API tools faq
paste
selvalives

Untitled

selvalives
Aug 25th, 2019
72
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.14 KB | None | 0 0
raw download clone embed print report
  1. the need and benefits of application security
  2. -application has to be confidential with integrity maintained and available
  3. as promised within the restricted resources
  4. -restricted resources are object,data,feature to be accessed by authorized users
  5. -the need to take care finance,to continue to run the business,not to close the business,
  6. not to expose customer info,
  7. -eventhough we have IDS and firewalls, port 80 and 443 are exposed to
  8. the outside world-the nature of web !
  9.  
  10. most common application level attacks
  11. -SQL Injection-inject syntax into input boxes
  12. -XSS-inject and make it permenant
  13. -parameter tampering-user url to manipulate query string
  14. -directory traversal-use ../ in linux enviroments
  15. -CSRF-cheat user by sending injected link
  16. -DOS-to bring down the services
  17. -Cookie poisoning
  18. -Session fixation
  19.  
  20. why vulnerabilities exist
  21. -curiculom doesn't emphasize security issues-cannot blame them also
  22. -no guidance to stakeholders
  23. -no security requirements done at inception phase
  24. -insecure coding techniques
  25. -improper input validation
  26. -insecure crypto
  27. -insufficient transport layer protection
  28. -improper SSL configuration leads to MITM
  29. -improper certificate configurations
  30. -insecure direct object reference
  31. -exposing directory,file structures
  32. -accepts parameters that can be used as direct file name
  33. -instead construct path yourself
  34. -broken authentication and session management
  35. -session id in URL
  36. -database passwords are in plain text !
  37. -timeout exploits, set timeout to avoids exploits on public machines
  38. -improper error handling
  39. -gives out information about everything
  40. -nullpointer exceptions,database inavailability,networktimeout,logical flow,enviroment informations
  41.  
  42. -unvalidated redirects and forwards
  43. -failure to restrict URL access
  44. -no security testing
  45. -security negligence in deployment
  46.  
  47. need and advantages of applying security into SDLC
  48. -reduce the presence of security vulnerabilities
  49. -reduce costly rework
  50. -improves developer and customer satisfactions
  51.  
  52. various security reference standards,models and framework
  53. -check the mission and objectives of the belows
  54. -OWASP
  55. -WASC
  56. -SAMM
  57. -BSIMM
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!