Web Security: A Journey - UC San Diego

•

1 j'aime•1,100 vues

Saumil Shah

A short introduction to the root causes of security issues with web applications and HTTP.

Logiciels

net-square UCSD July '15
Web
Security:
A Journey
Saumil Shah
CEO Net Square
UC San Diego – 23 July 2015

net-square UCSD July '15
Saumil Shah
@therealsaumil saumilshah
hacker speaker trainer entrepreneur traveler photographer
calligrapher kite-ﬂyer software breaker rebel global
net-square.com

net-square UCSD July '15
WE ARE HACKERS
WE PUSH THE
ENVELOPE
WE THRIVE ON
FACTS AND LOGIC..
..AND LATERAL
THINKING
WE QUESTION AND
CHALLENGE AND
WORK ON LIMITED
RESOURCES

net-square UCSD July '15
HTTP
•  Deliver HTML pages to browsers.
•  Cross platform document delivery.
•  Application independent.
•  Standard markup.
•  CLIENT: Web browser
•  SERVER: HTTP server

net-square UCSD July '15
Web Applications
WebServer
App
Server
DB

net-square UCSD July '15
Client/Server vs. Web Apps
Application Protocol
Authentication
Concurrent
Sessions
Data
Representation
DataValidation
Business Logic
Presentation
HTTP
Authentication
Concurrent
Sessions
Data
Representation
DataValidation
Business Logic
Presentation

net-square UCSD July '15
Application
Delivery
HTTP
Authentication
Statefulness
Data Types
Data Validation
CGI
HTML
JS
AJAX
Flash
HTML5
Silverlight
Web sockets
Web workers
Local storage

net-square UCSD July '15
Browser Architecture
DOM
HTML+CSS Javascript
ActiveX
mimetypes
toolbars
Flash
libraries
<div> <img>
<iframe> <body>
<form> <input>
<table> <style>
<object> <embed>
<script>

net-square UCSD July '15
What shall your response be?
GET / HTTP/1.0
GET /nonexist.ent HTTP/1.0

net-square UCSD July '15
What shall your response be?
ZOMFG / HTTP/1.0
GET / HTTP/3.0
GET / JUNK/1.0

net-square UCSD July '15
The responders
Test Apache Microsoft
IIS
SunONE
GET / HTTP/1.0 200 200 200
GET /nonexist.ent HTTP/1.0 404 404 404
DELETE / HTTP/1.0 405 403 401
GET / HTTP/3.0 400 200 505
GET / JUNK/1.0 200 400 none

net-square UCSD July '15
x=hello&x=world
•  A: "hello" •  B: "world"
•  C: "hello, world" •  D: WTF

net-square UCSD July '15
x=hello&x=world
Web Server Value of x
Apache "world"
IBM HTTP Server "hello"
Domino "world"
IIS "hello, world"
Tomcat "hello"
Python/Zope Array ['hello', 'world']

net-square UCSD July '15
Sources of Software Errors
User
Input
Race Condition
Environment
Resource
Exhaustion

net-square UCSD July '15
The "banana" test
I CAN
HAZ
BANANA?

net-square UCSD July '15
Circle of HTTP Trust
Your
Users

net-square UCSD July '15
The user's going to pick dancing pigs
over security every time.
Bruce Schneier

net-square UCSD July '15
Technology in the hands of users

net-square UCSD July '15
Thank You...
Questions?
saumil@net-square.com
@therealsaumil

Contenu connexe

Similaire à Web Security: A Journey - UC San Diego

CSX Megatrends Cloud Risk Assurance Oct 15 FINAL

Satchit Dokras

Enhanced Security and Compliance with AWS

Amazon Web Services

Defending your workloads against the next zero-day vulnerability

Amazon Web Services

Building a Real-Time Analytics Application with Apache Pulsar and Apache Pinot While the demands for real-time analytics are growing in leaps and bounds, the analytics software must rely on streaming platforms for ingesting high volumes of data that's traveling in lightning speed down the pipeline. We will take a look at 2 powerful open source Apache platforms: Pulsar and Pinot, that work hand-in-hand together to deliver the analytical results which bring great value to your systems. Presenters: Mary Grygleski - Streaming Developer Advocate & Mark Needham - Developer Relations Engineer at StarTree Note: This webinar will be recorded and later posted on our Webinar page (https://altinity.com/webinarspage/) or Altinity official Youtube channel (https://www.youtube.com/@Altinity).

