Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- the need and benefits of application security
- -application has to be confidential with integrity maintained and available
- as promised within the restricted resources
- -restricted resources are object,data,feature to be accessed by authorized users
- -the need to take care finance,to continue to run the business,not to close the business,
- not to expose customer info,
- -eventhough we have IDS and firewalls, port 80 and 443 are exposed to
- the outside world-the nature of web !
- most common application level attacks
- -SQL Injection-inject syntax into input boxes
- -XSS-inject and make it permenant
- -parameter tampering-user url to manipulate query string
- -directory traversal-use ../ in linux enviroments
- -CSRF-cheat user by sending injected link
- -DOS-to bring down the services
- -Cookie poisoning
- -Session fixation
- why vulnerabilities exist
- -curiculom doesn't emphasize security issues-cannot blame them also
- -no guidance to stakeholders
- -no security requirements done at inception phase
- -insecure coding techniques
- -improper input validation
- -insecure crypto
- -insufficient transport layer protection
- -improper SSL configuration leads to MITM
- -improper certificate configurations
- -insecure direct object reference
- -exposing directory,file structures
- -accepts parameters that can be used as direct file name
- -instead construct path yourself
- -broken authentication and session management
- -session id in URL
- -database passwords are in plain text !
- -timeout exploits, set timeout to avoids exploits on public machines
- -improper error handling
- -gives out information about everything
- -nullpointer exceptions,database inavailability,networktimeout,logical flow,enviroment informations
- -unvalidated redirects and forwards
- -failure to restrict URL access
- -no security testing
- -security negligence in deployment
- need and advantages of applying security into SDLC
- -reduce the presence of security vulnerabilities
- -reduce costly rework
- -improves developer and customer satisfactions
- various security reference standards,models and framework
- -check the mission and objectives of the belows
- -OWASP
- -WASC
- -SAMM
- -BSIMM
Add Comment
Please, Sign In to add comment