SlideShare a Scribd company logo

Security of internet

Download as PPTX, PDF
O
OWASPKerala

The document discusses the OWASP Foundation, an organization dedicated to application security. It provides information on OWASP's mission to make application security visible, outlines various computer security day activities, describes trends related to internet security like ransomware and steganography, and discusses OWASP's tools, documentation, and projects aimed at improving application security.

Technology
1 of 19
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
The OWASP Foundation http://www.owasp.org Security of the Internet Kerala 2014 Rajesh P Board Member OWASP Kerala Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify the document under the terms of the OWASP License
The OWASP Foundation http://www.owasp.org Computer Security Day Observed on November 30th Started in 1988 Help raise awareness of computer related security issues 2
The OWASP Foundation http://www.owasp.org Computer Security Day Activities • Change your password • Update anti-virus and Check for viruses • Cleanup up your computer and surroundings • Back-up your data • Verify your inventory of computer utilities and packaged software • Monitor Event Logs • Register and pay for all commercial software that is used on your computer 3
The OWASP Foundation http://www.owasp.org - Large-scale intelligence activities targeting Internet communication - Attempts to undermine cryptographic algorithms - People, companies and governments intentionally introduce defects or vulnerabilities (or secret back-doors) compromising the security, trust and integrity of software and applications Trends related to Security in Internet 4
The OWASP Foundation http://www.owasp.org - Deep Web - Firmware - Ransomware - POS Malware - Steganography Trends related to Security in Internet 5 Age of Application Security Age of Network Security Age of Anti- Virus • 3 out of 4 web sites are vulnerable to attacks (Source: Gartner) • 75% of Attacks at the Application Layer (Source: Gartner) • Important % of sales via the Web (Services, Shop On Line, Self-care)
The OWASP Foundation http://www.owasp.orgThe Numbers Cyber Crime: “Second cause of economic crime experienced by the financial services sector” – PwC “Globally, every second, 18 adults become victims of cybercrime” - Norton US - $20.7 billion – (direct losses) Globally 2012 - $110,000,000,000 – direct losses “556 million adults across the world have first-hand experience of cybercrime -- more than the entire population of the European Union.” 6
The OWASP Foundation http://www.owasp.org Target's December 19 disclosure 100+ million payment cards LoyaltyBuild November disclosure 1.5 million + records Snapchat: 4.6 million user records 7
The OWASP Foundation http://www.owasp.org Two weeks of ethical hacking Ten man-years of development An inconvenient truth 8
The OWASP Foundation http://www.owasp.org Make this more difficult: Lets change the application code once a month. 9
The OWASP Foundation http://www.owasp.org Application Code COTS (Commercial off the shelf Outsourced development Sub- Contractors Bespoke outsourced development Bespoke Internal development Third Party API’s Third Party Components & Systems Degrees of trust You may not let some of the people who have developed your code into your offices!! More LESS 10
The OWASP Foundation http://www.owasp.org 2012/13 Study of 31 popular open source libraries - 19.8 million (26%) of the library downloads have known vulnerabilities - Today's applications may use up to 30 or more libraries - 80% of the codebase Dependencies 11
The OWASP Foundation http://www.owasp.org The Open Web Application Security Project (OWASP) is dedicated to finding and fighting the causes of insecure software. The OWASP Foundation is a 501c3 not-for-profit charitable organization that ensures the on going availability and support for our work. Participation in OWASP is free and open to all. Everything here is free and open source and vendor neutral. Main objectives: producing tools, standards and documentations related to Web Application Security. Thousands active members, hundreds of local chapters in the world 12
The OWASP Foundation http://www.owasp.org 13 OWASP Mission To make application security "visible," so that people and organizations can make informed decisions about application security risks
The OWASP Foundation http://www.owasp.org Making Security Visible , through… Documentation Top Ten, Dev. Guide, Design Guide, Testing Guide, … Tools WebGoat, WebScarab, ESAPI, CSRF Guard, Zed Attack Proxy (ZAP), … Working Groups Browser Security, Industry Sectors, Education, Mobile Phone Security, Preventive Security, OWASP Governance Security Community and Awareness Local Chapters, Conferences, Mailing Lists 14 PROTECT DETECT LIFE CYCLE
The OWASP Foundation http://www.owasp.org Body of Knowledge Core Application Security Knowledge Base Acquiring and Building Secure Applications Verifying Application Security Managing Application Security Application Security Tools AppSec Education and CBT Research to Secure New Technologies Principles Threat Agents, Attacks, Vulnerabilities, Impacts, and Countermeasures OWASP Foundation 501c3 OWASP Community Platform (wiki, forums, mailing lists) Projects Chapters AppSecConferences Guide to Building Secure Web Applications and Web Services Guide to Application Security Testing and Guide to Application Security Code Review Tools for Scanning, Testing, Simulating, and Reporting Web Application Security Issues Web Based Learning Environment and Guide for Learning Application Security Guidance and Tools for Measuring and Managing Application Security Research Projects to Figure Out How to Secure the Use of New Technologies (like Ajax) 15
The OWASP Foundation http://www.owasp.org The OWASP Enterprise Security API Custom Enterprise Web Application Enterprise Security API Authenticator User AccessController AccessReferenceMap Validator Encoder HTTPUtilities Encryptor EncryptedProperties Randomizer ExceptionHandling Logger IntrusionDetector SecurityConfiguration Existing Enterprise Security Services/Libraries 16
The OWASP Foundation http://www.owasp.org 17
The OWASP Foundation http://www.owasp.org Please Help OWASP Grow Push us to do better! Be an active contributor Stub articles – wiki contributions New technologies to analyze Be an OWASP member Corporate Members Individual Members Please join us and share what you know! 18 9% 41% 50% OWASP Projects Code Tools Documentation
The OWASP Foundation http://www.owasp.org Thank you! rajesh.nair@owasp.or g https://www.facebook.com/OWASPKerala https://www.twitter.com/owasp_kerala

