SlideShare a Scribd company logo

Secure by Default Web Applications with Apache Sling

Robert Munteanu
Robert Munteanu

The document summarizes a presentation about securing web applications using Apache Sling. The presentation covers an introduction to Apache Sling, a demo of an application, threat modeling of the application's assets and risks, how Apache Sling addresses security through natural access controls and injection-safe APIs, a demo of the secure application, and conclusions about building securely by default and Apache Sling's extensibility.

Technology
1 of 40
Download to read offline
http://robert.muntea.nu @rombert Secure by Default Web Applications With Apache Sling Secure by Default Web Applications With Apache Sling Robert Munteanu, Adobe Systems Bucharest Technology Week 2016
http://robert.muntea.nu @rombert Who I am  $DAYJOB  Adobe Experience Manager  Apache Sling  Apache Jackrabbit  Apache Felix  Open Source  Apache Sling  MantisBT  Mylyn Connector for MantisBT  Mylyn Connector for Review Board
http://robert.muntea.nu @rombert Purpose of the talk Scope Cost Schedule
http://robert.muntea.nu @rombert Purpose of the talk Scope Cost Schedule
http://robert.muntea.nu @rombert Purpose of the talk Scope Cost Schedule
http://robert.muntea.nu @rombert Agenda ● Apache Sling ● Demo application review ● Threat model ● Security with Apache Sling ● Demo ● Conclusion ● Q&A
http://robert.muntea.nu @rombert Apache Sling – Brief History 2007 Incubation 2009 TLP 2015 Version 8 200x Pre-Apache
http://robert.muntea.nu @rombert Apache Sling – Code Statistics
http://robert.muntea.nu @rombert Apache Sling – Contributor activity
http://robert.muntea.nu @rombert Apache Sling – Value proposition ● Content-oriented ● RESTful ● Lightweight ● Integrated authentication and authorization ● OSGi-powered ● Scripting inside ● Easily deployable
http://robert.muntea.nu @rombert Apache Sling – Content-Oriented Blog posts Images Users and Groups
http://robert.muntea.nu @rombert Apache Sling – Content-Oriented Server-side templates and scripts Configurations
http://robert.muntea.nu @rombert Apache Sling – RESTful $ http localhost:8080/content/↵ blog/posts/hello_world.html json xml txt pdf php3
http://robert.muntea.nu @rombert Apache Sling – RESTful
http://robert.muntea.nu @rombert Apache Sling – Persistence via JCR
http://robert.muntea.nu @rombert Apache Sling – Topologies Standalone High Availability
http://robert.muntea.nu @rombert Agenda ● Apache Sling ● Demo application review ● Threat model ● Security with Apache Sling ● Demo ● Conclusion ● Q&A
http://robert.muntea.nu @rombert Demo App – main page
http://robert.muntea.nu @rombert Demo App – Article Page
http://robert.muntea.nu @rombert Demo App – Submitting comments
http://robert.muntea.nu @rombert Agenda ● Apache Sling ● Demo application review ● Threat model ● Security with Apache Sling ● Demo ● Conclusion ● Q&A
http://robert.muntea.nu @rombert Threat modelling “Threat modeling is an engineering technique you can use to help you identify threats, attacks, vulnerabilities, and countermeasures that could affect your application” Threat Modeling Web Applications on MSDN
http://robert.muntea.nu @rombert Threat Modelling - Assets
http://robert.muntea.nu @rombert Threat Modelling - Assets ● Availability ● Content ● User Credentials ● Ability to execute code on server ● Ability to execute code in the browser context
http://robert.muntea.nu @rombert Threat Modelling - Trust Levels
http://robert.muntea.nu @rombert Threat Modelling - Trust Levels 1. Anonymous 2. Author 3. Administrator
http://robert.muntea.nu @rombert Threat Modelling - Threats OWASP
http://robert.muntea.nu @rombert Threat Modelling - Threats 1. Denial of Service 2. Defacement / Deletion 3. Leaking credentials 4. SQL/Shell Injection 5. Stored/Reflected XSS
http://robert.muntea.nu @rombert Threat Modelling - Mitigation
http://robert.muntea.nu @rombert Agenda ● Apache Sling ● Demo application review ● Threat model ● Security with Apache Sling ● Demo ● Conclusion ● Q&A
http://robert.muntea.nu @rombert Apache Sling Security – Natural layering of ACEs
http://robert.muntea.nu @rombert Apache Sling Security – Security applied at the lowest level $ http --auth bob:bob localhost:8080/content/blog/posts/n ew_blog_post 'jcr:title=New post'
http://robert.muntea.nu @rombert Apache Sling Security – Context-aware templating language <div class="comment clearfix"> <img class="avatar img-rounded pull-left" src="${resource.valueMap['authorAvatar']}"/> <h3>${resource.valueMap['jcr:title']}</h3> <p>$ {resource.valueMap['jcr:description']}</p> </div>
http://robert.muntea.nu @rombert Apache Sling Security – Injection-safe APIs Children of /content/blog/posts
http://robert.muntea.nu @rombert Apache Sling Security – Injection-safe APIs Children of /content/blog/comments/ hello_world
http://robert.muntea.nu @rombert Agenda ● Apache Sling ● Demo application review ● Threat model ● Security with Apache Sling ● Demo ● Conclusion ● Q&A
http://robert.muntea.nu @rombert Demo Application – Actual demo!!!!1oneone
http://robert.muntea.nu @rombert Conclusions – Security ● Aim to be “Secure by Default” ● Build a threat model for your application ● Look for components that eliminate problems altogether
http://robert.muntea.nu @rombert Conclusions – Apache Sling ● Simple to be “Secure by Default” ● Eventing, Thread Pooling, Job Management, Caching ● Scripting: Groovy, Scala, JSP, Sightly, Java, Ruby, Thymeleaf ● Flexible resource rendering with resource types ● Very extensible due to being internally powered by OSGi – most extension points available to clients
http://robert.muntea.nu @rombert Resources ● Apache Sling – https://sling.apache.org ● Apache Jackrabbit ● https://jackrabbit.apache.org ● http://jackrabbit.apache.org/oak/ ● OWASP - https://www.owasp.org ● https://www.owasp.org/index.php/OWASP_Top_Ten _Cheat_Sheet ● https://www.owasp.org/index.php/Application_Thre at_Modeling

