SlideShare une entreprise Scribd logo

Security of Web Servers and Web Applications

Télécharger en tant que PPT, PDF
Amir Neziri
Amir Neziri

Presentation for Software Freedom Kosova Conference 2011

FormationTechnologie
1  sur  47
IT-Security Security of Web Servers and Web Applications Software Freedom Kosova 2011
Who‘s Talking? ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],11/06/2011 | Software Freedom Kosova 2011 | Security of Web Servers and Web Applications |Amir Neziri
Security of Web Servers and Web Applications ,[object Object],11/06/2011 | Software Freedom Kosova 2011 | Security of Web Servers and Web Applications |Amir Neziri
Motivation – Political Damage 11/06/2011 | Software Freedom Kosova 2011 | Security of Web Servers and Web Applications |Amir Neziri
Motivation – Political Damage 11/06/2011 | Software Freedom Kosova 2011 | Security of Web Servers and Web Applications |Amir Neziri
… another shocking news 11/06/2011 | Software Freedom Kosova 2011 | Security of Web Servers and Web Applications |Amir Neziri
… another shocking news 11/06/2011 | Software Freedom Kosova 2011 | Security of Web Servers and Web Applications |Amir Neziri
Motivation – Political Damage 11/06/2011 | Software Freedom Kosova 2011 | Security of Web Servers and Web Applications |Amir Neziri
Motivation – Economic Damage 11/06/2011 | Software Freedom Kosova 2011 | Security of Web Servers and Web Applications |Amir Neziri
Motivation – Economic Damage 11/06/2011 | Software Freedom Kosova 2011 | Security of Web Servers and Web Applications |Amir Neziri
So…. ,[object Object],11/06/2011 | Software Freedom Kosova 2011 | Security of Web Servers and Web Applications |Amir Neziri NO!
Agenda ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],11/06/2011 | Software Freedom Kosova 2011 | Security of Web Servers and Web Applications |Amir Neziri
Components & Architecture 11/06/2011 | Software Freedom Kosova 2011 | Security of Web Servers and Web Applications |Amir Neziri
Security Attacks 11/06/2011 | Software Freedom Kosova 2011 | Security of Web Servers and Web Applications |Amir Neziri
Security Attacks 11/06/2011 | Software Freedom Kosova 2011 | Security of Web Servers and Web Applications |Amir Neziri
Security Attacks 11/06/2011 | Software Freedom Kosova 2011 | Security of Web Servers and Web Applications |Amir Neziri
Security Attacks 11/06/2011 | Software Freedom Kosova 2011 | Security of Web Servers and Web Applications |Amir Neziri
Security Attacks 11/06/2011 | Software Freedom Kosova 2011 | Security of Web Servers and Web Applications |Amir Neziri
Security Attacks 11/06/2011 | Software Freedom Kosova 2011 | Security of Web Servers and Web Applications |Amir Neziri
Defenses 11/06/2011 | Software Freedom Kosova 2011 | Security of Web Servers and Web Applications |Amir Neziri Source: http://www.trigonit.com/tech-blog/bid/57835/IT-Support-Wireless-Network-Security-Secure-Encrypt-and-Be-Safe
Securing the operating system ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],11/06/2011 | Software Freedom Kosova 2011 | Security of Web Servers and Web Applications |Amir Neziri
Security is a Process 11/06/2011 | Software Freedom Kosova 2011 | Security of Web Servers and Web Applications |Amir Neziri
Example: Linux Systems 11/06/2011 | Software Freedom Kosova 2011 | Security of Web Servers and Web Applications |Amir Neziri
Example: Linux Systems 11/06/2011 | Software Freedom Kosova 2011 | Security of Web Servers and Web Applications |Amir Neziri
Linux Systems - Installation ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],11/06/2011 | Software Freedom Kosova 2011 | Security of Web Servers and Web Applications |Amir Neziri
Example: Linux Systems 11/06/2011 | Software Freedom Kosova 2011 | Security of Web Servers and Web Applications |Amir Neziri
Linux Systems - Configuration ,[object Object],[object Object],[object Object],[object Object],11/06/2011 | Software Freedom Kosova 2011 | Security of Web Servers and Web Applications |Amir Neziri
Linux Systems - Configuration ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],11/06/2011 | Software Freedom Kosova 2011 | Security of Web Servers and Web Applications |Amir Neziri
Example: Linux Systems 11/06/2011 | Software Freedom Kosova 2011 | Security of Web Servers and Web Applications |Amir Neziri
Linux Systems – Maintenance / Updates ,[object Object],[object Object],[object Object],[object Object],[object Object],11/06/2011 | Software Freedom Kosova 2011 | Security of Web Servers and Web Applications |Amir Neziri
Example: Linux Systems 11/06/2011 | Software Freedom Kosova 2011 | Security of Web Servers and Web Applications |Amir Neziri
Linux Systems - Monitoring ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],11/06/2011 | Software Freedom Kosova 2011 | Security of Web Servers and Web Applications |Amir Neziri
Linux Systems - Monitoring ,[object Object],[object Object],[object Object],[object Object],[object Object],11/06/2011 | Software Freedom Kosova 2011 | Security of Web Servers and Web Applications |Amir Neziri
Securing Web-Server – Main Steps ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],11/06/2011 | Software Freedom Kosova 2011 | Security of Web Servers and Web Applications |Amir Neziri
Securing Web-Server – Main Steps ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],11/06/2011 | Software Freedom Kosova 2011 | Security of Web Servers and Web Applications |Amir Neziri Source: http://www.howtomonster.com/2007/08/12/how-to-restrict-access-to-a-web-site-folder/
Access Control - .htaccess ,[object Object],[object Object],[object Object],[object Object],11/06/2011 | Software Freedom Kosova 2011 | Security of Web Servers and Web Applications |Amir Neziri
Access Control ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],11/06/2011 | Software Freedom Kosova 2011 | Security of Web Servers and Web Applications |Amir Neziri
Web Application Security ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],11/06/2011 | Software Freedom Kosova 2011 | Security of Web Servers and Web Applications |Amir Neziri
www.exploit-db.com/webapps/ 11/06/2011 | Software Freedom Kosova 2011 | Security of Web Servers and Web Applications |Amir Neziri
Web Application Security ,[object Object],[object Object],11/06/2011 | Software Freedom Kosova 2011 | Security of Web Servers and Web Applications |Amir Neziri Source: http://cwe.mitre.org/top25/
Web Application Security ,[object Object],[object Object],11/06/2011 | Software Freedom Kosova 2011 | Security of Web Servers and Web Applications |Amir Neziri ,[object Object]
Web Application Security ,[object Object],11/06/2011 | Software Freedom Kosova 2011 | Security of Web Servers and Web Applications |Amir Neziri Source: https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project
Web Application Security - BackTrack ,[object Object],[object Object],[object Object],11/06/2011 | Software Freedom Kosova 2011 | Security of Web Servers and Web Applications |Amir Neziri Source: http://www.backtrack-linux.org/screenshots/
Web Application Security - BackTrack ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],11/06/2011 | Software Freedom Kosova 2011 | Security of Web Servers and Web Applications |Amir Neziri
Take Home Message ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],11/06/2011 | Software Freedom Kosova 2011 | Security of Web Servers and Web Applications |Amir Neziri
Questions??? 11/06/2011 | Software Freedom Kosova 2011 | Security of Web Servers and Web Applications |Amir Neziri
11/06/2011 | Software Freedom Kosova 2011 | Security of Web Servers and Web Applications |Amir Neziri

