Surviving Web Security - Node Interactive

•

2 j'aime•416 vues

Surviving Web Security - topics covered: - timing attacks - regular expression denial of service - insecure dependencies

Internet

Surviving Web Security
Gergely Nemeth, RisingStack

“formal, methodical way of describing
the security of systems, based on
varying attacks”
Bruce Schneier
ATTACK TREES

ATTACK TREES
Open Safe
Pick Lock Learn Combo Bad Setup
Find it Written
Learn From
Target
Blackmail Eavesdrop Bribe

ATTACK TREES
Open Safe (P)
Pick Lock (I)
Learn Combo
(P)
Bad Setup (I)
Find it Written
(I)
Learn From
Target (P)
Blackmail (I) Eavesdrop (I) Bribe (P)
P = Possible
I = Impossible

ATTACK TREES - DENIAL OF SERVICE
Denial of
Service
Find Evil Regex
Vulnerability
Distributed
Mass Traffic

ATTACK TREES - DENIAL OF SERVICE
1
^(a+)+$
2
3
4 5
a a a
a
a
a a a
Nondeterministic finite automaton

ATTACK TREES - DENIAL OF SERVICE
^(a+)+$
for the input “aaaaX”
16 possible paths

ATTACK TREES - DENIAL OF SERVICE
^(a+)+$
for the input “aaaaaaaaaaaaaaaaX”
65536 possible paths

ATTACK TREES - DENIAL OF SERVICE
Regular Expression implementations may
reach extreme situations that cause them to
work very slowly

ATTACK TREES - DENIAL OF SERVICE
Evil Regexes
- Grouping with repetition
- Inside the repeated group:
- Repetition
- Alternation with overlapping

ATTACK TREES - USER ACCOUNT
Get Access
Modify
Credentials
Learn Password
Bypass Access
Control
Get Access to
Database
Social
Engineering
Get Access to
DMZ
Listen on
Transport Layer
Guessing
Insecure
Dependencies

GUESSING - BRUTE FORCE
systematically enumerating all possible
candidates for the solution

GUESSING - BRUTE FORCE
use a rate-limiter for your endpoints

GUESSING - TIMING ATTACKS
compromise a cryptosystem by analyzing
the time taken to execute cryptographic
algorithms

GUESSING - TIMING ATTACKS
T R A C E T R A C E
1st iteration

GUESSING - TIMING ATTACKS
T R A C E T R A C E
2nd iteration

GUESSING - TIMING ATTACKS
T R A C E T R A C E
5th iteration

GUESSING - TIMING ATTACKS
T R A C E T R I C K
1th iteration

GUESSING - TIMING ATTACKS
T R A C E T R I C K
2nd iteration

GUESSING - TIMING ATTACKS
T R A C E T R I C K
3rd iteration

GUESSING - TIMING ATTACKS
T R A C E T R I C K
3rd iteration
missmatch - no more iterations

GUESSING - TIMING ATTACKS
the more letters match from the password,
the more time it takes

GUESSING - TIMING ATTACKS
ALWAYS USE FIXED-TIME
COMPARISON

YOU ARE WHAT
YOU REQUIRE
INSECURE DEPENDENCIES

INSECURE DEPENDENCIES
node-uuid is downloaded 255.000 times
daily, while 4.000+ modules depend on it

95% OF ALL SECURITY
INCIDENTS INVOLVE
HUMAN ERROR

security must be part
of the agile workflow
THE HUMAN FACTOR

stories should include
acceptance criteria for
security
THE HUMAN FACTOR

- Node.js Security Checklist -
https://blog.risingstack.com/node-js-security-checklist/
- Advisories of NSP - on nodesecurity.io
- OWASP TOP 10 - on owasp.org
WHAT’S NEXT?

Contenu connexe

Similaire à Surviving Web Security - Node Interactive

IS Security Presentation

Renjith K P

Penetration Testing

Md Samsul Kabir

network security

Srinivasa Rao

Unit - I cyber security fundamentals part -1.pptx

karthikaparthasarath

Man in the middle attacks

BurtPepper

NS-Lec-01&02.ppt

ahmed127489

Network security in computer network for BS

23017156038

Op Sy 03 Ch 61a

Google

Similaire à Surviving Web Security - Node Interactive (8)

