SlideShare une entreprise Scribd logo

Delhi The Second Adventure

n|u - The Open Security Community
n|u - The Open Security Community

null Delhi Special Meeting - with Joerg Simon

FormationTechnologie
1  sur  60
Télécharger pour lire hors ligne
Delhi the Second Adventure Thorough, Safe and Secure Fabian + Joerg jsimon@fedoraproject.org http://fedoraproject.org
/me
3 3Communication Security [ and this! ]
[ Security Lab ] A Linux based open source test- and education platform for - security-auditing - forensics - penetration-testing
[ History: @ foss.in Bangalore 2009 ] - pick up the Idea - give it a home - http://fedorahosted.org/security-spin/ - Contributor Wishlist – https://bugzilla.redhat.com/show_bug.cgi?id=563471 - Improve spin section content – went to spins.fedoraproject.org/security - move to SLiM as desktop manager – moved to SLiM -> moved to LXDM ... - move to LXDE as window manager – we moved to LXDE -> move to XFCE in Fedora20 - become a official spin in Fedora 13 – we made it as a official Fedora Security Spin in Fedora 13, 14, 15, 16, 17 and will be for 18 - LIMITS - Webapplication testing tools + implementing OSSTMM upstreams – we packaged SCARE, unicornscan also brought up limits of a large FOSS Project - become the official OSSTMM Distro – ISECOM´s Pete Herzog announced OSSTMM Lab as the “New live linux distro for OSSTMM users” - on 12.September 2012 - new features in the current Version of the OSL (v3.8b4 (F17))with input from the ISECOM HHS Team! - collect input and suggestions - Working on a Test-Bench for Students
[ possible benefits ] - usecase for the FSL - new cool upstreams - implemented methodology - fedora get taught along the OSSTMM
OSSTMM- Lab Modified Version of the Fedora Security Lab Packaging upstream Tools from the OSSTMM Team A stable platform for teaching the curriculum For OSSTMM and HHS Integrate the Methodology Flow Into one possible Toolset [ benefits ]
9 9 HIC Audit Services [ From Risk to Operations ]
From Risk to Operations
12 12 [ but we have problem ]
[ Security - Industry ]
 Comply!? But not secure? Blocked?  Get the Audit Result you need? But not secure? Blocked?  Secure? But not compliant? Blocked? [ Compliance? ] Quelle: OSSTMM ISECOM
Spend your money on „Bad Security“?
17 17Communication Security Security ? Cloud – Social Media – Mobile Plattform
18 18Communication Security Trusts neue Angriffsvektoren!
[ Reports Management & Real world compatible ] [ reproducible with the right Standards & Methods! ] [ neutral unbiased by relying on Open Standards ] [ comparable real working Metrics – based on scientific research ]
[ know ] - a way for proper testing!
[ there is a Open Source way]  How do current operations work?  How do they work differently from how management thinks they work?  How do they need to work?
22 22 HIC Audit Services [ Controls <> Trusts ] [ Security <> Safety? ] [ Operations ] [ Compliance ] [ the terrible truth? ]
Human risk will never change „In Security people are as much a part of the process as are the machines.“ derived from ISECOM, OSSTMM 3.0
● Industrie    74,49% ● Military   97,16%  ● Banks 84,36% ● Software­Vendors   73,12% ● Politik   76,58%
Usual testing synonyms Blind/Blackbox Pentest Graybox/Chrystal/RedTeam Social Engineering WarDriving WarDialing Configuration­Reviews Code Reviews [ common sence ]
[ testpath ]
 False Positive (Status true – although untrue)   False Negative (Status untrue – although true)  GrayPositive (Status always true)  Gray Negative (always untrue)  Specter (true or untrue ­ anomaly)  Indiscretion (true or untrue ­ timedependency)  Entropy Error (true or untrue ­ Overhead)  Falsification (true or untrue – unknown Variables)  Sampling Error (influenced from outside)  Constraint (true or untrue – Equipment Limit)  Propagation (not tested)  Human Error (missing Skill, Expirience)
35 35 From Risk to Operations
36 36Communication Security [ Quantify Security ]
37 37Communication Security Metrics System Schwachstelle Kritikalität Maßnahme unsichere Verschlüsselung möglich evtl. veraltete SW-Version gering bew erten und unterbinden Parameter mit Code-Injection mittel Säuberung der Codefragmente aus den Anfragen Anw endungsaudit unsichere Verschlüsselung möglich evtl. veraltete SW-Version gering bew erten Angriffsfläche verringern unsichere Verschlüsselung möglich evtl. veraltete SW-Version gering prüfen und beheben Anw endungsaudit unverschlüsselte Übertragung von Authentifizierungsdaten Cross Site Tracing mittel Einschränkung von TRACE Anfragen unverschlüsselte Übertragung prüfen und beheben unsichere Verschlüsselung möglich Passwortkombinationen unlimitiert gering bew erten und unterbinden Adminportale unverschlüsselt erreichbar Passwortkombinationen unlimitiert Offenlegung aller Systemdaten! Zugang zu privaten Daten Administrativer Zugang zum Webserver hoch umfangreiche praktische Sofort- Maßnahmen wurden am 21.08.2010 gemeldet siehe Seite 48 Spamversand möglich CodeInjection mittel Formularverarbeitung ist zu überarbeiten Säuberung der Codefragmente aus den Anfragen Anwendungsaudit eingeschränkte Verschlüsselung gering Hersteller Patch einspielen CrossSite Tracing PHP Version angreifbar CrossSiteScripting ParameterTampering InformationDisclosure hoch Einschränkung von TRACE Anfragen Formularverarbeitung ist zu überarbeiten Säuberung der Codefragmente aus den Anfragen Klassifizierung der Informationen Vulnerability Mngmt. vs Threat Modelling vs RiskAssessmentValues
38 38Communication Security RAV Quelle: OSSTMM ISECOM
39 39Communication Security [ porosity ] - Visibility - Access - Trust
[ how much security do you really need? ]
[ Authentication ]
[ Indemnification ]
[ Resistance ]
[ Subjugation ]
[ Continuity ]
[ non-repudiation ]
[ confidentiality ] [ privacy ] [ integrity ]
[ Alarm ]
[ limitations ]
Limitations
OSSTMM Risk Assessment Value
„There are only 2 ways to steal something: either you take it yourself or you have someone else take it and give it to you“ OSSTMM 3.0
54 54Communication Security Apps? Steal something for me?
55 55Communication Security Steal something for me
56 56Communication Security Tom is verbose
57 57Communication Security Tom the Cat is calling home
Size Symmetry Visibility Subjugation Consistency Integrity Offsets Value Components Porosity [ quantify Trust! ]
59 59Communication Security Risk! sometimes the result is not what you expect!
Delhi The Second Adventure

