Skip to main content

More right-solid
More right-solid
More right-solid
SHOW DETAILS
eye
Title
Date Archived
Creator
OWASP
movies
eye 2
favorite 0
comment 0
OWASP AppSec EU 2018 Hacker Track - Day 2, talk 6 With Lambda by Amazon, Cloud function by Google, and Azure functions by Microsoft, we are seeing more and more organizations leveraging the advantages introduced by serverless computing. But what does serverless computing entail when it comes to security? With no dedicated server, is the security risk higher or lower? Can malware live inside the code? These are critical questions every organization shifting to a serverless environment should be...
Topics: Youtube, video, Science & Technology, owasp, appsec
OWASP
movies
eye 1
favorite 0
comment 0
Millions of cars with tens of millions of lines of code are already on the road talking to servers and very soon, talking to each other. Clearly a lot can go wrong. Connectivity carries significant risks which must be addressed as soon as possible. This session will address the trade-off between safety, security and convenience as well as the steps that need be taken by the automotive manufacturers before we can trust our cars to let the transportation ecosystem deliver the promised benefits of...
Topics: Youtube, video, Science & Technology, owasp, appsec
OWASP
movies
eye 5
favorite 0
comment 0
ZAP es un proxy de interceptación. El cual permite observar todas las solicitudes realizadas hacia la aplicación web y todas las respuestas recibidas desde esta Alonso Eduardo Caballero Quezada es EXIN Ethical Hacking Foundation Certificate, LPI Linux Essentials Certificate, Brainbench Certified Network Security (Master), Computer Forensics (U.S.) & Linux Administration (General), IT Masters Certificate of Achievement en Network Security Administrator, Hacking Countermeasures, Cisco CCNA...
Topics: Youtube, video, Science & Technology, owasp, appsec
OWASP
movies
eye 5
favorite 0
comment 0
Recorded at AppSecUSA 2014 in Denver http://2014.appsecusa.org/ Thursday, September 18 • 3:00pm - 3:45pm Client-side security with the Security Header Injection Module (SHIM) Client-side security headers are useful countermeasures for Man-In-The-Middle, Clickjacking, XSS, MIME-Type sniffing, and Data Caching vulnerabilities. In this talk, we will review several security headers (e.g. Strict-Transport-Security, X-Frame-Options, X-XSS-Protection, Content-Security-Policy, and...
Topics: Youtube, video, Science & Technology, owasp, appsec, Aaron Cure, Eric Johnson
OWASP
movies
eye 10
favorite 0
comment 0
AppSec California 2015 - Day 1, Track 1, Slot 1 Bio Alex Stamos is Yahoo’s Vice President of Information Security and Chief Information Security Officer. Alex leads all aspects of information security at Yahoo, including the team of Yahoo “Paranoids”, charged with making Yahoo’s products as secure as possible. This is a broad role which includes implementing top-to-bottom security for products and systems but also to lead the company and the industry in not just how security works today...
Topics: Youtube, video, Science & Technology, Programming Language (Software Genre), infosec, appsec,...
OWASP
movies
eye 5
favorite 0
comment 0
Dennis Groves (OWASP Co-Founder) and Tom Brennan (OWASP Global Board member) talk about the meaning of OWASP and what it stands for. https://www.owasp.org/ - Produced by the official OWASP Media Project https://www.owasp.org/index.php/OWASP_Media_Project Source: https://www.youtube.com/watch?v=D5Lw4ML2K8g Uploader: OWASP
Topics: Youtube, video, Science & Technology, owasp, appsec
OWASP
movies
eye 4
favorite 0
comment 0
Live from AppSecUSA 2014 in Denver http://2014.appsecusa.org/ Keynote: Gary McGraw - Bug Parades, Zombies, and the BSIMM: A Decade of Software Security Friday, September 19 • 8:00am - 9:00am Only thirteen years ago, the idea of building security in was brand new. Back then, if system architects and developers thought about security at all, they usually concentrated on the liberal application of magic crypto fairy dust. We have come a long way since then. Perhaps no segment of the security...
Topics: Youtube, video, Science & Technology, owasp, appsec
OWASP
movies
eye 6
favorite 0
comment 0
OWASP Broken Web Applications (OWASP BWA): Beyond 1.0 - Chuck Willis The OWASP Broken Web Applications (OWASP BWA) Project produces a free and open source virtual machine (VM) loaded with more than twenty-five web applications with a variety of security vulnerabilities. The project VM is well suited for use as a learning and training environment or as a standard target for testing tools and techniques. After two years of betas, the project released version 1.0 of the VM in 2012. With that...