Building a Real-Time Analytics Application with Apache Pulsar and Apache Pinot

Altinity Ltd

OSA Con 2022: Building a Real-time Analytics Application with Apache Pulsar and Apache Pinot Mary Grygleski - DataStax Mark Needham - Startree While the demands for real-time analytics are growing in leaps and bounds, the analytics software must rely on streaming platforms for ingesting high volumes of data that's traveling in lightning speed down the pipeline. We will take a look at 2 powerful open-source Apache platforms: Pulsar and Pinot, that work hand-in-hand together to deliver the analytical results which bring great value to your systems.

OSA Con 2022 - Building a Real-time Analytics Application with Apache Pulsar ...

Altinity Ltd

Q315 citi-conf-090915

sandisk2015

Networking: New Capabilities for Amazon Virtual Private Cloud

Amazon Web Services

DPR202 Open Data for the Open Web

Ronald Widha

itSMF Spanish Conference Deck

Robert Stroud

itSMF Espana presentation

Robert Stroud

Talk presented at Codemotion 2015. Although the Request/Response pattern has allowed to build applications that were inconceivable when HTTP was invented, there is an increasing demand of solutions that require to push information to browsers or mobile clients as soon as it is available, using technologies like WebSockets. This has applications in messaging, notifications, games, IoT and collaborative apps, among others. In this talk we will present the solutions available like socket.io, Faye, Pusher, PubNub or Carotene, how to integrate such services with existent or new codebases, its advantages, the challenges we will find and how to succeed bringing realtime communications to the table.

Adding Realtime to your Projects

Ignacio Martín

AWS IoT is a managed cloud platform that lets connected devices easily and securely interact with cloud applications and other devices. This tech talk will introduce the best practices for IoT Security in the cloud and the access control mechanisms used by AWS IoT. These mechanisms can be used to not only securely build and provision devices, but also to integrate devices with other AWS services to create secure solutions. Learning Objectives: • Learn common Internet of Things security issues • Learn about AWS IoT security and access control mechanisms • Learn how to build secure interactions with the AWS Cloud

Best Practices with IoT Security - February Online Tech Talks

Amazon Web Services

Scaling by Design:AWS Web Services Patterns

Amazon Web Services

Scaling by Design:AWS Web Services Patterns

Amazon Web Services

AWS Power Tools: Advanced AWS CloudFormation and CLI

Amazon Web Services

Author: Jakub Kaluzny Let's talk about large-scale security programmes and maintaining security with tens of project teams - agile or waterfall, in-house or outsourced. I will discuss how to effectively track security requirements, organise threat modelling sessions, log output from those and translate it into penetration testing scope and test cases. We will dive deep into evil brainstorming, come up with abuser stories for each user story and define what makes the SDLC process secure or not. This talk is based on my work with different organisations in multiple countries and observations what works well in regards to security at scale and what does not.

Let's get evil - threat modeling at scale

SecuRing

AWS Summit Canberra Keynote 2016

Amazon Web Services

Through years of work have been trying many of Java frameworks which provides different level of abstractions on both server and client-side. Pure Servlet+JSP, JSF, GWT, Struts, Spring MVC, Vaadin, Play!, DWR, you name it. Sometimes it felt good, sometimes not, and with each year number of “good” applications reduced to the critical minimum. Later I tried to bring all the good points I had ever seen together to create “a perfect being” and after years of struggling I feel that I have reached the goal. Let me share it…

Web application I have always dreamt of

Victor_Cr

For Critical Infrastructure Protection

Priyanka Aash

Microservices Architectures (aka Distributed Architectures) are the new paradigm to develop and deploy applications in Cloud environments. These architectures resolve several problems and improve the new life cycle in DevOps teams, however new challenges should be resolved or managed. OpenShift Service Mesh (based in Istio, Kiali, Jaeger) allows us to manage this new paradigm easily without to change our current applications. These slides will introduce you in OpenShift Service Mesh as a new component on OpenShift to manage your microservices architectures. Carlos Vicens worked on it with me. Slides used during a coordinated meetup between three different groups in Madrid: - OpenShift Madrid Group: https://www.meetup.com/es/openshift_spain/events/258188248/ - Microservices Madrid Group: https://www.meetup.com/es-ES/Microservicios/events/258188068/ - Madrid Spring User Group: https://www.meetup.com/es/madrid-spring-user-group/events/258322835/

Managing microservices with istio on OpenShift - Meetup

José Román Martín Gil

Similaire à Web Security: A Journey - UC San Diego (20)

CSX Megatrends Cloud Risk Assurance Oct 15 FINAL

Enhanced Security and Compliance with AWS

Defending your workloads against the next zero-day vulnerability

Building a Real-Time Analytics Application with Apache Pulsar and Apache Pinot

OSA Con 2022 - Building a Real-time Analytics Application with Apache Pulsar ...