Recommandé

How to create correlation rule for threat detection in RuSIEM
How to create correlation rule for threat detection in RuSIEMHow to create correlation rule for threat detection in RuSIEM
How to create correlation rule for threat detection in RuSIEMOlesya Shelestova
 
Automated Infrastructure Security: Monitoring using FOSS
Automated Infrastructure Security: Monitoring using FOSSAutomated Infrastructure Security: Monitoring using FOSS
Automated Infrastructure Security: Monitoring using FOSSSonatype
 
Last Month in PHP - January 2016
Last Month in PHP - January 2016Last Month in PHP - January 2016
Last Month in PHP - January 2016Eric Poe
 
How to secure web applications
How to secure web applicationsHow to secure web applications
How to secure web applicationsMohammed A. Imran
 
Null bhopal Sep 2016: What it Takes to Secure a Web Application
Null bhopal Sep 2016: What it Takes to Secure a Web ApplicationNull bhopal Sep 2016: What it Takes to Secure a Web Application
Null bhopal Sep 2016: What it Takes to Secure a Web ApplicationAnant Shrivastava
 
Linux Security for Developers
Linux Security for DevelopersLinux Security for Developers
Linux Security for DevelopersMichael Boelen
 
Spring Security
Spring SecuritySpring Security
Spring SecurityKnoldus Inc.
 
Anatomy of Exploit Kits
Anatomy of Exploit KitsAnatomy of Exploit Kits
Anatomy of Exploit Kitssecurityxploded
 

Recommandé

How to create correlation rule for threat detection in RuSIEM
How to create correlation rule for threat detection in RuSIEMHow to create correlation rule for threat detection in RuSIEM
How to create correlation rule for threat detection in RuSIEMOlesya Shelestova
 
Automated Infrastructure Security: Monitoring using FOSS
Automated Infrastructure Security: Monitoring using FOSSAutomated Infrastructure Security: Monitoring using FOSS
Automated Infrastructure Security: Monitoring using FOSSSonatype
 
Last Month in PHP - January 2016
Last Month in PHP - January 2016Last Month in PHP - January 2016
Last Month in PHP - January 2016Eric Poe
 
How to secure web applications
How to secure web applicationsHow to secure web applications
How to secure web applicationsMohammed A. Imran
 
Null bhopal Sep 2016: What it Takes to Secure a Web Application
Null bhopal Sep 2016: What it Takes to Secure a Web ApplicationNull bhopal Sep 2016: What it Takes to Secure a Web Application
Null bhopal Sep 2016: What it Takes to Secure a Web ApplicationAnant Shrivastava
 
Linux Security for Developers
Linux Security for DevelopersLinux Security for Developers
Linux Security for DevelopersMichael Boelen
 
Spring Security
Spring SecuritySpring Security
Spring SecurityKnoldus Inc.
 
