SlideShare une entreprise Scribd logo

Practical security

Télécharger en tant que PPTX, PDF
Ron van der Molen
Ron van der Molen

This document discusses practical information security topics for web development. It begins with an introduction of the author and defines information security as protecting data from unauthorized access, use, disclosure, disruption or destruction. It then discusses how rapid web development can introduce security risks if new tools are not fully understood. The document outlines several common attacks like XSS, SQL injection, brute forcing and social engineering. It provides examples of each attack and emphasizes that social engineering is effective because it manipulates human psychology. The document concludes by advising the reader on how to prevent attacks through security awareness training and ethical hacking assessments.

InternetTechnologie
1  sur  23
Practical Security Ron van der Molen Wizkunde Ron van der Molen 2014 - Wizkunde.nl
About me  Ron van der Molen  Father of a son, always learning  @RonvdMolen (twitter)  RonXS (IRC Freenode)  ron@wizkunde.nl  Wizkunde  My History Ron van der Molen 2014 - Wizkunde.nl
What is information security?  The practice of defending information from unauthorized access, use, disclosure, disruption, modification, perusal, inspection, recording or destruction  CIA  Confidentiality  Integrity  Availability Ron van der Molen 2014 - Wizkunde.nl
Impact of Information Security on WebDev  A rapid process, where innovation is one of the largest contradictions to information security  Building better, more stable, feature rich applications by implementing new tools/frameworks everyday, without knowing the full extent of knowledge that the developers have who are writing the code. Ron van der Molen 2014 - Wizkunde.nl
Impact of Information Security on WebDev  Use the tools to build code  Maintainable  Updateable  Reusable  Interchangeable  Educationable  This can also include secure, if the developers at hand, invest time in good coding practices and good security strategies Ron van der Molen 2014 - Wizkunde.nl
Most used attacks  Cross Site Scripting (XSS)  Cross Site Request Forgery (XSRF)  SQL Injection  Time Based Attacks  Sessions Fixation  Brute Forcing Ron van der Molen 2014 - Wizkunde.nl
Cross Site Scripting  Abusing the fact that a user trusts a website  Trusted content  Output is said to be genuine  Example Ron van der Molen 2014 - Wizkunde.nl
Cross-Site Request Forgery  Abusing the fact that a website trusts a browser  (Also called “reversed XSS”)  Example Ron van der Molen 2014 - Wizkunde.nl
SQL Injection  Abusing bad coding practises to inject SQL  Retreive information  Get unauthorized access  Damage the system  Example Ron van der Molen 2014 - Wizkunde.nl
Time Based Attacks  Profiling the system, to get data disclosure without needing explicit access to the software itself  Abusing facts or other security flaws get easier like this  Example Ron van der Molen 2014 - Wizkunde.nl
Session Fixation  Abusing another users session to get unauthorized access  Cookie Hijacking  XSS Scripting  Sometimes refered to as persistent XSS  Example Ron van der Molen 2014 - Wizkunde.nl
Bruteforcing  Send a huge amount of requests to the server, and force your way in by trial and error.  This can be more effective as you might think  In combination with time based attacks!  Example Ron van der Molen 2014 - Wizkunde.nl
More Attacks  Code Injection  Denial of Service (I.E. Syn Flooding)  Lower layer architectural attacks  Stack Overflow attacks  Heap Overflow attacks  Many many more known and unknown attacks! Ron van der Molen 2014 - Wizkunde.nl
Social Engineering What is it?  Using social skills, to change facts or hack and manipulate your way into a normally secured situation  Yes, its also social engineering if you manipulate or LIE to a person by changing facts to alter the outcome of a problem / situation Ron van der Molen 2014 - Wizkunde.nl
Social Engineering What is it?  Where is this an issue?  Everywhere!!!  Larger organisations  Inter organisation collaboration  So how does it work? Ron van der Molen 2014 - Wizkunde.nl
Social Engineering How does it work?  Psychology  Small Talk  Common Sense  Brutality  Insecurity / Uncertainty  Emotions Ron van der Molen 2014 - Wizkunde.nl
Social Engineering How does it work?  Reverse Psychology  The problem solver  The damsel in distress  Information by incentives  Random rewards to buy information  Discount websites to buy information Ron van der Molen 2014 - Wizkunde.nl
Social Engineering How does it work?  Toolkit of a social engineer  Guts  His mouth, you need to be able to talk  Knowing the targets habits  Social Media  Screen Reading  Sticky notes Ron van der Molen 2014 - Wizkunde.nl
Social Engineering Who does this?  Everybody, including you and me  Lie  Cheat  Manipulate  Self preservation Ron van der Molen 2014 - Wizkunde.nl
Social Engineering How is that even lucrative?  Information has value, and with value comes buyers  Kevin mitnick – The Art of Deception  Slot Machine example Ron van der Molen 2014 - Wizkunde.nl
Social Engineering How to prevent it?  Security through obscurity  Create security regulations for your company  Train employees on a regular basis  Assess your organisation by ethical hackers  It will not rule out Social Engineers! Ron van der Molen 2014 - Wizkunde.nl
Information Security  Dont overdo it! Ron van der Molen 2014 - Wizkunde.nl
Practical Security  What will you start doing tomorrow to improve?  Questions? Ron van der Molen 2014 - Wizkunde.nl

Recommandé

Social Engineering
Social EngineeringSocial Engineering
Social EngineeringWilliam Gregorian
 
Social Engineering
Social EngineeringSocial Engineering
Social EngineeringNicholas Davis
 
Cyber security awareness presentation nepal
Cyber security awareness presentation nepalCyber security awareness presentation nepal
Cyber security awareness presentation nepalICT Frame Magazine Pvt. Ltd.
 
