Soumettre la recherche
Mettre en ligne
Java EE 6 Security in practice with GlassFish
•
2 j'aime
•
2,532 vues
Markus Eisele
Suivre
Slides for the #JavaOne Session ID: CON11881
Lire moins
Lire la suite
Technologie
Signaler
Partager
Signaler
Partager
1 sur 61
Télécharger maintenant
Télécharger pour lire hors ligne
Recommandé
Protecting Java EE Web Apps with Secure HTTP Headers
Protecting Java EE Web Apps with Secure HTTP Headers
Frank Kim
Modern Web Application Defense with OWASP Tools
Modern Web Application Defense
Modern Web Application Defense
Frank Kim
Demonstration based session on HTTP headers relevant to security aspect of web applications. Target audience is web developers, and more attention is given to Java language.
HTTP Security Headers Every Java Developer Must Know
HTTP Security Headers Every Java Developer Must Know
Ayoma Wijethunga
http://blog.whitehatsec.com/top-ten-web-hacking-techniques-of-2012/ Recorded Webinar: https://www.whitehatsec.com/webinar/whitehat_webinar_march2713.html Every year the security community produces a stunning amount of new Web hacking techniques that are published in various white papers, blog posts, magazine articles, mailing list emails, conference presentations, etc. Within the thousands of pages are the latest ways to attack websites, Web browsers, Web proxies, and their mobile platform equivilents. Beyond individual vulnerabilities with CVE numbers or system compromises, here we are solely focused on new and creative methods of Web-based attack. Now it its seventh year, The Top Ten Web Hacking Techniques list encourages information sharing, provides a centralized knowledge-base, and recognizes researchers who contribute excellent work. Past Top Tens and the number of new attack techniques discovered in each year:
Top Ten Web Hacking Techniques of 2012
Top Ten Web Hacking Techniques of 2012
Jeremiah Grossman
A brief look at the history of the implementation of secure web headers and an overview of creating and monitoring a content security policy (CSP). It used to be that browsers were something we fought against to get our sites viewed the way we wanted; now they are our allies. Far from being dumb proprietary clients that just parse our HTML the way they want, they have evolved into complex software applications. They provide powerful security controls to make decisions about what to display and debugging tools to enable us to investigate their actions. It is increasingly common to find malicious exploits targeting web pages within the browser; running crypto-miners, stealing credentials and forging requests. By implementing a set of headers to be delivered alongside our web pages, we can now work with browsers to protect our site visitors from malicious content and control what is displayed and included on our pages. In this session we will touch on what threats face our web pages out in the wild and what measures we can employ to work with browsers to protect them. We will focus on implementing security headers and building a Content Security Policy, and will cover - implementation of essential security headers; - the initial investigation and building of a Content Security Policy (CSP); - implementation and observation of the CSP in the wild; - monitoring of the CSP once live; - evidence of its effectiveness (threats thwarted). Hopefully attendees will be convinced as to why security headers and CSP are invaluable and why projects should build in time and resources to implement them.
Browser Wars 2019 - Implementing a Content Security Policy
Browser Wars 2019 - Implementing a Content Security Policy
George Boobyer
HTTP 보안헤더
List of useful security related http headers
List of useful security related http headers
한익 주
You must have encountered the following image when using screaming frog. Many websites do not have these parameters when crawling by screaming frog. One of the most important issues for search engines is security.
Http security response headers
Http security response headers
mohammadhosseinrouha
Top Ten Web Hacking Techniques of 2008: "What's possible, not probable" The polls are closed, votes are in, and we have the winners making up the Top Ten Web Hacking Techniques of 2008! The competition was fierce with the newest and most innovative web hacking techniques to the test. This session will review the top ten hacks from 2008 - what they indicate about the security of the web, what they mean for businesses, and what might be used against us soon down the road.
Top Ten Web Hacking Techniques (2008)
Top Ten Web Hacking Techniques (2008)
Jeremiah Grossman
Recommandé
Protecting Java EE Web Apps with Secure HTTP Headers
Protecting Java EE Web Apps with Secure HTTP Headers
Frank Kim
Modern Web Application Defense with OWASP Tools
Modern Web Application Defense
Modern Web Application Defense
Frank Kim
Demonstration based session on HTTP headers relevant to security aspect of web applications. Target audience is web developers, and more attention is given to Java language.
HTTP Security Headers Every Java Developer Must Know
HTTP Security Headers Every Java Developer Must Know
Ayoma Wijethunga
http://blog.whitehatsec.com/top-ten-web-hacking-techniques-of-2012/ Recorded Webinar: https://www.whitehatsec.com/webinar/whitehat_webinar_march2713.html Every year the security community produces a stunning amount of new Web hacking techniques that are published in various white papers, blog posts, magazine articles, mailing list emails, conference presentations, etc. Within the thousands of pages are the latest ways to attack websites, Web browsers, Web proxies, and their mobile platform equivilents. Beyond individual vulnerabilities with CVE numbers or system compromises, here we are solely focused on new and creative methods of Web-based attack. Now it its seventh year, The Top Ten Web Hacking Techniques list encourages information sharing, provides a centralized knowledge-base, and recognizes researchers who contribute excellent work. Past Top Tens and the number of new attack techniques discovered in each year:
Top Ten Web Hacking Techniques of 2012
Top Ten Web Hacking Techniques of 2012
Jeremiah Grossman
A brief look at the history of the implementation of secure web headers and an overview of creating and monitoring a content security policy (CSP). It used to be that browsers were something we fought against to get our sites viewed the way we wanted; now they are our allies. Far from being dumb proprietary clients that just parse our HTML the way they want, they have evolved into complex software applications. They provide powerful security controls to make decisions about what to display and debugging tools to enable us to investigate their actions. It is increasingly common to find malicious exploits targeting web pages within the browser; running crypto-miners, stealing credentials and forging requests. By implementing a set of headers to be delivered alongside our web pages, we can now work with browsers to protect our site visitors from malicious content and control what is displayed and included on our pages. In this session we will touch on what threats face our web pages out in the wild and what measures we can employ to work with browsers to protect them. We will focus on implementing security headers and building a Content Security Policy, and will cover - implementation of essential security headers; - the initial investigation and building of a Content Security Policy (CSP); - implementation and observation of the CSP in the wild; - monitoring of the CSP once live; - evidence of its effectiveness (threats thwarted). Hopefully attendees will be convinced as to why security headers and CSP are invaluable and why projects should build in time and resources to implement them.
Browser Wars 2019 - Implementing a Content Security Policy
Browser Wars 2019 - Implementing a Content Security Policy
George Boobyer
HTTP 보안헤더
List of useful security related http headers
List of useful security related http headers
한익 주
You must have encountered the following image when using screaming frog. Many websites do not have these parameters when crawling by screaming frog. One of the most important issues for search engines is security.
Http security response headers
Http security response headers
mohammadhosseinrouha
Top Ten Web Hacking Techniques of 2008: "What's possible, not probable" The polls are closed, votes are in, and we have the winners making up the Top Ten Web Hacking Techniques of 2008! The competition was fierce with the newest and most innovative web hacking techniques to the test. This session will review the top ten hacks from 2008 - what they indicate about the security of the web, what they mean for businesses, and what might be used against us soon down the road.
Top Ten Web Hacking Techniques (2008)
Top Ten Web Hacking Techniques (2008)
Jeremiah Grossman
* Django is a Web Application Framework, written in Python * Allows rapid, secure and agile web development. * Write better web applications in less time & effort.
Django (Web Applications that are Secure by Default )