Anatomy of Exploit Kits
Anatomy of Exploit KitsAnatomy of Exploit Kits
Anatomy of Exploit Kitssecurityxploded
 
Prepare to defend thyself with Blue/Green
Prepare to defend thyself with Blue/GreenPrepare to defend thyself with Blue/Green
Prepare to defend thyself with Blue/GreenSonatype
 
Anatomy of a Cloud Hack
Anatomy of a Cloud HackAnatomy of a Cloud Hack
Anatomy of a Cloud HackNotSoSecure Global Services
 
Sandboxing in .NET CLR
Sandboxing in .NET CLRSandboxing in .NET CLR
Sandboxing in .NET CLRMikhail Shcherbakov
 
Fortify dev ops (002)
Fortify dev ops (002)Fortify dev ops (002)
Fortify dev ops (002)Madhavan Marimuthu
 
[Php Camp]Owasp Php Top5+Csrf
[Php Camp]Owasp Php Top5+Csrf[Php Camp]Owasp Php Top5+Csrf
[Php Camp]Owasp Php Top5+CsrfBipin Upadhyay
 
Istio Security Overview
Istio Security OverviewIstio Security Overview
Istio Security OverviewMichael Furman
 
HackFest 2015 - Rasp vs waf
HackFest 2015 - Rasp vs wafHackFest 2015 - Rasp vs waf
HackFest 2015 - Rasp vs wafIMMUNIO
 
Web server security techniques by Khawar Nehal
Web server security techniques by Khawar NehalWeb server security techniques by Khawar Nehal
Web server security techniques by Khawar NehalKhawar Nehal khawar.nehal@atrc.net.pk
 
Sol 03 - Office 365 Advanced Security Hardening with cFocus Software
Sol 03 - Office 365 Advanced Security Hardening with cFocus SoftwareSol 03 - Office 365 Advanced Security Hardening with cFocus Software
Sol 03 - Office 365 Advanced Security Hardening with cFocus SoftwareJasson Walker
 
Passwords are passé. WebAuthn is simpler, stronger and ready to go
Passwords are passé. WebAuthn is simpler, stronger and ready to goPasswords are passé. WebAuthn is simpler, stronger and ready to go
Passwords are passé. WebAuthn is simpler, stronger and ready to goMichael Furman
 
OWASP API Security Top 10 Examples
OWASP API Security Top 10 ExamplesOWASP API Security Top 10 Examples
OWASP API Security Top 10 Examples42Crunch
 
Shellcoding in linux
Shellcoding in linuxShellcoding in linux
Shellcoding in linuxAjin Abraham
 
Primer on password security
Primer on password securityPrimer on password security
Primer on password securitysecurityxploded
 
My tryst with sourcecode review
My tryst with sourcecode reviewMy tryst with sourcecode review
My tryst with sourcecode reviewAnant Shrivastava
 
DevOops Redux Ken Johnson Chris Gates - AppSec USA 2016
DevOops Redux Ken Johnson Chris Gates - AppSec USA 2016DevOops Redux Ken Johnson Chris Gates - AppSec USA 2016
DevOops Redux Ken Johnson Chris Gates - AppSec USA 2016Chris Gates
 
Testing Automaton - CFSummit 2016
Testing Automaton - CFSummit 2016Testing Automaton - CFSummit 2016
Testing Automaton - CFSummit 2016Ortus Solutions, Corp
 
The Twelve Factor Apps
The Twelve Factor AppsThe Twelve Factor Apps
The Twelve Factor Appstomi vanek
 
Tale of Forgotten Disclosure and Lesson learned
Tale of Forgotten Disclosure and Lesson learnedTale of Forgotten Disclosure and Lesson learned
Tale of Forgotten Disclosure and Lesson learnedAnant Shrivastava
 
Fedora Security LAB
Fedora Security LABFedora Security LAB
Fedora Security LABBaruch Ramos
 
Three things that rowhammer taught me by Halvar Flake
Three things that rowhammer taught me by Halvar FlakeThree things that rowhammer taught me by Halvar Flake
Three things that rowhammer taught me by Halvar Flaken|u - The Open Security Community
 
iOS Application Pentesting
iOS Application PentestingiOS Application Pentesting
iOS Application Pentestingn|u - The Open Security Community
 
DNS hijacking - null Singapore
DNS hijacking - null SingaporeDNS hijacking - null Singapore
DNS hijacking - null Singaporen|u - The Open Security Community
 

Contenu connexe

Tendances

Prepare to defend thyself with Blue/Green
Prepare to defend thyself with Blue/GreenPrepare to defend thyself with Blue/Green
Prepare to defend thyself with Blue/GreenSonatype
 
[Php Camp]Owasp Php Top5+Csrf
[Php Camp]Owasp Php Top5+Csrf[Php Camp]Owasp Php Top5+Csrf
[Php Camp]Owasp Php Top5+CsrfBipin Upadhyay
 
Istio Security Overview
Istio Security OverviewIstio Security Overview
Istio Security OverviewMichael Furman
 
