SlideShare une entreprise Scribd logo

Security of Web Servers and Web Applications

Télécharger en tant que PPT, PDF
Amir Neziri
Amir Neziri

Presentation for Software Freedom Kosova Conference 2011

FormationTechnologie
1  sur  47
IT-Security Security of Web Servers and Web Applications Software Freedom Kosova 2011
Who‘s Talking? ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],11/06/2011 | Software Freedom Kosova 2011 | Security of Web Servers and Web Applications |Amir Neziri
Security of Web Servers and Web Applications ,[object Object],11/06/2011 | Software Freedom Kosova 2011 | Security of Web Servers and Web Applications |Amir Neziri
Motivation – Political Damage 11/06/2011 | Software Freedom Kosova 2011 | Security of Web Servers and Web Applications |Amir Neziri
Motivation – Political Damage 11/06/2011 | Software Freedom Kosova 2011 | Security of Web Servers and Web Applications |Amir Neziri
… another shocking news 11/06/2011 | Software Freedom Kosova 2011 | Security of Web Servers and Web Applications |Amir Neziri
… another shocking news 11/06/2011 | Software Freedom Kosova 2011 | Security of Web Servers and Web Applications |Amir Neziri
Motivation – Political Damage 11/06/2011 | Software Freedom Kosova 2011 | Security of Web Servers and Web Applications |Amir Neziri
Motivation – Economic Damage 11/06/2011 | Software Freedom Kosova 2011 | Security of Web Servers and Web Applications |Amir Neziri
Motivation – Economic Damage 11/06/2011 | Software Freedom Kosova 2011 | Security of Web Servers and Web Applications |Amir Neziri
So…. ,[object Object],11/06/2011 | Software Freedom Kosova 2011 | Security of Web Servers and Web Applications |Amir Neziri NO!
Agenda ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],11/06/2011 | Software Freedom Kosova 2011 | Security of Web Servers and Web Applications |Amir Neziri
Components & Architecture 11/06/2011 | Software Freedom Kosova 2011 | Security of Web Servers and Web Applications |Amir Neziri
Security Attacks 11/06/2011 | Software Freedom Kosova 2011 | Security of Web Servers and Web Applications |Amir Neziri
Security Attacks 11/06/2011 | Software Freedom Kosova 2011 | Security of Web Servers and Web Applications |Amir Neziri
Security Attacks 11/06/2011 | Software Freedom Kosova 2011 | Security of Web Servers and Web Applications |Amir Neziri
Security Attacks 11/06/2011 | Software Freedom Kosova 2011 | Security of Web Servers and Web Applications |Amir Neziri
Security Attacks 11/06/2011 | Software Freedom Kosova 2011 | Security of Web Servers and Web Applications |Amir Neziri
Security Attacks 11/06/2011 | Software Freedom Kosova 2011 | Security of Web Servers and Web Applications |Amir Neziri
Defenses 11/06/2011 | Software Freedom Kosova 2011 | Security of Web Servers and Web Applications |Amir Neziri Source: http://www.trigonit.com/tech-blog/bid/57835/IT-Support-Wireless-Network-Security-Secure-Encrypt-and-Be-Safe
Securing the operating system ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],11/06/2011 | Software Freedom Kosova 2011 | Security of Web Servers and Web Applications |Amir Neziri
Security is a Process 11/06/2011 | Software Freedom Kosova 2011 | Security of Web Servers and Web Applications |Amir Neziri
Example: Linux Systems 11/06/2011 | Software Freedom Kosova 2011 | Security of Web Servers and Web Applications |Amir Neziri
Example: Linux Systems 11/06/2011 | Software Freedom Kosova 2011 | Security of Web Servers and Web Applications |Amir Neziri
Linux Systems - Installation ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],11/06/2011 | Software Freedom Kosova 2011 | Security of Web Servers and Web Applications |Amir Neziri
Example: Linux Systems 11/06/2011 | Software Freedom Kosova 2011 | Security of Web Servers and Web Applications |Amir Neziri
Linux Systems - Configuration ,[object Object],[object Object],[object Object],[object Object],11/06/2011 | Software Freedom Kosova 2011 | Security of Web Servers and Web Applications |Amir Neziri
Linux Systems - Configuration ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],11/06/2011 | Software Freedom Kosova 2011 | Security of Web Servers and Web Applications |Amir Neziri
Example: Linux Systems 11/06/2011 | Software Freedom Kosova 2011 | Security of Web Servers and Web Applications |Amir Neziri
Linux Systems – Maintenance / Updates ,[object Object],[object Object],[object Object],[object Object],[object Object],11/06/2011 | Software Freedom Kosova 2011 | Security of Web Servers and Web Applications |Amir Neziri
Example: Linux Systems 11/06/2011 | Software Freedom Kosova 2011 | Security of Web Servers and Web Applications |Amir Neziri
Linux Systems - Monitoring ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],11/06/2011 | Software Freedom Kosova 2011 | Security of Web Servers and Web Applications |Amir Neziri
Linux Systems - Monitoring ,[object Object],[object Object],[object Object],[object Object],[object Object],11/06/2011 | Software Freedom Kosova 2011 | Security of Web Servers and Web Applications |Amir Neziri
Securing Web-Server – Main Steps ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],11/06/2011 | Software Freedom Kosova 2011 | Security of Web Servers and Web Applications |Amir Neziri
Securing Web-Server – Main Steps ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],11/06/2011 | Software Freedom Kosova 2011 | Security of Web Servers and Web Applications |Amir Neziri Source: http://www.howtomonster.com/2007/08/12/how-to-restrict-access-to-a-web-site-folder/
Access Control - .htaccess ,[object Object],[object Object],[object Object],[object Object],11/06/2011 | Software Freedom Kosova 2011 | Security of Web Servers and Web Applications |Amir Neziri
Access Control ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],11/06/2011 | Software Freedom Kosova 2011 | Security of Web Servers and Web Applications |Amir Neziri
Web Application Security ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],11/06/2011 | Software Freedom Kosova 2011 | Security of Web Servers and Web Applications |Amir Neziri
www.exploit-db.com/webapps/ 11/06/2011 | Software Freedom Kosova 2011 | Security of Web Servers and Web Applications |Amir Neziri
Web Application Security ,[object Object],[object Object],11/06/2011 | Software Freedom Kosova 2011 | Security of Web Servers and Web Applications |Amir Neziri Source: http://cwe.mitre.org/top25/
Web Application Security ,[object Object],[object Object],11/06/2011 | Software Freedom Kosova 2011 | Security of Web Servers and Web Applications |Amir Neziri ,[object Object]
Web Application Security ,[object Object],11/06/2011 | Software Freedom Kosova 2011 | Security of Web Servers and Web Applications |Amir Neziri Source: https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project
Web Application Security - BackTrack ,[object Object],[object Object],[object Object],11/06/2011 | Software Freedom Kosova 2011 | Security of Web Servers and Web Applications |Amir Neziri Source: http://www.backtrack-linux.org/screenshots/
Web Application Security - BackTrack ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],11/06/2011 | Software Freedom Kosova 2011 | Security of Web Servers and Web Applications |Amir Neziri
Take Home Message ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],11/06/2011 | Software Freedom Kosova 2011 | Security of Web Servers and Web Applications |Amir Neziri
Questions??? 11/06/2011 | Software Freedom Kosova 2011 | Security of Web Servers and Web Applications |Amir Neziri
11/06/2011 | Software Freedom Kosova 2011 | Security of Web Servers and Web Applications |Amir Neziri