Recommandé

Web browser
Web browserWeb browser
Web browserHardik Kakadiya
 
Web Browsers
Web BrowsersWeb Browsers
Web BrowsersNeha Sharma
 
Security Operation Center - Design & Build
Security Operation Center - Design & BuildSecurity Operation Center - Design & Build
Security Operation Center - Design & BuildSameer Paradia
 
Browser Security
Browser SecurityBrowser Security
Browser SecurityRoberto Suggi Liverani
 
Slideshare ppt
Slideshare pptSlideshare ppt
Slideshare pptMandy Suzanne
 
DataMindsConnect2018_SECDEVOPS
DataMindsConnect2018_SECDEVOPSDataMindsConnect2018_SECDEVOPS
DataMindsConnect2018_SECDEVOPSTobias Koprowski
 
Writing an (in)secure webapp in 3 easy steps
Writing an (in)secure webapp in 3 easy stepsWriting an (in)secure webapp in 3 easy steps
Writing an (in)secure webapp in 3 easy stepsAdam Baldwin
 
4 Steps to Optimal Endpoint Settings
4 Steps to Optimal Endpoint Settings4 Steps to Optimal Endpoint Settings
4 Steps to Optimal Endpoint SettingsSophos
 

Recommandé

Web browser
Web browserWeb browser
Web browserHardik Kakadiya
 
Web Browsers
Web BrowsersWeb Browsers
Web BrowsersNeha Sharma
 
Security Operation Center - Design & Build
Security Operation Center - Design & BuildSecurity Operation Center - Design & Build
Security Operation Center - Design & BuildSameer Paradia
 