Public WiFi Hot Spots
Public WiFi Hot SpotsPublic WiFi Hot Spots
Public WiFi Hot SpotsCentextech
 
It security and awareness training 5 10-2018
It security and awareness training 5 10-2018It security and awareness training 5 10-2018
It security and awareness training 5 10-2018jubke
 
Cyber Security and Cyber Awareness
Cyber Security and Cyber Awareness Cyber Security and Cyber Awareness
Cyber Security and Cyber Awareness Jay Nagar
 
Cyber Safety 101
Cyber Safety 101Cyber Safety 101
Cyber Safety 101Jeff Niebaum, M.A
 
Cybersecurity Awareness Training Presentation v1.0
Cybersecurity Awareness Training Presentation v1.0Cybersecurity Awareness Training Presentation v1.0
Cybersecurity Awareness Training Presentation v1.0DallasHaselhorst
 

Recommandé

Social Engineering
Social EngineeringSocial Engineering
Social EngineeringWilliam Gregorian
 
Social Engineering
Social EngineeringSocial Engineering
Social EngineeringNicholas Davis
 
Cyber security awareness presentation nepal
Cyber security awareness presentation nepalCyber security awareness presentation nepal
Cyber security awareness presentation nepalICT Frame Magazine Pvt. Ltd.
 
Public WiFi Hot Spots
Public WiFi Hot SpotsPublic WiFi Hot Spots
Public WiFi Hot SpotsCentextech
 
It security and awareness training 5 10-2018
It security and awareness training 5 10-2018It security and awareness training 5 10-2018
It security and awareness training 5 10-2018jubke
 
Cyber Security and Cyber Awareness
Cyber Security and Cyber Awareness Cyber Security and Cyber Awareness
Cyber Security and Cyber Awareness Jay Nagar
 
Cyber Safety 101
Cyber Safety 101Cyber Safety 101
Cyber Safety 101Jeff Niebaum, M.A
 
Cybersecurity Awareness Training Presentation v1.0
Cybersecurity Awareness Training Presentation v1.0Cybersecurity Awareness Training Presentation v1.0
Cybersecurity Awareness Training Presentation v1.0DallasHaselhorst
 
Importance of android firewall
Importance of android firewallImportance of android firewall
Importance of android firewallMobiwol
 
Internet security
Internet securityInternet security
Internet securityReisn Felicite
 
Cyber security[1118]
Cyber security[1118]Cyber security[1118]
Cyber security[1118]MeeraNairJ
 
Nat'l Cyber Security Awareness Month (NCSAM) Posters
Nat'l Cyber Security Awareness Month (NCSAM) PostersNat'l Cyber Security Awareness Month (NCSAM) Posters
Nat'l Cyber Security Awareness Month (NCSAM) PostersNetLockSmith
 
InfraGard Albany Member Alliance Monthly Security Tips
InfraGard Albany Member Alliance Monthly Security TipsInfraGard Albany Member Alliance Monthly Security Tips
InfraGard Albany Member Alliance Monthly Security TipsLiberteks
 
Cyber security awareness for students
Cyber security awareness for students Cyber security awareness for students
Cyber security awareness for studentsAkhil Nadh PC
 
Document safer online for nonprofits guide
Document safer online for nonprofits guideDocument safer online for nonprofits guide
Document safer online for nonprofits guideNguyen Xuan Quang
 
Appsecco Sanity Check Baseline Cyber Audit 2018
Appsecco Sanity Check Baseline Cyber Audit 2018Appsecco Sanity Check Baseline Cyber Audit 2018
Appsecco Sanity Check Baseline Cyber Audit 2018Appsecco
 
Information security for small business
Information security for small businessInformation security for small business
Information security for small businessBDPA Charlotte - Information Technology Thought Leaders
 
Basic Internet Security
Basic Internet SecurityBasic Internet Security
Basic Internet Securitymfaheemakhtar
 
Public Wi-Fi security 101
Public Wi-Fi security 101Public Wi-Fi security 101
Public Wi-Fi security 101RapidSSLOnline.com
 
CIA #4
CIA #4CIA #4
CIA #4Michael Boyd
 
Internet security
Internet securityInternet security
Internet securityMohammed Adam
 
Internet security tutorial
Internet security tutorialInternet security tutorial
Internet security tutorialiuvmtech
 
OSINT - Open Soure Intelligence - Webinar on CyberSecurity
OSINT - Open Soure Intelligence - Webinar on CyberSecurityOSINT - Open Soure Intelligence - Webinar on CyberSecurity
OSINT - Open Soure Intelligence - Webinar on CyberSecurityMohammed Adam
 