Recommandé

Web browser
Web browserWeb browser
Web browserHardik Kakadiya
 
Web Browsers
Web BrowsersWeb Browsers
Web BrowsersNeha Sharma
 
Security Operation Center - Design & Build
Security Operation Center - Design & BuildSecurity Operation Center - Design & Build
Security Operation Center - Design & BuildSameer Paradia
 
Browser Security
Browser SecurityBrowser Security
Browser SecurityRoberto Suggi Liverani
 
Slideshare ppt
Slideshare pptSlideshare ppt
Slideshare pptMandy Suzanne
 
DataMindsConnect2018_SECDEVOPS
DataMindsConnect2018_SECDEVOPSDataMindsConnect2018_SECDEVOPS
DataMindsConnect2018_SECDEVOPSTobias Koprowski
 
Writing an (in)secure webapp in 3 easy steps
Writing an (in)secure webapp in 3 easy stepsWriting an (in)secure webapp in 3 easy steps
Writing an (in)secure webapp in 3 easy stepsAdam Baldwin
 
4 Steps to Optimal Endpoint Settings
4 Steps to Optimal Endpoint Settings4 Steps to Optimal Endpoint Settings
4 Steps to Optimal Endpoint SettingsSophos
 

Recommandé

Web browser
Web browserWeb browser
Web browserHardik Kakadiya
 
Web Browsers
Web BrowsersWeb Browsers
Web BrowsersNeha Sharma
 
Security Operation Center - Design & Build
Security Operation Center - Design & BuildSecurity Operation Center - Design & Build
Security Operation Center - Design & BuildSameer Paradia
 
Browser Security
Browser SecurityBrowser Security
Browser SecurityRoberto Suggi Liverani
 
Slideshare ppt
Slideshare pptSlideshare ppt
Slideshare pptMandy Suzanne
 
DataMindsConnect2018_SECDEVOPS
DataMindsConnect2018_SECDEVOPSDataMindsConnect2018_SECDEVOPS
DataMindsConnect2018_SECDEVOPSTobias Koprowski
 
Writing an (in)secure webapp in 3 easy steps
Writing an (in)secure webapp in 3 easy stepsWriting an (in)secure webapp in 3 easy steps
Writing an (in)secure webapp in 3 easy stepsAdam Baldwin
 
4 Steps to Optimal Endpoint Settings
4 Steps to Optimal Endpoint Settings4 Steps to Optimal Endpoint Settings
4 Steps to Optimal Endpoint SettingsSophos
 