IS Security Presentation

Penetration Testing

network security

Unit - I cyber security fundamentals part -1.pptx

Man in the middle attacks

NS-Lec-01&02.ppt

Network security in computer network for BS

Op Sy 03 Ch 61a

Dernier

VVIP Pune Call Girls Sinhagad WhatSapp Number 8005736733 With Elite Staff And Reasonable Packages Near You Booking Now open +91- 8005736733 Why you Choose Us- +91- 8005736733 HOT⇄ 8005736733 Mr ashu ji Call Mr ashu Ji +91- 8005736733 𝐇𝐨𝐭𝐞𝐥 𝐑𝐨𝐨𝐦𝐬 𝐈𝐧𝐜𝐥𝐮𝐝𝐢𝐧𝐠 𝐑𝐚𝐭𝐞 𝐒𝐡𝐨𝐭𝐬/𝐇𝐨𝐮𝐫𝐲🆓 .█▬█⓿▀█▀ 𝐈𝐍𝐃𝐄𝐏𝐄𝐍𝐃𝐄𝐍𝐓 𝐆𝐈𝐑𝐋 𝐕𝐈𝐏 𝐄𝐒𝐂𝐎𝐑𝐓 Hello Guys ! High Profiles young Beauties and Good Looking standard Profiles Available , Enquire Now if you are interested in Hifi Service and want to get connect with someone who can understand your needs. Service offers you the most beautiful High Profile sexy independent female Escorts in genuine ✔✔✔ To enjoy with hot and sexy girls ✔✔✔$V15 ★providing:- • Models • vip Models • Russian Models • Foreigner Models • TV Actress and Celebrities • Receptionist • Air Hostess • Call Center Working Girls/Women • Hi-Tech Co. Girls/Women • Housewife

VVIP Pune Call Girls Sinhagad WhatSapp Number 8005736733 With Elite Staff And...

SUHANI PANDEY

VIP Model Call Girls Hadapsar ( Pune ) Call ON 8005736733 Starting From 5K to 25K High Profile Escorts In Pune Booking Now open +91- 8005736733 Why you Choose Us- +91- 8005736733 HOT⇄ 8005736733 Mr ashu ji Call Mr ashu Ji +91- 8005736733 (V030524]N) 𝐇𝐨𝐭𝐞𝐥 𝐑𝐨𝐨𝐦𝐬 𝐈𝐧𝐜𝐥𝐮𝐝𝐢𝐧𝐠 𝐑𝐚𝐭𝐞 𝐒𝐡𝐨𝐭𝐬/𝐇𝐨𝐮𝐫𝐲🆓 .█▬█⓿▀█▀ 𝐈𝐍𝐃𝐄𝐏𝐄𝐍𝐃𝐄𝐍𝐓 𝐆𝐈𝐑𝐋 𝐕𝐈𝐏 𝐄𝐒𝐂𝐎𝐑𝐓 Hello Guys ! High Profiles young Beauties and Good Looking standard Profiles Available , Enquire Now if you are interested in Hifi Service and want to get connect with someone who can understand your needs. Service offers you the most beautiful High Profile sexy independent female Escorts in genuine ✔✔✔ To enjoy with hot and sexy girls ✔✔✔ ★providing:- • Models • vip Models • Russian Models • Foreigner Models • TV Actress and Celebrities • Receptionist • Air Hostess • Call Center Working Girls/Women • Hi-Tech Co. Girls/Women • Housewife

VIP Model Call Girls Hadapsar ( Pune ) Call ON 9905417584 Starting High Prof...