More Related Content

PDF
NormShieldBrochure
Candan BOLUKBAS
 
PDF
Application Security Trends and Issues
Dedi Dwianto
 
PDF
WhyNormShield
Candan BOLUKBAS
 
PDF
What's Hot In IT - Cybersecurity
Row Murray
 
PDF
NATO Cyber Security Conference: Creating IT-Security Start-Ups
Benjamin Rohé
 
PDF
FINE-TUNE IPS TO DIAL UP SECURITY
SecureData Europe
 
PDF
Exploring DarkWeb For Threat Intelligence (SACON May 2018)
Priyanka Aash
 
PPTX
Three trends in cybersecurity
Alexander Deucalion
 
NormShieldBrochure
Candan BOLUKBAS
 
Application Security Trends and Issues
Dedi Dwianto
 
WhyNormShield
Candan BOLUKBAS
 
What's Hot In IT - Cybersecurity
Row Murray
 
NATO Cyber Security Conference: Creating IT-Security Start-Ups
Benjamin Rohé
 
FINE-TUNE IPS TO DIAL UP SECURITY
SecureData Europe
 
Exploring DarkWeb For Threat Intelligence (SACON May 2018)
Priyanka Aash
 
Three trends in cybersecurity
Alexander Deucalion
 

What's hot (20)

PDF
NTXISSACSC4 - Identity as a Threat Plane Leveraging UEBA and IdA
North Texas Chapter of the ISSA
 
PDF
The Cyber Attack Risk
Skyport Systems
 
DOCX
Why security is the kidney not the tail of the dog v3
Ernest Staats
 
PPTX
Tackling today's cyber security challenges - WISER Services & Solutions
CYBERWISER .eu
 
PPTX
Security Kung Fu: Active Directory Changes
Joshua Berman
 
PDF
Webinar: A deep dive on ransomware
Cyren, Inc
 
PDF
Drainware Corporate
Jose Palanco
 
PPTX
kill-chain-presentation-v3
Shawn Croswell
 
PPTX
Web appsec and it’s 10 best SDLC practices
Potato
 
PDF
IT Security Awareness - How to?
Narinrit Prem-apiwathanokul
 
PPTX
Protect Yourself Against Today's Cybercriminals and Hackers
Kaseya
 
PDF
Active Directory: Modern Threats, Medieval Protection
Skyport Systems
 
PDF
Scalar Customer Case Study: Toronto 2015 Pan Am/Parapan Am Games
Scalar Decisions
 
PDF
The Current ICS Threat Landscape
Dragos, Inc.
 
