APPLICATION SECURITY : TREND & ISSUE

By : Dedi Dwianto,CEH,OSCP,eMPAT,ISO 27001:LA

WORKSHOP & TRAINING APPLICATION SECURITY :OTORITAS JASA KEUANGAN (OJK)

11-12 Mei 2016

A New Zero-Day Vulnerability Discovered Each Week

Attackers profit from flaws in browsers and website plugins

www.symantec.com

WEB ATTACKS, TOOLKITS, AND EXPLOITING VULNERABILITIES ONLINE

“If web servers are vulnerable, then so are the websites they host and the people who visit them”

Browser Vulnerabilities

Anual Plugins Vulnerabilities

Anual Plugins Vulnerabilities

Top Five Web Attack Toolkits

DEFACEMENT

zone-h.org

WE LIVE IN AN INCREASING DIGITAL WORLD

Smartphones are an increasingly attractive target for online criminals. As a result, they are investing in more sophisticated attacks that are effective at stealing valuable personal data or extorting money from victims

IoT

IRISS-Survey-2015

OWASP (OPEN WEB APPLICATION SECURITY PROJECT) OWASP (OPEN WEB APPLICATION SECURITY PROJECT)

The OWASP Top 1010 (a community-driven, consensus-based list of top 10 application security risks,

with lists available for web and mobile applications) is by far the leading application security standard or guideline followed by builders

• NOT Network Security

• Securing “custom” code

• Securing libraries

• Securing Backend System

• Securing web & application server

APPLICATION SECURITY

APPLICATION SECURITY

APPLICATION SECURITY PROGRAM

APPLICATION SECURITY PROGRAM

sans.org

Useful SECURITY Practices for Application Defenders

sans.org

Useful SECURITY Practices for Application Builders

sans.org

PENETRATION TESTING TOOLS

By : Dedi Dwianto,C|EH,OSCP,eMPAT,ISO 27001:LA

WORKSHOP & TRAINING APPLICATION SECURITY :OTORITAS JASA KEUANGAN (OJK)

11-12 Mei 2016

• System

• Network

• Web Application

TOOLS