Recommended

Effective web application development with Apache Sling
Effective web application development with Apache SlingEffective web application development with Apache Sling
Effective web application development with Apache SlingRobert Munteanu
 
Apache Sling as a Microservices Gateway
Apache Sling as a Microservices GatewayApache Sling as a Microservices Gateway
Apache Sling as a Microservices GatewayRobert Munteanu
 
Of microservices and microservices
Of microservices and microservicesOf microservices and microservices
Of microservices and microservicesRobert Munteanu
 
Do you really want to go fully micro?
Do you really want to go fully micro?Do you really want to go fully micro?
Do you really want to go fully micro?Robert Munteanu
 
Effective Web Application Development with Apache Sling
Effective Web Application Development with Apache SlingEffective Web Application Development with Apache Sling
Effective Web Application Development with Apache SlingRobert Munteanu
 
Of Microservices and Microservices - Robert Munteanu
Of Microservices and Microservices - Robert MunteanuOf Microservices and Microservices - Robert Munteanu
Of Microservices and Microservices - Robert Munteanumfrancis
 
OSGi for outsiders - Milen Dyankov
OSGi for outsiders - Milen DyankovOSGi for outsiders - Milen Dyankov
OSGi for outsiders - Milen Dyankovmfrancis
 
Laravel Core Concept & Ecosystem
Laravel Core Concept & EcosystemLaravel Core Concept & Ecosystem
Laravel Core Concept & EcosystemMesut Vatansever
 

Recommended

Effective web application development with Apache Sling
Effective web application development with Apache SlingEffective web application development with Apache Sling
Effective web application development with Apache SlingRobert Munteanu
 
Apache Sling as a Microservices Gateway
Apache Sling as a Microservices GatewayApache Sling as a Microservices Gateway
Apache Sling as a Microservices GatewayRobert Munteanu
 
Of microservices and microservices
Of microservices and microservicesOf microservices and microservices
Of microservices and microservicesRobert Munteanu
 
Do you really want to go fully micro?
Do you really want to go fully micro?Do you really want to go fully micro?
Do you really want to go fully micro?Robert Munteanu
 
Effective Web Application Development with Apache Sling
Effective Web Application Development with Apache SlingEffective Web Application Development with Apache Sling
Effective Web Application Development with Apache SlingRobert Munteanu
 