Social Networking Security For OCRI - Scott Wright - Condensed July 9, 2009
Social Networking Security For OCRI - Scott Wright - Condensed July 9, 2009Social Networking Security For OCRI - Scott Wright - Condensed July 9, 2009
Social Networking Security For OCRI - Scott Wright - Condensed July 9, 2009Scott Wright
 
Computer & internet Security
Computer & internet SecurityComputer & internet Security
Computer & internet SecurityGerard Lamusse
 
Itsa end user 2013
Itsa end user 2013Itsa end user 2013
Itsa end user 2013salleh1n
 
Navigating Online Threats - Website Security for Everyday Website Owners
Navigating Online Threats - Website Security for Everyday Website OwnersNavigating Online Threats - Website Security for Everyday Website Owners
Navigating Online Threats - Website Security for Everyday Website OwnersTony Perez
 
An introduction to Digital Security - Rishabh Dangwal
An introduction to Digital Security - Rishabh DangwalAn introduction to Digital Security - Rishabh Dangwal
An introduction to Digital Security - Rishabh DangwalRishabh Dangwal
 
100+ Cyber Security Interview Questions and Answers in 2022
100+ Cyber Security Interview Questions and Answers in 2022100+ Cyber Security Interview Questions and Answers in 2022
100+ Cyber Security Interview Questions and Answers in 2022Temok IT Services
 
How to Migrate Your Organization to a More Security-Minded Culture – From Dev...
How to Migrate Your Organization to a More Security-Minded Culture – From Dev...How to Migrate Your Organization to a More Security-Minded Culture – From Dev...
How to Migrate Your Organization to a More Security-Minded Culture – From Dev...Dana Gardner
 

Contenu connexe

Tendances

Importance of android firewall
Importance of android firewallImportance of android firewall
Importance of android firewallMobiwol
 
Cyber security[1118]
Cyber security[1118]Cyber security[1118]
Cyber security[1118]MeeraNairJ
 
Nat'l Cyber Security Awareness Month (NCSAM) Posters
Nat'l Cyber Security Awareness Month (NCSAM) PostersNat'l Cyber Security Awareness Month (NCSAM) Posters
Nat'l Cyber Security Awareness Month (NCSAM) PostersNetLockSmith
 
InfraGard Albany Member Alliance Monthly Security Tips
InfraGard Albany Member Alliance Monthly Security TipsInfraGard Albany Member Alliance Monthly Security Tips
InfraGard Albany Member Alliance Monthly Security TipsLiberteks
 
Cyber security awareness for students
Cyber security awareness for students Cyber security awareness for students
Cyber security awareness for studentsAkhil Nadh PC
 
Document safer online for nonprofits guide
Document safer online for nonprofits guideDocument safer online for nonprofits guide
Document safer online for nonprofits guideNguyen Xuan Quang
 
Appsecco Sanity Check Baseline Cyber Audit 2018
Appsecco Sanity Check Baseline Cyber Audit 2018Appsecco Sanity Check Baseline Cyber Audit 2018
Appsecco Sanity Check Baseline Cyber Audit 2018Appsecco
 
Basic Internet Security
Basic Internet SecurityBasic Internet Security
Basic Internet Securitymfaheemakhtar
 
Internet security tutorial
Internet security tutorialInternet security tutorial
Internet security tutorialiuvmtech
 
OSINT - Open Soure Intelligence - Webinar on CyberSecurity
OSINT - Open Soure Intelligence - Webinar on CyberSecurityOSINT - Open Soure Intelligence - Webinar on CyberSecurity
OSINT - Open Soure Intelligence - Webinar on CyberSecurityMohammed Adam
 
Social Networking Security For OCRI - Scott Wright - Condensed July 9, 2009
Social Networking Security For OCRI - Scott Wright - Condensed July 9, 2009Social Networking Security For OCRI - Scott Wright - Condensed July 9, 2009
Social Networking Security For OCRI - Scott Wright - Condensed July 9, 2009Scott Wright
 
Computer & internet Security
Computer & internet SecurityComputer & internet Security
Computer & internet SecurityGerard Lamusse
 
Itsa end user 2013
Itsa end user 2013Itsa end user 2013
Itsa end user 2013salleh1n
 
Navigating Online Threats - Website Security for Everyday Website Owners
Navigating Online Threats - Website Security for Everyday Website OwnersNavigating Online Threats - Website Security for Everyday Website Owners
Navigating Online Threats - Website Security for Everyday Website OwnersTony Perez
 
An introduction to Digital Security - Rishabh Dangwal
An introduction to Digital Security - Rishabh DangwalAn introduction to Digital Security - Rishabh Dangwal
An introduction to Digital Security - Rishabh DangwalRishabh Dangwal
 

Tendances (20)

Importance of android firewall
Importance of android firewallImportance of android firewall
Importance of android firewall
 
Internet security
Internet securityInternet security
Internet security
 
Cyber security[1118]
Cyber security[1118]Cyber security[1118]
Cyber security[1118]
 
Nat'l Cyber Security Awareness Month (NCSAM) Posters
Nat'l Cyber Security Awareness Month (NCSAM) PostersNat'l Cyber Security Awareness Month (NCSAM) Posters
Nat'l Cyber Security Awareness Month (NCSAM) Posters
 
