty of Call girls in Dehradun who are available for one-night stands. Just make sure that you use a trusted site and read reviews before booking. You can find a wide variety of gorgeous call girls in our city on the internet. These websites offer a safe and convenient way to meet a woman and enjoy her company for a night of fun. These sites typically offer a photo of the girl and her number. You can contact her through the phone or sexing to arrange a rendezvous. ★OUR BEST SERVICES: - FOR BOOKING A-Level (5 star escort) ★ Strip-tease ★ BBBJ (Bareback Blowjob) ★ Spending time in my rooms ★ BJ (Blowjob Without a Condom) ★ COF (Come On Face) ★ Completion ★ (Oral to completion) bjnonCovered ★ Special Massage ★ O-Level (Oral sex) ★ Blow Job; ★ Oral sex with a noncondom) ★ COB (Come On Body)

📱Dehradun Call Girls Service 📱☎️ +91'905,3900,678 ☎️📱 Call Girls In Dehradun 📱

@Chandigarh #call #Girls 9053900678 @Call #Girls in @Punjab 9053900678

( Pune ) VIP Baner Call Girls 🎗️ 9352988975 Sizzling | Escorts | Girls Are Ready To Lift You "Call Girls Pune VIP Service.. 9352988975 Booking Open Now We Are Providing Safe & Secure High Class girl women sucking men Services Affordable Rate 100% Satisfaction, Unlimited Enjoyment. Any Time for Model/ women seeking men in royal call girl High class luxury and premium call girl agency. ✔️High class luxury and premium escorts agency We Provide Well Educated, Royal Class Female, High-class Escorts agency offering a top high class escort service in the royal Escorts ✔️ Get High Profile queens , Well Educated , Good Looking , Full Cooperative Model Services. you can see me at my comfortable Hotels or I can visit you in hotel Our Service Available IN All Services 3/5/7 Star Hotels, In call /Out call Service 24/7.. ✔️ All Meetings We Provide Hottest Female With Me Are Safe And Consensual With Most Limits Respected Complete Satisfaction Guaranteed...Service Available In:- 24/7 3 * 5 *7 *Star Hotel Service In. In Call Out call service Avilable also. ✔️ I guarantee you to have an unforgettable experience with me A curvy body, long hair and silky smooth skin. She is an independent royal Escorts/Women Seeking Men model will give you more pleasure & Full satisfaction. ✔️ I am very sensual and flirtatious with charming personality! I love to laugh and my bright smile is ever Present. ,Hotel & Home Services CALL PLZZ ✔️Available Near All #s07 3* 4* 5* 7* Hotels Of I Want Only Hotel Name , Guest Name , Room No. Only For Confirmation.✔️ Arundhati... agency...⭐⭐⭐⭐⭐ VIP...Service ✣ ✤ ✥ ✦ TIME WASTERS AND BARGAINERS ARE PLEASE EXCUSE, WE RESPECT YOUR SAFETY AND PRIVACY AND EXPECT TH WHATSAPP CALL ME" 9352988975

( Pune ) VIP Baner Call Girls 🎗️ 9352988975 Sizzling | Escorts | Girls Are Re...

nilamkumrai

(Vivek)Call Us, 8448380779,Call girls in Delhi NCr – We Offer best in class call girls. escort Service At Affordable Price At low Rate with Space Night 8000 We Are One Of The Oldest Escort and Call girls Agencies in Delhi. You Will Find That Our Female Escorts Are Full Of Fun, Sexy And They Would Love Enjoy Your Company. We Have A Fantastic Selection Of Escort Ladies Available For In-Calls As Well As Out-Calls. Our Escorts Are Not Only Beautiful But All Have Great Personalities Making Them The Perfect Companion For Any Occasion. In-Call:- You Can Come At Our Place in Delhi Our place Which Is Very Clean Hygienic 100% safe Accommodation. Out-Call:- You have To Come Pick The Girl From My Place We Are Also Provide Door Step Services (Delhi Ncr, Noida, Gurgaon, Faridabad, Ghaziabad Note:- Pic Collectors Time Passers Bargainers Stay Away As We Respect The Value For Your Money Time And Expect The Same From You Hygienic:- Full Ac room And Clean Rooms Available In Hotel 24 * 7 Hourly In Delhi NCR More Details, With WhatsApp Number, +91-8448380779