Browser Security
Browser SecurityBrowser Security
Browser SecurityRoberto Suggi Liverani
 
Slideshare ppt
Slideshare pptSlideshare ppt
Slideshare pptMandy Suzanne
 
DataMindsConnect2018_SECDEVOPS
DataMindsConnect2018_SECDEVOPSDataMindsConnect2018_SECDEVOPS
DataMindsConnect2018_SECDEVOPSTobias Koprowski
 
Writing an (in)secure webapp in 3 easy steps
Writing an (in)secure webapp in 3 easy stepsWriting an (in)secure webapp in 3 easy steps
Writing an (in)secure webapp in 3 easy stepsAdam Baldwin
 
4 Steps to Optimal Endpoint Settings
4 Steps to Optimal Endpoint Settings4 Steps to Optimal Endpoint Settings
4 Steps to Optimal Endpoint SettingsSophos
 
Track f evolving trusted platforms - arm
Track f evolving trusted platforms - armTrack f evolving trusted platforms - arm
Track f evolving trusted platforms - armchiportal
 
BEST PRACTICES OF WEB APPLICATION SECURITY By SAMVEL GEVORGYAN
BEST PRACTICES OF WEB APPLICATION SECURITY By SAMVEL GEVORGYANBEST PRACTICES OF WEB APPLICATION SECURITY By SAMVEL GEVORGYAN
BEST PRACTICES OF WEB APPLICATION SECURITY By SAMVEL GEVORGYANSamvel Gevorgyan
 
Browser Security – Issues and Best Practices1Outli
Browser Security – Issues and Best Practices1OutliBrowser Security – Issues and Best Practices1Outli
Browser Security – Issues and Best Practices1OutliVannaSchrader3
 
A Closer Look at Isolation: Hype or Next Gen Security?
A Closer Look at Isolation: Hype or Next Gen Security?A Closer Look at Isolation: Hype or Next Gen Security?
A Closer Look at Isolation: Hype or Next Gen Security?MenloSecurity
 
Moving Rich Internet Applications into the Cloud: Seven Challenges
Moving Rich Internet Applications into the Cloud: Seven ChallengesMoving Rich Internet Applications into the Cloud: Seven Challenges
Moving Rich Internet Applications into the Cloud: Seven Challengesmatiasbagini
 
Introduction to (web) APIs - definitions, examples, concepts and trends
Introduction to (web) APIs - definitions, examples, concepts and trendsIntroduction to (web) APIs - definitions, examples, concepts and trends
Introduction to (web) APIs - definitions, examples, concepts and trendsOlaf Janssen
 
The Year the Internet Fell Apart
The Year the Internet Fell ApartThe Year the Internet Fell Apart
The Year the Internet Fell ApartIBM Security
 
Get Ready for Web Application Security Testing
Get Ready for Web Application Security TestingGet Ready for Web Application Security Testing
Get Ready for Web Application Security TestingAlan Kan
 
Web Security and Network Security
Web Security and Network SecurityWeb Security and Network Security
Web Security and Network Securitycrussell79
 
CHap 13 and 12winsec3e_ppt_ch12(1).pptxSecurity Strategies
CHap 13 and 12winsec3e_ppt_ch12(1).pptxSecurity Strategies CHap 13 and 12winsec3e_ppt_ch12(1).pptxSecurity Strategies
CHap 13 and 12winsec3e_ppt_ch12(1).pptxSecurity Strategies MorganLudwig40
 
Secure Elements in Web Applications
Secure Elements in Web ApplicationsSecure Elements in Web Applications
Secure Elements in Web ApplicationsOlivier Potonniée
 
Xen Overview Q3 2009
Xen Overview Q3 2009Xen Overview Q3 2009
Xen Overview Q3 2009The Linux Foundation
 
Securing Servers in Public and Hybrid Clouds
Securing Servers in Public and Hybrid CloudsSecuring Servers in Public and Hybrid Clouds
Securing Servers in Public and Hybrid CloudsRightScale
 
J web socket
J web socketJ web socket
J web socketHiroshi Ochi
 
WebSockets - Boosting Web Communication - SDC 2011
WebSockets - Boosting Web Communication - SDC 2011WebSockets - Boosting Web Communication - SDC 2011
WebSockets - Boosting Web Communication - SDC 2011Innotrade GmbH, jWebSocket.org, Alexander Schulze
 