InfraGard Albany Member Alliance Monthly Security Tips
InfraGard Albany Member Alliance Monthly Security TipsInfraGard Albany Member Alliance Monthly Security Tips
InfraGard Albany Member Alliance Monthly Security Tips
 
Cyber security awareness for students
Cyber security awareness for students Cyber security awareness for students
Cyber security awareness for students
 
Document safer online for nonprofits guide
Document safer online for nonprofits guideDocument safer online for nonprofits guide
Document safer online for nonprofits guide
 
Appsecco Sanity Check Baseline Cyber Audit 2018
Appsecco Sanity Check Baseline Cyber Audit 2018Appsecco Sanity Check Baseline Cyber Audit 2018
Appsecco Sanity Check Baseline Cyber Audit 2018
 
Information security for small business
Information security for small businessInformation security for small business
Information security for small business
 
Basic Internet Security
Basic Internet SecurityBasic Internet Security
Basic Internet Security
 
Public Wi-Fi security 101
Public Wi-Fi security 101Public Wi-Fi security 101
Public Wi-Fi security 101
 
CIA #4
CIA #4CIA #4
CIA #4
 
Internet security
Internet securityInternet security
Internet security
 
Internet security tutorial
Internet security tutorialInternet security tutorial
Internet security tutorial
 
OSINT - Open Soure Intelligence - Webinar on CyberSecurity
OSINT - Open Soure Intelligence - Webinar on CyberSecurityOSINT - Open Soure Intelligence - Webinar on CyberSecurity
OSINT - Open Soure Intelligence - Webinar on CyberSecurity
 
Social Networking Security For OCRI - Scott Wright - Condensed July 9, 2009
Social Networking Security For OCRI - Scott Wright - Condensed July 9, 2009Social Networking Security For OCRI - Scott Wright - Condensed July 9, 2009
Social Networking Security For OCRI - Scott Wright - Condensed July 9, 2009
 
Computer & internet Security
Computer & internet SecurityComputer & internet Security
Computer & internet Security
 
Itsa end user 2013
Itsa end user 2013Itsa end user 2013
Itsa end user 2013
 
Navigating Online Threats - Website Security for Everyday Website Owners
Navigating Online Threats - Website Security for Everyday Website OwnersNavigating Online Threats - Website Security for Everyday Website Owners
Navigating Online Threats - Website Security for Everyday Website Owners
 
An introduction to Digital Security - Rishabh Dangwal
An introduction to Digital Security - Rishabh DangwalAn introduction to Digital Security - Rishabh Dangwal
An introduction to Digital Security - Rishabh Dangwal
 

Similaire à Practical security

100+ Cyber Security Interview Questions and Answers in 2022
100+ Cyber Security Interview Questions and Answers in 2022100+ Cyber Security Interview Questions and Answers in 2022
100+ Cyber Security Interview Questions and Answers in 2022Temok IT Services
 
How to Migrate Your Organization to a More Security-Minded Culture – From Dev...
How to Migrate Your Organization to a More Security-Minded Culture – From Dev...How to Migrate Your Organization to a More Security-Minded Culture – From Dev...
How to Migrate Your Organization to a More Security-Minded Culture – From Dev...Dana Gardner
 
The Unconventional Guide to Cyber Threat Intelligence - Ahad.pdf
The Unconventional Guide to Cyber Threat Intelligence - Ahad.pdfThe Unconventional Guide to Cyber Threat Intelligence - Ahad.pdf
The Unconventional Guide to Cyber Threat Intelligence - Ahad.pdfAhad
 
The Unconventional Guide to Cyber Threat Intelligence
The Unconventional Guide to Cyber Threat IntelligenceThe Unconventional Guide to Cyber Threat Intelligence
The Unconventional Guide to Cyber Threat IntelligenceAhad
 
Cyber threat Intelligence Dubai - Ahad.pptx
Cyber threat Intelligence Dubai - Ahad.pptxCyber threat Intelligence Dubai - Ahad.pptx
Cyber threat Intelligence Dubai - Ahad.pptxAhad
 
Cybersecurity Awareness E-book by Propelled Technologies
Cybersecurity Awareness E-book by Propelled Technologies Cybersecurity Awareness E-book by Propelled Technologies
Cybersecurity Awareness E-book by Propelled Technologies Anwar CHFI, SSCP, ITIL
 
So... you want to be a security consultant
So... you want to be a security consultant So... you want to be a security consultant
So... you want to be a security consultant abnmi
 
Open Security and Privacy Reference Architecture
Open Security and Privacy Reference Architecture Open Security and Privacy Reference Architecture
Open Security and Privacy Reference Architecture Asim Jahan
 
CYREN_2015_CyberThreat_Yearbook
CYREN_2015_CyberThreat_YearbookCYREN_2015_CyberThreat_Yearbook
CYREN_2015_CyberThreat_YearbookChristian Reuter
 
Building Human Intelligence – Pun Intended
Building Human Intelligence – Pun IntendedBuilding Human Intelligence – Pun Intended
Building Human Intelligence – Pun IntendedEnergySec
 
