Why hackers don’t care about your firewall. Seba Deleersnyder firstname.lastname@example.org. Sebastien Deleersnyder?. 5 years developer experience 11 years information security experience Managing Technical Consultant SAIT Zenitel Belgian OWASP chapter founder OWASP board member www.owasp.org
Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.
OWASP is a worldwidefree and open community focused on improving the security of application software.
Our mission is to make application security visible so that people and organizations can make informed decisions about application security risks.
Everyone is free to participate in OWASP and all of our materials are available under a free and open software license.
The OWASP Foundation is a 501c3 not-for-profit charitable organization that ensures the ongoing availability and support for our work.
Source: Gunnar Peterson (Arctec Group)
Custom Developed Application Code
You can’t use network layer protection (firewall, SSL, IDS, hardening) to stop or detect application layer attacks
Select user_informationfrom user_tablewhere username=’’ or 1=1-– ‘ and password=’abc’
XSS = new buffer overflow
Still not fixed (with redirection): http://www.google.com/search?btnI&q=allinurl:http://www.xssed.com/
A quick Google Safe Browsing search of TechCrunch Europe's site shows suspicious activity twice over the last 90 days.
"Of the 128 pages we tested on the site over the past 90 days,
58 page(s) resulted in malicious software being downloaded and installed without user consent.”(sep 2010)
Reason: unpatched WordPress
Keep up to date!
Become member, annual donation of:
enables the support of OWASP projects, mailing lists, conferences, podcasts,grants and global steering activities…