HackFest 2015 - Rasp vs waf
HackFest 2015 - Rasp vs wafHackFest 2015 - Rasp vs waf
HackFest 2015 - Rasp vs wafIMMUNIO
 
Sol 03 - Office 365 Advanced Security Hardening with cFocus Software
Sol 03 - Office 365 Advanced Security Hardening with cFocus SoftwareSol 03 - Office 365 Advanced Security Hardening with cFocus Software
Sol 03 - Office 365 Advanced Security Hardening with cFocus SoftwareJasson Walker
 
Passwords are passé. WebAuthn is simpler, stronger and ready to go
Passwords are passé. WebAuthn is simpler, stronger and ready to goPasswords are passé. WebAuthn is simpler, stronger and ready to go
Passwords are passé. WebAuthn is simpler, stronger and ready to goMichael Furman
 
OWASP API Security Top 10 Examples
OWASP API Security Top 10 ExamplesOWASP API Security Top 10 Examples
OWASP API Security Top 10 Examples42Crunch
 
Shellcoding in linux
Shellcoding in linuxShellcoding in linux
Shellcoding in linuxAjin Abraham
 
Primer on password security
Primer on password securityPrimer on password security
Primer on password securitysecurityxploded
 
My tryst with sourcecode review
My tryst with sourcecode reviewMy tryst with sourcecode review
My tryst with sourcecode reviewAnant Shrivastava
 
DevOops Redux Ken Johnson Chris Gates - AppSec USA 2016
DevOops Redux Ken Johnson Chris Gates - AppSec USA 2016DevOops Redux Ken Johnson Chris Gates - AppSec USA 2016
DevOops Redux Ken Johnson Chris Gates - AppSec USA 2016Chris Gates
 
The Twelve Factor Apps
The Twelve Factor AppsThe Twelve Factor Apps
The Twelve Factor Appstomi vanek
 
Tale of Forgotten Disclosure and Lesson learned
Tale of Forgotten Disclosure and Lesson learnedTale of Forgotten Disclosure and Lesson learned
Tale of Forgotten Disclosure and Lesson learnedAnant Shrivastava
 

Tendances (18)

Prepare to defend thyself with Blue/Green
Prepare to defend thyself with Blue/GreenPrepare to defend thyself with Blue/Green
Prepare to defend thyself with Blue/Green
 
Anatomy of a Cloud Hack
Anatomy of a Cloud HackAnatomy of a Cloud Hack
Anatomy of a Cloud Hack
 
Sandboxing in .NET CLR
Sandboxing in .NET CLRSandboxing in .NET CLR
Sandboxing in .NET CLR
 
Fortify dev ops (002)
Fortify dev ops (002)Fortify dev ops (002)
Fortify dev ops (002)
 
[Php Camp]Owasp Php Top5+Csrf
[Php Camp]Owasp Php Top5+Csrf[Php Camp]Owasp Php Top5+Csrf
[Php Camp]Owasp Php Top5+Csrf
 
Istio Security Overview
Istio Security OverviewIstio Security Overview
Istio Security Overview
 
HackFest 2015 - Rasp vs waf
HackFest 2015 - Rasp vs wafHackFest 2015 - Rasp vs waf
HackFest 2015 - Rasp vs waf
 
Web server security techniques by Khawar Nehal
Web server security techniques by Khawar NehalWeb server security techniques by Khawar Nehal
Web server security techniques by Khawar Nehal
 
Sol 03 - Office 365 Advanced Security Hardening with cFocus Software
Sol 03 - Office 365 Advanced Security Hardening with cFocus SoftwareSol 03 - Office 365 Advanced Security Hardening with cFocus Software
Sol 03 - Office 365 Advanced Security Hardening with cFocus Software
 
Passwords are passé. WebAuthn is simpler, stronger and ready to go
Passwords are passé. WebAuthn is simpler, stronger and ready to goPasswords are passé. WebAuthn is simpler, stronger and ready to go
Passwords are passé. WebAuthn is simpler, stronger and ready to go
 
OWASP API Security Top 10 Examples
OWASP API Security Top 10 ExamplesOWASP API Security Top 10 Examples
OWASP API Security Top 10 Examples
 
Shellcoding in linux
Shellcoding in linuxShellcoding in linux
Shellcoding in linux
 
Primer on password security
Primer on password securityPrimer on password security
Primer on password security
 
My tryst with sourcecode review
My tryst with sourcecode reviewMy tryst with sourcecode review
My tryst with sourcecode review
 
DevOops Redux Ken Johnson Chris Gates - AppSec USA 2016
DevOops Redux Ken Johnson Chris Gates - AppSec USA 2016DevOops Redux Ken Johnson Chris Gates - AppSec USA 2016
DevOops Redux Ken Johnson Chris Gates - AppSec USA 2016
 
Testing Automaton - CFSummit 2016
Testing Automaton - CFSummit 2016Testing Automaton - CFSummit 2016
Testing Automaton - CFSummit 2016
 