Topics: Youtube, video, Science & Technology, Appsecusa, appsec, Appsecusa 2013, owasp
OWASP
movies
eye 1
favorite 0
comment 0
From AppSecEU 2015 in Amsterdam https://2015.appsec.eu/ Helen McLaughlin Can Saas Ever Be Secure? You can download all Videos at https://www.its.fh-muenster.de/owasp-appseceu/2015/ ⇩ - Managed by the official OWASP Media Project https://www.owasp.org/index.php/OWASP_Media_Project Source: https://www.youtube.com/watch?v=8kYENtyGdGk Uploader: OWASP
Topics: Youtube, video, Entertainment
OWASP
movies
eye 4
favorite 0
comment 0
The velocity of modern IT is breathtaking: while most IT organizations struggle with monthly releases, agile organizations like Netflix, LinkedIn, Twitter, Github, Etsy and others are doing tens, hundreds, or even thousands of code deploys per day. They have shown the competitive advantage that the combination of commoditized cloud infrastructure, DevOps processes and hypothesis-driven development can create. They are quickly releasing features that matter to customers, saving the business...
Topics: Youtube, video, Science & Technology, owasp, appsec, AppSecCali‎2014
From AppSecEU 2016 in Rome https://2016.appsec.eu/ - Managed by the official OWASP Media Project https://www.owasp.org/index.php/OWASP_Media_Project Source: https://www.youtube.com/watch?v=6Rpgbsypa5w Uploader: OWASP
Topics: Youtube, video, Science & Technology, owasp, appsec
OWASP
movies
eye 3
favorite 0
comment 0
From AppSecEU 2016 in Rome https://2016.appsec.eu/ - Managed by the official OWASP Media Project https://www.owasp.org/index.php/OWASP_Media_Project Source: https://www.youtube.com/watch?v=6ZiJvlMeb-E Uploader: OWASP
Topics: Youtube, video, Science & Technology, owasp, appsec
From AppSecEU 2016 in Rome https://2016.appsec.eu/ - Managed by the official OWASP Media Project https://www.owasp.org/index.php/OWASP_Media_Project Source: https://www.youtube.com/watch?v=EPp5rCdXwm0 Uploader: OWASP
Topics: Youtube, video, Science & Technology, owasp, appsec
OWASP
movies
eye 1
favorite 0
comment 0
Live from AppSecUSA 2014 in Denver http://2014.appsecusa.org/ Friday, September 19 9:30am Ten Secrets to Secure Mobile Applications 10:30am Threat Modeling Made Interactive! 1:00pm Stop Chasing Vulnerabilities - Introducing *Continuous* Application Security 2:00pm From the Ground Up 3:00pm OWASP A9: A Year Later - Are you still using components with known vulnerabilities? - Managed by the official OWASP Media Project https://www.owasp.org/index.php/OWASP_Media_Project Source:...
Topics: Youtube, video, Science & Technology, owasp, appsec
AppSec California 2015 - Day 2, Track 1, Slot 2 Title Proactively defending your business against security protocol attacks and implementation flaws Abstract “HTTPS/SSL/TLS has been under fire for years. BEAST, CRIME, problems with the weakness of the CA system, problems with various versions of the protocol – and more – have plagued HTTPS to be less than satisfactory, at best, as a transport security protocol. Some of the most popular algorithms used to secure communications are getting...
Topics: Youtube, video, Science & Technology, owasp, webapps, infosec, appsec california 2015,...
OWASP
movies
eye 4
favorite 0
comment 0
AppSecEU 2014 in Cambridge https://2014.appsec.eu/ Three key devops principles are the merging of skills in previously separate teams, extensive process automation and faster delivery through more frequent software deploys. These present some interesting challenges to application security such as: How to effectively communicate and manage security requirements in such a dynamic environment? How to perform rigorous security testing when software is deployed multiple times per day? How to...