Web Application Testing for Today’s Biggest and Emerging Threats
Web Application Testing for Today’s Biggest and Emerging ThreatsWeb Application Testing for Today’s Biggest and Emerging Threats
Web Application Testing for Today’s Biggest and Emerging ThreatsAlan Kan
 
Presentacion Palo Alto Networks
Presentacion Palo Alto NetworksPresentacion Palo Alto Networks
Presentacion Palo Alto NetworksLaurent Daudré-Vignier
 
Web Services Presentation - Introduction, Vulnerabilities, & Countermeasures
Web Services Presentation - Introduction, Vulnerabilities, & CountermeasuresWeb Services Presentation - Introduction, Vulnerabilities, & Countermeasures
Web Services Presentation - Introduction, Vulnerabilities, & CountermeasuresPraetorian
 
Application security in current era
Application security in current eraApplication security in current era
Application security in current eraajitdhumale
 
ITCamp 2018 - Tobiasz Koprowski - SECDEV(OPS). How to Brace Your IT Security.
ITCamp 2018 - Tobiasz Koprowski - SECDEV(OPS). How to Brace Your IT Security.ITCamp 2018 - Tobiasz Koprowski - SECDEV(OPS). How to Brace Your IT Security.
ITCamp 2018 - Tobiasz Koprowski - SECDEV(OPS). How to Brace Your IT Security.ITCamp
 
Secure Mobile Cloud Service for personal data with web frontend based on HTML5
Secure Mobile Cloud Service for personal data with web frontend based on HTML5Secure Mobile Cloud Service for personal data with web frontend based on HTML5
Secure Mobile Cloud Service for personal data with web frontend based on HTML5Amir Neziri
 
Quellcode Analyse
Quellcode AnalyseQuellcode Analyse
Quellcode AnalyseAmir Neziri
 

Contenu connexe

Similaire à Security of Web Servers and Web Applications

Track f evolving trusted platforms - arm
Track f evolving trusted platforms - armTrack f evolving trusted platforms - arm
Track f evolving trusted platforms - armchiportal
 
BEST PRACTICES OF WEB APPLICATION SECURITY By SAMVEL GEVORGYAN
BEST PRACTICES OF WEB APPLICATION SECURITY By SAMVEL GEVORGYANBEST PRACTICES OF WEB APPLICATION SECURITY By SAMVEL GEVORGYAN
BEST PRACTICES OF WEB APPLICATION SECURITY By SAMVEL GEVORGYANSamvel Gevorgyan
 
Browser Security – Issues and Best Practices1Outli
Browser Security – Issues and Best Practices1OutliBrowser Security – Issues and Best Practices1Outli
Browser Security – Issues and Best Practices1OutliVannaSchrader3
 
A Closer Look at Isolation: Hype or Next Gen Security?
A Closer Look at Isolation: Hype or Next Gen Security?A Closer Look at Isolation: Hype or Next Gen Security?
A Closer Look at Isolation: Hype or Next Gen Security?MenloSecurity
 
Moving Rich Internet Applications into the Cloud: Seven Challenges
Moving Rich Internet Applications into the Cloud: Seven ChallengesMoving Rich Internet Applications into the Cloud: Seven Challenges
Moving Rich Internet Applications into the Cloud: Seven Challengesmatiasbagini
 
Introduction to (web) APIs - definitions, examples, concepts and trends
Introduction to (web) APIs - definitions, examples, concepts and trendsIntroduction to (web) APIs - definitions, examples, concepts and trends
Introduction to (web) APIs - definitions, examples, concepts and trendsOlaf Janssen
 
The Year the Internet Fell Apart
The Year the Internet Fell ApartThe Year the Internet Fell Apart
The Year the Internet Fell ApartIBM Security
 
Get Ready for Web Application Security Testing
Get Ready for Web Application Security TestingGet Ready for Web Application Security Testing
Get Ready for Web Application Security TestingAlan Kan
 
Web Security and Network Security
Web Security and Network SecurityWeb Security and Network Security
Web Security and Network Securitycrussell79
 
CHap 13 and 12winsec3e_ppt_ch12(1).pptxSecurity Strategies
CHap 13 and 12winsec3e_ppt_ch12(1).pptxSecurity Strategies CHap 13 and 12winsec3e_ppt_ch12(1).pptxSecurity Strategies
CHap 13 and 12winsec3e_ppt_ch12(1).pptxSecurity Strategies MorganLudwig40
 
Secure Elements in Web Applications
Secure Elements in Web ApplicationsSecure Elements in Web Applications
Secure Elements in Web ApplicationsOlivier Potonniée
 