Q315 citi-conf-090915

Networking: New Capabilities for Amazon Virtual Private Cloud

DPR202 Open Data for the Open Web

itSMF Spanish Conference Deck

itSMF Espana presentation

Adding Realtime to your Projects

Best Practices with IoT Security - February Online Tech Talks

Scaling by Design:AWS Web Services Patterns

AWS Power Tools: Advanced AWS CloudFormation and CLI

Let's get evil - threat modeling at scale

AWS Summit Canberra Keynote 2016

Web application I have always dreamt of

For Critical Infrastructure Protection

Managing microservices with istio on OpenShift - Meetup

Plus de Saumil Shah

For over two decades, working as an cybersecurity entrepreneur, researcher and instructor, I have heard over and over again that attacks and defense are two sides of the same coin. But what does it really mean in application? What happens when sophisticated attacks collide with sophisticated defenses? Who wins? This is talk is aimed at a wide audience in cybersecurity – from the strategists to the practitioners. We will discuss Evolution, Attacks, Defense and PEBKAC. What factors shall affect the posture of trustworthiness and safety in the digital world in the next two years to come depend largely on the road we have followed over the past two decades. This talk looks above and beyond, albeit optimistically, about realigning some of the conventional approaches, slowly but strategically shifting mindsets of stakeholders and consumers alike, to bring about a more proactive approach to security.

The Hand That Strikes, Also Blocks

Saumil Shah

The EMUX IoT Firmware Emulation Framework currently provides near native userland emulation for ARM and MIPS IoT devices. EMUX is actively used Saumil's popular ARM IoT Exploit Laboratory training for over 5 years. The Debugging with EMUX workshop shall be in two parts: Part 1 (30 minutes) - Setting up EMUX in 7 minutes - A tour of EMUX internals - EMUX utilities - Tracing userland processes within EMUX Part 2 (90 minutes) - Debugging an ARM IoT target in EMUX - Debugging a MIPS IoT Target in EMUX - Crash dump analysis

Debugging with EMUX - RIngzer0 BACK2WORKSHOPS

Saumil Shah

After 4 years, ARMX is changing its call sign. EMUX now features both ARM and MIPS device emulation, in a unified framework! Join us as we unveil EMUX and take you into the inner workings of emulating both ARM and MIPS IoT devices. We will be releasing a new Docker image featuring a MIPS CTF challenge to test your MIPS exploit development skills. Slides from my workshop at Ringzer0's December 2021 Workshop Advent Calendar.

Unveiling EMUX - ARM and MIPS IoT Emulation Framework

Saumil Shah

Announcing ARMX Docker - DC11332

Saumil Shah

Precise Presentations

Saumil Shah

Effective Webinars: Presentation Skills for a Virtual Audience

Saumil Shah

INSIDE ARM-X Cansecwest 2020

Saumil Shah

Cyberspace And Security - India's Decade Ahead

Saumil Shah

Cybersecurity And Sovereignty - A Look At Society's Transformation In Cyberspace

Saumil Shah

NSConclave2020 The Decade Behind And The Decade Ahead

Saumil Shah

Cybersecurity In India - The Decade Ahead

Saumil Shah

INSIDE ARM-X - Countermeasure 2019

Saumil Shah

Introducing ARM-X

Saumil Shah

"Attack is a technical problem, defense is a political problem". For several years, cyber security has been misjudged as risk reduction. On one hand, business applications and architectures are growing rapidly. On the other hand, the cyber security organisation is struggling to be able to defend them in today's rapidly evolving threat landscape. This talk explores the gap in thought between the owner and the defender of today's business applications and what needs to be done to bridge it. We shall present proactive steps and measures to overcome the last hurdle in building defendable systems.