PDF
Robert Hurlbut - Threat Modeling for Secure Software Design
centralohioissa
 
PDF
Securing Medical Devices Using Adaptive Testing Methodologies
Daniel Miessler
 
PPTX
Boosting IoT Protection: An Enterprise Risk Imperative
National Retail Federation
 
PPTX
Cyber kill chain
Ankita Ganguly
 
PPT
FERMA presentation at Parima conference
FERMA
 
PDF
Information Security Risk Management
ipspat
 
NTXISSACSC4 - Identity as a Threat Plane Leveraging UEBA and IdA
North Texas Chapter of the ISSA
 
The Cyber Attack Risk
Skyport Systems
 
Why security is the kidney not the tail of the dog v3
Ernest Staats
 
Tackling today's cyber security challenges - WISER Services & Solutions
CYBERWISER .eu
 
Security Kung Fu: Active Directory Changes
Joshua Berman
 
Webinar: A deep dive on ransomware
Cyren, Inc
 
Drainware Corporate
Jose Palanco
 
kill-chain-presentation-v3
Shawn Croswell
 
Web appsec and it’s 10 best SDLC practices
Potato
 
IT Security Awareness - How to?
Narinrit Prem-apiwathanokul
 
Protect Yourself Against Today's Cybercriminals and Hackers
Kaseya
 
Active Directory: Modern Threats, Medieval Protection
Skyport Systems
 
Scalar Customer Case Study: Toronto 2015 Pan Am/Parapan Am Games
Scalar Decisions
 
The Current ICS Threat Landscape
Dragos, Inc.
 
Robert Hurlbut - Threat Modeling for Secure Software Design
centralohioissa
 
Securing Medical Devices Using Adaptive Testing Methodologies
Daniel Miessler
 
Boosting IoT Protection: An Enterprise Risk Imperative
National Retail Federation
 
Cyber kill chain
Ankita Ganguly
 
FERMA presentation at Parima conference
FERMA
 
Information Security Risk Management
ipspat
 
Ad

Viewers also liked (7)

PPTX
Observation & interview
leash_
 
PDF
Town and Country Meeting Planner Workbook
Kristin Warnken
 
PDF
Mistakes learners make
Tony Peroukas
 
ODP
Introduction to OWASP & Web Application Security
OWASPKerala
 
PPTX
Java Secure Coding Practices
OWASPKerala
 
PPTX
Comment démarrer sa startup
Youssef Ghalem
 
PPTX
Android pen test basics
OWASPKerala
 
Observation & interview
leash_
 
Town and Country Meeting Planner Workbook
Kristin Warnken
 
Mistakes learners make
Tony Peroukas
 
Introduction to OWASP & Web Application Security
OWASPKerala
 
Java Secure Coding Practices
OWASPKerala
 
Comment démarrer sa startup
Youssef Ghalem
 
Android pen test basics
OWASPKerala
 
Ad

Similar to Security of internet (20)

PPTX
Protección web con ESAPI y AppSensor [GuadalajaraCON 2013]
Websec México
 
PPT
Owasp Serbia overview
Nikola Milosevic
 
PPTX
RSA Europe 2013 OWASP Training
Jim Manico
 
PDF
2014 09-04-pj
Sébastien GIORIA
 
PPTX
Looking Forward… and Beyond - Distinctiveness Through Security Excellence
Ludovic Petit
 