Guarding the Digital Fortress Unmasking 10 Common Types of Cybersecurity Thre...
Guarding the Digital Fortress Unmasking 10 Common Types of Cybersecurity Thre...Guarding the Digital Fortress Unmasking 10 Common Types of Cybersecurity Thre...
Guarding the Digital Fortress Unmasking 10 Common Types of Cybersecurity Thre...Mverve1
 
Guarding the Digital Fortress.pdf
Guarding the Digital Fortress.pdfGuarding the Digital Fortress.pdf
Guarding the Digital Fortress.pdfMverve1
 
Talks submitted
Talks submittedTalks submitted
Talks submittedKim Minh
 
Cyber security awareness for end users
Cyber security awareness for end usersCyber security awareness for end users
Cyber security awareness for end usersNetWatcher
 
Lodi Emmanuel Palle Cybersecurity and Technology Innovation.pptx
Lodi Emmanuel Palle Cybersecurity and Technology Innovation.pptxLodi Emmanuel Palle Cybersecurity and Technology Innovation.pptx
Lodi Emmanuel Palle Cybersecurity and Technology Innovation.pptxLode Emmanuel Palle
 
The significance of the 7 Colors of Information Security
The significance of the 7 Colors of Information SecurityThe significance of the 7 Colors of Information Security
The significance of the 7 Colors of Information Securitylearntransformation0
 
Symantec-CWS_Brochure
Symantec-CWS_BrochureSymantec-CWS_Brochure
Symantec-CWS_BrochureJustyna Majek
 

Similaire à Practical security (20)

100+ Cyber Security Interview Questions and Answers in 2022
100+ Cyber Security Interview Questions and Answers in 2022100+ Cyber Security Interview Questions and Answers in 2022
100+ Cyber Security Interview Questions and Answers in 2022
 
How to Migrate Your Organization to a More Security-Minded Culture – From Dev...
How to Migrate Your Organization to a More Security-Minded Culture – From Dev...How to Migrate Your Organization to a More Security-Minded Culture – From Dev...
How to Migrate Your Organization to a More Security-Minded Culture – From Dev...
 
The Unconventional Guide to Cyber Threat Intelligence - Ahad.pdf
The Unconventional Guide to Cyber Threat Intelligence - Ahad.pdfThe Unconventional Guide to Cyber Threat Intelligence - Ahad.pdf
The Unconventional Guide to Cyber Threat Intelligence - Ahad.pdf
 
The Unconventional Guide to Cyber Threat Intelligence
The Unconventional Guide to Cyber Threat IntelligenceThe Unconventional Guide to Cyber Threat Intelligence
The Unconventional Guide to Cyber Threat Intelligence
 
Cyber threat Intelligence Dubai - Ahad.pptx
Cyber threat Intelligence Dubai - Ahad.pptxCyber threat Intelligence Dubai - Ahad.pptx
Cyber threat Intelligence Dubai - Ahad.pptx
 
Cybersecurity Awareness E-book by Propelled Technologies
Cybersecurity Awareness E-book by Propelled Technologies Cybersecurity Awareness E-book by Propelled Technologies
Cybersecurity Awareness E-book by Propelled Technologies
 
Why Cybercriminals are targeting Small Businesses
Why Cybercriminals are targeting Small BusinessesWhy Cybercriminals are targeting Small Businesses
Why Cybercriminals are targeting Small Businesses
 
So... you want to be a security consultant
So... you want to be a security consultant So... you want to be a security consultant
So... you want to be a security consultant
 
W verb68
W verb68W verb68
W verb68
 
Open Security and Privacy Reference Architecture
Open Security and Privacy Reference Architecture Open Security and Privacy Reference Architecture
Open Security and Privacy Reference Architecture
 
CYREN_2015_CyberThreat_Yearbook
CYREN_2015_CyberThreat_YearbookCYREN_2015_CyberThreat_Yearbook
CYREN_2015_CyberThreat_Yearbook
 
Building Human Intelligence – Pun Intended
Building Human Intelligence – Pun IntendedBuilding Human Intelligence – Pun Intended
Building Human Intelligence – Pun Intended
 
Guarding the Digital Fortress Unmasking 10 Common Types of Cybersecurity Thre...
Guarding the Digital Fortress Unmasking 10 Common Types of Cybersecurity Thre...Guarding the Digital Fortress Unmasking 10 Common Types of Cybersecurity Thre...
Guarding the Digital Fortress Unmasking 10 Common Types of Cybersecurity Thre...
 