Of Microservices and Microservices - Robert Munteanu
Of Microservices and Microservices - Robert MunteanuOf Microservices and Microservices - Robert Munteanu
Of Microservices and Microservices - Robert Munteanumfrancis
 
OSGi for outsiders - Milen Dyankov
OSGi for outsiders - Milen DyankovOSGi for outsiders - Milen Dyankov
OSGi for outsiders - Milen Dyankovmfrancis
 
Laravel Core Concept & Ecosystem
Laravel Core Concept & EcosystemLaravel Core Concept & Ecosystem
Laravel Core Concept & EcosystemMesut Vatansever
 
Introduction To ICT Security Audit OWASP Day Malaysia 2011
Introduction To ICT Security Audit OWASP Day Malaysia 2011Introduction To ICT Security Audit OWASP Day Malaysia 2011
Introduction To ICT Security Audit OWASP Day Malaysia 2011Linuxmalaysia Malaysia
 
All Aboard The Stateful Train
All Aboard The Stateful TrainAll Aboard The Stateful Train
All Aboard The Stateful TrainSmartLogic
 
Beat the Tsunami with a WAVE
Beat the Tsunami with a WAVEBeat the Tsunami with a WAVE
Beat the Tsunami with a WAVEPatrick Dunphy
 
Exposing M2M to the REST of us
Exposing M2M to the REST of usExposing M2M to the REST of us
Exposing M2M to the REST of usMatteo Collina
 
Collaborative communication
Collaborative communicationCollaborative communication
Collaborative communicationIcinga
 
Android component programming
Android component programmingAndroid component programming
Android component programmingNhan Cao
 
Riak at Posterous
Riak at PosterousRiak at Posterous
Riak at Posterouscapotej
 
The Rounds Project: Growing from thousands to millions - Berry Ventura & Yoah...
The Rounds Project: Growing from thousands to millions - Berry Ventura & Yoah...The Rounds Project: Growing from thousands to millions - Berry Ventura & Yoah...
The Rounds Project: Growing from thousands to millions - Berry Ventura & Yoah...DroidConTLV
 
Building Web APIs with Elixir
Building Web APIs with ElixirBuilding Web APIs with Elixir
Building Web APIs with ElixirTom Davies
 
Live Coverage at The New York Times
Live Coverage at The New York TimesLive Coverage at The New York Times
Live Coverage at The New York TimesScott Taylor
 
Varying vagrant vagrants
Varying vagrant vagrantsVarying vagrant vagrants
Varying vagrant vagrantsDuong Ngo Thai
 
Man in the Binder - Michael Shalyt & Idan Revivo, CheckPoint
Man in the Binder - Michael Shalyt & Idan Revivo, CheckPointMan in the Binder - Michael Shalyt & Idan Revivo, CheckPoint
Man in the Binder - Michael Shalyt & Idan Revivo, CheckPointDroidConTLV
 
Flutter For Web: An Intro
Flutter For Web: An IntroFlutter For Web: An Intro
Flutter For Web: An IntroFahad Murtaza
 
AnsibleFest 2019 - Greenfielding Network and Systems Automation in a Large an...
AnsibleFest 2019 - Greenfielding Network and Systems Automation in a Large an...AnsibleFest 2019 - Greenfielding Network and Systems Automation in a Large an...
AnsibleFest 2019 - Greenfielding Network and Systems Automation in a Large an...Logan Best
 
Building Web Apps in Ratpack
Building Web Apps in RatpackBuilding Web Apps in Ratpack
Building Web Apps in RatpackDaniel Woods
 
BarCamp CR 2014 - Python para web
BarCamp CR 2014 - Python para webBarCamp CR 2014 - Python para web
BarCamp CR 2014 - Python para webbarcampcr
 
Ratpack Web Framework
Ratpack Web FrameworkRatpack Web Framework
Ratpack Web FrameworkDaniel Woods
 
Laravel workshop
Laravel workshopLaravel workshop
Laravel workshopJasper Frumau
 
Realtime MVC with Sails.js
Realtime MVC with Sails.jsRealtime MVC with Sails.js
Realtime MVC with Sails.jsSerdar Dogruyol
 
Tdd Primer
Tdd PrimerTdd Primer
Tdd PrimerRobert Munteanu
 
OISC 2019 - The OWASP Top 10 & AppSec Primer
OISC 2019 - The OWASP Top 10 & AppSec PrimerOISC 2019 - The OWASP Top 10 & AppSec Primer
OISC 2019 - The OWASP Top 10 & AppSec PrimerThreatReel Podcast
 