Track f evolving trusted platforms - arm
Track f evolving trusted platforms - armTrack f evolving trusted platforms - arm
Track f evolving trusted platforms - armchiportal
 
BEST PRACTICES OF WEB APPLICATION SECURITY By SAMVEL GEVORGYAN
BEST PRACTICES OF WEB APPLICATION SECURITY By SAMVEL GEVORGYANBEST PRACTICES OF WEB APPLICATION SECURITY By SAMVEL GEVORGYAN
BEST PRACTICES OF WEB APPLICATION SECURITY By SAMVEL GEVORGYANSamvel Gevorgyan
 
Browser Security – Issues and Best Practices1Outli
Browser Security – Issues and Best Practices1OutliBrowser Security – Issues and Best Practices1Outli
Browser Security – Issues and Best Practices1OutliVannaSchrader3
 
A Closer Look at Isolation: Hype or Next Gen Security?
A Closer Look at Isolation: Hype or Next Gen Security?A Closer Look at Isolation: Hype or Next Gen Security?
A Closer Look at Isolation: Hype or Next Gen Security?MenloSecurity
 
Moving Rich Internet Applications into the Cloud: Seven Challenges
Moving Rich Internet Applications into the Cloud: Seven ChallengesMoving Rich Internet Applications into the Cloud: Seven Challenges
Moving Rich Internet Applications into the Cloud: Seven Challengesmatiasbagini
 
Introduction to (web) APIs - definitions, examples, concepts and trends
Introduction to (web) APIs - definitions, examples, concepts and trendsIntroduction to (web) APIs - definitions, examples, concepts and trends
Introduction to (web) APIs - definitions, examples, concepts and trendsOlaf Janssen
 
The Year the Internet Fell Apart
The Year the Internet Fell ApartThe Year the Internet Fell Apart
The Year the Internet Fell ApartIBM Security
 
Get Ready for Web Application Security Testing
Get Ready for Web Application Security TestingGet Ready for Web Application Security Testing
Get Ready for Web Application Security TestingAlan Kan
 
Web Security and Network Security
Web Security and Network SecurityWeb Security and Network Security
Web Security and Network Securitycrussell79
 
CHap 13 and 12winsec3e_ppt_ch12(1).pptxSecurity Strategies
CHap 13 and 12winsec3e_ppt_ch12(1).pptxSecurity Strategies CHap 13 and 12winsec3e_ppt_ch12(1).pptxSecurity Strategies
CHap 13 and 12winsec3e_ppt_ch12(1).pptxSecurity Strategies MorganLudwig40
 
Secure Elements in Web Applications
Secure Elements in Web ApplicationsSecure Elements in Web Applications
Secure Elements in Web ApplicationsOlivier Potonniée
 
Xen Overview Q3 2009
Xen Overview Q3 2009Xen Overview Q3 2009
Xen Overview Q3 2009The Linux Foundation
 
Securing Servers in Public and Hybrid Clouds
Securing Servers in Public and Hybrid CloudsSecuring Servers in Public and Hybrid Clouds
Securing Servers in Public and Hybrid CloudsRightScale
 
J web socket
J web socketJ web socket
J web socketHiroshi Ochi
 
WebSockets - Boosting Web Communication - SDC 2011
WebSockets - Boosting Web Communication - SDC 2011WebSockets - Boosting Web Communication - SDC 2011
WebSockets - Boosting Web Communication - SDC 2011Innotrade GmbH, jWebSocket.org, Alexander Schulze
 
Web Application Testing for Today’s Biggest and Emerging Threats
Web Application Testing for Today’s Biggest and Emerging ThreatsWeb Application Testing for Today’s Biggest and Emerging Threats
Web Application Testing for Today’s Biggest and Emerging ThreatsAlan Kan
 
Presentacion Palo Alto Networks
Presentacion Palo Alto NetworksPresentacion Palo Alto Networks
Presentacion Palo Alto NetworksLaurent Daudré-Vignier
 
Web Services Presentation - Introduction, Vulnerabilities, & Countermeasures
Web Services Presentation - Introduction, Vulnerabilities, & CountermeasuresWeb Services Presentation - Introduction, Vulnerabilities, & Countermeasures
Web Services Presentation - Introduction, Vulnerabilities, & CountermeasuresPraetorian
 
Application security in current era
Application security in current eraApplication security in current era
Application security in current eraajitdhumale
 
ITCamp 2018 - Tobiasz Koprowski - SECDEV(OPS). How to Brace Your IT Security.
ITCamp 2018 - Tobiasz Koprowski - SECDEV(OPS). How to Brace Your IT Security.ITCamp 2018 - Tobiasz Koprowski - SECDEV(OPS). How to Brace Your IT Security.
ITCamp 2018 - Tobiasz Koprowski - SECDEV(OPS). How to Brace Your IT Security.ITCamp
 
Secure Mobile Cloud Service for personal data with web frontend based on HTML5
Secure Mobile Cloud Service for personal data with web frontend based on HTML5Secure Mobile Cloud Service for personal data with web frontend based on HTML5
Secure Mobile Cloud Service for personal data with web frontend based on HTML5Amir Neziri
 
