SlideShare a Scribd company logo

01 Application Security Fundamentals - part 1 - introduction and goals

A
appsec

This document discusses application security fundamentals and outlines various threats including script kiddies, hacktivists, hackers, cyber criminals, and advanced persistent threats. It then discusses the goals of application security which are confidentiality, integrity, and availability. Finally, it introduces the application security hierarchy which includes goals, mechanisms, and principles to guide security decisions and techniques.

Internet
1 of 5
1
2
3
4
5
Application Security Fundamentals PART 1
Agenda PART 1  The Threats  Goals and Principles of Application Security PART 2  Security Mechanisms
Application Security Threats Script Kiddie • Leveraging tools and exploits created by others • Hacking by pushing the big red shiny button Hacktivist • Hacker with a cause • Denial of service, site defacement Hacker • Malicious and non-malicious • Because they can Cyber Criminal • Different levels of sophistication • Scams, information theft, fraud Advanced Persistent Threat • Extremely sophisticated attackers; nation-states • Low & slow, information theft, espionage
Application Security Goals onfidentiality ntegrity vailability Information is only available to those who should have access Data is known to be correct and trusted Information is available for use by legitimate users when it is needed
Application Security Hierarchy guiding concepts that aid in making security decisions Confidentiality Integrity Availability Goals Mechanisms Principles secure coding techniques

More Related Content

PPTX
Ethical Hacking
Rishab garg
 
PDF
Cyber intelligence-services
Cyber 51 LLC
 
PDF
Jd sherry howard a. schmidt cyber crime, cyberspy, cyberwar - taking the le...
Graeme Wood
 
PDF
Security in computer systems fundamentals
Manesh T
 
PDF
Current trends in information security โดย ผศ.ดร.ปราโมทย์ กั่วเจริญ
BAINIDA
 
PPTX
Cyber Security For E-commerce (Infrastructure) development
Mohammad Ashfaqur Rahman
 
PPT
Introduction To Ethical Hacking
Akshay Kale
 
PPT
Ethical hacking
shinigami-99
 
Ethical Hacking
Rishab garg
 
Cyber intelligence-services
Cyber 51 LLC
 
Jd sherry howard a. schmidt cyber crime, cyberspy, cyberwar - taking the le...
Graeme Wood
 
Security in computer systems fundamentals
Manesh T
 
Current trends in information security โดย ผศ.ดร.ปราโมทย์ กั่วเจริญ
BAINIDA
 
Cyber Security For E-commerce (Infrastructure) development
Mohammad Ashfaqur Rahman
 
Introduction To Ethical Hacking
Akshay Kale
 
Ethical hacking
shinigami-99
 

What's hot (20)

PPTX
Ethical hacking
Gaurav Yadav
 
PPTX
Using SurfWatch Labs' Threat Intelligence to Understand Third-Party Risk
SurfWatch Labs
 
PPTX
IT Security Summit 2016
AGC Conferences - AGC Development Corp
 
PPT
Information security
linalona515
 
PPTX
IoT Security
Tim Groenwals
 
PPTX
Introduction to ethical hacking
Agung Suwandaru
 
PPTX
Computer network
hajimahsulong
 
PPTX
Ethical Hacking Tools & Techniques
begmohsin
 
PPTX
Ethical hacking
VipinYadav257
 
PPT
Data privacy & data governance
poojasanghavi
 
PDF
Cyber Intelligence Vision Information Sheet 20Nov2013
Dave Eilken
 
PPTX
Cybercrime
TouqeerAhmed30
 
PPTX
Introduction to Ethical Hacking
Kevin Chakre
 
PPTX
ethical hacking
Neelima Bawa
 
PPTX
Ethical Hacking Overview
Subhoneel Datta
 
PPTX
Types of attacks
Vivek Gandhi
 
PPT
Burns Sheehan Security Event
Burns Sheehan
 
PDF
Unsafe Harbor - Tailoring Encryption to Meet HIPAA and Safe Harbor
Ray Potter
 
PPTX
Ethical hacking
Garla Prajwal
 
PPTX
Etical hacking
talhaabid
 
Ethical hacking
Gaurav Yadav
 
Using SurfWatch Labs' Threat Intelligence to Understand Third-Party Risk
SurfWatch Labs
 
IT Security Summit 2016
AGC Conferences - AGC Development Corp
 
Information security
linalona515
 
IoT Security
Tim Groenwals
 
Introduction to ethical hacking
Agung Suwandaru
 
Computer network
hajimahsulong
 
Ethical Hacking Tools & Techniques
begmohsin
 
Ethical hacking
VipinYadav257
 
Data privacy & data governance
poojasanghavi
 
Cyber Intelligence Vision Information Sheet 20Nov2013
Dave Eilken
 
Cybercrime
TouqeerAhmed30
 
Introduction to Ethical Hacking
Kevin Chakre
 
ethical hacking
Neelima Bawa
 
Ethical Hacking Overview
Subhoneel Datta
 
Types of attacks
Vivek Gandhi
 
Burns Sheehan Security Event
Burns Sheehan
 
Unsafe Harbor - Tailoring Encryption to Meet HIPAA and Safe Harbor
Ray Potter
 
Ethical hacking
Garla Prajwal
 
Etical hacking
talhaabid
 
Ad

Similar to 01 Application Security Fundamentals - part 1 - introduction and goals (20)