Guarding the Digital Fortress.pdf
Guarding the Digital Fortress.pdfGuarding the Digital Fortress.pdf
Guarding the Digital Fortress.pdf
 
Talks submitted
Talks submittedTalks submitted
Talks submitted
 
Cyber security awareness for end users
Cyber security awareness for end usersCyber security awareness for end users
Cyber security awareness for end users
 
ceh pdf work.pdf
ceh pdf work.pdfceh pdf work.pdf
ceh pdf work.pdf
 
Lodi Emmanuel Palle Cybersecurity and Technology Innovation.pptx
Lodi Emmanuel Palle Cybersecurity and Technology Innovation.pptxLodi Emmanuel Palle Cybersecurity and Technology Innovation.pptx
Lodi Emmanuel Palle Cybersecurity and Technology Innovation.pptx
 
The significance of the 7 Colors of Information Security
The significance of the 7 Colors of Information SecurityThe significance of the 7 Colors of Information Security
The significance of the 7 Colors of Information Security
 
Symantec-CWS_Brochure
Symantec-CWS_BrochureSymantec-CWS_Brochure
Symantec-CWS_Brochure
 

Dernier

"Boost Your Digital Presence: Partner with a Leading SEO Agency"
"Boost Your Digital Presence: Partner with a Leading SEO Agency""Boost Your Digital Presence: Partner with a Leading SEO Agency"
"Boost Your Digital Presence: Partner with a Leading SEO Agency"growthgrids
 
20240507 QFM013 Machine Intelligence Reading List April 2024.pdf
20240507 QFM013 Machine Intelligence Reading List April 2024.pdf20240507 QFM013 Machine Intelligence Reading List April 2024.pdf
20240507 QFM013 Machine Intelligence Reading List April 2024.pdfMatthew Sinclair
 
PowerDirector Explination Process...pptx
PowerDirector Explination Process...pptxPowerDirector Explination Process...pptx
PowerDirector Explination Process...pptxgalaxypingy
 
Power point inglese - educazione civica di Nuria Iuzzolino
Power point inglese - educazione civica di Nuria IuzzolinoPower point inglese - educazione civica di Nuria Iuzzolino
Power point inglese - educazione civica di Nuria Iuzzolinonuriaiuzzolino1
 
原版制作美国爱荷华大学毕业证(iowa毕业证书)学位证网上存档可查
原版制作美国爱荷华大学毕业证(iowa毕业证书)学位证网上存档可查原版制作美国爱荷华大学毕业证(iowa毕业证书)学位证网上存档可查
原版制作美国爱荷华大学毕业证(iowa毕业证书)学位证网上存档可查ydyuyu
 
一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制
一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制
一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制pxcywzqs
 
Meaning of On page SEO & its process in detail.
Meaning of On page SEO & its process in detail.Meaning of On page SEO & its process in detail.
Meaning of On page SEO & its process in detail.krishnachandrapal52
 
Microsoft Azure Arc Customer Deck Microsoft
Microsoft Azure Arc Customer Deck MicrosoftMicrosoft Azure Arc Customer Deck Microsoft
Microsoft Azure Arc Customer Deck MicrosoftAanSulistiyo
 
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
2nd Solid Symposium: Solid Pods vs Personal Knowledge GraphsEleniIlkou
 
APNIC Updates presented by Paul Wilson at ARIN 53
APNIC Updates presented by Paul Wilson at ARIN 53APNIC Updates presented by Paul Wilson at ARIN 53
APNIC Updates presented by Paul Wilson at ARIN 53APNIC
 
75539-Cyber Security Challenges PPT.pptx
75539-Cyber Security Challenges PPT.pptx75539-Cyber Security Challenges PPT.pptx
75539-Cyber Security Challenges PPT.pptxAsmae Rabhi
 
Nagercoil Escorts Service Girl ^ 9332606886, WhatsApp Anytime Nagercoil
Nagercoil Escorts Service Girl ^ 9332606886, WhatsApp Anytime NagercoilNagercoil Escorts Service Girl ^ 9332606886, WhatsApp Anytime Nagercoil
Nagercoil Escorts Service Girl ^ 9332606886, WhatsApp Anytime Nagercoilmeghakumariji156
 
20240510 QFM016 Irresponsible AI Reading List April 2024.pdf
20240510 QFM016 Irresponsible AI Reading List April 2024.pdf20240510 QFM016 Irresponsible AI Reading List April 2024.pdf
20240510 QFM016 Irresponsible AI Reading List April 2024.pdfMatthew Sinclair
 
pdfcoffee.com_business-ethics-q3m7-pdf-free.pdf
pdfcoffee.com_business-ethics-q3m7-pdf-free.pdfpdfcoffee.com_business-ethics-q3m7-pdf-free.pdf
pdfcoffee.com_business-ethics-q3m7-pdf-free.pdfJOHNBEBONYAP1
 
在线制作约克大学毕业证(yu毕业证)在读证明认证可查
在线制作约克大学毕业证(yu毕业证)在读证明认证可查在线制作约克大学毕业证(yu毕业证)在读证明认证可查
在线制作约克大学毕业证(yu毕业证)在读证明认证可查ydyuyu
 
一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样
一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样
一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样ayvbos
 
Story Board.pptxrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr
Story Board.pptxrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrStory Board.pptxrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr
Story Board.pptxrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrHenryBriggs2
 
Best SEO Services Company in Dallas | Best SEO Agency Dallas
Best SEO Services Company in Dallas | Best SEO Agency DallasBest SEO Services Company in Dallas | Best SEO Agency Dallas
Best SEO Services Company in Dallas | Best SEO Agency DallasDigicorns Technologies
 