Quellcode Analyse
Quellcode AnalyseQuellcode Analyse
Quellcode AnalyseAmir Neziri
 

Contenu connexe

Similaire à Security of Web Servers and Web Applications

Track f evolving trusted platforms - arm
Track f evolving trusted platforms - armTrack f evolving trusted platforms - arm
Track f evolving trusted platforms - armchiportal
 
BEST PRACTICES OF WEB APPLICATION SECURITY By SAMVEL GEVORGYAN
BEST PRACTICES OF WEB APPLICATION SECURITY By SAMVEL GEVORGYANBEST PRACTICES OF WEB APPLICATION SECURITY By SAMVEL GEVORGYAN
BEST PRACTICES OF WEB APPLICATION SECURITY By SAMVEL GEVORGYANSamvel Gevorgyan
 
Browser Security – Issues and Best Practices1Outli
Browser Security – Issues and Best Practices1OutliBrowser Security – Issues and Best Practices1Outli
Browser Security – Issues and Best Practices1OutliVannaSchrader3
 
A Closer Look at Isolation: Hype or Next Gen Security?
A Closer Look at Isolation: Hype or Next Gen Security?A Closer Look at Isolation: Hype or Next Gen Security?
A Closer Look at Isolation: Hype or Next Gen Security?MenloSecurity
 
Moving Rich Internet Applications into the Cloud: Seven Challenges
Moving Rich Internet Applications into the Cloud: Seven ChallengesMoving Rich Internet Applications into the Cloud: Seven Challenges
Moving Rich Internet Applications into the Cloud: Seven Challengesmatiasbagini
 
Introduction to (web) APIs - definitions, examples, concepts and trends
Introduction to (web) APIs - definitions, examples, concepts and trendsIntroduction to (web) APIs - definitions, examples, concepts and trends
Introduction to (web) APIs - definitions, examples, concepts and trendsOlaf Janssen
 
The Year the Internet Fell Apart
The Year the Internet Fell ApartThe Year the Internet Fell Apart
The Year the Internet Fell ApartIBM Security
 
Get Ready for Web Application Security Testing
Get Ready for Web Application Security TestingGet Ready for Web Application Security Testing
Get Ready for Web Application Security TestingAlan Kan
 
Web Security and Network Security
Web Security and Network SecurityWeb Security and Network Security
Web Security and Network Securitycrussell79
 
CHap 13 and 12winsec3e_ppt_ch12(1).pptxSecurity Strategies
CHap 13 and 12winsec3e_ppt_ch12(1).pptxSecurity Strategies CHap 13 and 12winsec3e_ppt_ch12(1).pptxSecurity Strategies
CHap 13 and 12winsec3e_ppt_ch12(1).pptxSecurity Strategies MorganLudwig40
 
Secure Elements in Web Applications
Secure Elements in Web ApplicationsSecure Elements in Web Applications
Secure Elements in Web ApplicationsOlivier Potonniée
 
Securing Servers in Public and Hybrid Clouds
Securing Servers in Public and Hybrid CloudsSecuring Servers in Public and Hybrid Clouds
Securing Servers in Public and Hybrid CloudsRightScale
 
Web Application Testing for Today’s Biggest and Emerging Threats
Web Application Testing for Today’s Biggest and Emerging ThreatsWeb Application Testing for Today’s Biggest and Emerging Threats
Web Application Testing for Today’s Biggest and Emerging ThreatsAlan Kan
 
Web Services Presentation - Introduction, Vulnerabilities, & Countermeasures
Web Services Presentation - Introduction, Vulnerabilities, & CountermeasuresWeb Services Presentation - Introduction, Vulnerabilities, & Countermeasures
Web Services Presentation - Introduction, Vulnerabilities, & CountermeasuresPraetorian
 
Application security in current era
Application security in current eraApplication security in current era
Application security in current eraajitdhumale
 
ITCamp 2018 - Tobiasz Koprowski - SECDEV(OPS). How to Brace Your IT Security.
ITCamp 2018 - Tobiasz Koprowski - SECDEV(OPS). How to Brace Your IT Security.ITCamp 2018 - Tobiasz Koprowski - SECDEV(OPS). How to Brace Your IT Security.
ITCamp 2018 - Tobiasz Koprowski - SECDEV(OPS). How to Brace Your IT Security.ITCamp
 

Similaire à Security of Web Servers and Web Applications (20)

Track f evolving trusted platforms - arm
Track f evolving trusted platforms - armTrack f evolving trusted platforms - arm
Track f evolving trusted platforms - arm
 
BEST PRACTICES OF WEB APPLICATION SECURITY By SAMVEL GEVORGYAN
BEST PRACTICES OF WEB APPLICATION SECURITY By SAMVEL GEVORGYANBEST PRACTICES OF WEB APPLICATION SECURITY By SAMVEL GEVORGYAN
BEST PRACTICES OF WEB APPLICATION SECURITY By SAMVEL GEVORGYAN
 
Browser Security – Issues and Best Practices1Outli
Browser Security – Issues and Best Practices1OutliBrowser Security – Issues and Best Practices1Outli
Browser Security – Issues and Best Practices1Outli
 
A Closer Look at Isolation: Hype or Next Gen Security?
A Closer Look at Isolation: Hype or Next Gen Security?A Closer Look at Isolation: Hype or Next Gen Security?
A Closer Look at Isolation: Hype or Next Gen Security?
 