PPTX
C4I cyber secuirty by Eric Eifert - Keynote 9.pptx
bakhtinasiriav
 
PPTX
Lec 1- Intro to cyber security and recommendations
BilalMehmood44
 
PPTX
Cloud Security.pptx
Binod Rimal
 
PPTX
Digital literacy lecture 2 data security.pptx
johnnderitu16
 
PDF
Intrusion in computing
Eduardo Cambinda
 
PDF
Cyber+Security+Fundamentals.pdf.....network security
vijayannamratha
 
PPTX
Ethical_Hacking engineeringsecond yr.pptx
ranjereanamika3
 
PPTX
Ethical Hacking
Tharindu Kalubowila
 
PPTX
Cyber Security and Data Privacy in Information Systems.pptx
Roshni814224
 
PPTX
Cyber Security Awareness Session for Executives and Non-IT professionals
Krishna Srikanth Manda
 
PPTX
Concept-And-Scope-of-Ethical-Hacking.pptx
VaibhavYadav297587
 
PPTX
Concept-And-Scope-of-Ethical-Hacking.pptx
NarangYadav
 
PPTX
chapitre 1 introduction to ethical hakcing.pptx
rsi3pfe
 
PPTX
Cyber security for engg students and diploma
DrPraveenKumar37
 
PPTX
IAEM cybersecurity 101
Sarah K Miller
 
PPTX
cybersecurity notes important points.pptx
dhumaletiku
 
PPTX
Cyber security.pptxelectronic systems, networks, and data from malicious
BhimNathTiwari1
 
PPTX
Current trends in information security โดย ผศ.ดร.ปราโมทย์ กั่วเจริญ
BAINIDA
 
PPTX
A single oversight could wipe out your data reserves
Home
 
PPTX
Week 1 - Introduction to CyberSecurity.pptx
juancx3
 
C4I cyber secuirty by Eric Eifert - Keynote 9.pptx
bakhtinasiriav
 
Lec 1- Intro to cyber security and recommendations
BilalMehmood44
 
Cloud Security.pptx
Binod Rimal
 
Digital literacy lecture 2 data security.pptx
johnnderitu16
 
Intrusion in computing
Eduardo Cambinda
 
Cyber+Security+Fundamentals.pdf.....network security
vijayannamratha
 
Ethical_Hacking engineeringsecond yr.pptx
ranjereanamika3
 
Ethical Hacking
Tharindu Kalubowila
 
Cyber Security and Data Privacy in Information Systems.pptx
Roshni814224
 
Cyber Security Awareness Session for Executives and Non-IT professionals
Krishna Srikanth Manda
 
Concept-And-Scope-of-Ethical-Hacking.pptx
VaibhavYadav297587
 
Concept-And-Scope-of-Ethical-Hacking.pptx
NarangYadav
 
chapitre 1 introduction to ethical hakcing.pptx
rsi3pfe
 
Cyber security for engg students and diploma
DrPraveenKumar37
 
IAEM cybersecurity 101
Sarah K Miller
 
cybersecurity notes important points.pptx
dhumaletiku
 
Cyber security.pptxelectronic systems, networks, and data from malicious
BhimNathTiwari1
 
Current trends in information security โดย ผศ.ดร.ปราโมทย์ กั่วเจริญ
BAINIDA
 
A single oversight could wipe out your data reserves
Home
 
Week 1 - Introduction to CyberSecurity.pptx
juancx3
 
Ad

More from appsec (12)

PPTX
23 owasp top 10 - resources
appsec
 
PPTX
15 owasp top 10 - a3-xss
appsec
 
PPTX
12 owasp top 10 - introduction
appsec
 
PPTX
10 application security fundamentals - part 2 - security mechanisms - encry...
appsec
 
PPTX
11 application security fundamentals - part 2 - security mechanisms - summary
appsec
 
PPTX
09 application security fundamentals - part 2 - security mechanisms - logging
appsec
 
PPTX
08 application security fundamentals - part 2 - security mechanisms - error...
appsec
 
PPTX
06 application security fundamentals - part 2 - security mechanisms - sessi...
appsec
 
PPTX
07 application security fundamentals - part 2 - security mechanisms - data ...
appsec
 
PPTX
04 application security fundamentals - part 2 - security mechanisms - authe...
appsec
 
PPTX
05 application security fundamentals - part 2 - security mechanisms - autho...
appsec
 
PPTX
02 application security fundamentals - part 1 - security priciples
appsec
 
23 owasp top 10 - resources
appsec
 
15 owasp top 10 - a3-xss
appsec
 
12 owasp top 10 - introduction
appsec
 
10 application security fundamentals - part 2 - security mechanisms - encry...
appsec
 
11 application security fundamentals - part 2 - security mechanisms - summary
appsec
 
09 application security fundamentals - part 2 - security mechanisms - logging
appsec
 