singhpriety023

Russian Call Girls in %(+971524965298 )# Call Girls in Dubai

Dubai call girls 971524965298 Call girls in Bur Dubai

High Profile Call Girls In Punjab +919053900678 Punjab Call Girl (๏ 人 ๏) Punjab Call Girls provide you with erotic massage therapy Punjab Call Girls are well-trained in courtship and seduction. They can offer you true love and companionship. They can also. They can help you forget your problems and frustrations. They are also experts in playing several roles. ( • )( • )ԅ(≖⌣≖ԅ) Call Girls Punjab is also available for special occasions. They can take you to business meetings or business tours. They can also take you to public functions or any special occasion. These ladies are ready to serve their clients with care and respect. They have a wide range of experience and can also offer customized services. College Call Girls Punjab These websites can help you find escorts in your area. You can also find reviews about them and get recommendations. Their expertise allows them to reach the sensational areas of a man's body and release feelings more intensely with touches and adult words. You can full your all deserts with Punjab Call Girls Punjab Call Girls you can find the best escort girls to meet your sexual desires. There are many options, from cute college girls to sexy models. However, you should be careful when choosing an escort service because some will not offer quality services. Independent Call Girls Punjab will offer companionship services in addition to their sexual services. They can also accompany you to dinner or other social events. In addition, some escorts will perform intimate massages to increase your sensual pleasure another option is to hire a hot Russian escort. These girls are not only beautiful but also very talented in sex. In addition to orgasm, they can offer various erotic positions. These sexy babes are a perfect choice for a sexy night in town. They know all the sexy positions and will make you moan in delight. They can also play with your dick in the deep throat position and lick it like ice cream. There are plenty of Call girls in Punjab who are available for one-night stands. Just make sure that you use a trusted site and read reviews before booking. You can find a wide variety of gorgeous call girls in our city on the internet. These websites offer a safe and convenient way to meet a woman and enjoy her company for a night of fun. These sites typically offer a photo of the girl and her number. You can contact her through the phone or sexing to arrange a rendezvous. ★OUR BEST SERVICES: - FOR BOOKING A-Level (5 star escort) ★ Strip-tease ★ BBBJ (Bareback Blowjob) ★ Spending time in my rooms ★ BJ (Blowjob Without a Condom) ★ COF (Come On Face) ★ Completion ★ (Oral to completion) bjnonCovered ★ Special Massage ★ O-Level (Oral sex) ★ Blow Job; ★ Oral sex with a noncondom) ★ COB (Come On Body)

6.High Profile Call Girls In Punjab +919053900678 Punjab Call GirlHigh Profil...

@Chandigarh #call #Girls 9053900678 @Call #Girls in @Punjab 9053900678

Trump Diapers Over Dems t shirts Sweatshirt

rahman018755

Call girls in delhi ✔️✔️🔝 9953056974 🔝✔️✔️Welcome To Vip Escort Services In Delhi [ ]Noida Gurgaon 24/7 Open Sex Escort Services With Happy Ending ServiCe Done By Most Attractive Charming Soft Spoken Bold Beautiful Full Cooperative Independent Escort Girls ServiCe In All-Star Hotel And Home Service In All Over Delhi, Noida, Gurgaon, Faridabad, Ghaziabad, Greater Noida, • IN CALL AND OUT CALL SERVICE IN DELHI NCR • 3* 5* 7* HOTELS SERVICE IN DELHI NCR • 24 HOURS AVAILABLE IN DELHI NCR • INDIAN, RUSSIAN, PUNJABI, KASHMIRI ESCORTS • REAL MODELS, COLLEGE GIRLS, HOUSE WIFE, ALSO AVAILABLE • SHORT TIME AND FULL TIME SERVICE AVAILABLE • HYGIENIC FULL AC NEAT AND CLEAN ROOMS AVAIL. IN HOTEL 24 HOURS • DAILY NEW ESCORTS STAFF AVAILABLE • MINIMUM TO MAXIMUM RANGE AVAILABLE. Call Girls in Delhi & Independent Escort Service – CALL GIRLS SERVICE DELHI NCR Vip call girls in Delhi Call Girls in Delhi, Call Girl Service 24×7 open Call Girls in Delhi Best Delhi Escorts in Delhi Low Rate Call Girls In Saket Delhi X~CALL GIRLS IN Ramesh Nagar Metro best Delhi call girls and Delhi escort service. CALL GIRLS SERVICE IN ALL DELHI … (Delhi) Call Girls in (Chanakyapuri) Hot And Sexy Independent Model Escort Service In Delhi Unlimited Enjoy Genuine 100% Profiles And Trusted Door Step Call Girls Feel Free To Call Us Female Service Hot Busty & Sexy Party Girls Available For Complete Enjoyment. We Guarantee Full Satisfaction & In Case Of Any Unhappy Experience, We Would Refund Your Fees, Without Any Questions Asked. Feel Free To Call Us Female Service Provider Hours Opens Thanks. Delhi Escorts Services 100% secure Services.Incall_OutCall Available and outcall Services provide. We are available 24*7 for Full Night and short Time Escort Services all over Delhi NCR. Delhi All Hotel Services available 3* 4* 5* Call Call Delhi Escorts Services And Delhi Call Girl Agency 100% secure Services in my agency. Incall and outcall Services provide. We are available 24*7 for Full Night and short Time Escort Services my agency in all over New Delhi Delhi All Hotel Services available my agency SERVICES [✓✓✓] Housewife College Girl VIP Escort Independent Girl Aunty Without a Condom sucking )? Sexy Aunty.DSL (Dick Sucking Lips)? DT (Dining at the Toes English Spanking) Doggie (Sex style from no behind)?? OutCall- All Over Delhi Noida Gurgaon 24/7 FOR APPOINTMENT Call/Whatsop / 9953056974

