Beyond The Norm: Building Secure Websites
-
Upload
adria-richards -
Category
Technology
-
view
1.570 -
download
2
description
Transcript of Beyond The Norm: Building Secure Websites
![Page 1: Beyond The Norm: Building Secure Websites](https://reader033.fdocuments.us/reader033/viewer/2022061218/54822fa5b07959600c8b4725/html5/thumbnails/1.jpg)
Beyond The Norm: Building Secure Websites
Adria RichardsTwin Cities Web Design and Standards Group
![Page 2: Beyond The Norm: Building Secure Websites](https://reader033.fdocuments.us/reader033/viewer/2022061218/54822fa5b07959600c8b4725/html5/thumbnails/2.jpg)
We've got a website!
![Page 3: Beyond The Norm: Building Secure Websites](https://reader033.fdocuments.us/reader033/viewer/2022061218/54822fa5b07959600c8b4725/html5/thumbnails/3.jpg)
The golden years of html websites
![Page 4: Beyond The Norm: Building Secure Websites](https://reader033.fdocuments.us/reader033/viewer/2022061218/54822fa5b07959600c8b4725/html5/thumbnails/4.jpg)
![Page 5: Beyond The Norm: Building Secure Websites](https://reader033.fdocuments.us/reader033/viewer/2022061218/54822fa5b07959600c8b4725/html5/thumbnails/5.jpg)
Websites of Today
![Page 6: Beyond The Norm: Building Secure Websites](https://reader033.fdocuments.us/reader033/viewer/2022061218/54822fa5b07959600c8b4725/html5/thumbnails/6.jpg)
All your base are belong to us
![Page 7: Beyond The Norm: Building Secure Websites](https://reader033.fdocuments.us/reader033/viewer/2022061218/54822fa5b07959600c8b4725/html5/thumbnails/7.jpg)
Exploding Gastanks and Websites
• Initial price • Reliability• Appearance • Features • Performance
![Page 8: Beyond The Norm: Building Secure Websites](https://reader033.fdocuments.us/reader033/viewer/2022061218/54822fa5b07959600c8b4725/html5/thumbnails/8.jpg)
Cross Side Scripting
Famous SitesWebmail including Gmail and YahooFacebookWikipediaBarack Obama & Hiliary Clinton Programming technologiesJavascript, HTML, Java, ActiveX, VBScript, Flash, RSS Preventionusers - Smart browsingdevelopers - URL parametersdevelopers - Form inputdevelopers - Cookies developers - Database calls
![Page 9: Beyond The Norm: Building Secure Websites](https://reader033.fdocuments.us/reader033/viewer/2022061218/54822fa5b07959600c8b4725/html5/thumbnails/9.jpg)
SQL Injections
Famous Sites Domain Registrar in New Zealand Microsoft UK United Nations Programming technologiesASP, PHP, mySQL, SQL, Oracle What's Vulnerable?All websites that use a databaseForums, CMS', blogs, shopping carts, contact forms Preventiondevelopers - validate your inputdevelopers - monitor input into your forms
![Page 10: Beyond The Norm: Building Secure Websites](https://reader033.fdocuments.us/reader033/viewer/2022061218/54822fa5b07959600c8b4725/html5/thumbnails/10.jpg)
Predictable ID's
Famous SitesVictoria's SecretTrend Micro Programming technologiesyour code, session cookies, HTML, social engineering Preventionusers - Smart browsingdevelopers - random user ID and sesson cookie generation
![Page 11: Beyond The Norm: Building Secure Websites](https://reader033.fdocuments.us/reader033/viewer/2022061218/54822fa5b07959600c8b4725/html5/thumbnails/11.jpg)
Keeping Your Clients Safe Online
Discuss
![Page 12: Beyond The Norm: Building Secure Websites](https://reader033.fdocuments.us/reader033/viewer/2022061218/54822fa5b07959600c8b4725/html5/thumbnails/12.jpg)
Keeping Your Clients Safe Online
DiscussRecruit
![Page 13: Beyond The Norm: Building Secure Websites](https://reader033.fdocuments.us/reader033/viewer/2022061218/54822fa5b07959600c8b4725/html5/thumbnails/13.jpg)
Keeping Your Clients Safe Online
DiscussRecruitTest
![Page 14: Beyond The Norm: Building Secure Websites](https://reader033.fdocuments.us/reader033/viewer/2022061218/54822fa5b07959600c8b4725/html5/thumbnails/14.jpg)
Keeping Your Clients Safe Online
DiscussRecruitTestMonitor
![Page 15: Beyond The Norm: Building Secure Websites](https://reader033.fdocuments.us/reader033/viewer/2022061218/54822fa5b07959600c8b4725/html5/thumbnails/15.jpg)
Keeping Your Clients Safe Online
+ Discuss+ Collaborate+ Test+ Monitor-----------------------= Happy Clients!
![Page 16: Beyond The Norm: Building Secure Websites](https://reader033.fdocuments.us/reader033/viewer/2022061218/54822fa5b07959600c8b4725/html5/thumbnails/16.jpg)
Beyond The Norm: Building Secure Websites
Thanks! Adria RichardsTwitter @adriarichards
![Page 17: Beyond The Norm: Building Secure Websites](https://reader033.fdocuments.us/reader033/viewer/2022061218/54822fa5b07959600c8b4725/html5/thumbnails/17.jpg)
Citations and Credit
Title inspiration, "Beyond The Norm" from Robert X. Cringely's article at InfoworldPhoto Locks by Leonid MamchenkovPhotos Classic Cars by by Rojer, Draco2008, Martin Pettitt, charkesw , Smudge 9000, dave_7Photo Ford Pinto by Brian Teutsch Photo Rack Right by sylvarPhoto database 2 by Tim MorganPhoto Message error 404 CyboRoZPhoto You buys your ticket by Hryck.Photo Injection by Conor LawlessDog and kid photos susieq3c timtimes airwaves1 riaan_cornelius estoril gopal1035 hdport Ssmallfry Bill in Ash VegasDesign Defects of the Ford Pinto Gas Tank, Engineering DisasterTwitter in KindergartenWikipedia Cross-site ScriptingWikipedia SQL Injection Understanding Malicious Content Mitigation for Web DevelopersInsecure Websites by CRNIdentity theft in web applications
![Page 18: Beyond The Norm: Building Secure Websites](https://reader033.fdocuments.us/reader033/viewer/2022061218/54822fa5b07959600c8b4725/html5/thumbnails/18.jpg)
Type of attacks
Abuse of Functionality, Brute Force, Content Spoofing, Credential/Session Prediction, Cross-site Scripting, Defacement, Denial of Service, Directory Indexing, HTTP Response Splitting, Information Leakage, Insufficient Anti-automation, Insufficient Authentication, Insufficient Authorization, Insufficient Process Validation, Insufficient Session Expiration, Known Vulnerabity, Misconfiguration, OS Commanding, Other, Path Traversal, Phishing, Predictable Resource Location, Redirection, SQL Injection, Unknown, Weak Password Recovery Validation, Worm Credit Web Application Security Consortium