The Road To Defendable Systems - Emirates NBD

Saumil Shah

Defending an enterprise is a balancing act. I have worked as an offensive testing vendor to several global organisations over 18 years. This talk explores the challenges that today’s CISOs face - the threat landscape, overall shortage of infosec expertise, the ever evaporating shelf life of infosec products and an increased burden of compliance requirements. I will share my experiences from working with highly effective CISOs and internal infosec teams and what it takes to function on the razor’s edge

The CISO's Dilemma 44CON 2019

Saumil Shah

The CISO's Dilemma HITBGSEC2019

Saumil Shah

Schrödinger's ARM Assembly

Saumil Shah

ARM Polyglot Shellcode - HITB2019AMS

Saumil Shah

What Makes a Compelling Photograph

Saumil Shah

Compared to x86, ARM shellcode has made little progress. The x86 hardware is largely homogenous. ARM, however, has several versions and variants across devices today. There are several constraints and subtleties involved in writing production quality ARM shellcode which works on modern ARM hardware, not just on QEMU emulators. In this talk, we shall explore issues such as overcoming cache coherency, reliable polymorphic shellcode, ARM egghunting and last but not the least, polyglot ARM shellcode. A bonus side effect of this talk will be creating headaches for those who like to defend agaisnt attacks using age old signature based techniques

Make ARM Shellcode Great Again - HITB2018PEK

Saumil Shah

Plus de Saumil Shah (20)

The Hand That Strikes, Also Blocks

Debugging with EMUX - RIngzer0 BACK2WORKSHOPS

Unveiling EMUX - ARM and MIPS IoT Emulation Framework

Announcing ARMX Docker - DC11332

Precise Presentations

Effective Webinars: Presentation Skills for a Virtual Audience

INSIDE ARM-X Cansecwest 2020

Cyberspace And Security - India's Decade Ahead

Cybersecurity And Sovereignty - A Look At Society's Transformation In Cyberspace

NSConclave2020 The Decade Behind And The Decade Ahead

Cybersecurity In India - The Decade Ahead

INSIDE ARM-X - Countermeasure 2019

Introducing ARM-X

The Road To Defendable Systems - Emirates NBD

The CISO's Dilemma 44CON 2019

The CISO's Dilemma HITBGSEC2019

Schrödinger's ARM Assembly

ARM Polyglot Shellcode - HITB2019AMS

What Makes a Compelling Photograph

Make ARM Shellcode Great Again - HITB2018PEK

Dernier

introduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdf

VishalKumarJha10

Data spaces in distributed environments should be allowed to evolve in agile ways providing data space owners with large flexibility about which data they store. Agility and heterogeneity, however, jeopardize data exchanges because representations may build on varying ontologies and data consumers may not rely on the semantic correctness of their queries in the context of semantically heterogeneous, evolving data spaces. Graph data spaces are one example of a powerful model for representing and querying data whose semantics may change over time. To assert and enforce conditions on individual graph data spaces, shape languages (e.g SHACL) have been developed. We investigate the question of how querying and programming can be guarded by reasoning over SHACL constraints in a distributed setting and we sketch a picture of how a future landscape based on semantically heterogeneous data spaces might look like.

Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...

Steffen Staab

Unlocking the Future of AI Agents with Large Language Models

aagamshah0812

Test automation is a cornerstone of software development and quality assurance in today's rapidly evolving digital landscape. Its significance cannot be overstated. Businesses can enhance efficiency, productivity, and accelerate software delivery to market through automation, streamlining testing processes effectively. This comprehensive guide addresses the best practices for test automation in 2024. It offers a detailed checklist to empower you to optimize your automation efforts and maintain a competitive edge.

The Ultimate Test Automation Guide_ Best Practices and Tips.pdf

kalichargn70th171

How To Troubleshoot Collaboration Apps for the Modern Connected Worker

ThousandEyes

At the recent Microsoft Ignite 2023 conference, Microsoft unveiled a groundbreaking strategy that will redefine enterprise work management. The plan involves integrating Microsoft’s key planning tools, Microsoft To Do, Microsoft Planner, and Microsoft Project for the web into a unified experience called “Microsoft Planner.” What does this new strategy from Microsoft mean for current users? Join us and learn how best to take advantage of this announcement while gaining a clear path on how to elevate the current state of Microsoft Planner from a basic task manager to a comprehensive tool for Enterprise Work Management using OnePlan. Learn how OnePlan’s integration with Microsoft Planner allows for strategic alignment with business goals through advanced features like strategic planning, portfolio management, resource management, financial management, and more!

