21
Application Security

Application Security

Embed Size (px)

DESCRIPTION

cissp -> Application Security

Citation preview

Page 1: Application Security

Application Security

Page 2: Application Security

toc

• good and bad

• bad things first

• to be good

• and more

Page 3: Application Security

good and bad

• bad things first

Page 4: Application Security

bad app for

• hobby

• money (trend)

Page 5: Application Security

hobby

• virus

• worm

Page 6: Application Security

virus

• script

• stealth

Page 7: Application Security

money

• tick

• dos

Page 8: Application Security

side of good

• repository

• code

Page 9: Application Security

repository

• database (+warehouse)

• directory service

• expert system

Page 10: Application Security

code

• more than secure coding

Page 11: Application Security

to be good app

• follow the protocol

• based on infra

Page 12: Application Security

cmm

• initial

• repeatable

• defined

• managed

• optimizing

Page 13: Application Security

and more

Page 14: Application Security

process

• needs

• logical design (using UML)

• real design (using UML)

• coding

• test

• implementation & maintenance

• end is near

Page 15: Application Security

database

• DDL, DML

• dictionary

• rollback, commit and checkpoint

• ODBC

Page 16: Application Security

oo

Page 17: Application Security

attack!

• [infra] nos

• [infra] daemon

• code

Page 18: Application Security

attack nos

• icmp - flood, can’t handle (ping of death)

• tcp/ip - same (flag, syn)

Page 19: Application Security

attack daemon

• dns - cache poison (-> dnssec)

• ssh1 - des (-> ssh2 with other cryto)

• openssl (-> patch)

Page 20: Application Security

attack code

• cross-site scripting (XSS)

• SQL injection

Page 21: Application Security

fine


Application & Systems Development Security - IT Consultingshinsoojung.pe.kr/cert/CISSP4.pdf ·  · 2008-04-11Security 2001.9 신수정 Ph.D, CISSP, CISA, PMP ... Security Architecture

Application & Systems Development Security - IT Consultingshinsoojung.pe.kr/cert/CISSP4.pdf ·  · 2008-04-11Security 2001.9 신수정 Ph.D, CISSP, CISA, PMP ... Security Architecture

Documents
Application security verification standard

Application security verification standard

Internet
2012 Global Application and Network Security Report

2012 Global Application and Network Security Report

Documents
Speaker | Company filew3af • Web Application Attack and Audit Framework • in Python geschrieben • vielfältig konfigurierbar. w3af Demo. skipfish • „Web Application Security

Speaker | Company filew3af • Web Application Attack and Audit Framework • in Python geschrieben • vielfältig konfigurierbar. w3af Demo. skipfish • „Web Application Security

Documents
The application security controller

The application security controller

Technology
Security audits as integral part of php application development (version 2012-01)

Security audits as integral part of php application development (version 2012-01)

Technology
IP Security Nick Feamster CS 6262 Spring 2009. IP Security have a range of application specific security mechanisms –eg. S/MIME, PGP, Kerberos, SSL/HTTPS

IP Security Nick Feamster CS 6262 Spring 2009. IP Security have a range of application specific security mechanisms –eg. S/MIME, PGP, Kerberos, SSL/HTTPS

Documents
Relatório Anual de 2016 - Compta · Storage Systems ... Application Security Identity & Access Management Security Management Managed Services / Cloud

Relatório Anual de 2016 - Compta · Storage Systems ... Application Security Identity & Access Management Security Management Managed Services / Cloud

Documents
Oracle security 04-using application contexts

Oracle security 04-using application contexts

Technology
Web application hacking (owasp top 10) security day

Web application hacking (owasp top 10) security day

Technology
Interstage Application Server Enterprise Edition …...名称:Interstage Application Server Enterprise Edition 8.0.3(Linux 64bit) Security Target バージョン:第2.0版

Interstage Application Server Enterprise Edition …...名称:Interstage Application Server Enterprise Edition 8.0.3(Linux 64bit) Security Target バージョン:第2.0版