PPTX
Do You... Legal?
Ludovic Petit
 
PPT
Introduction To OWASP
Marco Morana
 
PPTX
Chirita ionel owasp europe tour
Chirita Ionel
 
PDF
OWASP, the life and the universe
Sébastien GIORIA
 
PPTX
Web Application Security
sudip pudasaini
 
PDF
What are the top 10 web security risks?
Jacklin Berry
 
PDF
[1.1] Почему вам стоит поучаствовать в жизни OWASP Russia - Александр Антух
OWASP Russia
 
PDF
Owasp top 10-2017
malvvv
 
PDF
Owasp top 10 2017 (en)
PrashantDhakol
 
PDF
OWASP_Top_10-2017_(en).pdf.pdf
SamSepiolRhodes
 
PPTX
ISACA 2016 Annual Conference SA_State of Risk_Tunde Ogunkoya_DeltaGRiC_Consul...
Tunde Ogunkoya
 
PDF
20160713 2016 the honeynet projct annual workshop focus and global trends
Yi-Lang Tsai
 
PPTX
OWASP Free Training - SF2014 - Keary and Manico
Eoin Keary
 
PPT
OWASP an Introduction
alessiomarziali
 
PPTX
ION Costa Rica Opening Slides
Deploy360 Programme (Internet Society)
 
Protección web con ESAPI y AppSensor [GuadalajaraCON 2013]
Websec México
 
Owasp Serbia overview
Nikola Milosevic
 
RSA Europe 2013 OWASP Training
Jim Manico
 
2014 09-04-pj
Sébastien GIORIA
 
Looking Forward… and Beyond - Distinctiveness Through Security Excellence
Ludovic Petit
 
Do You... Legal?
Ludovic Petit
 
Introduction To OWASP
Marco Morana
 
Chirita ionel owasp europe tour
Chirita Ionel
 
OWASP, the life and the universe
Sébastien GIORIA
 
Web Application Security
sudip pudasaini
 
What are the top 10 web security risks?
Jacklin Berry
 
[1.1] Почему вам стоит поучаствовать в жизни OWASP Russia - Александр Антух
OWASP Russia
 
Owasp top 10-2017
malvvv
 
Owasp top 10 2017 (en)
PrashantDhakol
 
OWASP_Top_10-2017_(en).pdf.pdf
SamSepiolRhodes
 
ISACA 2016 Annual Conference SA_State of Risk_Tunde Ogunkoya_DeltaGRiC_Consul...
Tunde Ogunkoya
 
20160713 2016 the honeynet projct annual workshop focus and global trends
Yi-Lang Tsai
 
OWASP Free Training - SF2014 - Keary and Manico
Eoin Keary
 
OWASP an Introduction
alessiomarziali
 
ION Costa Rica Opening Slides
Deploy360 Programme (Internet Society)
 

Recently uploaded (20)

PPT
“AI and Expert System Decision Support & Business Intelligence Systems”
ZubinRadhakrishnan
 
PDF
Electronic commerce courselecture one. Pdf
OmerMohamed64
 
PDF
Review of recent advances in non-invasive hemoglobin estimation
IAESIJAI
 
PDF
The Rise and Fall of 3GPP – Time for a Sabbatical?
3G4G
 
PDF
Spectral efficient network and resource selection model in 5G networks
IAESIJAI
 
PDF
Architecting across the Boundaries of two Complex Domains - Healthcare & Tech...
Peter Tan
 
PDF
Approach and Philosophy of On baking technology
30anthuong17
 
PDF
KodekX | Application Modernization Development
KodekX
 
PDF
Agricultural_Statistics_at_a_Glance_2022_0.pdf
SandeepSingh286037
 
PDF
Mobile App Security Testing_ A Comprehensive Guide.pdf
flufftailshop
 
PDF
7 ChatGPT Prompts to Help You Define Your Ideal Customer Profile.pdf
SOFTTECHHUB
 