Busty Desi⚡Call Girls in Vasundhara Ghaziabad >༒8448380779 Escort Service

Delhi Call girls

Call Girl In Delhi ☎92055#41914 ¶¶ Indian,Russian Best Quality full Educated And Full Cooperative Independent Call Girls Escort Services In New Delhi- I Have Extremely Beautiful Broad Minded Cute Sexy & Hot Call Girls and Escorts, We Are Located in 3* 4* 5* Hotels in Delhi. Safe & Secure High Class Services Affordable Rate 100% Satisfaction, Unlimited Enjoyment. Any Time for Model/Teens Escort in Delhi High class luxury and premium escorts agency Indian Russian Call Girls In Delhi Booking Good High Profile Escorts (Call Girls) In Delhi 5 Star Hotel ,Incall Service,OutCall Service, We provide services by Call Girls,College Girls,Modals Get High Profile queens,Well Educated,Good Looking,Full Cooperative Model, Russian Models,Punjabi Girls Kashmeri Girls Services etc… We Provide Hottest Female With Safe And Consensual With Most Limits Respected Complete Satisfaction Guaranteed…Service. Call Me Spacial For Including Incall//outcall Service In New Delhi Indian Russian Escorts Service

Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...

Delhi Call girls

Thalassery Escorts Service ☎️ 6378878445 ( Sakshi Sinha ) High Profile Call Girls In Thalassery *_* Book All India 5 Star Hotels 👄 Escorts Service Available Whatsapp Chaya ☎️ : [+91-6378878445] Escorts Service are always ready to make their clients happy. Their exotic looks and sexy personalities are sure to turn heads. You can enjoy with them, including massages and erotic encounters. Our area Escorts are young and sexy, so you can expect to have an exotic time with them. They are trained to satiate your naughty nerves and they can handle anything that you want. They are also intelligent, so they know how to make you feel comfortable and relaxed Independent Escorts Service They know all the sex positions and can satisfy you in any way that you desire. They can even give you erotic massages to help you relax before your session. This is essential, because a man who is stressed won’t be receptive to the pleasures of sex. They also know how to play with your sexy organs, so you’ll have plenty of foreplay and cuddling. P452024SS SERVICE ✅ ❣️ ⭐➡️HOT & SEXY MODELS // COLLEGE GIRLS HOUSE WIFE RUSSIAN , AIR HOSTES ,VIP MODELS . AVAILABLE FOR COMPLETE ENJOYMENT WITH HIGH PROFILE INDIAN MODEL AVAILABLE HOTEL & HOME ★ SAFE AND SECURE HIGH CLASS SERVICE AFFORDABLE RATE ★ SATISFACTION,UNLIMITED ENJOYMENT. ★ All Meetings are confidential and no information is provided to any one at any cost. ★ EXCLUSIVE PROFILes Are Safe and Consensual with Most Limits Respected ★ Service Available In: - HOME & HOTEL Star Hotel Service .In Call & Out call SeRvIcEs : ★ A-Level (star escort) ★ Strip-tease ★ BBBJ (Bareback Blowjob)Receive advanced sexual techniques in different mode make their life more pleasurable. ★ Spending time in hotel rooms ★ BJ (Blowjob Without a Condom) ★ Completion (Oral to completion) ★ Covered (Covered blowjob Without condom ★ANAL SERVICES.

Thalassery Escorts Service ☎️ 6378878445 ( Sakshi Sinha ) High Profile Call G...

Call Girls In Delhi Whatsup 9873940964 Enjoy Unlimited Pleasure

Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For Sex At Your Doorstep Booking Contact Details WhatsApp Chat: +91-6297143586 pune Escort Service includes providing maximum physical satisfaction to their clients as well as engaging conversation that keeps your time enjoyable and entertaining. Plus they look fabulously elegant; making an impressionable. Independent Escorts pune understands the value of confidentiality and discretion - they will go the extra mile to meet your needs. Simply contact them via text messaging or through their online profiles; they'd be more than delighted to accommodate any request or arrange a romantic date or fun-filled night together. We provide - 02-may-2024(v.n)

Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...