Topics: Youtube, video, Science & Technology, Appseceu, owasp, appsec
OWASP
movies
eye 1
favorite 0
comment 0
M. Takebe is a contributor on ISO/IEC TR 24772:2010 that is Information technology -- Programming languages -- Guidance to avoiding vulnerabilities in programming languages through language selection and use. http://grouper.ieee.org/groups/plv/ SLIDES: https://speakerdeck.com/owaspmontreal/explanation-on-tr24772-by-tatsuaki-takebe Source: https://www.youtube.com/watch?v=GuY0DJxyiiU Uploader: OWASP
Topics: Youtube, video, Entertainment, #hangoutsonair, Hangouts On Air, #hoa
OWASP
by OWASP
movies
eye 3
favorite 0
comment 0
Agenda: https://www.owasp.org/index.php/CommunityUpdates/2014-07-08 - Managed by the official OWASP Media Project https://www.owasp.org/index.php/OWASP_Media_Project Source: https://www.youtube.com/watch?v=QnvOUBggB50 Uploader: OWASP
Topics: Youtube, video, Entertainment, #hangoutsonair, Hangouts On Air, #hoa, #hangoutsonair, Hangouts On...
OWASP
movies
eye 2
favorite 0
comment 0
Keynote - Cryptography in the age of Heartbleed The past decade has seen an unprecedented number of high-profile data breaches. To address this threat, businesses have begun to invest heavily in encryption technologies, both to protect data and to reduce liability in the event of a breach. However, the widespread deployment of encryption has placed a new burden on application developers, a burden that is made worse by the fact that many of our existing protocols and software libraries are...
Topics: Youtube, video, Science & Technology, owasp, appsec, appsecusa
OWASP
movies
eye 5
favorite 0
comment 0
Recorded at AppSecUSA 2015 in San Francisco https://2015.appsecusa.org/ New Methods in Automated XSS Detection: Dynamic XSS Testing without Using Static Payloads For the past 15+ years all major automated XSS detection methods rely on payloads. Payloads are static exploit strings with previously known variations of exploits and exploit syntaxes. This presentation shows examples dynamic methods that do not rely on payloads to figure out if an XSS vulnerability exists. Furthermore these methods...
Topics: Youtube, video, Science & Technology, owasp, appsec, appsecusa
OWASP
movies
eye 6
favorite 0
comment 0
Recorded at AppSecUSA 2015 in San Francisco https://2015.appsecusa.org/ Ever wonder why there isn't a metasploit-style framework for Android apps? We did! Whether you're a developer trying to protect your insecure app from winding up on user devices, an Android n00b or a pentester trying to pwn all the things, QARK is just what you've been looking for! This tool combines Static Code Analysis with source-sink mapping, teaching by detailing misconfigurations, citing research detailing the issues...
Topics: Youtube, video, Science & Technology, owasp, appsec, appsecusa
OWASP
movies
eye 0
favorite 0
comment 0
From AppSecEU 2015 in Amsterdam https://2015.appsec.eu/ Marek Zachara Collective Detection Of Harmful Requests You can download all Videos at https://www.its.fh-muenster.de/owasp-appseceu/2015/ ⇩ - Managed by the official OWASP Media Project https://www.owasp.org/index.php/OWASP_Media_Project Source: https://www.youtube.com/watch?v=DbNex8kNglQ Uploader: OWASP
Topics: Youtube, video, Entertainment
OWASP
movies
eye 7
favorite 0
comment 0
For the last 20 years, assessment of the security of proposed systems has been a standard. Indeed, NIST-14 (1996) states, "Security requirements should be developed at the same time system planners define the requirements of the system.” Yet, threat modeling remains something of a “black art”, understood solely by the innercognoscenti, “security architects”. Indeed, at most companies, threat models are regarded as highly classified, need-to-know materials. This secretive...
Topics: Youtube, video, Science & Technology, owasp, appsec
Bot activity represents a significant part of the overall Internet traffic. In the past, bots were concentrating on scraping content from ecommerce sites but in more recent years, bots are also being used to conduct fraudulent activity such as account checking, automated account creation, gift card or loyalty point theft. As a web security product architect, my focus over the last 5 years has been to design and develop a comprehensive product that can detect and classify bots to protect the...
Topics: Youtube, video, Science & Technology, owasp, appsec
OWASP
movies
eye 7
favorite 0
comment 0
OWASP Media Project Introduction by Jonathan Marcil Live at OWASP Projects Summit at AppSecUSA 2013 https://www.owasp.org/index.php/Projects_Summit_2013 The OWASP Media Project is an infrastructure project that gather, consolidate and promote OWASP content in video format on a central appealing hub. The first and main instance of the project is the YouTube channel you are currently on. https://www.owasp.org/index.php/OWASP_Media_Project Source: https://www.youtube.com/watch?v=OerUKbptHVo...
Topics: Youtube, video, Science & Technology, Hangouts On Air, mediaproject, Appsecusa 2013, owasp,...