Moving Rich Internet Applications into the Cloud: Seven Challenges
Moving Rich Internet Applications into the Cloud: Seven ChallengesMoving Rich Internet Applications into the Cloud: Seven Challenges
Moving Rich Internet Applications into the Cloud: Seven Challenges
 
Introduction to (web) APIs - definitions, examples, concepts and trends
Introduction to (web) APIs - definitions, examples, concepts and trendsIntroduction to (web) APIs - definitions, examples, concepts and trends
Introduction to (web) APIs - definitions, examples, concepts and trends
 
The Year the Internet Fell Apart
The Year the Internet Fell ApartThe Year the Internet Fell Apart
The Year the Internet Fell Apart
 
Get Ready for Web Application Security Testing
Get Ready for Web Application Security TestingGet Ready for Web Application Security Testing
Get Ready for Web Application Security Testing
 
Web Security and Network Security
Web Security and Network SecurityWeb Security and Network Security
Web Security and Network Security
 
CHap 13 and 12winsec3e_ppt_ch12(1).pptxSecurity Strategies
CHap 13 and 12winsec3e_ppt_ch12(1).pptxSecurity Strategies CHap 13 and 12winsec3e_ppt_ch12(1).pptxSecurity Strategies
CHap 13 and 12winsec3e_ppt_ch12(1).pptxSecurity Strategies
 
Secure Elements in Web Applications
Secure Elements in Web ApplicationsSecure Elements in Web Applications
Secure Elements in Web Applications
 
Xen Overview Q3 2009
Xen Overview Q3 2009Xen Overview Q3 2009
Xen Overview Q3 2009
 
Securing Servers in Public and Hybrid Clouds
Securing Servers in Public and Hybrid CloudsSecuring Servers in Public and Hybrid Clouds
Securing Servers in Public and Hybrid Clouds
 
J web socket
J web socketJ web socket
J web socket
 
WebSockets - Boosting Web Communication - SDC 2011
WebSockets - Boosting Web Communication - SDC 2011WebSockets - Boosting Web Communication - SDC 2011
WebSockets - Boosting Web Communication - SDC 2011
 
Web Application Testing for Today’s Biggest and Emerging Threats
Web Application Testing for Today’s Biggest and Emerging ThreatsWeb Application Testing for Today’s Biggest and Emerging Threats
Web Application Testing for Today’s Biggest and Emerging Threats
 
Presentacion Palo Alto Networks
Presentacion Palo Alto NetworksPresentacion Palo Alto Networks
Presentacion Palo Alto Networks
 
Web Services Presentation - Introduction, Vulnerabilities, & Countermeasures
Web Services Presentation - Introduction, Vulnerabilities, & CountermeasuresWeb Services Presentation - Introduction, Vulnerabilities, & Countermeasures
Web Services Presentation - Introduction, Vulnerabilities, & Countermeasures
 
Application security in current era
Application security in current eraApplication security in current era
Application security in current era
 
ITCamp 2018 - Tobiasz Koprowski - SECDEV(OPS). How to Brace Your IT Security.
ITCamp 2018 - Tobiasz Koprowski - SECDEV(OPS). How to Brace Your IT Security.ITCamp 2018 - Tobiasz Koprowski - SECDEV(OPS). How to Brace Your IT Security.
ITCamp 2018 - Tobiasz Koprowski - SECDEV(OPS). How to Brace Your IT Security.
 

Plus de Amir Neziri

Secure Mobile Cloud Service for personal data with web frontend based on HTML5
Secure Mobile Cloud Service for personal data with web frontend based on HTML5Secure Mobile Cloud Service for personal data with web frontend based on HTML5
Secure Mobile Cloud Service for personal data with web frontend based on HTML5Amir Neziri
 
Quellcode Analyse
Quellcode AnalyseQuellcode Analyse
Quellcode AnalyseAmir Neziri
 
Privacy and identity management for everyone
Privacy and identity management for everyonePrivacy and identity management for everyone
Privacy and identity management for everyoneAmir Neziri
 
Sichere Handy-Ortung zur Unterstützung des Katastrophenmanagements auf Basis ...
Sichere Handy-Ortung zur Unterstützung des Katastrophenmanagements auf Basis ...Sichere Handy-Ortung zur Unterstützung des Katastrophenmanagements auf Basis ...
Sichere Handy-Ortung zur Unterstützung des Katastrophenmanagements auf Basis ...Amir Neziri
 
Software(runtime) attacks
Software(runtime) attacksSoftware(runtime) attacks
Software(runtime) attacksAmir Neziri
 
Electronic credentials
Electronic credentialsElectronic credentials
Electronic credentialsAmir Neziri
 
