Application Security Trends and Issues

  • View
    219

  • Download
    0

Embed Size (px)

Text of Application Security Trends and Issues

  • APPLICATION SECURITY : TREND & ISSUE

    By : Dedi Dwianto,CEH,OSCP,eMPAT,ISO 27001:LA

    WORKSHOP & TRAINING APPLICATION SECURITY :OTORITAS JASA KEUANGAN (OJK)

    11-12 Mei 2016

  • A New Zero-Day Vulnerability Discovered Each Week

    Attackers profit from flaws in browsers and website plugins

    www.symantec.com

    http://www.symantec.com

  • WEB ATTACKS, TOOLKITS, AND EXPLOITING VULNERABILITIES ONLINE

    If web servers are vulnerable, then so are the websites they host and the people who visit them

  • Browser Vulnerabilities

  • Anual Plugins Vulnerabilities

  • Anual Plugins Vulnerabilities

  • Top Five Web Attack Toolkits

  • DEFACEMENT

    zone-h.org

    http://zone-h.org

  • WE LIVE IN AN INCREASING DIGITAL WORLD

  • Smartphones are an increasingly attractive target for online criminals. As a result, they are investing in more sophisticated attacks that are effective at stealing valuable personal data or extorting money from victims

    IoT

  • IRISS-Survey-2015

  • OWASP (OPEN WEB APPLICATION SECURITY PROJECT) OWASP (OPEN WEB APPLICATION SECURITY PROJECT)

    The OWASP Top 1010 (a community-driven, consensus-based list of top 10 application security risks,

    with lists available for web and mobile applications) is by far the leading application security standard or guideline followed by builders

  • NOT Network Security

    Securing custom code

    Securing libraries

    Securing Backend System

    Securing web & application server

    APPLICATION SECURITY

  • APPLICATION SECURITY

  • APPLICATION SECURITY PROGRAM

  • APPLICATION SECURITY PROGRAM

    sans.org

    http://sans.org

  • Useful SECURITY Practices for Application Defenders

    sans.org

    http://sans.org

  • Useful SECURITY Practices for Application Builders

    sans.org

    http://sans.org

  • PENETRATION TESTING TOOLS

    By : Dedi Dwianto,C|EH,OSCP,eMPAT,ISO 27001:LA

    WORKSHOP & TRAINING APPLICATION SECURITY :OTORITAS JASA KEUANGAN (OJK)

    11-12 Mei 2016

  • System

    Network

    Web Application

    TOOLS