Citrix TechEdge 2014 - Understanding and Troubleshooting Authentication Flow in XM Enterprise...
-
Upload
david-mcgeough -
Category
Technology
-
view
736 -
download
2
description
Transcript of Citrix TechEdge 2014 - Understanding and Troubleshooting Authentication Flow in XM Enterprise...
![Page 1: Citrix TechEdge 2014 - Understanding and Troubleshooting Authentication Flow in XM Enterprise Edition](https://reader034.fdocuments.net/reader034/viewer/2022051323/54b772814a7959df648b457c/html5/thumbnails/1.jpg)
© 2014 Citrix. Confidential.1
TechEdge 2014
![Page 2: Citrix TechEdge 2014 - Understanding and Troubleshooting Authentication Flow in XM Enterprise Edition](https://reader034.fdocuments.net/reader034/viewer/2022051323/54b772814a7959df648b457c/html5/thumbnails/2.jpg)
© 2014 Citrix. Confidential.2
How to protect against Top Web Security Issues
with NetScaler
![Page 3: Citrix TechEdge 2014 - Understanding and Troubleshooting Authentication Flow in XM Enterprise Edition](https://reader034.fdocuments.net/reader034/viewer/2022051323/54b772814a7959df648b457c/html5/thumbnails/3.jpg)
© 2014 Citrix. Confidential.3
OWASPwww.owasp.org
![Page 4: Citrix TechEdge 2014 - Understanding and Troubleshooting Authentication Flow in XM Enterprise Edition](https://reader034.fdocuments.net/reader034/viewer/2022051323/54b772814a7959df648b457c/html5/thumbnails/4.jpg)
© 2014 Citrix. Confidential.4
TopWeb Application Security Vulnerabilities
![Page 5: Citrix TechEdge 2014 - Understanding and Troubleshooting Authentication Flow in XM Enterprise Edition](https://reader034.fdocuments.net/reader034/viewer/2022051323/54b772814a7959df648b457c/html5/thumbnails/5.jpg)
© 2014 Citrix. Confidential.5
The world’s most advanced cloud networking platform
![Page 6: Citrix TechEdge 2014 - Understanding and Troubleshooting Authentication Flow in XM Enterprise Edition](https://reader034.fdocuments.net/reader034/viewer/2022051323/54b772814a7959df648b457c/html5/thumbnails/6.jpg)
© 2014 Citrix. Confidential.6
![Page 7: Citrix TechEdge 2014 - Understanding and Troubleshooting Authentication Flow in XM Enterprise Edition](https://reader034.fdocuments.net/reader034/viewer/2022051323/54b772814a7959df648b457c/html5/thumbnails/7.jpg)
© 2014 Citrix. Confidential.7
![Page 8: Citrix TechEdge 2014 - Understanding and Troubleshooting Authentication Flow in XM Enterprise Edition](https://reader034.fdocuments.net/reader034/viewer/2022051323/54b772814a7959df648b457c/html5/thumbnails/8.jpg)
© 2014 Citrix. Confidential.8
#1 Injection
![Page 9: Citrix TechEdge 2014 - Understanding and Troubleshooting Authentication Flow in XM Enterprise Edition](https://reader034.fdocuments.net/reader034/viewer/2022051323/54b772814a7959df648b457c/html5/thumbnails/9.jpg)
© 2014 Citrix. Confidential.9
Injection Preventions
Signatures
![Page 10: Citrix TechEdge 2014 - Understanding and Troubleshooting Authentication Flow in XM Enterprise Edition](https://reader034.fdocuments.net/reader034/viewer/2022051323/54b772814a7959df648b457c/html5/thumbnails/10.jpg)
© 2014 Citrix. Confidential.10
#2 Authentication/Session Management
![Page 11: Citrix TechEdge 2014 - Understanding and Troubleshooting Authentication Flow in XM Enterprise Edition](https://reader034.fdocuments.net/reader034/viewer/2022051323/54b772814a7959df648b457c/html5/thumbnails/11.jpg)
© 2014 Citrix. Confidential.11
AAA
Cookie Protections
SSL/TLS
![Page 12: Citrix TechEdge 2014 - Understanding and Troubleshooting Authentication Flow in XM Enterprise Edition](https://reader034.fdocuments.net/reader034/viewer/2022051323/54b772814a7959df648b457c/html5/thumbnails/12.jpg)
© 2014 Citrix. Confidential.12
#3 Cross-Site Scripting
![Page 13: Citrix TechEdge 2014 - Understanding and Troubleshooting Authentication Flow in XM Enterprise Edition](https://reader034.fdocuments.net/reader034/viewer/2022051323/54b772814a7959df648b457c/html5/thumbnails/13.jpg)
© 2014 Citrix. Confidential.13
XSSXSS Preventions
Signatures
![Page 14: Citrix TechEdge 2014 - Understanding and Troubleshooting Authentication Flow in XM Enterprise Edition](https://reader034.fdocuments.net/reader034/viewer/2022051323/54b772814a7959df648b457c/html5/thumbnails/14.jpg)
© 2014 Citrix. Confidential.14
#4 Insecure Direct Object References#5 Security Misconfiguration#6 Sensitive Data Exposure#7 Missing Function Level Access Control#8 Cross-site Request Forgery (CSRF)#9 Using vulnerable components#10 Unvalidated Redirects and Forwards
![Page 15: Citrix TechEdge 2014 - Understanding and Troubleshooting Authentication Flow in XM Enterprise Edition](https://reader034.fdocuments.net/reader034/viewer/2022051323/54b772814a7959df648b457c/html5/thumbnails/15.jpg)
© 2014 Citrix. Confidential.15
Feedback
Please tweet about this session
#SYN607 and #CitrixSynergy
Andrew @NStipster
Lucas @NS_Informer
NetScaler @netscaler
![Page 16: Citrix TechEdge 2014 - Understanding and Troubleshooting Authentication Flow in XM Enterprise Edition](https://reader034.fdocuments.net/reader034/viewer/2022051323/54b772814a7959df648b457c/html5/thumbnails/16.jpg)
© 2014 Citrix. Confidential.16
WORK BETTER. LIVE BETTER.