AppSec & OWASP Top 10 Primer
AppSec & OWASP Top 10 PrimerAppSec & OWASP Top 10 Primer
AppSec & OWASP Top 10 PrimerThreatReel Podcast
 

More Related Content

What's hot

Introduction To ICT Security Audit OWASP Day Malaysia 2011
Introduction To ICT Security Audit OWASP Day Malaysia 2011Introduction To ICT Security Audit OWASP Day Malaysia 2011
Introduction To ICT Security Audit OWASP Day Malaysia 2011Linuxmalaysia Malaysia
 
All Aboard The Stateful Train
All Aboard The Stateful TrainAll Aboard The Stateful Train
All Aboard The Stateful TrainSmartLogic
 
Beat the Tsunami with a WAVE
Beat the Tsunami with a WAVEBeat the Tsunami with a WAVE
Beat the Tsunami with a WAVEPatrick Dunphy
 
Exposing M2M to the REST of us
Exposing M2M to the REST of usExposing M2M to the REST of us
Exposing M2M to the REST of usMatteo Collina
 
Collaborative communication
Collaborative communicationCollaborative communication
Collaborative communicationIcinga
 
Android component programming
Android component programmingAndroid component programming
Android component programmingNhan Cao
 
Riak at Posterous
Riak at PosterousRiak at Posterous
Riak at Posterouscapotej
 
The Rounds Project: Growing from thousands to millions - Berry Ventura & Yoah...
The Rounds Project: Growing from thousands to millions - Berry Ventura & Yoah...The Rounds Project: Growing from thousands to millions - Berry Ventura & Yoah...
The Rounds Project: Growing from thousands to millions - Berry Ventura & Yoah...DroidConTLV
 
Building Web APIs with Elixir
Building Web APIs with ElixirBuilding Web APIs with Elixir
Building Web APIs with ElixirTom Davies
 
Live Coverage at The New York Times
Live Coverage at The New York TimesLive Coverage at The New York Times
Live Coverage at The New York TimesScott Taylor
 
Varying vagrant vagrants
Varying vagrant vagrantsVarying vagrant vagrants
Varying vagrant vagrantsDuong Ngo Thai
 
Man in the Binder - Michael Shalyt & Idan Revivo, CheckPoint
Man in the Binder - Michael Shalyt & Idan Revivo, CheckPointMan in the Binder - Michael Shalyt & Idan Revivo, CheckPoint
Man in the Binder - Michael Shalyt & Idan Revivo, CheckPointDroidConTLV
 
Flutter For Web: An Intro
Flutter For Web: An IntroFlutter For Web: An Intro
Flutter For Web: An IntroFahad Murtaza
 
AnsibleFest 2019 - Greenfielding Network and Systems Automation in a Large an...
AnsibleFest 2019 - Greenfielding Network and Systems Automation in a Large an...AnsibleFest 2019 - Greenfielding Network and Systems Automation in a Large an...
AnsibleFest 2019 - Greenfielding Network and Systems Automation in a Large an...Logan Best
 
Building Web Apps in Ratpack
Building Web Apps in RatpackBuilding Web Apps in Ratpack
Building Web Apps in RatpackDaniel Woods
 
BarCamp CR 2014 - Python para web
BarCamp CR 2014 - Python para webBarCamp CR 2014 - Python para web
BarCamp CR 2014 - Python para webbarcampcr
 
Ratpack Web Framework
Ratpack Web FrameworkRatpack Web Framework
Ratpack Web FrameworkDaniel Woods
 
Realtime MVC with Sails.js
Realtime MVC with Sails.jsRealtime MVC with Sails.js
Realtime MVC with Sails.jsSerdar Dogruyol
 

What's hot (19)

Introduction To ICT Security Audit OWASP Day Malaysia 2011
Introduction To ICT Security Audit OWASP Day Malaysia 2011Introduction To ICT Security Audit OWASP Day Malaysia 2011
Introduction To ICT Security Audit OWASP Day Malaysia 2011
 
All Aboard The Stateful Train
All Aboard The Stateful TrainAll Aboard The Stateful Train
All Aboard The Stateful Train
 