Introduction to cryptography
Introduction to cryptographyIntroduction to cryptography
Introduction to cryptographyAmir Neziri
 

Plus de Amir Neziri (7)

Secure Mobile Cloud Service for personal data with web frontend based on HTML5
Secure Mobile Cloud Service for personal data with web frontend based on HTML5Secure Mobile Cloud Service for personal data with web frontend based on HTML5
Secure Mobile Cloud Service for personal data with web frontend based on HTML5
 
Quellcode Analyse
Quellcode AnalyseQuellcode Analyse
Quellcode Analyse
 
Privacy and identity management for everyone
Privacy and identity management for everyonePrivacy and identity management for everyone
Privacy and identity management for everyone
 
Sichere Handy-Ortung zur Unterstützung des Katastrophenmanagements auf Basis ...
Sichere Handy-Ortung zur Unterstützung des Katastrophenmanagements auf Basis ...Sichere Handy-Ortung zur Unterstützung des Katastrophenmanagements auf Basis ...
Sichere Handy-Ortung zur Unterstützung des Katastrophenmanagements auf Basis ...
 
Software(runtime) attacks
Software(runtime) attacksSoftware(runtime) attacks
Software(runtime) attacks
 
Electronic credentials
Electronic credentialsElectronic credentials
Electronic credentials
 
Introduction to cryptography
Introduction to cryptographyIntroduction to cryptography
Introduction to cryptography
 

Dernier

How to do quick user assign in kanban in Odoo 17 ERP
How to do quick user assign in kanban in Odoo 17 ERPHow to do quick user assign in kanban in Odoo 17 ERP
How to do quick user assign in kanban in Odoo 17 ERPCeline George
 
THEORIES OF ORGANIZATION-PUBLIC ADMINISTRATION
THEORIES OF ORGANIZATION-PUBLIC ADMINISTRATIONTHEORIES OF ORGANIZATION-PUBLIC ADMINISTRATION
THEORIES OF ORGANIZATION-PUBLIC ADMINISTRATIONHumphrey A Beña
 
Transaction Management in Database Management System
Transaction Management in Database Management SystemTransaction Management in Database Management System
Transaction Management in Database Management SystemChristalin Nelson
 
ACC 2024 Chronicles. Cardiology. Exam.pdf
ACC 2024 Chronicles. Cardiology. Exam.pdfACC 2024 Chronicles. Cardiology. Exam.pdf
ACC 2024 Chronicles. Cardiology. Exam.pdfSpandanaRallapalli
 
Judging the Relevance and worth of ideas part 2.pptx
Judging the Relevance and worth of ideas part 2.pptxJudging the Relevance and worth of ideas part 2.pptx
Judging the Relevance and worth of ideas part 2.pptxSherlyMaeNeri
 
Difference Between Search & Browse Methods in Odoo 17
Difference Between Search & Browse Methods in Odoo 17Difference Between Search & Browse Methods in Odoo 17
Difference Between Search & Browse Methods in Odoo 17Celine George
 
MULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptx
MULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptxMULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptx
MULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptxAnupkumar Sharma
 
Concurrency Control in Database Management system
Concurrency Control in Database Management systemConcurrency Control in Database Management system
Concurrency Control in Database Management systemChristalin Nelson
 
Earth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice greatEarth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice greatYousafMalik24
 
Global Lehigh Strategic Initiatives (without descriptions)
Global Lehigh Strategic Initiatives (without descriptions)Global Lehigh Strategic Initiatives (without descriptions)
Global Lehigh Strategic Initiatives (without descriptions)cama23
 
AUDIENCE THEORY -CULTIVATION THEORY - GERBNER.pptx
AUDIENCE THEORY -CULTIVATION THEORY - GERBNER.pptxAUDIENCE THEORY -CULTIVATION THEORY - GERBNER.pptx
AUDIENCE THEORY -CULTIVATION THEORY - GERBNER.pptxiammrhaywood
 
ANG SEKTOR NG agrikultura.pptx QUARTER 4
ANG SEKTOR NG agrikultura.pptx QUARTER 4ANG SEKTOR NG agrikultura.pptx QUARTER 4
ANG SEKTOR NG agrikultura.pptx QUARTER 4MiaBumagat1
 
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️9953056974 Low Rate Call Girls In Saket, Delhi NCR
 
Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...Jisc
 
ISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITY
ISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITYISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITY
ISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITYKayeClaireEstoconing
 
USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...
USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...
USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...Postal Advocate Inc.
 