Introducing Microsoft’s new Enterprise Work Management (EWM) Solution

OnePlan Solutions

HR Software Buyers Guide in 2024 - HRSoftware.com

Fatema Valibhai

Diamond Application Development Crafting Solutions with Precision

SolGuruz

Conference: Engage2024 in Antwerp Type: Workshop Speakers: Florian Vogler, Henning Kunz, Christoph Adler Title: Navigating the Future with The Hitchhiker's Guide to Notes and Domino 14 Abstract: Embark on an exhilarating journey with industry trailblazers Florian Vogler, Henning Kunz, and Christoph Adler in this not-to-be-missed workshop at the forefront of the tech universe. Get ready for a thrilling kick-off as we navigate the current state of the HCL universe, setting the stage for an exploration of the groundbreaking Notes and Domino 14. Discover the latest enhancements and revolutionary features that will redefine your experience. In this interactive session, unlock a treasure trove of tips and tricks to elevate your utilization of version 14, both with and without the game-changing panagenda MarvelClient. Brace yourself for also diving into Nomad, Nomad Web, and VoltMX, expanding your horizons in the expansive HCL landscape. Be a part of this exclusive opportunity to stay ahead in the ever-evolving world of HCL technologies. Your journey to mastering Notes and Domino 14 begins here. And remember, in the spirit of intergalactic exploration, don't forget to bring your towel!

W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...

panagenda

Define the academic and professional writing..pdf

PearlKirahMaeRagusta1

Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live Booking Contact Details :- WhatsApp Chat :- [+91-9999965857 ] The Best Call Girls Delhi At Your Service Russian Call Girls Delhi Doing anything intimate with can be a wonderful way to unwind from life's stresses, while having some fun. These girls specialize in providing sexual pleasure that will satisfy your fetishes; from tease and seduce their clients to keeping it all confidential - these services are also available both install and outcall, making them great additions for parties or business events alike. Their expert sex skills include deep penetration, oral sex, cum eating and cum eating - always respecting your wishes as part of the experience (29-April-2024(PSS)

Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live

Call Girls In Delhi Whatsup 9873940964 Enjoy Unlimited Pleasure

+971565801893 Mtp-Kit (500MG) Prices » Dubai [(+971565801893**)] Abortion Pills For Sale In Dubai, UAE, Mifepristone and Misoprostol Tablets Available In Dubai, UAE CONTACT DR.Leen Whatsapp +971565801893 We Have Abortion Pills / Cytotec Tablets /Mifegest Kit Available in Dubai, Sharjah, Abudhabi, Ajman, Alain, Fujairah, Ras Al Khaimah, Umm Al Quwain, UAE, Buy cytotec in Dubai +971565801893''''Abortion Pills near me DUBAI | ABU DHABI|UAE. Price of Misoprostol, Cytotec” +971565801893' Dr.DEEM ''BUY ABORTION PILLS MIFEGEST KIT, MISOPROTONE, CYTOTEC PILLS IN DUBAI, ABU DHABI,UAE'' Contact me now via What's App…… abortion Pills Cytotec also available Oman Qatar Doha Saudi Arabia Bahrain Above all, Cytotec Abortion Pills are Available In Dubai / UAE, you will be very happy to do abortion in Dubai we are providing cytotec 200mg abortion pill in Dubai, UAE. Medication abortion offers an alternative to Surgical Abortion for women in the early weeks of pregnancy. We only offer abortion pills from 1 week-6 Months. We then advise you to use surgery if its beyond 6 months. Our Abu Dhabi, Ajman, Al Ain, Dubai, Fujairah, Ras Al Khaimah (RAK), Sharjah, Umm Al Quwain (UAQ) United Arab Emirates Abortion Clinic provides the safest and most advanced techniques for providing non-surgical, medical and surgical abortion methods for early through late second trimester, including the Abortion By Pill Procedure (RU 486, Mifeprex, Mifepristone, early options French Abortion Pill), Tamoxifen, Methotrexate and Cytotec (Misoprostol). The Abu Dhabi, United Arab Emirates Abortion Clinic performs Same Day Abortion Procedure using medications that are taken on the first day of the office visit and will cause the abortion to occur generally within 4 to 6 hours (as early as 30 minutes) for patients who are 3 to 12 weeks pregnant. When Mifepristone and Misoprostol are used, 50% of patients complete in 4 to 6 hours; 75% to 80% in 12 hours; and 90% in 24 hours. We use a regimen that allows for completion without the need for surgery 99% of the time. All advanced second trimester and late term pregnancies at our Tampa clinic (17 to 24 weeks or greater) can be completed within 24 hours or less 99% of the time without the need surgery. The procedure is completed with minimal to no complications. Our Women's Health Center located in Abu Dhabi, United Arab Emirates, uses the latest medications for medical abortions (RU-486, Mifeprex, Mifegyne, Mifepristone, early options French abortion pill), Methotrexate and Cytotec (Misoprostol). The safety standards of our Abu Dhabi, United Arab Emirates Abortion Doctors remain unparalleled. They consistently maintain the lowest complication rates throughout the nation. Our Physicians and staff are always available to answer questions and care for women in one of the most difficult times in their lives. The decision to have an abortion at the Abortion Clinic in Abu Dhabi, United Arab Emirates.+971565801893

