APPLICATION SECURITY : TREND & ISSUE
By : Dedi Dwianto,CEH,OSCP,eMPAT,ISO 27001:LA
WORKSHOP & TRAINING APPLICATION SECURITY :OTORITAS JASA KEUANGAN (OJK)
11-12 Mei 2016
A New Zero-Day Vulnerability Discovered Each Week
Attackers profit from flaws in browsers and website plugins
www.symantec.com
WEB ATTACKS, TOOLKITS, AND EXPLOITING VULNERABILITIES ONLINE
“If web servers are vulnerable, then so are the websites they host and the people who visit them”
Browser Vulnerabilities
Anual Plugins Vulnerabilities
Anual Plugins Vulnerabilities
Top Five Web Attack Toolkits
WE LIVE IN AN INCREASING DIGITAL WORLD
Smartphones are an increasingly attractive target for online criminals. As a result, they are investing in more sophisticated attacks that are effective at stealing valuable personal data or extorting money from victims
IoT
IRISS-Survey-2015
OWASP (OPEN WEB APPLICATION SECURITY PROJECT) OWASP (OPEN WEB APPLICATION SECURITY PROJECT)
The OWASP Top 1010 (a community-driven, consensus-based list of top 10 application security risks,
with lists available for web and mobile applications) is by far the leading application security standard or guideline followed by builders
• NOT Network Security
• Securing “custom” code
• Securing libraries
• Securing Backend System
• Securing web & application server
APPLICATION SECURITY
APPLICATION SECURITY
APPLICATION SECURITY PROGRAM
PENETRATION TESTING TOOLS
By : Dedi Dwianto,C|EH,OSCP,eMPAT,ISO 27001:LA
WORKSHOP & TRAINING APPLICATION SECURITY :OTORITAS JASA KEUANGAN (OJK)
11-12 Mei 2016
• System
• Network
• Web Application
TOOLS