PDF
NewMind AI Weekly Chronicles - August'25 Week I
NewMind AI
 
PDF
Encapsulation theory and applications.pdf
gurumoop
 
PDF
Network Security Unit 5.pdf for BCA BBA.
Serpent6
 
PPTX
MYSQL Presentation for SQL database connectivity
Swati270511
 
PDF
How UI/UX Design Impacts User Retention in Mobile Apps.pdf
SynapseIndia
 
PPTX
Understanding_Digital_Forensics_Presentation.pptx
ImranKhan423233
 
PDF
Dropbox Q2 2025 Financial Results & Investor Presentation
Dropbox
 
PDF
Profit Center Accounting in SAP S/4HANA, S4F28 Col11
Libreria ERP
 
PDF
Per capita expenditure prediction using model stacking based on satellite ima...
IAESIJAI
 
“AI and Expert System Decision Support & Business Intelligence Systems”
ZubinRadhakrishnan
 
Electronic commerce courselecture one. Pdf
OmerMohamed64
 
Review of recent advances in non-invasive hemoglobin estimation
IAESIJAI
 
The Rise and Fall of 3GPP – Time for a Sabbatical?
3G4G
 
Spectral efficient network and resource selection model in 5G networks
IAESIJAI
 
Architecting across the Boundaries of two Complex Domains - Healthcare & Tech...
Peter Tan
 
Approach and Philosophy of On baking technology
30anthuong17
 
KodekX | Application Modernization Development
KodekX
 
Agricultural_Statistics_at_a_Glance_2022_0.pdf
SandeepSingh286037
 
Mobile App Security Testing_ A Comprehensive Guide.pdf
flufftailshop
 
7 ChatGPT Prompts to Help You Define Your Ideal Customer Profile.pdf
SOFTTECHHUB
 
NewMind AI Weekly Chronicles - August'25 Week I
NewMind AI
 
Encapsulation theory and applications.pdf
gurumoop
 
Network Security Unit 5.pdf for BCA BBA.
Serpent6
 
MYSQL Presentation for SQL database connectivity
Swati270511
 
How UI/UX Design Impacts User Retention in Mobile Apps.pdf
SynapseIndia
 
Understanding_Digital_Forensics_Presentation.pptx
ImranKhan423233
 
Dropbox Q2 2025 Financial Results & Investor Presentation
Dropbox
 
Profit Center Accounting in SAP S/4HANA, S4F28 Col11
Libreria ERP
 
Per capita expenditure prediction using model stacking based on satellite ima...
IAESIJAI
 