Beat the Tsunami with a WAVE
Beat the Tsunami with a WAVEBeat the Tsunami with a WAVE
Beat the Tsunami with a WAVE
 
Exposing M2M to the REST of us
Exposing M2M to the REST of usExposing M2M to the REST of us
Exposing M2M to the REST of us
 
Collaborative communication
Collaborative communicationCollaborative communication
Collaborative communication
 
Android component programming
Android component programmingAndroid component programming
Android component programming
 
Riak at Posterous
Riak at PosterousRiak at Posterous
Riak at Posterous
 
The Rounds Project: Growing from thousands to millions - Berry Ventura & Yoah...
The Rounds Project: Growing from thousands to millions - Berry Ventura & Yoah...The Rounds Project: Growing from thousands to millions - Berry Ventura & Yoah...
The Rounds Project: Growing from thousands to millions - Berry Ventura & Yoah...
 
Building Web APIs with Elixir
Building Web APIs with ElixirBuilding Web APIs with Elixir
Building Web APIs with Elixir
 
Live Coverage at The New York Times
Live Coverage at The New York TimesLive Coverage at The New York Times
Live Coverage at The New York Times
 
Varying vagrant vagrants
Varying vagrant vagrantsVarying vagrant vagrants
Varying vagrant vagrants
 
Man in the Binder - Michael Shalyt & Idan Revivo, CheckPoint
Man in the Binder - Michael Shalyt & Idan Revivo, CheckPointMan in the Binder - Michael Shalyt & Idan Revivo, CheckPoint
Man in the Binder - Michael Shalyt & Idan Revivo, CheckPoint
 
Flutter For Web: An Intro
Flutter For Web: An IntroFlutter For Web: An Intro
Flutter For Web: An Intro
 
AnsibleFest 2019 - Greenfielding Network and Systems Automation in a Large an...
AnsibleFest 2019 - Greenfielding Network and Systems Automation in a Large an...AnsibleFest 2019 - Greenfielding Network and Systems Automation in a Large an...
AnsibleFest 2019 - Greenfielding Network and Systems Automation in a Large an...
 
Building Web Apps in Ratpack
Building Web Apps in RatpackBuilding Web Apps in Ratpack
Building Web Apps in Ratpack
 
BarCamp CR 2014 - Python para web
BarCamp CR 2014 - Python para webBarCamp CR 2014 - Python para web
BarCamp CR 2014 - Python para web
 
Ratpack Web Framework
Ratpack Web FrameworkRatpack Web Framework
Ratpack Web Framework
 
Laravel workshop
Laravel workshopLaravel workshop
Laravel workshop
 
Realtime MVC with Sails.js
Realtime MVC with Sails.jsRealtime MVC with Sails.js
Realtime MVC with Sails.js
 

Similar to Secure by Default Web Applications with Apache Sling

OISC 2019 - The OWASP Top 10 & AppSec Primer
OISC 2019 - The OWASP Top 10 & AppSec PrimerOISC 2019 - The OWASP Top 10 & AppSec Primer
OISC 2019 - The OWASP Top 10 & AppSec PrimerThreatReel Podcast
 
Demystify Information Security & Threats for Data-Driven Platforms With Cheta...
Demystify Information Security & Threats for Data-Driven Platforms With Cheta...Demystify Information Security & Threats for Data-Driven Platforms With Cheta...
Demystify Information Security & Threats for Data-Driven Platforms With Cheta...Chetan Khatri
 
Best Practices You Must Apply to Secure Your APIs - Scott Morrison, SVP & Dis...
Best Practices You Must Apply to Secure Your APIs - Scott Morrison, SVP & Dis...Best Practices You Must Apply to Secure Your APIs - Scott Morrison, SVP & Dis...
Best Practices You Must Apply to Secure Your APIs - Scott Morrison, SVP & Dis...CA API Management
 
sts-scanner_tutorial
sts-scanner_tutorialsts-scanner_tutorial
sts-scanner_tutorialtutorialsruby
 
sts-scanner_tutorial
sts-scanner_tutorialsts-scanner_tutorial
sts-scanner_tutorialtutorialsruby
 
Manual JavaScript Analysis Is A Bug
Manual JavaScript Analysis Is A BugManual JavaScript Analysis Is A Bug
Manual JavaScript Analysis Is A BugLewis Ardern
 