+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...

Health

10 Trends Likely to Shape Enterprise Technology in 2024

Mind IT Systems

How To Use Server-Side Rendering with Nuxt.js

Andolasoft Inc

(Vivek)Call Us, 8448380779,Call girls in Delhi NCr – We Offer best in class call girls. escort Service At Affordable Price At low Rate with Space Night 8000 We Are One Of The Oldest Escort and Call girls Agencies in Delhi. You Will Find That Our Female Escorts Are Full Of Fun, Sexy And They Would Love Enjoy Your Company. We Have A Fantastic Selection Of Escort Ladies Available For In-Calls As Well As Out-Calls. Our Escorts Are Not Only Beautiful But All Have Great Personalities Making Them The Perfect Companion For Any Occasion. In-Call:- You Can Come At Our Place in Delhi Our place Which Is Very Clean Hygienic 100% safe Accommodation. Out-Call:- You have To Come Pick The Girl From My Place We Are Also Provide Door Step Services (Delhi Ncr, Noida, Gurgaon, Faridabad, Ghaziabad Note:- Pic Collectors Time Passers Bargainers Stay Away As We Respect The Value For Your Money Time And Expect The Same From You Hygienic:- Full Ac room And Clean Rooms Available In Hotel 24 * 7 Hourly In Delhi NCR More Details, With WhatsApp Number, +91-8448380779

call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️

Delhi Call girls

Software Quality Assurance Interview Questions

Arshad QA

A great deal of attention in medical devices has shifted towards cybersecurity with the ratification of section 524B of the FD&C act. This new law enables the FDA to enforce cybersecurity controls in any medical device that is capable of networked communications or that has software. In this webinar we will recap the process for managing vulnerabilities, identify categories of vulnerabilities and solutions and more.

The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...

ICS

Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf

kalichargn70th171

call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️

Delhi Call girls

Model Call Girl Services in Delhi reach out to us at 🔝 9953056974 🔝✔️✔️ Our agency presents a selection of young, charming call girls available for bookings at Oyo Hotels. Experience high-class escort services at pocket-friendly rates, with our female escorts exuding both beauty and a delightful personality, ready to meet your desires. Whether it's Housewives, College girls, Russian girls, Muslim girls, or any other preference, we offer a diverse range of options to cater to your tastes. We provide both in-call and out-call services for your convenience. Our in-call location in Delhi ensures cleanliness, hygiene, and 100% safety, while our out-call services offer doorstep delivery for added ease. We value your time and money, hence we kindly request pic collectors, time-passers, and bargain hunters to refrain from contacting us. Our services feature various packages at competitive rates: One shot: ₹2000/in-call, ₹5000/out-call Two shots with one girl: ₹3500/in-call, ₹6000/out-call Body to body massage with sex: ₹3000/in-call Full night for one person: ₹7000/in-call, ₹10000/out-call Full night for more than 1 person: Contact us at 🔝 9953056974 🔝. for details Operating 24/7, we serve various locations in Delhi, including Green Park, Lajpat Nagar, Saket, and Hauz Khas near metro stations. For premium call girl services in Delhi 🔝 9953056974 🔝. Thank you for considering us!

CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE

9953056974 Low Rate Call Girls In Saket, Delhi NCR

Dernier (20)

introduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdf

Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...