OWASP
by OWASP
movies
eye 7
favorite 0
comment 0
The OWASP Zed Attack Proxy (ZAP) is one of the world’s most popular free security tools and is actively maintained by hundreds of international volunteers*. It can help you automatically find security vulnerabilities in your web applications while you are developing and testing your applications. Its also a great tool for experienced pentesters to use for manual security testing. Come and learn about ZAP and the new feature: Heads Up Display Speaker David Scrobonia Recorded at AppSecUSA 2018...
Topics: Youtube, video, Science & Technology, owasp, appsec
OWASP
movies
eye 1
favorite 0
comment 0
From AppSecEU 2015 in Amsterdam https://2015.appsec.eu/ Andrew Lee-Thorp So, You Want To Use A WebView? You can download all Videos at https://www.its.fh-muenster.de/owasp-appseceu/2015/ - Managed by the official OWASP Media Project https://www.owasp.org/index.php/OWASP_Media_Project Source: https://www.youtube.com/watch?v=ZygwC7k1hus Uploader: OWASP
Topics: Youtube, video, Entertainment
OWASP
movies
eye 3
favorite 0
comment 0
From AppSecEU 2015 in Amsterdam https://2015.appsec.eu/ Paul Malone Implementing A Usesr-Centric Datastore With Privacy Aware Access Control For Cloud-Based Data Platforms You can download all Videos at https://www.its.fh-muenster.de/owasp-appseceu/2015/ ⇩ - Managed by the official OWASP Media Project https://www.owasp.org/index.php/OWASP_Media_Project Source: https://www.youtube.com/watch?v=YzgjUPMSE9o Uploader: OWASP
Topics: Youtube, video, Entertainment
OWASP
by OWASP
movies
eye 0
favorite 0
comment 0
http://appseceurope2014.sched.org/venue/LAB002 Wednesday, June 25 Live from AppSecEU 2014 in Cambridge https://2014.appsec.eu/ 11:00 eXtend Security on Xcode 11:50 Intent on Being a Good Android Citizen? 13:50 OWASP Mobile Top Ten 2014 -- The New "Lack of Binary Protection" Category 14:40 Smart Storage Scanning for Mobile Apps - Attacks and Exploit 15:55 Getting a Handle on Mobile Security 16:45 Wait, Wait! Don't pwn Me! - Managed by the official OWASP Media Project...
Topics: Youtube, video, Science & Technology, owasp, appsec, appseceu, Application Security
OWASP
movies
eye 2
favorite 0
comment 0
From AppSecEU 2014 in Cambridge https://2014.appsec.eu/ The history of anonymous communications on the Internet dates back to the early 80's but since then there have been dramatic changes in how anonymous communication systems have been built and how they have been used. In this talk I will describe some of these key changes, and what has motivated them. These include the web taking over from email as the major means of communications, and users of anonymous communication systems prioritising...
Topics: Youtube, video, Science & Technology, appseceu, Tor (Software), owasp
OWASP
movies
eye 3
favorite 0
comment 0
Keynote - Tony UcedaVelez - Fixing Broken Enterprise Threat Models with OWASP Efforts: Commissioning AppSec Professionals for Real Change (includes conference closing notes at 38:00) Global organizations have been working off of a broken or non-existent threat model. Distracted with compliance, plagued with undefined attack surfaces, a deluge of inoperable threat intel, risk distortions, and made complacent by a sea of controls, *Sec practitioners should feel compelled to reboot their approach....
Topics: Youtube, video, Science & Technology, owasp, appsec
OWASP
movies
eye 3
favorite 0
comment 0
From AppSecEU 2015 in Amsterdam https://2015.appsec.eu/ Matt Johansen, Johnathan Kuskos The Top 10 Web Hacks of 2014 You can download all Videos at https://www.its.fh-muenster.de/owasp-appseceu/2015/ ⇩ - Managed by the official OWASP Media Project https://www.owasp.org/index.php/OWASP_Media_Project Source: https://www.youtube.com/watch?v=gA5IVywVneA Uploader: OWASP
Topics: Youtube, video, Entertainment
OWASP
movies
eye 4
favorite 0
comment 0
Adaptive Testing Methodology: Crowdsourced Testing Methodology Customized to the Target Stack Testing methodology is a sore subject for most pentesters. Everyone has their own way to do things, and 3 people testing the same thing often end up with different results—especially when constrained for time. The ASTM project has two goals: 1) allow testers to consistently find the best vulnerabilities in the shortest amount of time, and 2) provide a framework for community improvement of the...