The Twelve Factor Apps
The Twelve Factor AppsThe Twelve Factor Apps
The Twelve Factor Apps
 
Tale of Forgotten Disclosure and Lesson learned
Tale of Forgotten Disclosure and Lesson learnedTale of Forgotten Disclosure and Lesson learned
Tale of Forgotten Disclosure and Lesson learned
 

En vedette

Fedora Security LAB
Fedora Security LABFedora Security LAB
Fedora Security LABBaruch Ramos
 

En vedette (9)

Fedora Security LAB
Fedora Security LABFedora Security LAB
Fedora Security LAB
 
Three things that rowhammer taught me by Halvar Flake
Three things that rowhammer taught me by Halvar FlakeThree things that rowhammer taught me by Halvar Flake
Three things that rowhammer taught me by Halvar Flake
 
iOS Application Pentesting
iOS Application PentestingiOS Application Pentesting
iOS Application Pentesting
 
DNS hijacking - null Singapore
DNS hijacking - null SingaporeDNS hijacking - null Singapore
DNS hijacking - null Singapore
 
Humla workshop on Android Security Testing - null Singapore
Humla workshop on Android Security Testing - null SingaporeHumla workshop on Android Security Testing - null Singapore
Humla workshop on Android Security Testing - null Singapore
 
Null Singapore - Can We secure the IoT - Chadi Hantouche
Null Singapore - Can We secure the IoT - Chadi HantoucheNull Singapore - Can We secure the IoT - Chadi Hantouche
Null Singapore - Can We secure the IoT - Chadi Hantouche
 
Attacking VPN's
Attacking VPN'sAttacking VPN's
Attacking VPN's
 
Newbytes NullHyd
Newbytes NullHydNewbytes NullHyd
Newbytes NullHyd
 
Identifying XSS Vulnerabilities
Identifying XSS VulnerabilitiesIdentifying XSS Vulnerabilities
Identifying XSS Vulnerabilities
 

Similaire à Delhi The Second Adventure

Pragmatic Pipeline Security
Pragmatic Pipeline SecurityPragmatic Pipeline Security
Pragmatic Pipeline SecurityJames Wickett
 
1.3. (In)security Software
1.3. (In)security Software1.3. (In)security Software
1.3. (In)security Softwaredefconmoscow
 
apidays LIVE Paris - Serverless security: how to protect what you don't see? ...
apidays LIVE Paris - Serverless security: how to protect what you don't see? ...apidays LIVE Paris - Serverless security: how to protect what you don't see? ...
apidays LIVE Paris - Serverless security: how to protect what you don't see? ...apidays
 
Bat Blue Cloud Sec Presentation 4
Bat Blue Cloud Sec Presentation 4Bat Blue Cloud Sec Presentation 4
Bat Blue Cloud Sec Presentation 4bpasdar
 
Security automation simplified: an intro to DIY security automation
Security automation simplified: an intro to DIY security automationSecurity automation simplified: an intro to DIY security automation
Security automation simplified: an intro to DIY security automationMoses Schwartz
 
Democratizing security
Democratizing securityDemocratizing security
Democratizing securitySanjeev Sharma
 
Q Con New York 2015 Presentation - Conjur
Q Con New York 2015 Presentation - ConjurQ Con New York 2015 Presentation - Conjur
Q Con New York 2015 Presentation - Conjurconjur_inc
 
Serverless security - how to protect what you don't see?
Serverless security - how to protect what you don't see?Serverless security - how to protect what you don't see?
Serverless security - how to protect what you don't see?Sqreen
 
Scaling security in a cloud environment v0.5 (Sep 2017)
Scaling security in a cloud environment v0.5 (Sep 2017)Scaling security in a cloud environment v0.5 (Sep 2017)
Scaling security in a cloud environment v0.5 (Sep 2017)Dinis Cruz
 
Making Security Agile
Making Security AgileMaking Security Agile
Making Security AgileOleg Gryb
 
Devops security-An Insight into Secure-SDLC
Devops security-An Insight into Secure-SDLCDevops security-An Insight into Secure-SDLC
Devops security-An Insight into Secure-SDLCSuman Sourav
 
Securing Servers in Public and Hybrid Clouds
Securing Servers in Public and Hybrid CloudsSecuring Servers in Public and Hybrid Clouds
Securing Servers in Public and Hybrid CloudsRightScale
 
RIoT (Raiding Internet of Things) by Jacob Holcomb
RIoT (Raiding Internet of Things) by Jacob HolcombRIoT (Raiding Internet of Things) by Jacob Holcomb
RIoT (Raiding Internet of Things) by Jacob HolcombPriyanka Aash
 
Secure Coding principles by example: Build Security In from the start - Carlo...
Secure Coding principles by example: Build Security In from the start - Carlo...Secure Coding principles by example: Build Security In from the start - Carlo...
Secure Coding principles by example: Build Security In from the start - Carlo...Codemotion
 