Securing Servers in Public and Hybrid Clouds
Securing Servers in Public and Hybrid CloudsSecuring Servers in Public and Hybrid Clouds
Securing Servers in Public and Hybrid CloudsRightScale
 
Web Application Testing for Today’s Biggest and Emerging Threats
Web Application Testing for Today’s Biggest and Emerging ThreatsWeb Application Testing for Today’s Biggest and Emerging Threats
Web Application Testing for Today’s Biggest and Emerging ThreatsAlan Kan
 
Web Services Presentation - Introduction, Vulnerabilities, & Countermeasures
Web Services Presentation - Introduction, Vulnerabilities, & CountermeasuresWeb Services Presentation - Introduction, Vulnerabilities, & Countermeasures
Web Services Presentation - Introduction, Vulnerabilities, & CountermeasuresPraetorian
 
Application security in current era
Application security in current eraApplication security in current era
Application security in current eraajitdhumale
 
ITCamp 2018 - Tobiasz Koprowski - SECDEV(OPS). How to Brace Your IT Security.
ITCamp 2018 - Tobiasz Koprowski - SECDEV(OPS). How to Brace Your IT Security.ITCamp 2018 - Tobiasz Koprowski - SECDEV(OPS). How to Brace Your IT Security.
ITCamp 2018 - Tobiasz Koprowski - SECDEV(OPS). How to Brace Your IT Security.ITCamp
 

Similaire à Security of Web Servers and Web Applications (20)

Track f evolving trusted platforms - arm
Track f evolving trusted platforms - armTrack f evolving trusted platforms - arm
Track f evolving trusted platforms - arm
 
BEST PRACTICES OF WEB APPLICATION SECURITY By SAMVEL GEVORGYAN
BEST PRACTICES OF WEB APPLICATION SECURITY By SAMVEL GEVORGYANBEST PRACTICES OF WEB APPLICATION SECURITY By SAMVEL GEVORGYAN
BEST PRACTICES OF WEB APPLICATION SECURITY By SAMVEL GEVORGYAN
 
Browser Security – Issues and Best Practices1Outli
Browser Security – Issues and Best Practices1OutliBrowser Security – Issues and Best Practices1Outli
Browser Security – Issues and Best Practices1Outli
 
A Closer Look at Isolation: Hype or Next Gen Security?
A Closer Look at Isolation: Hype or Next Gen Security?A Closer Look at Isolation: Hype or Next Gen Security?
A Closer Look at Isolation: Hype or Next Gen Security?
 
Moving Rich Internet Applications into the Cloud: Seven Challenges
Moving Rich Internet Applications into the Cloud: Seven ChallengesMoving Rich Internet Applications into the Cloud: Seven Challenges
Moving Rich Internet Applications into the Cloud: Seven Challenges
 
Introduction to (web) APIs - definitions, examples, concepts and trends
Introduction to (web) APIs - definitions, examples, concepts and trendsIntroduction to (web) APIs - definitions, examples, concepts and trends
Introduction to (web) APIs - definitions, examples, concepts and trends
 
The Year the Internet Fell Apart
The Year the Internet Fell ApartThe Year the Internet Fell Apart
The Year the Internet Fell Apart
 
Get Ready for Web Application Security Testing
Get Ready for Web Application Security TestingGet Ready for Web Application Security Testing
Get Ready for Web Application Security Testing
 
Web Security and Network Security
Web Security and Network SecurityWeb Security and Network Security
Web Security and Network Security
 
CHap 13 and 12winsec3e_ppt_ch12(1).pptxSecurity Strategies
CHap 13 and 12winsec3e_ppt_ch12(1).pptxSecurity Strategies CHap 13 and 12winsec3e_ppt_ch12(1).pptxSecurity Strategies
CHap 13 and 12winsec3e_ppt_ch12(1).pptxSecurity Strategies
 
Secure Elements in Web Applications
Secure Elements in Web ApplicationsSecure Elements in Web Applications
Secure Elements in Web Applications
 
Xen Overview Q3 2009
Xen Overview Q3 2009Xen Overview Q3 2009
Xen Overview Q3 2009
 
Securing Servers in Public and Hybrid Clouds
Securing Servers in Public and Hybrid CloudsSecuring Servers in Public and Hybrid Clouds
Securing Servers in Public and Hybrid Clouds
 
J web socket
J web socketJ web socket
J web socket
 
WebSockets - Boosting Web Communication - SDC 2011
WebSockets - Boosting Web Communication - SDC 2011WebSockets - Boosting Web Communication - SDC 2011
WebSockets - Boosting Web Communication - SDC 2011
 