TriplePlay-WebAppPenTestingTools
TriplePlay-WebAppPenTestingToolsTriplePlay-WebAppPenTestingTools
TriplePlay-WebAppPenTestingToolsYury Chemerkin
 
Ruby on Rails Penetration Testing
Ruby on Rails Penetration TestingRuby on Rails Penetration Testing
Ruby on Rails Penetration Testing3S Labs
 
The 3 Top Techniques for Web Security Testing Using a Proxy
The 3 Top Techniques for Web Security Testing Using a ProxyThe 3 Top Techniques for Web Security Testing Using a Proxy
The 3 Top Techniques for Web Security Testing Using a ProxyTEST Huddle
 
OWASP Poland Day 2018 - Andrzej Dyjak - Zero Trust Theorem
OWASP Poland Day 2018 - Andrzej Dyjak - Zero Trust TheoremOWASP Poland Day 2018 - Andrzej Dyjak - Zero Trust Theorem
OWASP Poland Day 2018 - Andrzej Dyjak - Zero Trust TheoremOWASP
 
DMA - Stupid Cyber Criminal Tricks
DMA - Stupid Cyber Criminal TricksDMA - Stupid Cyber Criminal Tricks
DMA - Stupid Cyber Criminal TricksThreatReel Podcast
 
Frontend Monoliths: Run if you can!
Frontend Monoliths: Run if you can!Frontend Monoliths: Run if you can!
Frontend Monoliths: Run if you can!Jonas Bandi
 
OISF Aniversary: Active Defense - Helping threat actors hack themselves!
OISF Aniversary: Active Defense - Helping threat actors hack themselves!OISF Aniversary: Active Defense - Helping threat actors hack themselves!
OISF Aniversary: Active Defense - Helping threat actors hack themselves!ThreatReel Podcast
 

Similar to Secure by Default Web Applications with Apache Sling (20)

Tdd Primer
Tdd PrimerTdd Primer
Tdd Primer
 
OISC 2019 - The OWASP Top 10 & AppSec Primer
OISC 2019 - The OWASP Top 10 & AppSec PrimerOISC 2019 - The OWASP Top 10 & AppSec Primer
OISC 2019 - The OWASP Top 10 & AppSec Primer
 
AppSec & OWASP Top 10 Primer
AppSec & OWASP Top 10 PrimerAppSec & OWASP Top 10 Primer
AppSec & OWASP Top 10 Primer
 
Demystify Information Security & Threats for Data-Driven Platforms With Cheta...
Demystify Information Security & Threats for Data-Driven Platforms With Cheta...Demystify Information Security & Threats for Data-Driven Platforms With Cheta...
Demystify Information Security & Threats for Data-Driven Platforms With Cheta...
 
Web Security... Level Up
Web Security... Level UpWeb Security... Level Up
Web Security... Level Up
 
Best Practices You Must Apply to Secure Your APIs - Scott Morrison, SVP & Dis...
Best Practices You Must Apply to Secure Your APIs - Scott Morrison, SVP & Dis...Best Practices You Must Apply to Secure Your APIs - Scott Morrison, SVP & Dis...
Best Practices You Must Apply to Secure Your APIs - Scott Morrison, SVP & Dis...
 
sts-scanner_tutorial
sts-scanner_tutorialsts-scanner_tutorial
sts-scanner_tutorial
 
sts-scanner_tutorial
sts-scanner_tutorialsts-scanner_tutorial
sts-scanner_tutorial
 
Manual JavaScript Analysis Is A Bug
Manual JavaScript Analysis Is A BugManual JavaScript Analysis Is A Bug
Manual JavaScript Analysis Is A Bug
 
TriplePlay-WebAppPenTestingTools
TriplePlay-WebAppPenTestingToolsTriplePlay-WebAppPenTestingTools
TriplePlay-WebAppPenTestingTools
 
Ruby on Rails Penetration Testing
Ruby on Rails Penetration TestingRuby on Rails Penetration Testing
Ruby on Rails Penetration Testing
 
The 3 Top Techniques for Web Security Testing Using a Proxy
The 3 Top Techniques for Web Security Testing Using a ProxyThe 3 Top Techniques for Web Security Testing Using a Proxy
The 3 Top Techniques for Web Security Testing Using a Proxy
 