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...JhezDiaz1
 
Visit to a blind student's school🧑‍🦯🧑‍🦯(community medicine)
Visit to a blind student's school🧑‍🦯🧑‍🦯(community medicine)Visit to a blind student's school🧑‍🦯🧑‍🦯(community medicine)
Visit to a blind student's school🧑‍🦯🧑‍🦯(community medicine)lakshayb543
 

Dernier (20)

How to do quick user assign in kanban in Odoo 17 ERP
How to do quick user assign in kanban in Odoo 17 ERPHow to do quick user assign in kanban in Odoo 17 ERP
How to do quick user assign in kanban in Odoo 17 ERP
 
THEORIES OF ORGANIZATION-PUBLIC ADMINISTRATION
THEORIES OF ORGANIZATION-PUBLIC ADMINISTRATIONTHEORIES OF ORGANIZATION-PUBLIC ADMINISTRATION
THEORIES OF ORGANIZATION-PUBLIC ADMINISTRATION
 
Transaction Management in Database Management System
Transaction Management in Database Management SystemTransaction Management in Database Management System
Transaction Management in Database Management System
 
ACC 2024 Chronicles. Cardiology. Exam.pdf
ACC 2024 Chronicles. Cardiology. Exam.pdfACC 2024 Chronicles. Cardiology. Exam.pdf
ACC 2024 Chronicles. Cardiology. Exam.pdf
 
Judging the Relevance and worth of ideas part 2.pptx
Judging the Relevance and worth of ideas part 2.pptxJudging the Relevance and worth of ideas part 2.pptx
Judging the Relevance and worth of ideas part 2.pptx
 
Difference Between Search & Browse Methods in Odoo 17
Difference Between Search & Browse Methods in Odoo 17Difference Between Search & Browse Methods in Odoo 17
Difference Between Search & Browse Methods in Odoo 17
 
MULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptx
MULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptxMULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptx
MULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptx
 
Concurrency Control in Database Management system
Concurrency Control in Database Management systemConcurrency Control in Database Management system
Concurrency Control in Database Management system
 
Earth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice greatEarth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice great
 
Global Lehigh Strategic Initiatives (without descriptions)
Global Lehigh Strategic Initiatives (without descriptions)Global Lehigh Strategic Initiatives (without descriptions)
Global Lehigh Strategic Initiatives (without descriptions)
 
AUDIENCE THEORY -CULTIVATION THEORY - GERBNER.pptx
AUDIENCE THEORY -CULTIVATION THEORY - GERBNER.pptxAUDIENCE THEORY -CULTIVATION THEORY - GERBNER.pptx
AUDIENCE THEORY -CULTIVATION THEORY - GERBNER.pptx
 
ANG SEKTOR NG agrikultura.pptx QUARTER 4
ANG SEKTOR NG agrikultura.pptx QUARTER 4ANG SEKTOR NG agrikultura.pptx QUARTER 4
ANG SEKTOR NG agrikultura.pptx QUARTER 4
 
YOUVE_GOT_EMAIL_PRELIMS_EL_DORADO_2024.pptx
YOUVE_GOT_EMAIL_PRELIMS_EL_DORADO_2024.pptxYOUVE_GOT_EMAIL_PRELIMS_EL_DORADO_2024.pptx
YOUVE_GOT_EMAIL_PRELIMS_EL_DORADO_2024.pptx
 
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
 
Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...
 
ISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITY
ISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITYISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITY
ISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITY
 
USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...
USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...
USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...
 
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
 
Visit to a blind student's school🧑‍🦯🧑‍🦯(community medicine)
Visit to a blind student's school🧑‍🦯🧑‍🦯(community medicine)Visit to a blind student's school🧑‍🦯🧑‍🦯(community medicine)
Visit to a blind student's school🧑‍🦯🧑‍🦯(community medicine)
 