Vip Firozabad Phone 8250092165 Escorts Service At 6k To 30k Along With Ac Room
Vip Firozabad Phone 8250092165 Escorts Service At 6k To 30k Along With Ac RoomVip Firozabad Phone 8250092165 Escorts Service At 6k To 30k Along With Ac Room
Vip Firozabad Phone 8250092165 Escorts Service At 6k To 30k Along With Ac Roommeghakumariji156
 
best call girls in Hyderabad Finest Escorts Service 📞 9352988975 📞 Available ...
best call girls in Hyderabad Finest Escorts Service 📞 9352988975 📞 Available ...best call girls in Hyderabad Finest Escorts Service 📞 9352988975 📞 Available ...
best call girls in Hyderabad Finest Escorts Service 📞 9352988975 📞 Available ...kajalverma014
 

Dernier (20)

"Boost Your Digital Presence: Partner with a Leading SEO Agency"
"Boost Your Digital Presence: Partner with a Leading SEO Agency""Boost Your Digital Presence: Partner with a Leading SEO Agency"
"Boost Your Digital Presence: Partner with a Leading SEO Agency"
 
20240507 QFM013 Machine Intelligence Reading List April 2024.pdf
20240507 QFM013 Machine Intelligence Reading List April 2024.pdf20240507 QFM013 Machine Intelligence Reading List April 2024.pdf
20240507 QFM013 Machine Intelligence Reading List April 2024.pdf
 
PowerDirector Explination Process...pptx
PowerDirector Explination Process...pptxPowerDirector Explination Process...pptx
PowerDirector Explination Process...pptx
 
Power point inglese - educazione civica di Nuria Iuzzolino
Power point inglese - educazione civica di Nuria IuzzolinoPower point inglese - educazione civica di Nuria Iuzzolino
Power point inglese - educazione civica di Nuria Iuzzolino
 
原版制作美国爱荷华大学毕业证(iowa毕业证书)学位证网上存档可查
原版制作美国爱荷华大学毕业证(iowa毕业证书)学位证网上存档可查原版制作美国爱荷华大学毕业证(iowa毕业证书)学位证网上存档可查
原版制作美国爱荷华大学毕业证(iowa毕业证书)学位证网上存档可查
 
一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制
一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制
一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制
 
Meaning of On page SEO & its process in detail.
Meaning of On page SEO & its process in detail.Meaning of On page SEO & its process in detail.
Meaning of On page SEO & its process in detail.
 
Microsoft Azure Arc Customer Deck Microsoft
Microsoft Azure Arc Customer Deck MicrosoftMicrosoft Azure Arc Customer Deck Microsoft
Microsoft Azure Arc Customer Deck Microsoft
 
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
 
APNIC Updates presented by Paul Wilson at ARIN 53
APNIC Updates presented by Paul Wilson at ARIN 53APNIC Updates presented by Paul Wilson at ARIN 53
APNIC Updates presented by Paul Wilson at ARIN 53
 
75539-Cyber Security Challenges PPT.pptx
75539-Cyber Security Challenges PPT.pptx75539-Cyber Security Challenges PPT.pptx
75539-Cyber Security Challenges PPT.pptx
 
Nagercoil Escorts Service Girl ^ 9332606886, WhatsApp Anytime Nagercoil
Nagercoil Escorts Service Girl ^ 9332606886, WhatsApp Anytime NagercoilNagercoil Escorts Service Girl ^ 9332606886, WhatsApp Anytime Nagercoil
Nagercoil Escorts Service Girl ^ 9332606886, WhatsApp Anytime Nagercoil
 
20240510 QFM016 Irresponsible AI Reading List April 2024.pdf
20240510 QFM016 Irresponsible AI Reading List April 2024.pdf20240510 QFM016 Irresponsible AI Reading List April 2024.pdf
20240510 QFM016 Irresponsible AI Reading List April 2024.pdf
 
pdfcoffee.com_business-ethics-q3m7-pdf-free.pdf
pdfcoffee.com_business-ethics-q3m7-pdf-free.pdfpdfcoffee.com_business-ethics-q3m7-pdf-free.pdf
pdfcoffee.com_business-ethics-q3m7-pdf-free.pdf
 
在线制作约克大学毕业证(yu毕业证)在读证明认证可查
在线制作约克大学毕业证(yu毕业证)在读证明认证可查在线制作约克大学毕业证(yu毕业证)在读证明认证可查
在线制作约克大学毕业证(yu毕业证)在读证明认证可查
 
一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样
一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样
一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样
 
Story Board.pptxrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr
Story Board.pptxrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrStory Board.pptxrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr
Story Board.pptxrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr
 
Best SEO Services Company in Dallas | Best SEO Agency Dallas
Best SEO Services Company in Dallas | Best SEO Agency DallasBest SEO Services Company in Dallas | Best SEO Agency Dallas
Best SEO Services Company in Dallas | Best SEO Agency Dallas
 
Vip Firozabad Phone 8250092165 Escorts Service At 6k To 30k Along With Ac Room
Vip Firozabad Phone 8250092165 Escorts Service At 6k To 30k Along With Ac RoomVip Firozabad Phone 8250092165 Escorts Service At 6k To 30k Along With Ac Room
Vip Firozabad Phone 8250092165 Escorts Service At 6k To 30k Along With Ac Room
 
best call girls in Hyderabad Finest Escorts Service 📞 9352988975 📞 Available ...
best call girls in Hyderabad Finest Escorts Service 📞 9352988975 📞 Available ...best call girls in Hyderabad Finest Escorts Service 📞 9352988975 📞 Available ...
best call girls in Hyderabad Finest Escorts Service 📞 9352988975 📞 Available ...
 