Call Girls in Prashant Vihar, Delhi 💯 Call Us 🔝9953056974 🔝 Escort Service

9953056974 Low Rate Call Girls In Saket, Delhi NCR

Call Girls Ajman Ajman Call Girls Agency Vip Call Girls Ajman Hot Call Girls Ajman Out Call Girls Ajman Best Call Girls Ajman Indian And Pakistani Call Girls Ajman Independent Call Girls Ajman Ajman Indian Call Girls Agency Class Call Girls In Ajman #First Class Call Girls In Ajman #Full Massage Services Call Girls In Ajman Full Night Call Girls Ajman Hourly Call Girls Ajman Call Girls Deira Ajman Dating Call Girls In Deira Ajman Silicon Oasis Call Girls Ajman International City Call Girls Ajman Al Jaddaf Al Satwa Al Quoz Al Barsha South Media City Discovery Garden Call Girls Ajman Al Jaffiliya,Business Bay,Al Karama,Bur Dubai,Deira,Dubai,Palm Jumeirah,Al Wasl,Trade Centre,Ajman Mall,JBR,JVC,JLT,Discovery Garden Al Nahda Call Girls Ajman Al Qusais Call Girls Ajman Dating Call Girls Ajman Ajman Call Girls Services Provide In Ajman_Dubai_RAK_UMQ_Fujairah_Abu_Dhabi#Indian #Tamil #Kerala #Russian #Philippine #Morocco #Thailand #English Models In Ajman #If You Want Serv#Ajman Pakistani Call Girls Agency #Beautiful Call Girls in Ajman #High ices Just Send Me Text On Whatsapp #

(+971568250507 ))# Young Call Girls in Ajman By Pakistani Call Girls in ...

Escorts Call Girls

VVVIP Call Girls In Connaught Place ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS Live Booking Contact Details :- WhatsApp Chat :- [+91-9999965857 ] The Best Call Girls Delhi At Your Service Russian Call Girls Delhi Doing anything intimate with can be a wonderful way to unwind from life's stresses, while having some fun. These girls specialize in providing sexual pleasure that will satisfy your fetishes; from tease and seduce their clients to keeping it all confidential - these services are also available both install and outcall, making them great additions for parties or business events alike. Their expert sex skills include deep penetration, oral sex, cum eating and cum eating - always respecting your wishes as part of the experience (07-May-2024(PSS)

VVVIP Call Girls In Connaught Place ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...

Call Girls In Delhi Whatsup 9873940964 Enjoy Unlimited Pleasure

DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024

APNIC

Call Girls Dubai Dubai Call Girls Agency Vip Call Girls Dubai Hot Call Girls Dubai Out Call Girls Dubai Best Call Girls Dubai Indian And Pakistani Call Girls Dubai Independent Call Girls Dubai Dubai Indian Call Girls Agency Class Call Girls In Dubai #First Class Call Girls In Dubai #Full Massage Services Call Girls In Dubai Full Night Call Girls Dubai Hourly Call Girls Dubai Call Girls Deira Dubai Dating Call Girls In Deira Dubai Silicon Oasis Call Girls Dubai International City Call Girls Dubai Al Jaddaf Al Satwa Al Quoz Al Barsha South Media City Discovery Garden Call Girls Dubai Al Jaffiliya,Business Bay,Al Karama,Bur Dubai,Deira,Dubai,Palm Jumeirah,Al Wasl,Trade Centre,Dubai Mall,JBR,JVC,JLT,Discovery Garden Al Nahda Call Girls Dubai Al Qusais Call Girls Dubai Dating Call Girls Dubai Dubai Call Girls Services Provide In Ajman_Dubai_RAK_UMQ_Fujairah_Abu_Dhabi#Indian #Tamil #Kerala #Russian #Philippine #Morocco #Thailand #English Models In Dubai #If You Want Serv#Dubai Pakistani Call Girls Agency #Beautiful Call Girls in Dubai #High ices Just Send Me Text On Whatsapp #