Web Application Testing for Today’s Biggest and Emerging Threats
Web Application Testing for Today’s Biggest and Emerging ThreatsWeb Application Testing for Today’s Biggest and Emerging Threats
Web Application Testing for Today’s Biggest and Emerging Threats
 
Presentacion Palo Alto Networks
Presentacion Palo Alto NetworksPresentacion Palo Alto Networks
Presentacion Palo Alto Networks
 
Web Services Presentation - Introduction, Vulnerabilities, & Countermeasures
Web Services Presentation - Introduction, Vulnerabilities, & CountermeasuresWeb Services Presentation - Introduction, Vulnerabilities, & Countermeasures
Web Services Presentation - Introduction, Vulnerabilities, & Countermeasures
 
Application security in current era
Application security in current eraApplication security in current era
Application security in current era
 
ITCamp 2018 - Tobiasz Koprowski - SECDEV(OPS). How to Brace Your IT Security.
ITCamp 2018 - Tobiasz Koprowski - SECDEV(OPS). How to Brace Your IT Security.ITCamp 2018 - Tobiasz Koprowski - SECDEV(OPS). How to Brace Your IT Security.
ITCamp 2018 - Tobiasz Koprowski - SECDEV(OPS). How to Brace Your IT Security.
 

Plus de Amir Neziri

Secure Mobile Cloud Service for personal data with web frontend based on HTML5
Secure Mobile Cloud Service for personal data with web frontend based on HTML5Secure Mobile Cloud Service for personal data with web frontend based on HTML5
Secure Mobile Cloud Service for personal data with web frontend based on HTML5Amir Neziri
 
Quellcode Analyse
Quellcode AnalyseQuellcode Analyse
Quellcode AnalyseAmir Neziri
 
Privacy and identity management for everyone
Privacy and identity management for everyonePrivacy and identity management for everyone
Privacy and identity management for everyoneAmir Neziri
 
Sichere Handy-Ortung zur Unterstützung des Katastrophenmanagements auf Basis ...
Sichere Handy-Ortung zur Unterstützung des Katastrophenmanagements auf Basis ...Sichere Handy-Ortung zur Unterstützung des Katastrophenmanagements auf Basis ...
Sichere Handy-Ortung zur Unterstützung des Katastrophenmanagements auf Basis ...Amir Neziri
 
Software(runtime) attacks
Software(runtime) attacksSoftware(runtime) attacks
Software(runtime) attacksAmir Neziri
 
Electronic credentials
Electronic credentialsElectronic credentials
Electronic credentialsAmir Neziri
 
Introduction to cryptography
Introduction to cryptographyIntroduction to cryptography
Introduction to cryptographyAmir Neziri
 

Plus de Amir Neziri (7)

Secure Mobile Cloud Service for personal data with web frontend based on HTML5
Secure Mobile Cloud Service for personal data with web frontend based on HTML5Secure Mobile Cloud Service for personal data with web frontend based on HTML5
Secure Mobile Cloud Service for personal data with web frontend based on HTML5
 
Quellcode Analyse
Quellcode AnalyseQuellcode Analyse
Quellcode Analyse
 
Privacy and identity management for everyone
Privacy and identity management for everyonePrivacy and identity management for everyone
Privacy and identity management for everyone
 
Sichere Handy-Ortung zur Unterstützung des Katastrophenmanagements auf Basis ...
Sichere Handy-Ortung zur Unterstützung des Katastrophenmanagements auf Basis ...Sichere Handy-Ortung zur Unterstützung des Katastrophenmanagements auf Basis ...
Sichere Handy-Ortung zur Unterstützung des Katastrophenmanagements auf Basis ...
 
Software(runtime) attacks
Software(runtime) attacksSoftware(runtime) attacks
Software(runtime) attacks
 
Electronic credentials
Electronic credentialsElectronic credentials
Electronic credentials
 
Introduction to cryptography
Introduction to cryptographyIntroduction to cryptography
Introduction to cryptography
 

Dernier

Student login on Anyboli platform.helpin
Student login on Anyboli platform.helpinStudent login on Anyboli platform.helpin
Student login on Anyboli platform.helpinRaunakKeshri1
 
Accessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactAccessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactdawncurless
 
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxSOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxiammrhaywood
 
social pharmacy d-pharm 1st year by Pragati K. Mahajan
social pharmacy d-pharm 1st year by Pragati K. Mahajansocial pharmacy d-pharm 1st year by Pragati K. Mahajan
social pharmacy d-pharm 1st year by Pragati K. Mahajanpragatimahajan3
 