Secure Architecture and Programming 101
Secure Architecture and Programming 101Secure Architecture and Programming 101
Secure Architecture and Programming 101Mario-Leander Reimer
 
Secure Architecture and Programming 101
Secure Architecture and Programming 101Secure Architecture and Programming 101
Secure Architecture and Programming 101QAware GmbH
 
Drupal Security Seminar
Drupal Security SeminarDrupal Security Seminar
Drupal Security SeminarCalibrate
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
I got 99 trends and a # is all of them
I got 99 trends and a # is all of themI got 99 trends and a # is all of them
I got 99 trends and a # is all of themRoberto Suggi Liverani
 

Similaire à Delhi The Second Adventure (20)

Pragmatic Pipeline Security
Pragmatic Pipeline SecurityPragmatic Pipeline Security
Pragmatic Pipeline Security
 
1.3. (In)security Software
1.3. (In)security Software1.3. (In)security Software
1.3. (In)security Software
 
apidays LIVE Paris - Serverless security: how to protect what you don't see? ...
apidays LIVE Paris - Serverless security: how to protect what you don't see? ...apidays LIVE Paris - Serverless security: how to protect what you don't see? ...
apidays LIVE Paris - Serverless security: how to protect what you don't see? ...
 
Bat Blue Cloud Sec Presentation 4
Bat Blue Cloud Sec Presentation 4Bat Blue Cloud Sec Presentation 4
Bat Blue Cloud Sec Presentation 4
 
Security automation simplified: an intro to DIY security automation
Security automation simplified: an intro to DIY security automationSecurity automation simplified: an intro to DIY security automation
Security automation simplified: an intro to DIY security automation
 
Democratizing security
Democratizing securityDemocratizing security
Democratizing security
 
Q Con New York 2015 Presentation - Conjur
Q Con New York 2015 Presentation - ConjurQ Con New York 2015 Presentation - Conjur
Q Con New York 2015 Presentation - Conjur
 
Serverless security - how to protect what you don't see?
Serverless security - how to protect what you don't see?Serverless security - how to protect what you don't see?
Serverless security - how to protect what you don't see?
 
Scaling security in a cloud environment v0.5 (Sep 2017)
Scaling security in a cloud environment v0.5 (Sep 2017)Scaling security in a cloud environment v0.5 (Sep 2017)
Scaling security in a cloud environment v0.5 (Sep 2017)
 
Making Security Agile
Making Security AgileMaking Security Agile
Making Security Agile
 
Devops security-An Insight into Secure-SDLC
Devops security-An Insight into Secure-SDLCDevops security-An Insight into Secure-SDLC
Devops security-An Insight into Secure-SDLC
 
Securing Servers in Public and Hybrid Clouds
Securing Servers in Public and Hybrid CloudsSecuring Servers in Public and Hybrid Clouds
Securing Servers in Public and Hybrid Clouds
 
RIoT (Raiding Internet of Things) by Jacob Holcomb
RIoT (Raiding Internet of Things) by Jacob HolcombRIoT (Raiding Internet of Things) by Jacob Holcomb
RIoT (Raiding Internet of Things) by Jacob Holcomb
 
Secure Coding principles by example: Build Security In from the start - Carlo...
Secure Coding principles by example: Build Security In from the start - Carlo...Secure Coding principles by example: Build Security In from the start - Carlo...
Secure Coding principles by example: Build Security In from the start - Carlo...
 
Secure Architecture and Programming 101
Secure Architecture and Programming 101Secure Architecture and Programming 101
Secure Architecture and Programming 101
 
Secure Architecture and Programming 101
Secure Architecture and Programming 101Secure Architecture and Programming 101
Secure Architecture and Programming 101
 
Drupal Security Seminar
Drupal Security SeminarDrupal Security Seminar
Drupal Security Seminar
 
Dev{sec}ops
Dev{sec}opsDev{sec}ops
Dev{sec}ops
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
I got 99 trends and a # is all of them
I got 99 trends and a # is all of themI got 99 trends and a # is all of them
I got 99 trends and a # is all of them
 

Plus de n|u - The Open Security Community

Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...
Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...
Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...n|u - The Open Security Community
 

Plus de n|u - The Open Security Community (20)

Hardware security testing 101 (Null - Delhi Chapter)
Hardware security testing 101 (Null - Delhi Chapter)Hardware security testing 101 (Null - Delhi Chapter)
Hardware security testing 101 (Null - Delhi Chapter)
 
Osint primer
Osint primerOsint primer
Osint primer
 
SSRF exploit the trust relationship
SSRF exploit the trust relationshipSSRF exploit the trust relationship
SSRF exploit the trust relationship
 
Nmap basics
Nmap basicsNmap basics
Nmap basics
 
Metasploit primary
Metasploit primaryMetasploit primary
Metasploit primary
 
Api security-testing
Api security-testingApi security-testing
Api security-testing
 
Introduction to TLS 1.3
Introduction to TLS 1.3Introduction to TLS 1.3
Introduction to TLS 1.3
 
Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...
Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...
Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...
 