OWASP Poland Day 2018 - Andrzej Dyjak - Zero Trust Theorem
OWASP Poland Day 2018 - Andrzej Dyjak - Zero Trust TheoremOWASP Poland Day 2018 - Andrzej Dyjak - Zero Trust Theorem
OWASP Poland Day 2018 - Andrzej Dyjak - Zero Trust Theorem
 
Don't screw it up! How to build durable API
Don't screw it up! How to build durable API Don't screw it up! How to build durable API
Don't screw it up! How to build durable API
 
ISC2: AppSec & OWASP Primer
ISC2: AppSec & OWASP PrimerISC2: AppSec & OWASP Primer
ISC2: AppSec & OWASP Primer
 
DMA - Stupid Cyber Criminal Tricks
DMA - Stupid Cyber Criminal TricksDMA - Stupid Cyber Criminal Tricks
DMA - Stupid Cyber Criminal Tricks
 
Web security
Web securityWeb security
Web security
 
Frontend Monoliths: Run if you can!
Frontend Monoliths: Run if you can!Frontend Monoliths: Run if you can!
Frontend Monoliths: Run if you can!
 
Computer security
Computer securityComputer security
Computer security
 
OISF Aniversary: Active Defense - Helping threat actors hack themselves!
OISF Aniversary: Active Defense - Helping threat actors hack themselves!OISF Aniversary: Active Defense - Helping threat actors hack themselves!
OISF Aniversary: Active Defense - Helping threat actors hack themselves!
 

More from Robert Munteanu

Secure by Default Web Applications
Secure by Default Web ApplicationsSecure by Default Web Applications
Secure by Default Web ApplicationsRobert Munteanu
 
Sling Applications - A DevOps perspective
Sling Applications - A DevOps perspectiveSling Applications - A DevOps perspective
Sling Applications - A DevOps perspectiveRobert Munteanu
 
Will it blend? Java agents and OSGi
Will it blend? Java agents and OSGiWill it blend? Java agents and OSGi
Will it blend? Java agents and OSGiRobert Munteanu
 
Escape the defaults - Configure Sling like AEM as a Cloud Service
Escape the defaults - Configure Sling like AEM as a Cloud ServiceEscape the defaults - Configure Sling like AEM as a Cloud Service
Escape the defaults - Configure Sling like AEM as a Cloud ServiceRobert Munteanu
 
Crash course in Kubernetes monitoring
Crash course in Kubernetes monitoringCrash course in Kubernetes monitoring
Crash course in Kubernetes monitoringRobert Munteanu
 
Java agents for fun and (not so much) profit
Java agents for fun and (not so much) profitJava agents for fun and (not so much) profit
Java agents for fun and (not so much) profitRobert Munteanu
 
Will it blend? Java agents and OSGi
Will it blend? Java agents and OSGiWill it blend? Java agents and OSGi
Will it blend? Java agents and OSGiRobert Munteanu
 
Cloud-native legacy applications
Cloud-native legacy applicationsCloud-native legacy applications
Cloud-native legacy applicationsRobert Munteanu
 
From Monolith to Modules - breaking apart a one size fits all product into mo...
From Monolith to Modules - breaking apart a one size fits all product into mo...From Monolith to Modules - breaking apart a one size fits all product into mo...
From Monolith to Modules - breaking apart a one size fits all product into mo...Robert Munteanu
 
What's new in the Sling developer tooling?
What's new in the Sling developer tooling?What's new in the Sling developer tooling?
What's new in the Sling developer tooling?Robert Munteanu
 
Scaling up development of a modular code base
Scaling up development of a modular code baseScaling up development of a modular code base
Scaling up development of a modular code baseRobert Munteanu
 
Scaling up development of a modular code base
Scaling up development of a modular code baseScaling up development of a modular code base
Scaling up development of a modular code baseRobert Munteanu
 
Scaling up development of a modular code base
Scaling up development of a modular code baseScaling up development of a modular code base
Scaling up development of a modular code baseRobert Munteanu
 
Zero downtime deployments for Sling application using Docker
Zero downtime deployments for Sling application using DockerZero downtime deployments for Sling application using Docker
Zero downtime deployments for Sling application using DockerRobert Munteanu
 
Scaling up development of a modular code base
Scaling up development of a modular code baseScaling up development of a modular code base
Scaling up development of a modular code baseRobert Munteanu
 
Slide IDE Tooling (adaptTo 2016)
Slide IDE Tooling (adaptTo 2016)Slide IDE Tooling (adaptTo 2016)
Slide IDE Tooling (adaptTo 2016)Robert Munteanu
 