Holdier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfHoldier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfagholdier
 
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...EduSkills OECD
 
Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...
Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...
Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...fonyou31
 
Measures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SDMeasures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SDThiyagu K
 
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Sapana Sha
 
Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)eniolaolutunde
 
Web & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdfWeb & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdfJayanti Pande
 
Unit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptxUnit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptxVishalSingh1417
 
BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...
BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...
BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...Sapna Thakur
 
Z Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot GraphZ Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot GraphThiyagu K
 
Sanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfSanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfsanyamsingh5019
 
The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13Steve Thomason
 
APM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across SectorsAPM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across SectorsAssociation for Project Management
 

Dernier (20)

Mattingly "AI & Prompt Design: The Basics of Prompt Design"
Mattingly "AI & Prompt Design: The Basics of Prompt Design"Mattingly "AI & Prompt Design: The Basics of Prompt Design"
Mattingly "AI & Prompt Design: The Basics of Prompt Design"
 
Student login on Anyboli platform.helpin
Student login on Anyboli platform.helpinStudent login on Anyboli platform.helpin
Student login on Anyboli platform.helpin
 
Accessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactAccessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impact
 
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxSOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
 
Código Creativo y Arte de Software | Unidad 1
Código Creativo y Arte de Software | Unidad 1Código Creativo y Arte de Software | Unidad 1
Código Creativo y Arte de Software | Unidad 1
 
social pharmacy d-pharm 1st year by Pragati K. Mahajan
social pharmacy d-pharm 1st year by Pragati K. Mahajansocial pharmacy d-pharm 1st year by Pragati K. Mahajan
social pharmacy d-pharm 1st year by Pragati K. Mahajan
 
Holdier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfHoldier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdf
 
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
 
Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...
Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...
Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...
 
Measures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SDMeasures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SD
 
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
 
Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)
 
Web & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdfWeb & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdf
 
Unit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptxUnit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptx
 
BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...
BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...
BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...
 
Z Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot GraphZ Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot Graph
 
Advance Mobile Application Development class 07
Advance Mobile Application Development class 07Advance Mobile Application Development class 07
Advance Mobile Application Development class 07
 
Sanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfSanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdf
 
The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13
 
APM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across SectorsAPM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across Sectors
 

Security of Web Servers and Web Applications

  • 1. IT-Security Security of Web Servers and Web Applications Software Freedom Kosova 2011
  • 2.
  • 3.
  • 4. Motivation – Political Damage 11/06/2011 | Software Freedom Kosova 2011 | Security of Web Servers and Web Applications |Amir Neziri
  • 5. Motivation – Political Damage 11/06/2011 | Software Freedom Kosova 2011 | Security of Web Servers and Web Applications |Amir Neziri
  • 6. … another shocking news 11/06/2011 | Software Freedom Kosova 2011 | Security of Web Servers and Web Applications |Amir Neziri
  • 7. … another shocking news 11/06/2011 | Software Freedom Kosova 2011 | Security of Web Servers and Web Applications |Amir Neziri
  • 8. Motivation – Political Damage 11/06/2011 | Software Freedom Kosova 2011 | Security of Web Servers and Web Applications |Amir Neziri
  • 9. Motivation – Economic Damage 11/06/2011 | Software Freedom Kosova 2011 | Security of Web Servers and Web Applications |Amir Neziri
  • 10. Motivation – Economic Damage 11/06/2011 | Software Freedom Kosova 2011 | Security of Web Servers and Web Applications |Amir Neziri
  • 11.
  • 12.
  • 13. Components & Architecture 11/06/2011 | Software Freedom Kosova 2011 | Security of Web Servers and Web Applications |Amir Neziri
  • 14. Security Attacks 11/06/2011 | Software Freedom Kosova 2011 | Security of Web Servers and Web Applications |Amir Neziri
  • 15. Security Attacks 11/06/2011 | Software Freedom Kosova 2011 | Security of Web Servers and Web Applications |Amir Neziri
  • 16. Security Attacks 11/06/2011 | Software Freedom Kosova 2011 | Security of Web Servers and Web Applications |Amir Neziri
  • 17. Security Attacks 11/06/2011 | Software Freedom Kosova 2011 | Security of Web Servers and Web Applications |Amir Neziri
  • 18. Security Attacks 11/06/2011 | Software Freedom Kosova 2011 | Security of Web Servers and Web Applications |Amir Neziri
  • 19. Security Attacks 11/06/2011 | Software Freedom Kosova 2011 | Security of Web Servers and Web Applications |Amir Neziri
  • 20. Defenses 11/06/2011 | Software Freedom Kosova 2011 | Security of Web Servers and Web Applications |Amir Neziri Source: http://www.trigonit.com/tech-blog/bid/57835/IT-Support-Wireless-Network-Security-Secure-Encrypt-and-Be-Safe
  • 21.
  • 22. Security is a Process 11/06/2011 | Software Freedom Kosova 2011 | Security of Web Servers and Web Applications |Amir Neziri
  • 23. Example: Linux Systems 11/06/2011 | Software Freedom Kosova 2011 | Security of Web Servers and Web Applications |Amir Neziri
  • 24. Example: Linux Systems 11/06/2011 | Software Freedom Kosova 2011 | Security of Web Servers and Web Applications |Amir Neziri
  • 25.
  • 26. Example: Linux Systems 11/06/2011 | Software Freedom Kosova 2011 | Security of Web Servers and Web Applications |Amir Neziri
  • 27.
  • 28.
  • 29. Example: Linux Systems 11/06/2011 | Software Freedom Kosova 2011 | Security of Web Servers and Web Applications |Amir Neziri
  • 30.
  • 31. Example: Linux Systems 11/06/2011 | Software Freedom Kosova 2011 | Security of Web Servers and Web Applications |Amir Neziri
  • 32.
  • 33.
  • 34.
  • 35.
  • 36.
  • 37.
  • 38.
  • 39. www.exploit-db.com/webapps/ 11/06/2011 | Software Freedom Kosova 2011 | Security of Web Servers and Web Applications |Amir Neziri
  • 40.
  • 41.
  • 42.
  • 43.
  • 44.
  • 45.
  • 46. Questions??? 11/06/2011 | Software Freedom Kosova 2011 | Security of Web Servers and Web Applications |Amir Neziri
  • 47. 11/06/2011 | Software Freedom Kosova 2011 | Security of Web Servers and Web Applications |Amir Neziri

