OWASP Serbia - A3 broken authentication and session management
Software Freedom day Serbia - Owasp open source resenja
-
Upload
nikola-milosevic -
Category
Documents
-
view
240 -
download
0
Transcript of Software Freedom day Serbia - Owasp open source resenja
![Page 2: Software Freedom day Serbia - Owasp open source resenja](https://reader035.fdocuments.net/reader035/viewer/2022081504/554fb1edb4c9057b298b5158/html5/thumbnails/2.jpg)
About Me
• OWASP Serbia local chapter leader• OWASP anti-malware project contributor• OWASP LC Srbija postoji od februara 2012• Jednom mesecno predavanja na ETF• Mailing lista• https://www.owasp.org/index.php/Serbia
![Page 3: Software Freedom day Serbia - Owasp open source resenja](https://reader035.fdocuments.net/reader035/viewer/2022081504/554fb1edb4c9057b298b5158/html5/thumbnails/3.jpg)
Informaciona bezbednost u Srbiji
• Ne obraća se pažnja na bezbednost• Porast napada u poslednjih nekoliko godina• Napadačke tehnike su u razvoju• Ranjivi veliki sistemi (državne institucije, banke)
![Page 4: Software Freedom day Serbia - Owasp open source resenja](https://reader035.fdocuments.net/reader035/viewer/2022081504/554fb1edb4c9057b298b5158/html5/thumbnails/4.jpg)
Informaciona bezbednost u Srbiji
![Page 5: Software Freedom day Serbia - Owasp open source resenja](https://reader035.fdocuments.net/reader035/viewer/2022081504/554fb1edb4c9057b298b5158/html5/thumbnails/5.jpg)
![Page 6: Software Freedom day Serbia - Owasp open source resenja](https://reader035.fdocuments.net/reader035/viewer/2022081504/554fb1edb4c9057b298b5158/html5/thumbnails/6.jpg)
![Page 7: Software Freedom day Serbia - Owasp open source resenja](https://reader035.fdocuments.net/reader035/viewer/2022081504/554fb1edb4c9057b298b5158/html5/thumbnails/7.jpg)
![Page 8: Software Freedom day Serbia - Owasp open source resenja](https://reader035.fdocuments.net/reader035/viewer/2022081504/554fb1edb4c9057b298b5158/html5/thumbnails/8.jpg)
![Page 9: Software Freedom day Serbia - Owasp open source resenja](https://reader035.fdocuments.net/reader035/viewer/2022081504/554fb1edb4c9057b298b5158/html5/thumbnails/9.jpg)
Informaciona bezbednost u Srbiji
• Povećana kompeksnost malvera i napadačkih alata
• Radoznalost• Cyber kriminal• Hacktivizam• Tehnološka špijunaža• Cyber rat
![Page 10: Software Freedom day Serbia - Owasp open source resenja](https://reader035.fdocuments.net/reader035/viewer/2022081504/554fb1edb4c9057b298b5158/html5/thumbnails/10.jpg)
Kako se zaštiti?
• Kako se zaštiti?
• Bezbedan kod• Testiranje i retestiranje • Be up to date (osvežavati znanje)• Update softvera i korišćenih biblioteka• Edukacija korisnika
![Page 11: Software Freedom day Serbia - Owasp open source resenja](https://reader035.fdocuments.net/reader035/viewer/2022081504/554fb1edb4c9057b298b5158/html5/thumbnails/11.jpg)
OWASP Projekti
• 3 grupe OWASP projekata:– Protect – Alati i dokumenti koji imaju ulogu da štite– Detect – Alati i dokumenti koji imaju ulogu da nađu– Life Cycle – Alati i dokumenti koji se koriste da bi
dodali bezbednosne mehanizme u Software Development Lifecycle
![Page 12: Software Freedom day Serbia - Owasp open source resenja](https://reader035.fdocuments.net/reader035/viewer/2022081504/554fb1edb4c9057b298b5158/html5/thumbnails/12.jpg)
Guides and documents
• OWASP Top 10• OWASP Application Security Verification
Standard• OWASP Code Review Guide• OWASP Testing Guide
![Page 13: Software Freedom day Serbia - Owasp open source resenja](https://reader035.fdocuments.net/reader035/viewer/2022081504/554fb1edb4c9057b298b5158/html5/thumbnails/13.jpg)
OWASP Frameworks
• OWASP AntySami Project (Java,.NET)– API za validiranje bogatih HTML/CSS unosa korisnika bez
izloženosti cross-site scripting i phishing napadima• OWASP Enterprise Security API (ESAPI)– Slobodna i otvorena kolekcija svih bezbednostih metoda za
kojima developer ima potrebu da bi napravio sigurnu web aplikaciju
• OWASP Mod Security Rule Set Project– web application firewall engine– Generička zaštita od ranjivosti koje se često nalaze u web
aplikacijama
![Page 14: Software Freedom day Serbia - Owasp open source resenja](https://reader035.fdocuments.net/reader035/viewer/2022081504/554fb1edb4c9057b298b5158/html5/thumbnails/14.jpg)
OWASP alati
• OWASP Code Crawler (beta)– Statički alat za code review. Traži bezbednostne propuste
u .NET i J2EE (java)• OWASP Web Scarab Project– Alat za vršenje bezbednostih testova na web aplikacijama
• OWASP Zed Attack Proxy– penetration testing alat za nalaženje ranjivostu u web
aplikacijama– Koriste ga ljudi sa različitim iskustvom – Toolsmith tool of the year 2011
![Page 15: Software Freedom day Serbia - Owasp open source resenja](https://reader035.fdocuments.net/reader035/viewer/2022081504/554fb1edb4c9057b298b5158/html5/thumbnails/15.jpg)
Kozice
• Edukacioni projekat• Želite li da naučite kako se testira bezbednost
web aplikacija?• Probajte Web Goat!• Naučite da izvedete OWASP Top 10• Drugi koziji projekti:– GoatDroid– iGoat
![Page 16: Software Freedom day Serbia - Owasp open source resenja](https://reader035.fdocuments.net/reader035/viewer/2022081504/554fb1edb4c9057b298b5158/html5/thumbnails/16.jpg)
Non OWASP
• Nmap• Sqlmap• WireShark• Snort
• ODESSA (Open Digital Evidence Search and Seizure Architecture)
• ...
![Page 17: Software Freedom day Serbia - Owasp open source resenja](https://reader035.fdocuments.net/reader035/viewer/2022081504/554fb1edb4c9057b298b5158/html5/thumbnails/17.jpg)
Don’t get hacked
![Page 18: Software Freedom day Serbia - Owasp open source resenja](https://reader035.fdocuments.net/reader035/viewer/2022081504/554fb1edb4c9057b298b5158/html5/thumbnails/18.jpg)
Protect yourself