Topics: Youtube, video, Science & Technology, owasp, appsec
OWASP
movies
eye 0
favorite 0
comment 0
From AppSecEU 2014 in Cambridge https://2014.appsec.eu/ Traditional techniques for detecting malware, such as viruses, worms and rootkits, rely on identifying virus-specific signature definitions within network traffic, applications or memory. Because a sample of malware is required to define an attack signature, signature detection has drawbacks when accounting for morphism, has limited use in Zero-Day protection and is a post-infection technique requiring malware to be present on a network,...
Topics: Youtube, video, Science & Technology, Appseceu, Owasp
OWASP
movies
eye 2
favorite 0
comment 0
CSRF is an often misunderstood vulnerability. In this talk I will introduce CSRF and the basic defenses against it. Then I will go through all of the various major solutions and describe how they implement the general solution and the positives and negatives of each implementation. The general solution is to implement the synchronizer token pattern. This is usually done in the framework and not by the individual developer. For example .net applications can use the antiforgerytoken (for MVC...
Topics: Youtube, video, Science & Technology, owasp, appsec, AppSecCali‎2014
OWASP
movies
eye 7
favorite 0
comment 0
Recorded at AppSecUSA 2014 in Denver http://2014.appsecusa.org/ Thursday, September 18 • 2:00pm - 2:45pm Runtime Manipulation of Android and iOS Applications With over 1.6 million applications in the Apple AppStore and Google Play store, and around 7 billion mobile subscribers in the world, mobile application security has been shoved into the forefront of many organizations. Mobile application security encompasses many facets of security. Device security, application security, and network...
Topics: Youtube, video, Science & Technology, owasp, appsec, Dan Amodio, David Lindner
OWASP
movies
eye 7
favorite 0
comment 0
- Managed by the official OWASP Media Project https://www.owasp.org/index.php/OWASP_Media_Project Source: https://www.youtube.com/watch?v=Lu0-kDdtVf4 Uploader: OWASP
Topics: Youtube, video, Science & Technology, owasp, appsec
OWASP
movies
eye 5
favorite 0
comment 0
From AppSecEU 2015 in Amsterdam https://2015.appsec.eu/ Luca De Fulgentis Windows Phone App Security For Builders And Breakers You can download all Videos at https://www.its.fh-muenster.de/owasp-appseceu/2015/ ⇩ - Managed by the official OWASP Media Project https://www.owasp.org/index.php/OWASP_Media_Project Source: https://www.youtube.com/watch?v=m_hEBmNtUbg Uploader: OWASP
Topics: Youtube, video, Entertainment
OWASP
movies
eye 1
favorite 0
comment 0
From AppSecEU 2016 in Rome https://2016.appsec.eu/ - Managed by the official OWASP Media Project https://www.owasp.org/index.php/OWASP_Media_Project Source: https://www.youtube.com/watch?v=jsBdrJT_qIU Uploader: OWASP
Topics: Youtube, video, Science & Technology, owasp, appsec
OWASP
movies
eye 1
favorite 0
comment 0
AppSec California 2015 - Day 1, Track 3, Slot 2 Title No Better ROI: HTTP Headers for Security Abstract Eli Goldratt asks us to always keep in mind, “What’s the Goal?” If our goal is to help the business succeed, how can I make the biggest impact using web application security with the least effort? This turbo talk will reveal extra powerful, very low cost, and extremely under utilized HTTP headers to help the business win. Bio Caleb Queern is the Chief Scientist at Cyveillance, and the...
Topics: Youtube, video, Science & Technology, appsec, webapps, webapp, security, web applications,...
OWASP
movies
eye 11
favorite 0
comment 0
Serverless is a design pattern for writing scalable applications in which Functions as a Service (FaaS) is one of the key building blocks. Every mayor Cloud Provider has got his own FaaS available. On Microsoft Azure there is Azure Functions, AWS has got Lambda and Cloud Functions can be used on the Google Cloud. All of these have a lot of similarities in the way they allow developers to create small event driven services. From security perspective there are a lot of benefits when moving to a...
Topics: Youtube, video, Science & Technology, owasp, appsec
OWASP
movies
eye 2
favorite 0
comment 0
Even though modern mobile operating systems like iOS and Android offer great APIs for secure data storage and communication, those APIs have to be used correctly in order to be effective. Data storage, inter-app communication, proper usage of cryptographic APIs and secure network communication are only some of the aspects that require careful consideration. The OWASP Mobile Security Testing Guide (MSTG) is a comprehensive manual for testing the security of mobile apps. It describes processes...