Apache Sling as an OSGi-powered REST middleware
Apache Sling as an OSGi-powered REST middlewareApache Sling as an OSGi-powered REST middleware
Apache Sling as an OSGi-powered REST middlewareRobert Munteanu
 
Building domain-specific testing tools : lessons learned from the Apache Slin...
Building domain-specific testing tools : lessons learned from the Apache Slin...Building domain-specific testing tools : lessons learned from the Apache Slin...
Building domain-specific testing tools : lessons learned from the Apache Slin...Robert Munteanu
 
So how do I test my Sling application?
So how do I test my Sling application? So how do I test my Sling application?
So how do I test my Sling application?Robert Munteanu
 

More from Robert Munteanu (20)

Secure by Default Web Applications
Secure by Default Web ApplicationsSecure by Default Web Applications
Secure by Default Web Applications
 
Sling Applications - A DevOps perspective
Sling Applications - A DevOps perspectiveSling Applications - A DevOps perspective
Sling Applications - A DevOps perspective
 
Will it blend? Java agents and OSGi
Will it blend? Java agents and OSGiWill it blend? Java agents and OSGi
Will it blend? Java agents and OSGi
 
Escape the defaults - Configure Sling like AEM as a Cloud Service
Escape the defaults - Configure Sling like AEM as a Cloud ServiceEscape the defaults - Configure Sling like AEM as a Cloud Service
Escape the defaults - Configure Sling like AEM as a Cloud Service
 
Crash course in Kubernetes monitoring
Crash course in Kubernetes monitoringCrash course in Kubernetes monitoring
Crash course in Kubernetes monitoring
 
Java agents for fun and (not so much) profit
Java agents for fun and (not so much) profitJava agents for fun and (not so much) profit
Java agents for fun and (not so much) profit
 
Will it blend? Java agents and OSGi
Will it blend? Java agents and OSGiWill it blend? Java agents and OSGi
Will it blend? Java agents and OSGi
 
Cloud-native legacy applications
Cloud-native legacy applicationsCloud-native legacy applications
Cloud-native legacy applications
 
Cloud-Native Sling
Cloud-Native SlingCloud-Native Sling
Cloud-Native Sling
 
From Monolith to Modules - breaking apart a one size fits all product into mo...
From Monolith to Modules - breaking apart a one size fits all product into mo...From Monolith to Modules - breaking apart a one size fits all product into mo...
From Monolith to Modules - breaking apart a one size fits all product into mo...
 
What's new in the Sling developer tooling?
What's new in the Sling developer tooling?What's new in the Sling developer tooling?
What's new in the Sling developer tooling?
 
Scaling up development of a modular code base
Scaling up development of a modular code baseScaling up development of a modular code base
Scaling up development of a modular code base
 
Scaling up development of a modular code base
Scaling up development of a modular code baseScaling up development of a modular code base
Scaling up development of a modular code base
 
Scaling up development of a modular code base
Scaling up development of a modular code baseScaling up development of a modular code base
Scaling up development of a modular code base
 
Zero downtime deployments for Sling application using Docker
Zero downtime deployments for Sling application using DockerZero downtime deployments for Sling application using Docker
Zero downtime deployments for Sling application using Docker
 
Scaling up development of a modular code base
Scaling up development of a modular code baseScaling up development of a modular code base
Scaling up development of a modular code base
 
Slide IDE Tooling (adaptTo 2016)
Slide IDE Tooling (adaptTo 2016)Slide IDE Tooling (adaptTo 2016)
Slide IDE Tooling (adaptTo 2016)
 
Apache Sling as an OSGi-powered REST middleware
Apache Sling as an OSGi-powered REST middlewareApache Sling as an OSGi-powered REST middleware
Apache Sling as an OSGi-powered REST middleware
 
Building domain-specific testing tools : lessons learned from the Apache Slin...
Building domain-specific testing tools : lessons learned from the Apache Slin...Building domain-specific testing tools : lessons learned from the Apache Slin...
Building domain-specific testing tools : lessons learned from the Apache Slin...
 
So how do I test my Sling application?
So how do I test my Sling application? So how do I test my Sling application?
So how do I test my Sling application?
 

Recently uploaded

Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?Igalia
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 

Recently uploaded (20)

Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 

Secure by Default Web Applications with Apache Sling