08 application security fundamentals - part 2 - security mechanisms - error...
appsec
 
06 application security fundamentals - part 2 - security mechanisms - sessi...
appsec
 
07 application security fundamentals - part 2 - security mechanisms - data ...
appsec
 
04 application security fundamentals - part 2 - security mechanisms - authe...
appsec
 
05 application security fundamentals - part 2 - security mechanisms - autho...
appsec
 
02 application security fundamentals - part 1 - security priciples
appsec
 

Recently uploaded (20)

PPTX
Module 1 - Cyber Law and Ethics 101.pptx
anantyakhrisna1
 
PPTX
introduction about ICD -10 & ICD-11 ppt.pptx
naveenithkrishnan
 
PDF
Unit-1 introduction to cyber security discuss about how to secure a system
shivangisharma636228
 
PPTX
Introuction about WHO-FIC in ICD-10.pptx
naveenithkrishnan
 
PPT
Design_with_Watersergyerge45hrbgre4top (1).ppt
DiogoRibeiro730590
 
PPTX
E -tech empowerment technologies PowerPoint
kylebalatero12
 
PPTX
SAP Ariba Sourcing PPT for learning material
NKKumar16
 
PPTX
Power Point - Lesson 3_2.pptx grad school presentation
JoyPPD
 
PDF
An introduction to the IFRS (ISSB) Stndards.pdf
farhankhan13694
 
PDF
Best Practices for Testing and Debugging Shopify Third-Party API Integrations...
CartCoders
 
PPTX
Internet___Basics___Styled_ presentation
poonam62133
 
PPTX
international classification of diseases ICD-10 review PPT.pptx
naveenithkrishnan
 
PPTX
Introuction about ICD -10 and ICD-11 PPT.pptx
naveenithkrishnan
 
PDF
The Internet -By the Numbers, Sri Lanka Edition
APNIC
 
PDF
WebRTC in SignalWire - troubleshooting media negotiation
Giacomo Vacca
 
PPT
tcp ip networks nd ip layering assotred slides
pakadamfdp
 
PDF
Introduction to the IoT system, how the IoT system works
TinBinh
 
PDF
Automated vs Manual WooCommerce to Shopify Migration_ Pros & Cons.pdf
CartCoders
 
PPTX
INTERNET------BASICS-------UPDATED PPT PRESENTATION
poonam62133
 
PDF
How to Ensure Data Integrity During Shopify Migration_ Best Practices for Sec...
CartCoders
 
Module 1 - Cyber Law and Ethics 101.pptx
anantyakhrisna1
 
introduction about ICD -10 & ICD-11 ppt.pptx
naveenithkrishnan
 
Unit-1 introduction to cyber security discuss about how to secure a system
shivangisharma636228
 
Introuction about WHO-FIC in ICD-10.pptx
naveenithkrishnan
 
Design_with_Watersergyerge45hrbgre4top (1).ppt
DiogoRibeiro730590
 
E -tech empowerment technologies PowerPoint
kylebalatero12
 
SAP Ariba Sourcing PPT for learning material
NKKumar16
 
Power Point - Lesson 3_2.pptx grad school presentation
JoyPPD
 
An introduction to the IFRS (ISSB) Stndards.pdf
farhankhan13694
 
Best Practices for Testing and Debugging Shopify Third-Party API Integrations...
CartCoders
 
Internet___Basics___Styled_ presentation
poonam62133
 
international classification of diseases ICD-10 review PPT.pptx
naveenithkrishnan
 
Introuction about ICD -10 and ICD-11 PPT.pptx
naveenithkrishnan
 
The Internet -By the Numbers, Sri Lanka Edition
APNIC
 
WebRTC in SignalWire - troubleshooting media negotiation
Giacomo Vacca
 
tcp ip networks nd ip layering assotred slides
pakadamfdp
 
Introduction to the IoT system, how the IoT system works
TinBinh
 
Automated vs Manual WooCommerce to Shopify Migration_ Pros & Cons.pdf
CartCoders
 
INTERNET------BASICS-------UPDATED PPT PRESENTATION
poonam62133
 
How to Ensure Data Integrity During Shopify Migration_ Best Practices for Sec...
CartCoders
 

01 Application Security Fundamentals - part 1 - introduction and goals

  • 2. Agenda PART 1  The Threats  Goals and Principles of Application Security PART 2  Security Mechanisms
  • 3. Application Security Threats Script Kiddie • Leveraging tools and exploits created by others • Hacking by pushing the big red shiny button Hacktivist • Hacker with a cause • Denial of service, site defacement Hacker • Malicious and non-malicious • Because they can Cyber Criminal • Different levels of sophistication • Scams, information theft, fraud Advanced Persistent Threat • Extremely sophisticated attackers; nation-states • Low & slow, information theft, espionage
  • 4. Application Security Goals onfidentiality ntegrity vailability Information is only available to those who should have access Data is known to be correct and trusted Information is available for use by legitimate users when it is needed
  • 5. Application Security Hierarchy guiding concepts that aid in making security decisions Confidentiality Integrity Availability Goals Mechanisms Principles secure coding techniques