Talking About SSRF,CRLF
Talking About SSRF,CRLFTalking About SSRF,CRLF
Talking About SSRF,CRLF
 
Building active directory lab for red teaming
Building active directory lab for red teamingBuilding active directory lab for red teaming
Building active directory lab for red teaming
 
Owning a company through their logs
Owning a company through their logsOwning a company through their logs
Owning a company through their logs
 
Introduction to shodan
Introduction to shodanIntroduction to shodan
Introduction to shodan
 
Cloud security
Cloud security Cloud security
Cloud security
 
Detecting persistence in windows
Detecting persistence in windowsDetecting persistence in windows
Detecting persistence in windows
 
Frida - Objection Tool Usage
Frida - Objection Tool UsageFrida - Objection Tool Usage
Frida - Objection Tool Usage
 
OSQuery - Monitoring System Process
OSQuery - Monitoring System ProcessOSQuery - Monitoring System Process
OSQuery - Monitoring System Process
 
DevSecOps Jenkins Pipeline -Security
DevSecOps Jenkins Pipeline -SecurityDevSecOps Jenkins Pipeline -Security
DevSecOps Jenkins Pipeline -Security
 
Extensible markup language attacks
Extensible markup language attacksExtensible markup language attacks
Extensible markup language attacks
 
Linux for hackers
Linux for hackersLinux for hackers
Linux for hackers
 
Android Pentesting
Android PentestingAndroid Pentesting
Android Pentesting
 

Dernier

Keynote by Prof. Wurzer at Nordex about IP-design
Keynote by Prof. Wurzer at Nordex about IP-designKeynote by Prof. Wurzer at Nordex about IP-design
Keynote by Prof. Wurzer at Nordex about IP-designMIPLM
 
Grade 9 Quarter 4 Dll Grade 9 Quarter 4 DLL.pdf
Grade 9 Quarter 4 Dll Grade 9 Quarter 4 DLL.pdfGrade 9 Quarter 4 Dll Grade 9 Quarter 4 DLL.pdf
Grade 9 Quarter 4 Dll Grade 9 Quarter 4 DLL.pdfJemuel Francisco
 
Science 7 Quarter 4 Module 2: Natural Resources.pptx
Science 7 Quarter 4 Module 2: Natural Resources.pptxScience 7 Quarter 4 Module 2: Natural Resources.pptx
Science 7 Quarter 4 Module 2: Natural Resources.pptxMaryGraceBautista27
 
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...Nguyen Thanh Tu Collection
 
ACC 2024 Chronicles. Cardiology. Exam.pdf
ACC 2024 Chronicles. Cardiology. Exam.pdfACC 2024 Chronicles. Cardiology. Exam.pdf
ACC 2024 Chronicles. Cardiology. Exam.pdfSpandanaRallapalli
 
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdf
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdfLike-prefer-love -hate+verb+ing & silent letters & citizenship text.pdf
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdfMr Bounab Samir
 
ANG SEKTOR NG agrikultura.pptx QUARTER 4
ANG SEKTOR NG agrikultura.pptx QUARTER 4ANG SEKTOR NG agrikultura.pptx QUARTER 4
ANG SEKTOR NG agrikultura.pptx QUARTER 4MiaBumagat1
 
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️9953056974 Low Rate Call Girls In Saket, Delhi NCR
 
4.16.24 21st Century Movements for Black Lives.pptx
4.16.24 21st Century Movements for Black Lives.pptx4.16.24 21st Century Movements for Black Lives.pptx
4.16.24 21st Century Movements for Black Lives.pptxmary850239
 
Global Lehigh Strategic Initiatives (without descriptions)
Global Lehigh Strategic Initiatives (without descriptions)Global Lehigh Strategic Initiatives (without descriptions)
Global Lehigh Strategic Initiatives (without descriptions)cama23
 
AUDIENCE THEORY -CULTIVATION THEORY - GERBNER.pptx
AUDIENCE THEORY -CULTIVATION THEORY - GERBNER.pptxAUDIENCE THEORY -CULTIVATION THEORY - GERBNER.pptx
AUDIENCE THEORY -CULTIVATION THEORY - GERBNER.pptxiammrhaywood
 
THEORIES OF ORGANIZATION-PUBLIC ADMINISTRATION
THEORIES OF ORGANIZATION-PUBLIC ADMINISTRATIONTHEORIES OF ORGANIZATION-PUBLIC ADMINISTRATION
THEORIES OF ORGANIZATION-PUBLIC ADMINISTRATIONHumphrey A Beña
 
Proudly South Africa powerpoint Thorisha.pptx
Proudly South Africa powerpoint Thorisha.pptxProudly South Africa powerpoint Thorisha.pptx
Proudly South Africa powerpoint Thorisha.pptxthorishapillay1
 