Practical security

  • 1. Practical Security Ron van der Molen Wizkunde Ron van der Molen 2014 - Wizkunde.nl
  • 2. About me  Ron van der Molen  Father of a son, always learning  @RonvdMolen (twitter)  RonXS (IRC Freenode)  ron@wizkunde.nl  Wizkunde  My History Ron van der Molen 2014 - Wizkunde.nl
  • 3. What is information security?  The practice of defending information from unauthorized access, use, disclosure, disruption, modification, perusal, inspection, recording or destruction  CIA  Confidentiality  Integrity  Availability Ron van der Molen 2014 - Wizkunde.nl
  • 4. Impact of Information Security on WebDev  A rapid process, where innovation is one of the largest contradictions to information security  Building better, more stable, feature rich applications by implementing new tools/frameworks everyday, without knowing the full extent of knowledge that the developers have who are writing the code. Ron van der Molen 2014 - Wizkunde.nl
  • 5. Impact of Information Security on WebDev  Use the tools to build code  Maintainable  Updateable  Reusable  Interchangeable  Educationable  This can also include secure, if the developers at hand, invest time in good coding practices and good security strategies Ron van der Molen 2014 - Wizkunde.nl
  • 6. Most used attacks  Cross Site Scripting (XSS)  Cross Site Request Forgery (XSRF)  SQL Injection  Time Based Attacks  Sessions Fixation  Brute Forcing Ron van der Molen 2014 - Wizkunde.nl
  • 7. Cross Site Scripting  Abusing the fact that a user trusts a website  Trusted content  Output is said to be genuine  Example Ron van der Molen 2014 - Wizkunde.nl
  • 8. Cross-Site Request Forgery  Abusing the fact that a website trusts a browser  (Also called “reversed XSS”)  Example Ron van der Molen 2014 - Wizkunde.nl
  • 9. SQL Injection  Abusing bad coding practises to inject SQL  Retreive information  Get unauthorized access  Damage the system  Example Ron van der Molen 2014 - Wizkunde.nl
  • 10. Time Based Attacks  Profiling the system, to get data disclosure without needing explicit access to the software itself  Abusing facts or other security flaws get easier like this  Example Ron van der Molen 2014 - Wizkunde.nl
  • 11. Session Fixation  Abusing another users session to get unauthorized access  Cookie Hijacking  XSS Scripting  Sometimes refered to as persistent XSS  Example Ron van der Molen 2014 - Wizkunde.nl
  • 12. Bruteforcing  Send a huge amount of requests to the server, and force your way in by trial and error.  This can be more effective as you might think  In combination with time based attacks!  Example Ron van der Molen 2014 - Wizkunde.nl
  • 13. More Attacks  Code Injection  Denial of Service (I.E. Syn Flooding)  Lower layer architectural attacks  Stack Overflow attacks  Heap Overflow attacks  Many many more known and unknown attacks! Ron van der Molen 2014 - Wizkunde.nl
  • 14. Social Engineering What is it?  Using social skills, to change facts or hack and manipulate your way into a normally secured situation  Yes, its also social engineering if you manipulate or LIE to a person by changing facts to alter the outcome of a problem / situation Ron van der Molen 2014 - Wizkunde.nl
  • 15. Social Engineering What is it?  Where is this an issue?  Everywhere!!!  Larger organisations  Inter organisation collaboration  So how does it work? Ron van der Molen 2014 - Wizkunde.nl
  • 16. Social Engineering How does it work?  Psychology  Small Talk  Common Sense  Brutality  Insecurity / Uncertainty  Emotions Ron van der Molen 2014 - Wizkunde.nl
  • 17. Social Engineering How does it work?  Reverse Psychology  The problem solver  The damsel in distress  Information by incentives  Random rewards to buy information  Discount websites to buy information Ron van der Molen 2014 - Wizkunde.nl
  • 18. Social Engineering How does it work?  Toolkit of a social engineer  Guts  His mouth, you need to be able to talk  Knowing the targets habits  Social Media  Screen Reading  Sticky notes Ron van der Molen 2014 - Wizkunde.nl
  • 19. Social Engineering Who does this?  Everybody, including you and me  Lie  Cheat  Manipulate  Self preservation Ron van der Molen 2014 - Wizkunde.nl
  • 20. Social Engineering How is that even lucrative?  Information has value, and with value comes buyers  Kevin mitnick – The Art of Deception  Slot Machine example Ron van der Molen 2014 - Wizkunde.nl
  • 21. Social Engineering How to prevent it?  Security through obscurity  Create security regulations for your company  Train employees on a regular basis  Assess your organisation by ethical hackers  It will not rule out Social Engineers! Ron van der Molen 2014 - Wizkunde.nl
  • 22. Information Security  Dont overdo it! Ron van der Molen 2014 - Wizkunde.nl
  • 23. Practical Security  What will you start doing tomorrow to improve?  Questions? Ron van der Molen 2014 - Wizkunde.nl