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
 

Security of Web Servers and Web Applications

  • 1. IT-Security Security of Web Servers and Web Applications Software Freedom Kosova 2011
  • 2.
  • 3.
  • 4. Motivation – Political Damage 11/06/2011 | Software Freedom Kosova 2011 | Security of Web Servers and Web Applications |Amir Neziri
  • 5. Motivation – Political Damage 11/06/2011 | Software Freedom Kosova 2011 | Security of Web Servers and Web Applications |Amir Neziri
  • 6. … another shocking news 11/06/2011 | Software Freedom Kosova 2011 | Security of Web Servers and Web Applications |Amir Neziri
  • 7. … another shocking news 11/06/2011 | Software Freedom Kosova 2011 | Security of Web Servers and Web Applications |Amir Neziri
  • 8. Motivation – Political Damage 11/06/2011 | Software Freedom Kosova 2011 | Security of Web Servers and Web Applications |Amir Neziri
  • 9. Motivation – Economic Damage 11/06/2011 | Software Freedom Kosova 2011 | Security of Web Servers and Web Applications |Amir Neziri
  • 10. Motivation – Economic Damage 11/06/2011 | Software Freedom Kosova 2011 | Security of Web Servers and Web Applications |Amir Neziri
  • 11.
  • 12.
  • 13. Components & Architecture 11/06/2011 | Software Freedom Kosova 2011 | Security of Web Servers and Web Applications |Amir Neziri
  • 14. Security Attacks 11/06/2011 | Software Freedom Kosova 2011 | Security of Web Servers and Web Applications |Amir Neziri
  • 15. Security Attacks 11/06/2011 | Software Freedom Kosova 2011 | Security of Web Servers and Web Applications |Amir Neziri
  • 16. Security Attacks 11/06/2011 | Software Freedom Kosova 2011 | Security of Web Servers and Web Applications |Amir Neziri
  • 17. Security Attacks 11/06/2011 | Software Freedom Kosova 2011 | Security of Web Servers and Web Applications |Amir Neziri
  • 18. Security Attacks 11/06/2011 | Software Freedom Kosova 2011 | Security of Web Servers and Web Applications |Amir Neziri
  • 19. Security Attacks 11/06/2011 | Software Freedom Kosova 2011 | Security of Web Servers and Web Applications |Amir Neziri
  • 20. Defenses 11/06/2011 | Software Freedom Kosova 2011 | Security of Web Servers and Web Applications |Amir Neziri Source: http://www.trigonit.com/tech-blog/bid/57835/IT-Support-Wireless-Network-Security-Secure-Encrypt-and-Be-Safe
  • 21.
  • 22. Security is a Process 11/06/2011 | Software Freedom Kosova 2011 | Security of Web Servers and Web Applications |Amir Neziri
  • 23. Example: Linux Systems 11/06/2011 | Software Freedom Kosova 2011 | Security of Web Servers and Web Applications |Amir Neziri
  • 24. Example: Linux Systems 11/06/2011 | Software Freedom Kosova 2011 | Security of Web Servers and Web Applications |Amir Neziri
  • 25.
  • 26. Example: Linux Systems 11/06/2011 | Software Freedom Kosova 2011 | Security of Web Servers and Web Applications |Amir Neziri
  • 27.
  • 28.
  • 29. Example: Linux Systems 11/06/2011 | Software Freedom Kosova 2011 | Security of Web Servers and Web Applications |Amir Neziri
  • 30.
  • 31. Example: Linux Systems 11/06/2011 | Software Freedom Kosova 2011 | Security of Web Servers and Web Applications |Amir Neziri
  • 32.
  • 33.
  • 34.
  • 35.
  • 36.
  • 37.
  • 38.
  • 39. www.exploit-db.com/webapps/ 11/06/2011 | Software Freedom Kosova 2011 | Security of Web Servers and Web Applications |Amir Neziri
  • 40.
  • 41.
  • 42.
  • 43.
  • 44.
  • 45.
  • 46. Questions??? 11/06/2011 | Software Freedom Kosova 2011 | Security of Web Servers and Web Applications |Amir Neziri
  • 47. 11/06/2011 | Software Freedom Kosova 2011 | Security of Web Servers and Web Applications |Amir Neziri

Notes de l'éditeur

  1. 2/3/2011 | |
  2. Darmstadt University of Technology 2/3/2011 | |
  3. http://www.youtube.com/watch?v=9WfXPsR3TMY http://gazetaexpress.com/?cid=1%2C16%2C62759 http://www.gazetaexpress.com/?cid=1%2C13%2C57939 http://www.panorama.com.al/lajmi-i-fundit/yerja-ndaj-shqiptareve-veper-e-nje-hakeri-serb http://articles.cnn.com/2011-07-04/tech/fox.hack_1_tweets-twitter-feed-twitter-users?_s=PM:TECH 2/3/2011 | |
  4. *Sympathizers *Think on people who read this and they are so happy about that, so that they could get some kind of heart attack!!!  Keto mund nese shihen holl e holl mund te kete edhe deme shendetsore…..  paramendoje me pas lshu zemra prej Gezimi diken….. 2/3/2011 | |
  5. OK, ketu mesa duket nuk ka pasur Probleme me ne WebSecurity/WebServer Security por me perme Phishing Attack kann vjedh passwordin…..por me rendesi eshte efekti i cili do te kishte ndikim shum te madh nese nuk i jepim rendesis Siguris… 2/3/2011 | |
  6. http://www.h-online.com/security/news/item/Hackers-breached-Citibank-security-using-simple-URL-manipulation-Update-1260964.html http://www.h-online.com/security/news/item/Citibank-customers-lost-2-7-million-in-recent-attack-1268302.html *Siguria ndikon ne te gjitha drejtimet 2/3/2011 | |
  7. 2/3/2011 | |
  8. Mbrojtjet 2/3/2011 | |
  9. http://www.nsa.gov/ia/_files/factsheets/Best_Practices_Datasheets.pdf http://www.nsa.gov/ia/mitigation_guidance/security_configuration_guides/operating_systems.shtml BSI = Bundesamt für Sicherheit in der Informationstechnik 2/3/2011 | |
  10. 2/3/2011 | |
  11. 2/3/2011 | |
  12. Einmal-Passwörter 2/3/2011 | |
  13. 2/3/2011 | |
  14. LimitRequestBody can be unlimited (practically up 2 GB to go!) 2/3/2011 | |
  15. Question: Do you see any possible Attacks??? A: Yes, because of using HTTP-Protocol and not HTTPS/SSL 2/3/2011 | |
  16. 2/3/2011 | |
  17. 2/3/2011 | |
  18. 2/3/2011 | |
  19. 2/3/2011 | |