Al Barsha Night Partner +0567686026 Call Girls Dubai

Escorts Call Girls

Real Men Wear Diapers T Shirts sweatshirt

rahman018755

Call Now ☎ 8264348440 !! Call Girls in Rani Bagh Escort Service Delhi N.C.R. Why you Choose Us- +91-8264348440 I Have Extremely Beautiful Broad Minded Cute Sexy & Hot Call Girls Delhi and Escorts, We Are Located in 3* 4* 5* Hotels. Safe & Secure High Class Services Affordable Rate 100% Satisfaction, Unlimited Enjoyment. Any Time for Model/Teens Escort in Delhi High class luxury and premium escorts agency. ★ CALL US High Class Luxury and Premium Escort Service We Provide Well Educated,Royal Class Female,High-Class Escort Service Offering a Top High Class Escort Service In The & Several Nearby All Places of . ★ To Enjoy With Hot and Sexy Girls . ★ We Are Providing :- • 3* 5* 7*Hotels Service • Hygienic Full AC Neat and Clean Rooms Avail. • Daily New Escorts Staff Available • Minimum to Maximum Range Available. Our escort service •BJ (Blowjob) •FK (French kissing) •Kissing with tongue •O-Level (Oral sex) •Long Silky Brown Hair •69 (69 sex) •A-Level (5 start Escort) •Dating {{{N.M}}} 30-04-2024

Call Now ☎ 8264348440 !! Call Girls in Rani Bagh Escort Service Delhi N.C.R.

soniya singh

BooK Now Call us at +918448380779 to hire a gorgeous and seductive call girl for sex. Take a Delhi Escort Service. The help of our escort agency is mostly meant for men who want sexual Indian Escorts In Delhi NCR. It should be noted that any impersonator will get 100 attention from our Young Girls Escorts in Delhi. They will assume the position of reliable allies. VIP Call Girl With Original Photos Book Tonight +918448380779 Our Cheap Price 1 Hour not available 2 Hours 5000 Full Night 8000 TAG: Call Girls in Delhi, Noida, Gurgaon, Ghaziabad, Connaught Place, Greater Kailash Delhi, Lajpat Nagar Delhi, Mayur Vihar Delhi, Chanakyapuri Delhi, New Friends Colony Delhi, Majnu Ka Tilla, Karol Bagh, Malviya Nagar, Saket, Khan Market, Noida Sector 18, Noida Sector 76, Noida Sector 51, Gurgaon Mg Road, Iffco Chowk Gurgaon, Rajiv Chowk Gurgaon All Delhi Ncr Free Home Deliver

Enjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort Service

Delhi Call girls

AWS Community DAY Albertini-Ellan Cloud Security (1).pptx

ellan12

Call Girls In Sukhdev Vihar Delhi +91-8264348440 !! Best Woman Seeking Man Call Girls Service, Escorts Service in Home Hotel in Delhi NCR 24 Hours Available Service Call Girls, Contact Us +91-8264348440 (Any Time. Any Where) Call Girls in Delhi, Noida, Gurgaon, Ghaziabad,Sexy Indian Female Escorts Service Delhi NCRWelcome To Delhi Escorts Service – An All Over New Delhi Very Sexy Hot Call Girls Agency Service Escorts In South DelhiNCRDelhi’s No. 1 High Profile Independent Female Escorts Service. We Provide Good Quality Educated Profile At Very Regnebal Price 100% Safe And Original.We Are Provide Escorts Service All OYO Hotels ,3*,4*,5* Star Hotel And Home Flat, Apartment. Guest-House. Services In -Call And Out – Call Both Are Services Available. 24Hrs. Any Time Any Where. In All Over Delhi Noida Gurgaon Ghaziabad Faridabad.More Information And Contact Profile Real Pic Visit Our Website City Wise Escorts Service Agency.Good Looking Cheap And Best Models Girls U Can Get Best Click On Link……Night Call Girls Now In Hotel Le Meridien Gurgaon Near Female Escort Service – 24×7 .Call Whatsapp, +91-8264348440 Our Services and Rates: –– In call Shot 1500 Out Call Short 2000: – In call Night 6000 Out Call Night 7000Minimum To Maximum Range AvailableOnly Serious And Genuine Persons Can Contact Us : +91-8264348440 Call Girls in Delhi At All Location :– Malviya Nagar, Saket, Hauz Khas, Dwarka, Mahipalpur, Aerocity, Lajpat Nagar, Nehru Place karol Bagh, Near Metro Station :Call Us Whatapp Call Now +91-8264348440