Notes de l'éditeur

  1. 2/3/2011 | |
  2. Darmstadt University of Technology 2/3/2011 | |
  3. http://www.youtube.com/watch?v=9WfXPsR3TMY http://gazetaexpress.com/?cid=1%2C16%2C62759 http://www.gazetaexpress.com/?cid=1%2C13%2C57939 http://www.panorama.com.al/lajmi-i-fundit/yerja-ndaj-shqiptareve-veper-e-nje-hakeri-serb http://articles.cnn.com/2011-07-04/tech/fox.hack_1_tweets-twitter-feed-twitter-users?_s=PM:TECH 2/3/2011 | |
  4. *Sympathizers *Think on people who read this and they are so happy about that, so that they could get some kind of heart attack!!!  Keto mund nese shihen holl e holl mund te kete edhe deme shendetsore…..  paramendoje me pas lshu zemra prej Gezimi diken….. 2/3/2011 | |
  5. OK, ketu mesa duket nuk ka pasur Probleme me ne WebSecurity/WebServer Security por me perme Phishing Attack kann vjedh passwordin…..por me rendesi eshte efekti i cili do te kishte ndikim shum te madh nese nuk i jepim rendesis Siguris… 2/3/2011 | |
  6. http://www.h-online.com/security/news/item/Hackers-breached-Citibank-security-using-simple-URL-manipulation-Update-1260964.html http://www.h-online.com/security/news/item/Citibank-customers-lost-2-7-million-in-recent-attack-1268302.html *Siguria ndikon ne te gjitha drejtimet 2/3/2011 | |
  7. 2/3/2011 | |
  8. Mbrojtjet 2/3/2011 | |
  9. http://www.nsa.gov/ia/_files/factsheets/Best_Practices_Datasheets.pdf http://www.nsa.gov/ia/mitigation_guidance/security_configuration_guides/operating_systems.shtml BSI = Bundesamt für Sicherheit in der Informationstechnik 2/3/2011 | |
  10. 2/3/2011 | |
  11. 2/3/2011 | |
  12. Einmal-Passwörter 2/3/2011 | |
  13. 2/3/2011 | |
  14. LimitRequestBody can be unlimited (practically up 2 GB to go!) 2/3/2011 | |
  15. Question: Do you see any possible Attacks??? A: Yes, because of using HTTP-Protocol and not HTTPS/SSL 2/3/2011 | |
  16. 2/3/2011 | |
  17. 2/3/2011 | |
  18. 2/3/2011 | |
  19. 2/3/2011 | |