Security of internet

  • 1. The OWASP Foundation http://www.owasp.org Security of the Internet Kerala 2014 Rajesh P Board Member OWASP Kerala Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify the document under the terms of the OWASP License
  • 2. The OWASP Foundation http://www.owasp.org Computer Security Day Observed on November 30th Started in 1988 Help raise awareness of computer related security issues 2
  • 3. The OWASP Foundation http://www.owasp.org Computer Security Day Activities • Change your password • Update anti-virus and Check for viruses • Cleanup up your computer and surroundings • Back-up your data • Verify your inventory of computer utilities and packaged software • Monitor Event Logs • Register and pay for all commercial software that is used on your computer 3
  • 4. The OWASP Foundation http://www.owasp.org - Large-scale intelligence activities targeting Internet communication - Attempts to undermine cryptographic algorithms - People, companies and governments intentionally introduce defects or vulnerabilities (or secret back-doors) compromising the security, trust and integrity of software and applications Trends related to Security in Internet 4
  • 5. The OWASP Foundation http://www.owasp.org - Deep Web - Firmware - Ransomware - POS Malware - Steganography Trends related to Security in Internet 5 Age of Application Security Age of Network Security Age of Anti- Virus • 3 out of 4 web sites are vulnerable to attacks (Source: Gartner) • 75% of Attacks at the Application Layer (Source: Gartner) • Important % of sales via the Web (Services, Shop On Line, Self-care)
  • 6. The OWASP Foundation http://www.owasp.orgThe Numbers Cyber Crime: “Second cause of economic crime experienced by the financial services sector” – PwC “Globally, every second, 18 adults become victims of cybercrime” - Norton US - $20.7 billion – (direct losses) Globally 2012 - $110,000,000,000 – direct losses “556 million adults across the world have first-hand experience of cybercrime -- more than the entire population of the European Union.” 6
  • 7. The OWASP Foundation http://www.owasp.org Target's December 19 disclosure 100+ million payment cards LoyaltyBuild November disclosure 1.5 million + records Snapchat: 4.6 million user records 7
  • 8. The OWASP Foundation http://www.owasp.org Two weeks of ethical hacking Ten man-years of development An inconvenient truth 8
  • 9. The OWASP Foundation http://www.owasp.org Make this more difficult: Lets change the application code once a month. 9
  • 10. The OWASP Foundation http://www.owasp.org Application Code COTS (Commercial off the shelf Outsourced development Sub- Contractors Bespoke outsourced development Bespoke Internal development Third Party API’s Third Party Components & Systems Degrees of trust You may not let some of the people who have developed your code into your offices!! More LESS 10
  • 11. The OWASP Foundation http://www.owasp.org 2012/13 Study of 31 popular open source libraries - 19.8 million (26%) of the library downloads have known vulnerabilities - Today's applications may use up to 30 or more libraries - 80% of the codebase Dependencies 11
  • 12. The OWASP Foundation http://www.owasp.org The Open Web Application Security Project (OWASP) is dedicated to finding and fighting the causes of insecure software. The OWASP Foundation is a 501c3 not-for-profit charitable organization that ensures the on going availability and support for our work. Participation in OWASP is free and open to all. Everything here is free and open source and vendor neutral. Main objectives: producing tools, standards and documentations related to Web Application Security. Thousands active members, hundreds of local chapters in the world 12
  • 13. The OWASP Foundation http://www.owasp.org 13 OWASP Mission To make application security "visible," so that people and organizations can make informed decisions about application security risks
  • 14. The OWASP Foundation http://www.owasp.org Making Security Visible , through… Documentation Top Ten, Dev. Guide, Design Guide, Testing Guide, … Tools WebGoat, WebScarab, ESAPI, CSRF Guard, Zed Attack Proxy (ZAP), … Working Groups Browser Security, Industry Sectors, Education, Mobile Phone Security, Preventive Security, OWASP Governance Security Community and Awareness Local Chapters, Conferences, Mailing Lists 14 PROTECT DETECT LIFE CYCLE
  • 15. The OWASP Foundation http://www.owasp.org Body of Knowledge Core Application Security Knowledge Base Acquiring and Building Secure Applications Verifying Application Security Managing Application Security Application Security Tools AppSec Education and CBT Research to Secure New Technologies Principles Threat Agents, Attacks, Vulnerabilities, Impacts, and Countermeasures OWASP Foundation 501c3 OWASP Community Platform (wiki, forums, mailing lists) Projects Chapters AppSecConferences Guide to Building Secure Web Applications and Web Services Guide to Application Security Testing and Guide to Application Security Code Review Tools for Scanning, Testing, Simulating, and Reporting Web Application Security Issues Web Based Learning Environment and Guide for Learning Application Security Guidance and Tools for Measuring and Managing Application Security Research Projects to Figure Out How to Secure the Use of New Technologies (like Ajax) 15
  • 16. The OWASP Foundation http://www.owasp.org The OWASP Enterprise Security API Custom Enterprise Web Application Enterprise Security API Authenticator User AccessController AccessReferenceMap Validator Encoder HTTPUtilities Encryptor EncryptedProperties Randomizer ExceptionHandling Logger IntrusionDetector SecurityConfiguration Existing Enterprise Security Services/Libraries 16
  • 18. The OWASP Foundation http://www.owasp.org Please Help OWASP Grow Push us to do better! Be an active contributor Stub articles – wiki contributions New technologies to analyze Be an OWASP member Corporate Members Individual Members Please join us and share what you know! 18 9% 41% 50% OWASP Projects Code Tools Documentation
  • 19. The OWASP Foundation http://www.owasp.org Thank you! rajesh.nair@owasp.or g https://www.facebook.com/OWASPKerala https://www.twitter.com/owasp_kerala