Call Girls In Sukhdev Vihar Delhi 💯Call Us 🔝8264348440🔝

soniya singh

Call Girls In Defence Colony Delhi +91-8264348440 !! Best Woman Seeking Man Call Girls Service, Escorts Service in Home Hotel in Delhi NCR 24 Hours Available Service Call Girls, Contact Us +91-8264348440 (Any Time. Any Where) Call Girls in Delhi, Noida, Gurgaon, Ghaziabad,Sexy Indian Female Escorts Service Delhi NCRWelcome To Delhi Escorts Service – An All Over New Delhi Very Sexy Hot Call Girls Agency Service Escorts In South DelhiNCRDelhi’s No. 1 High Profile Independent Female Escorts Service. We Provide Good Quality Educated Profile At Very Regnebal Price 100% Safe And Original.We Are Provide Escorts Service All OYO Hotels ,3*,4*,5* Star Hotel And Home Flat, Apartment. Guest-House. Services In -Call And Out – Call Both Are Services Available. 24Hrs. Any Time Any Where. In All Over Delhi Noida Gurgaon Ghaziabad Faridabad.More Information And Contact Profile Real Pic Visit Our Website City Wise Escorts Service Agency.Good Looking Cheap And Best Models Girls U Can Get Best Click On Link……Night Call Girls Now In Hotel Le Meridien Gurgaon Near Female Escort Service – 24×7 .Call Whatsapp, +91-8264348440 Our Services and Rates: –– In call Shot 1500 Out Call Short 2000: – In call Night 6000 Out Call Night 7000Minimum To Maximum Range AvailableOnly Serious And Genuine Persons Can Contact Us : +91-8264348440 Call Girls in Delhi At All Location :– Malviya Nagar, Saket, Hauz Khas, Dwarka, Mahipalpur, Aerocity, Lajpat Nagar, Nehru Place karol Bagh, Near Metro Station :Call Us Whatapp Call Now +91-8264348440

Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝

soniya singh

valsad Escorts Service ☎️ 6378878445 ( Sakshi Sinha ) High Profile Call Girls In valsad Book All India 5 Star Hotels 👄 Escorts Service Available Whatsapp Chaya ☎️ : [+91-6378878445] Escorts Service are always ready to make their clients happy. Their exotic looks and sexy personalities are sure to turn heads. You can enjoy with them, including massages and erotic encounters. Our area Escorts are young and sexy, so you can expect to have an exotic time with them. They are trained to satiate your naughty nerves and they can handle anything that you want. They are also intelligent, so they know how to make you feel comfortable and relaxed Independent Escorts Service They know all the sex positions and can satisfy you in any way that you desire. They can even give you erotic massages to help you relax before your session. This is essential, because a man who is stressed won’t be receptive to the pleasures of sex. They also know how to play with your sexy organs, so you’ll have plenty of foreplay and cuddling. P452024SS SERVICE ✅ ❣️ ⭐➡️HOT & SEXY MODELS // COLLEGE GIRLS HOUSE WIFE RUSSIAN , AIR HOSTES ,VIP MODELS . AVAILABLE FOR COMPLETE ENJOYMENT WITH HIGH PROFILE INDIAN MODEL AVAILABLE HOTEL & HOME ★ SAFE AND SECURE HIGH CLASS SERVICE AFFORDABLE RATE ★ SATISFACTION,UNLIMITED ENJOYMENT. ★ All Meetings are confidential and no information is provided to any one at any cost. ★ EXCLUSIVE PROFILes Are Safe and Consensual with Most Limits Respected ★ Service Available In: - HOME & HOTEL Star Hotel Service .In Call & Out call SeRvIcEs : ★ A-Level (star escort) ★ Strip-tease ★ BBBJ (Bareback Blowjob)Receive advanced sexual techniques in different mode make their life more pleasurable. ★ Spending time in hotel rooms ★ BJ (Blowjob Without a Condom) ★ Completion (Oral to completion) ★ Covered (Covered blowjob Without condom ★ANAL SERVICES.

valsad Escorts Service ☎️ 6378878445 ( Sakshi Sinha ) High Profile Call Girls...

Call Girls In Delhi Whatsup 9873940964 Enjoy Unlimited Pleasure

On Starlink, presented by Geoff Huston at NZNOG 2024

APNIC

Call Girls In Chandigarh Lucky ❤️ 7710465962 Independent Escort Service Chandigarh Their services range from erotic encounters and movie dates to in-call and out-call services, making this option available 24/7. Available for services including NSA, threesomes and foursomes sessions as well as massage services and casual foreplay - they even provide real girlfriend experience. Find one online or visit local women's clubs, hotels or restaurants. Hiring a Chandigarh call girl for an evening or day out can be the perfect addition to your social gathering or office event, or you could arrange for her to visit your home or hotel room. Not only are these women gorgeous, they're intelligent as well, with great senses of humor - sure to please and leave you wanting more. If you want a cheap escort in Chandigarh, look for someone who is either a student or works part time so that she will always be available when you need her. In addition to this, look for housewives as this ensures they have stable lives that can keep you satisfied for extended periods. These beautiful ladies will capture your attention at first sight with stunning eyes and full, seductive lips; not to mention a seductive personality that makes you want to spend more time with them; moreover they are discreet enough to meet up anywhere nearby! Hiring a call girl in Chandigarh can be done through either the internet or calling her directly, with services like massage or sex sessions offered to request from specific agencies within a few hours of making contact. Furthermore, text the girl directly for price quotes!

Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...

Sheetaleventcompany

Call Girls In Ashram Chowk Delhi +91-8264348440 !! Best Woman Seeking Man Call Girls Service, Escorts Service in Home Hotel in Delhi NCR 24 Hours Available Service Call Girls, Contact Us +91-8264348440 (Any Time. Any Where) Call Girls in Delhi, Noida, Gurgaon, Ghaziabad,Sexy Indian Female Escorts Service Delhi NCRWelcome To Delhi Escorts Service – An All Over New Delhi Very Sexy Hot Call Girls Agency Service Escorts In South DelhiNCRDelhi’s No. 1 High Profile Independent Female Escorts Service. We Provide Good Quality Educated Profile At Very Regnebal Price 100% Safe And Original.We Are Provide Escorts Service All OYO Hotels ,3*,4*,5* Star Hotel And Home Flat, Apartment. Guest-House. Services In -Call And Out – Call Both Are Services Available. 24Hrs. Any Time Any Where. In All Over Delhi Noida Gurgaon Ghaziabad Faridabad.More Information And Contact Profile Real Pic Visit Our Website City Wise Escorts Service Agency.Good Looking Cheap And Best Models Girls U Can Get Best Click On Link……Night Call Girls Now In Hotel Le Meridien Gurgaon Near Female Escort Service – 24×7 .Call Whatsapp, +91-8264348440 Our Services and Rates: –– In call Shot 1500 Out Call Short 2000: – In call Night 6000 Out Call Night 7000Minimum To Maximum Range AvailableOnly Serious And Genuine Persons Can Contact Us : +91-8264348440 Call Girls in Delhi At All Location :– Malviya Nagar, Saket, Hauz Khas, Dwarka, Mahipalpur, Aerocity, Lajpat Nagar, Nehru Place karol Bagh, Near Metro Station :Call Us Whatapp Call Now +91-8264348440

Call Girls In Ashram Chowk Delhi 💯Call Us 🔝8264348440🔝

soniya singh

Dernier (20)

VVIP Pune Call Girls Sinhagad WhatSapp Number 8005736733 With Elite Staff And...

VIP Model Call Girls Hadapsar ( Pune ) Call ON 9905417584 Starting High Prof...

Russian Call Girls in %(+971524965298 )# Call Girls in Dubai

6.High Profile Call Girls In Punjab +919053900678 Punjab Call GirlHigh Profil...

Trump Diapers Over Dems t shirts Sweatshirt

Call Girls in Prashant Vihar, Delhi 💯 Call Us 🔝9953056974 🔝 Escort Service

(+971568250507 ))# Young Call Girls in Ajman By Pakistani Call Girls in ...

VVVIP Call Girls In Connaught Place ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...

DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024

Al Barsha Night Partner +0567686026 Call Girls Dubai

Real Men Wear Diapers T Shirts sweatshirt

Call Now ☎ 8264348440 !! Call Girls in Rani Bagh Escort Service Delhi N.C.R.

Enjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort Service

AWS Community DAY Albertini-Ellan Cloud Security (1).pptx

Call Girls In Sukhdev Vihar Delhi 💯Call Us 🔝8264348440🔝

Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝

valsad Escorts Service ☎️ 6378878445 ( Sakshi Sinha ) High Profile Call Girls...

On Starlink, presented by Geoff Huston at NZNOG 2024

Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...

Call Girls In Ashram Chowk Delhi 💯Call Us 🔝8264348440🔝

Surviving Web Security - Node Interactive

2. Surviving Web Security Gergely Nemeth, RisingStack

4. ATTACK TREES

5. “formal, methodical way of describing the security of systems, based on varying attacks” Bruce Schneier ATTACK TREES

6. ATTACK TREES Open Safe Pick Lock Learn Combo Bad Setup Find it Written Learn From Target Blackmail Eavesdrop Bribe

7. KNOW YOUR ATTACKER ATTACK TREES

8. ATTACK TREES Open Safe (P) Pick Lock (I) Learn Combo (P) Bad Setup (I) Find it Written (I) Learn From Target (P) Blackmail (I) Eavesdrop (I) Bribe (P) P = Possible I = Impossible