Documents
Философия Application Security

Философия Application Security

Technology
OWASP Application Security Verification Standard 3...OWASP Application Security Verification Standard 3.0 6 Kierownik projektu Główni autorzy Współpracownicy oraz korektorzy Scott

OWASP Application Security Verification Standard 3...OWASP Application Security Verification Standard 3.0 6 Kierownik projektu Główni autorzy Współpracownicy oraz korektorzy Scott

Documents
Application Security Briefing & Discussion 2016 ... Security Briefing & Discussion 2016 アプリケーション・デリバリーの バリュー・チェイン Asterisk Research,

Application Security Briefing & Discussion 2016 ... Security Briefing & Discussion 2016 アプリケーション・デリバリーの バリュー・チェイン Asterisk Research,

Documents
Application of ElGamal Encryption Scheme to Control System for Security Enhancement

Application of ElGamal Encryption Scheme to Control System for Security Enhancement

Engineering
Magento Application Security [DE]

Magento Application Security [DE]

Presentations & Public Speaking
Uszanowanko Programowanko #1 - Web application testing - a quick guide to testing and security

Uszanowanko Programowanko #1 - Web application testing - a quick guide to testing and security

Software
iOS application (in)security

iOS application (in)security

Technology
phpMyAdmin Web Application Security Assessment phpMyAdmin

phpMyAdmin Web Application Security Assessment phpMyAdmin

Documents
클라우드의환경의지속적변화 - CLOUDSEC · 2019-08-30 · Analysis Network Security Firewall Vulnerability Scanning Anti-Malware System Security Malware Prevention Application

클라우드의환경의지속적변화 - CLOUDSEC · 2019-08-30 · Analysis Network Security Firewall Vulnerability Scanning Anti-Malware System Security Malware Prevention Application

Documents
CSA Mobile Application Security Testing Project 「CSA Mobile APP Security Testing and Mobile APP Security Vetting Certification () The current version uses Special Publication 800

CSA Mobile Application Security Testing Project 「CSA Mobile APP Security Testing and Mobile APP Security Vetting Certification () The current version uses Special Publication 800

Documents
iOS Application (In)Security - index-of.co.ukindex-of.co.uk/SmartPhone/iOS Application (In)Security [nam_daehyeon].pdf · 위치톝으로써 버퍼 오버 플로우 (buffer overflows)에

iOS Application (In)Security - index-of.co.ukindex-of.co.uk/SmartPhone/iOS Application (In)Security [nam_daehyeon].pdf · 위치톝으로써 버퍼 오버 플로우 (buffer overflows)에

Documents
Baufest application security services

Baufest application security services

Technology
Expert Oracle Application Express Security

Expert Oracle Application Express Security

Documents
Oracle® Database Real Application Security管理コンソー … · 1. Real Application Security管理(RASADM)のインストールおよび構成 2. Oracle Database Real Application

Oracle® Database Real Application Security管理コンソー … · 1. Real Application Security管理(RASADM)のインストールおよび構成 2. Oracle Database Real Application

Documents
PHP Application Attack Analysiscoffeenix.net/data_repository/pdf/Application-Attack... · 2005-01-15 · © Copyright forever sanghun , Jeon . All rights reserved. ( Security Explorer~

PHP Application Attack Analysiscoffeenix.net/data_repository/pdf/Application-Attack... · 2005-01-15 · © Copyright forever sanghun , Jeon . All rights reserved. ( Security Explorer~

Documents
5 июня - conf.aletheia.business · Внедрение SDLC в боевых условиях / Егор Карбутов (Digital Security) 34. Application Security — ответы

5 июня - conf.aletheia.business · Внедрение SDLC в боевых условиях / Егор Карбутов (Digital Security) 34. Application Security — ответы

Documents
B2G Technology Report Mobile Application Security

B2G Technology Report Mobile Application Security

Technology
Application Security by Ethical Hackers

Application Security by Ethical Hackers

Technology
Mythbusters - Web Application Security

Mythbusters - Web Application Security

Technology