tanu pandey

Wagholi & High Class Call Girls Pune Neha 8005736733 | 100% Gennuine High Class Independent Escorts service Booking Now open +91- 8005736733 Why you Choose Us- +91- 8005736733 HOT⇄ 8005736733 Mr ashu ji Call Mr ashu Ji +91- 8005736733 𝐇𝐨𝐭𝐞𝐥 𝐑𝐨𝐨𝐦𝐬 𝐈𝐧𝐜𝐥𝐮𝐝𝐢𝐧𝐠 𝐑𝐚𝐭𝐞 𝐒𝐡𝐨𝐭𝐬/𝐇𝐨𝐮𝐫𝐲🆓 .█▬█⓿▀█▀ 𝐈𝐍𝐃𝐄𝐏𝐄𝐍𝐃𝐄𝐍𝐓 𝐆𝐈𝐑𝐋 𝐕𝐈𝐏 𝐄𝐒𝐂𝐎𝐑𝐓 Hello Guys ! High Profiles young Beauties and Good Looking standard Profiles Available , Enquire Now if you are interested in Hifi Service and want to get connect with someone who can understand your needs. Service offers you the most beautiful High Profile sexy independent female Escorts in genuine ✔✔$V15 ✔✔To enjoy with hot and sexy girls ✔✔✔ ★providing:- • Models • vip Models • Russian Models • Foreigner Models • TV Actress and Celebrities • Receptionist • Air Hostess • Call Center Working Girls/Women • Hi-Tech Co. Girls/Women • Housewife

Wagholi & High Class Call Girls Pune Neha 8005736733 | 100% Gennuine High Cla...

SUHANI PANDEY

20240509 QFM015 Engineering Leadership Reading List April 2024.pdf

Matthew Sinclair

Katraj ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For Sex At Your Doorstep Booking Contact Details WhatsApp Chat: +91-6297143586 pune Escort Service includes providing maximum physical satisfaction to their clients as well as engaging conversation that keeps your time enjoyable and entertaining. Plus they look fabulously elegant; making an impressionable. Independent Escorts pune understands the value of confidentiality and discretion - they will go the extra mile to meet your needs. Simply contact them via text messaging or through their online profiles; they'd be more than delighted to accommodate any request or arrange a romantic date or fun-filled night together. We provide - 02-may-2024(v.n)

Katraj ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...

tanu pandey

APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...

APNIC

Lucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRL CALL GIRLS IN Locknow ESCORT SERVICE❤CALL GIRL IN We are Providing :- ● – Private independent collage Going girls . ● – independent Models . ● – House Wife’s . ● – Private Independent House Wife’s ● – Corporate M.N.C Working Profiles . ● – Call Center Girls . ● – Live Band Girls . ●- Foreigners & Many More . Service type: 1.In call 2.out call 3. full Lip to Lip kiss 4.69 5.b-job without Condom 6. Hard Core sex & Much More. 7 Body to Body Touch 8 Kissing 9 Sucking Boobs and More 10 Enjoy by Hand 11 Relax By Oral 12 Sex with Happy Ending • In Call and Out Call Service • 3* 5* 7* Hotels Service • 24 Hours Available • Indian, Russian, Punjabi, Kashmiri Escorts • Real Models, College Girls, House Wife, Also Available • Short Time and Full Time Service Available • Hygienic Full AC Neat and Clean Rooms Avail. In Hotel 24 hours • Daily Escorts Staff Available • Minimum to Maximum Range Available. Call girl service in Lucknow Lucknow call girl service Call girl service Lucknow Call girl Lucknow Call girls service in Lucknow Call girls in Lucknow Lucknow call girls Lucknow call girls service Lucknow escort service Lucknow escorts service Lucknow escorts Lucknow escort Escort service in Lucknow Escort in Lucknow Escort Lucknow Escorts in Lucknow Escorts service in Lucknow These professional and Call girls in Bangalore can satisfy your every desire - be it sensual massage or an erotic shower, they are always more than willing to meet them. Furthermore, they pay close attention to body language cues to ensure you enjoy every minute spent in their company - both in-call and outcall services are offered. Is an excellent choice for anyone seeking an exciting and thrilling night of fun and excitement

Lucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRL

imonikaupta

Wadgaon Sheri $ Call Girls Pune 10k @ I'm VIP Independent Escorts Girls 8005736733 Nargish Khan Booking Now open +91- 8005736733 Why you Choose Us- +91- 8005736733 HOT⇄ 8005736733 Mr ashu ji Call Mr ashu Ji +91- 8005736733 𝐇𝐨𝐭𝐞𝐥 𝐑𝐨𝐨𝐦𝐬 𝐈𝐧𝐜𝐥𝐮𝐝𝐢𝐧𝐠 𝐑𝐚𝐭𝐞 𝐒𝐡𝐨𝐭𝐬/𝐇𝐨𝐮𝐫𝐲🆓 .█▬█⓿▀█▀ 𝐈𝐍𝐃𝐄𝐏𝐄𝐍𝐃𝐄𝐍𝐓 𝐆𝐈𝐑𝐋 𝐕𝐈𝐏 𝐄𝐒𝐂𝐎𝐑𝐓 Hello Guys ! High Profiles young Beauties and Good Looking standard Profiles Available , Enquire Now if you are interested in Hifi Service and want to get connect with someone who can understand your needs. Service offers you the most beautiful High Profile sexy independent female Escorts in genuine ✔✔$V15 ✔✔To enjoy with hot and sexy girls ✔✔✔ ★providing:- • Models • vip Models • Russian Models • Foreigner Models • TV Actress and Celebrities • Receptionist • Air Hostess • Call Center Working Girls/Women • Hi-Tech Co. Girls/Women • Housewife

Wadgaon Sheri $ Call Girls Pune 10k @ I'm VIP Independent Escorts Girls 80057...

SUHANI PANDEY

💚😋 Salem Escort Service Call Girls, 9352852248 ₹5000 To 25K With AC💚😋 Booking Contact Details :- WhatsApp Chat :- +91-9352852248 If you're looking for India Call girls you've come to the right place. You'll find some of the most beautiful call girls in our location with. These ladies have pleasing personalities, hot figures, and a passion for physical pleasure. Call girls in India Lucknow Many men have booked them for their erotic and soul-mixing performances, which are sure to leave you with unforgettable memories. #K09 Escort Service India is available in the city for men and women of all ages. They can satisfy your sexual needs and will make your experience even more enjoyable and memorable. Whether you're looking for a blow-job, stripping, lovemaking, or other dirty acts, you'll be able to find a match for your tastes and budget. These highly trained professionals will help you have an unforgettable night. One Shot — 5000/in call (time 1 hour), 6000/out call Two shot with one girl — 8000/in call (time 2 hour), 10000/out call Body to body massage with sex- 8000/in call (time 1 hour) Full night Service for one person– 12000/in call, 13000/out call (shot limit 3-4 shots) Full night Service for more than 1 person — please contact Us —9352852248 We are available 24*7 all days of the year. Call us — 9352852248 Thank you for Visiting.

💚😋 Salem Escort Service Call Girls, 9352852248 ₹5000 To 25K With AC💚😋

nirzagarg

𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready For Sex At Your Doorstep Call Mr Chirag Ji +91-7877925207 NORTH/SOUTH INDIANS HIGH CLASS MODELS/COLLEGE GIRLS/ HOUSEWIVES/BODY TO BODY MASSAGE, SANDWICH MASSAGE, SHOWER BATHING, BLOW JOB, LICKING, FRONT AND BACK SHOT, RUBBING, KISSING SMOOCHING ETC ETC... UNLIMITED FUN Call 24/7. Your assistance for your service... ☛ ✔✔ secure✔✔ 100% safe ✔✔ Vip Callgirl Service offers you the most beautiful High Profile sexy independent female Escorts in genuine ✔✔✔ To enjoy with hot and sexy girls ✔✔✔ A02524SW ★providing:- • Models • vip Models • Russian Models • Foreigner Models • TV Actress and Celebrities • Receptionist • Air Hostess • Call Center Working Girls/Women • Hi-Tech Co. Girls/Women • Housewife • Collage Going Girls. • Travelling Escorts. • Ramp-models • Foreigner And Many More.. ★OUR BEST SERVICES: - FOR BOOKING ★ A-Level (5 star escort) ★ Strip-tease ★ BBBJ (Bareback Blowjob)

𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...