Difference Between Search & Browse Methods in Odoo 17
Difference Between Search & Browse Methods in Odoo 17Difference Between Search & Browse Methods in Odoo 17
Difference Between Search & Browse Methods in Odoo 17Celine George
 
Inclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdf
Inclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdfInclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdf
Inclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdfTechSoup
 
Concurrency Control in Database Management system
Concurrency Control in Database Management systemConcurrency Control in Database Management system
Concurrency Control in Database Management systemChristalin Nelson
 
Choosing the Right CBSE School A Comprehensive Guide for Parents
Choosing the Right CBSE School A Comprehensive Guide for ParentsChoosing the Right CBSE School A Comprehensive Guide for Parents
Choosing the Right CBSE School A Comprehensive Guide for Parentsnavabharathschool99
 
Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17
Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17
Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17Celine George
 
ISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITY
ISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITYISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITY
ISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITYKayeClaireEstoconing
 
Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...Jisc
 

Dernier (20)

Keynote by Prof. Wurzer at Nordex about IP-design
Keynote by Prof. Wurzer at Nordex about IP-designKeynote by Prof. Wurzer at Nordex about IP-design
Keynote by Prof. Wurzer at Nordex about IP-design
 
Grade 9 Quarter 4 Dll Grade 9 Quarter 4 DLL.pdf
Grade 9 Quarter 4 Dll Grade 9 Quarter 4 DLL.pdfGrade 9 Quarter 4 Dll Grade 9 Quarter 4 DLL.pdf
Grade 9 Quarter 4 Dll Grade 9 Quarter 4 DLL.pdf
 
Science 7 Quarter 4 Module 2: Natural Resources.pptx
Science 7 Quarter 4 Module 2: Natural Resources.pptxScience 7 Quarter 4 Module 2: Natural Resources.pptx
Science 7 Quarter 4 Module 2: Natural Resources.pptx
 
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...
 
ACC 2024 Chronicles. Cardiology. Exam.pdf
ACC 2024 Chronicles. Cardiology. Exam.pdfACC 2024 Chronicles. Cardiology. Exam.pdf
ACC 2024 Chronicles. Cardiology. Exam.pdf
 
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdf
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdfLike-prefer-love -hate+verb+ing & silent letters & citizenship text.pdf
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdf
 
ANG SEKTOR NG agrikultura.pptx QUARTER 4
ANG SEKTOR NG agrikultura.pptx QUARTER 4ANG SEKTOR NG agrikultura.pptx QUARTER 4
ANG SEKTOR NG agrikultura.pptx QUARTER 4
 
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
 
4.16.24 21st Century Movements for Black Lives.pptx
4.16.24 21st Century Movements for Black Lives.pptx4.16.24 21st Century Movements for Black Lives.pptx
4.16.24 21st Century Movements for Black Lives.pptx
 
Global Lehigh Strategic Initiatives (without descriptions)
Global Lehigh Strategic Initiatives (without descriptions)Global Lehigh Strategic Initiatives (without descriptions)
Global Lehigh Strategic Initiatives (without descriptions)
 
AUDIENCE THEORY -CULTIVATION THEORY - GERBNER.pptx
AUDIENCE THEORY -CULTIVATION THEORY - GERBNER.pptxAUDIENCE THEORY -CULTIVATION THEORY - GERBNER.pptx
AUDIENCE THEORY -CULTIVATION THEORY - GERBNER.pptx
 
THEORIES OF ORGANIZATION-PUBLIC ADMINISTRATION
THEORIES OF ORGANIZATION-PUBLIC ADMINISTRATIONTHEORIES OF ORGANIZATION-PUBLIC ADMINISTRATION
THEORIES OF ORGANIZATION-PUBLIC ADMINISTRATION
 
Proudly South Africa powerpoint Thorisha.pptx
Proudly South Africa powerpoint Thorisha.pptxProudly South Africa powerpoint Thorisha.pptx
Proudly South Africa powerpoint Thorisha.pptx
 
Difference Between Search & Browse Methods in Odoo 17
Difference Between Search & Browse Methods in Odoo 17Difference Between Search & Browse Methods in Odoo 17
Difference Between Search & Browse Methods in Odoo 17
 
Inclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdf
Inclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdfInclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdf
Inclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdf
 
Concurrency Control in Database Management system
Concurrency Control in Database Management systemConcurrency Control in Database Management system
Concurrency Control in Database Management system
 
Choosing the Right CBSE School A Comprehensive Guide for Parents
Choosing the Right CBSE School A Comprehensive Guide for ParentsChoosing the Right CBSE School A Comprehensive Guide for Parents
Choosing the Right CBSE School A Comprehensive Guide for Parents
 
Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17
Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17
Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17
 
ISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITY
ISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITYISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITY
ISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITY
 
Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...
 

Delhi The Second Adventure