9. DENIAL OF SERVICE

10. ATTACK TREES - DENIAL OF SERVICE Denial of Service Find Evil Regex Vulnerability Distributed Mass Traffic

11. ATTACK TREES - DENIAL OF SERVICE 1 ^(a+)+$ 2 3 4 5 a a a a a a a a Nondeterministic finite automaton

12. ATTACK TREES - DENIAL OF SERVICE ^(a+)+$ for the input “aaaaX” 16 possible paths

13. ATTACK TREES - DENIAL OF SERVICE ^(a+)+$ for the input “aaaaaaaaaaaaaaaaX” 65536 possible paths

14. ATTACK TREES - DENIAL OF SERVICE Regular Expression implementations may reach extreme situations that cause them to work very slowly

15. ATTACK TREES - DENIAL OF SERVICE Evil Regexes - Grouping with repetition - Inside the repeated group: - Repetition - Alternation with overlapping

16. WE HAVE A SINGLE THREAD

17. ATTACK TREES - DENIAL OF SERVICE

18.

19. ATTACK TREE FOR USER ACCOUNTS

20. ATTACK TREES - USER ACCOUNT Get Access Modify Credentials Learn Password Bypass Access Control Get Access to Database Social Engineering Get Access to DMZ Listen on Transport Layer Guessing Insecure Dependencies

21. ATTACK TREES - USER ACCOUNT Get Access Modify Credentials Learn Password Bypass Access Control Get Access to Database Social Engineering Get Access to DMZ Listen on Transport Layer Guessing Insecure Dependencies

22. GUESSING - BRUTE FORCE systematically enumerating all possible candidates for the solution

23. GUESSING - BRUTE FORCE use a rate-limiter for your endpoints

24. GUESSING - BRUTE FORCE

25. GUESSING - TIMING ATTACKS compromise a cryptosystem by analyzing the time taken to execute cryptographic algorithms

26. GUESSING - TIMING ATTACKS

27. GUESSING - TIMING ATTACKS WRONG!

28. GUESSING - TIMING ATTACKS T R A C E T R A C E 1st iteration

29. GUESSING - TIMING ATTACKS T R A C E T R A C E 2nd iteration

30. GUESSING - TIMING ATTACKS T R A C E T R A C E 5th iteration

31. GUESSING - TIMING ATTACKS T R A C E T R I C K 1th iteration

32. GUESSING - TIMING ATTACKS T R A C E T R I C K 2nd iteration

33. GUESSING - TIMING ATTACKS T R A C E T R I C K 3rd iteration

34. GUESSING - TIMING ATTACKS T R A C E T R I C K 3rd iteration missmatch - no more iterations

35. GUESSING - TIMING ATTACKS the more letters match from the password, the more time it takes

36. GUESSING - TIMING ATTACKS ALWAYS USE FIXED-TIME COMPARISON

37. GUESSING - TIMING ATTACKS

38. INSECURE DEPENDENCIES

39. ATTACK TREES - USER ACCOUNT Get Access Modify Credentials Learn Password Bypass Access Control Get Access to Database Social Engineering Get Access to DMZ Listen on Transport Layer Guessing Insecure Dependencies

40. YOU ARE WHAT YOU REQUIRE INSECURE DEPENDENCIES

41. INSECURE DEPENDENCIES

42. INSECURE DEPENDENCIES node-uuid is downloaded 255.000 times daily, while 4.000+ modules depend on it

43. INSECURE DEPENDENCIES

44. THE HUMAN FACTOR

45. ATTACK TREES - USER ACCOUNT Get Access Modify Credentials Learn Password Bypass Access Control Get Access to Database Social Engineering Get Access to DMZ Listen on Transport Layer Guessing Insecure Dependencies

46. 95% OF ALL SECURITY INCIDENTS INVOLVE HUMAN ERROR

47. WE ARE THE WEAKEST LINK

48. security must be part of the agile workflow THE HUMAN FACTOR

49. stories should include acceptance criteria for security THE HUMAN FACTOR

50. Given an unauthenticated user, when tries to view her profile, then redirected to the login.

51. SECURITY IS PART OF YOUR JOB!

52. - Node.js Security Checklist - https://blog.risingstack.com/node-js-security-checklist/ - Advisories of NSP - on nodesecurity.io - OWASP TOP 10 - on owasp.org WHAT’S NEXT?

53. Thanks!

Surviving Web Security - Node Interactive

Recommandé

Recommandé

Contenu connexe

Similaire à Surviving Web Security - Node Interactive

Similaire à Surviving Web Security - Node Interactive (8)

Dernier

Dernier (20)

Surviving Web Security - Node Interactive