Neha Pandey

WhatsApp 📞 8448380779 ✅Call Girls In Mamura Sector 66 ( Noida)

Delhi Call girls

Nanded City ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For Sex At Your Doorstep Booking Contact Details WhatsApp Chat: +91-6297143586 pune Escort Service includes providing maximum physical satisfaction to their clients as well as engaging conversation that keeps your time enjoyable and entertaining. Plus they look fabulously elegant; making an impressionable. Independent Escorts pune understands the value of confidentiality and discretion - they will go the extra mile to meet your needs. Simply contact them via text messaging or through their online profiles; they'd be more than delighted to accommodate any request or arrange a romantic date or fun-filled night together. We provide - 02-may-2024(v.n)

Nanded City ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready ...

tanu pandey

Scaling-up and Automating Web Application Security Tech Talk

1. Ferruh Mavituna, CEO Scaling-Up & Automating Web Application Security Netsparker

2. Scaling-Up and Automating Web Application Security Discover

3. Scaling-Up and Automating Web Application Security • Public Websites • Mission Critical • Temporary (i.e. short-term marketing websites) • Managed by 3rd party • Internal Websites • Mission Critical • Developed in house • Developed by a 3rd party • Hardware Management Interfaces • Staging Websites • Actively Developed • 3rd party & will be deployed Discover & Prioritize

4. Scaling-Up and Automating Web Application Security • Process • Internal asset management • Introducing a process & policy • Automated Discovery • Effectively smart “port scanning” Discover & Prioritize

5. Scaling-Up and Automating Web Application Security Identify

6. Scaling-Up and Automating Web Application Security • Configuration Issues • TLS, Web Server, Unnecessary features… • Known Vulnerabilities and Out-of-date Dependencies • Known vulnerabilities in known applications and dependencies • Out-of-date JS libraries, modules, dependencies, frameworks… • Unknown Vulnerabilities (zero-days) • SQL Injection, CSRF, XSS, LFI, RFI and similar vulnerabilities that are not known yet • Lack of Security Best Practice and Proactive Measures • CSP, HSTS, Information Disclosure, Insecure Endpoints, Leaking data to 3rd party resources etc. Identify Vulnerabilities

7. Scaling-Up and Automating Web Application Security Automate

8. Scaling-Up and Automating Web Application Security • Automation excels at • Scaling • Being consistent • Enforcing checks • Finding majority of vulnerabilities • Eliminating human-errors on repeated checks • Limitations of automation • Logical issues • Extremely design specific & platform specific issues • Discovering all the flows & processes in websites Automation

9. Scaling-Up and Automating Web Application Security “Automate what can be automated”

10. Scaling-Up and Automating Web Application Security Automation Challenges

11. Scaling-Up and Automating Web Application Security • Authenticated Scans • URL Rewrite • Custom 404 Pages • Form Values Pre-scan Challenges

12. Scaling-Up and Automating Web Application Security • False Positive • Correlating Results • Hot-patching vulnerabilities in WAF level Post-scan Challenges

13. Scaling-Up and Automating Web Application Security • How many of the identified vulnerabilities are real? • What’s the real risk? • How long would it take to review all vulnerabilities to see which are False Positives? • What kind of technical expertise do you need to accomplish this? 10,000 Issues have been identified, Now what?

14. Scaling-Up and Automating Web Application Security “Automation without accuracy cannot scale”

15. Scaling-Up and Automating Web Application Security • How is it done manually? • Can it be automated? Elimination of False Positives

16. Scaling-Up and Automating Web Application Security “If it’s exploitable it cannot be a false positive”

17. Scaling-Up and Automating Web Application Security • Securing thousands of web applications is possible • Automate what can be automated • Use the right tools for the job • Understand what automation can and cannot do • Plan for the long term • Challenge the norm Conclusion

Notas del editor

Use automation for what
Automation can deliver a lot but might need to be configured correctly to get the best out it.

Scaling-up and Automating Web Application Security Tech Talk

Recomendados

Recomendados

Más contenido relacionado

La actualidad más candente

La actualidad más candente (20)

Similar a Scaling-up and Automating Web Application Security Tech Talk

Similar a Scaling-up and Automating Web Application Security Tech Talk (20)

Último

Último (20)

Scaling-up and Automating Web Application Security Tech Talk

Notas del editor