Unlocking the Future of AI Agents with Large Language Models

The Ultimate Test Automation Guide_ Best Practices and Tips.pdf

How To Troubleshoot Collaboration Apps for the Modern Connected Worker

Introducing Microsoft’s new Enterprise Work Management (EWM) Solution

HR Software Buyers Guide in 2024 - HRSoftware.com

Diamond Application Development Crafting Solutions with Precision

W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...

Define the academic and professional writing..pdf

Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live

+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...

10 Trends Likely to Shape Enterprise Technology in 2024

How To Use Server-Side Rendering with Nuxt.js

call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️

Software Quality Assurance Interview Questions

The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...

Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf

call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️

CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE

Web Security: A Journey - UC San Diego

1. net-square UCSD July '15 Web Security: A Journey Saumil Shah CEO Net Square UC San Diego – 23 July 2015

2. net-square UCSD July '15 Saumil Shah @therealsaumil saumilshah hacker speaker trainer entrepreneur traveler photographer calligrapher kite-ﬂyer software breaker rebel global net-square.com

3. net-square UCSD July '15 WE ARE HACKERS WE PUSH THE ENVELOPE WE THRIVE ON FACTS AND LOGIC.. ..AND LATERAL THINKING WE QUESTION AND CHALLENGE AND WORK ON LIMITED RESOURCES

4. net-square UCSD July '15 Enter the WEB

5. net-square UCSD July '15 HTTP •  Deliver HTML pages to browsers. •  Cross platform document delivery. •  Application independent. •  Standard markup. •  CLIENT: Web browser •  SERVER: HTTP server

6. net-square UCSD July '15 Web Applications WebServer App Server DB

7. net-square UCSD July '15 Client/Server vs. Web Apps Application Protocol Authentication Concurrent Sessions Data Representation DataValidation Business Logic Presentation HTTP Authentication Concurrent Sessions Data Representation DataValidation Business Logic Presentation

8. net-square UCSD July '15 Application Delivery HTTP Authentication Statefulness Data Types Data Validation CGI HTML JS AJAX Flash HTML5 Silverlight Web sockets Web workers Local storage

9. net-square UCSD July '15 Browser Architecture DOM HTML+CSS Javascript ActiveX mimetypes toolbars Flash libraries <div> <img> <iframe> <body> <form> <input> <table> <style> <object> <embed> <script>

10. net-square UCSD July '15 1995-1998

11. net-square UCSD July '15

12. net-square UCSD July '15

13. net-square UCSD July '15 2008-present

14. net-square UCSD July '15 A Revival

15. net-square UCSD July '15 What shall your response be? GET / HTTP/1.0 GET /nonexist.ent HTTP/1.0

16. net-square UCSD July '15 What shall your response be? ZOMFG / HTTP/1.0 GET / HTTP/3.0 GET / JUNK/1.0

17. net-square UCSD July '15 The responders Test Apache Microsoft IIS SunONE GET / HTTP/1.0 200 200 200 GET /nonexist.ent HTTP/1.0 404 404 404 DELETE / HTTP/1.0 405 403 401 GET / HTTP/3.0 400 200 505 GET / JUNK/1.0 200 400 none

18. net-square UCSD July '15 x=hello&x=world •  A: "hello" •  B: "world" •  C: "hello, world" •  D: WTF

19. net-square UCSD July '15 x=hello&x=world Web Server Value of x Apache "world" IBM HTTP Server "hello" Domino "world" IIS "hello, world" Tomcat "hello" Python/Zope Array ['hello', 'world']

20. net-square UCSD July '15 Sources of Software Errors User Input Race Condition Environment Resource Exhaustion

21. net-square UCSD July '15 The "banana" test I CAN HAZ BANANA?

22. net-square UCSD July '15 Circle of HTTP Trust Your Users

23. net-square UCSD July '15 The user's going to pick dancing pigs over security every time. Bruce Schneier

24. net-square UCSD July '15 Technology in the hands of users

25. net-square UCSD July '15 Thank You... Questions? saumil@net-square.com @therealsaumil

Web Security: A Journey - UC San Diego

Recommandé

Recommandé

Contenu connexe

Similaire à Web Security: A Journey - UC San Diego

Similaire à Web Security: A Journey - UC San Diego (20)

Plus de Saumil Shah

Plus de Saumil Shah (20)

Dernier

Dernier (20)

Web Security: A Journey - UC San Diego