Topics: Youtube, video, Science & Technology, owasp, appsec
OWASP
movies
eye 0
favorite 0
comment 0
Keynote - Software Supply Chain Lifecycle Management: Reducing Attack Vectors and Enabling Rugged DevOps As the cyber threat landscape evolves and as software dependencies grow more complex, understanding and managing risk in the software supply chain is more critical than ever, and it must focus on the entire lifecycle that includes development, acquisition, and DevOps. The Internet of Things (IoT) is contributing to a massive proliferation of a variety of types of software-reliant, connected...
Topics: Youtube, video, Science & Technology, owasp, appsec, appsecusa
As organizations scale, it can become increasingly difficult for a small security team to process the large volumes of alerts. In addition, the employee who triggered the alert frequently has the most context as to what transpired. At our organization, we use a Slack bot to engage employees after suspicious activity. Involving employees has the dual benefit of raising company-wide security awareness and lightening the load on our security team. Employees also give us valuable insight into why...
Topics: Youtube, video, Science & Technology, owasp, appsec
- Managed by the official OWASP Media Project https://www.owasp.org/index.php/OWASP_Media_Project Source: https://www.youtube.com/watch?v=lGdfE-bhQhg Uploader: OWASP
Topics: Youtube, video, Science & Technology, owasp, appsec
OWASP
by OWASP
movies
eye 3
favorite 0
comment 0
From AppSecEU 2014 in Cambridge https://2014.appsec.eu/ CSP is a valuable defence against XSS and other attacks on web applications. This talk provides an introduction to the technology, why it's needed, how it works and also provides some hints on overcoming a few of the challenges presented by using CSP in the real world. Speakers Mark Goodwin Mark Goodwin works on application security for Mozilla, creators of the popular Firefox web browser (and CSP!). At work, Mark works with web...
Topics: Youtube, video, Science & Technology, Appseceu, Owasp
OWASP
movies
eye 3
favorite 0
comment 0
Recorded at AppSecUSA 2014 in Denver http://2014.appsecusa.org/ Friday, September 19 • 3:00pm - 3:45pm Ground Truths of a Rugged DevOps Practitioner DevOps isn't just a buzzword. It isn't a miracle cure. It isn't the security apocolypse. From the perspecitve of a practitioner who has been on a DevOps journey, we can explore the lessons learned - including surprises. This session will be a mixture of case study, lessons learned, future plans, and interactive discussion. Speaker Matt Tesauro...
Topics: Youtube, video, Science & Technology, owasp, appsec, Matt Tesauro
OWASP
movies
eye 1
favorite 0
comment 0
Using the O2 platform to Automate Application Security Knowledge and workflows 2013/11/06 The O2 platform represents a new paradigm for how to perform, document and distribute Web Application security reviews. O2 is designed to Automate Security Consultants Knowledge and Workflows and to Allow non-security experts to access and consume Security Knowledge Collection of Open Source modules that help Web Application Security Professionals to maximize their efforts and quickly obtain high...
Topics: Youtube, video, Science & Technology, owasp, appsec
OWASP
movies
eye 0
favorite 0
comment 0
Embedding GDPR into the SDLC We will map the GDPR requirements to the typical software security activities as part of a Secure Development Lifecycle. This will cover: • How to include the DPO as part of the software security governance? • Providing privacy awareness training to developers • Including privacy in secure coding guidelines • Including a Privacy Impact Analysis as part of software risk analysis. • Mapping the GDPR to software security requirements • Applying privacy by...
Topics: Youtube, video, Science & Technology, owasp, appsec
OWASP
movies
eye 1
favorite 0
comment 0
HSTS, TLS, HPKP, CSP: putting them all together to move to HTTPS Sun Hwan Kim Julien Sobrier Sun Hwan Kim Salesforce Senior Member of Technical Staff, Development Received Bachelor of Science in Computer Science from Carnegie Mellon University in 2013. Previously Interned at Neowiz internet and Ahnlab in South Korea. Now working as a software engineer in Product Defense Team at Salesforce, mainly focusing on building security framework for Salesforce application. Julien Sobrier Salesforce Lead...
Topics: Youtube, video, Science & Technology, owasp, appsec
OWASP
movies
eye 7
favorite 0
comment 0
Recorded at AppSecUSA 2016 in Washington, DC https://2016.appsecusa.org/ The talk will generalize the recent spate of deserialization attacks, including a brief discussion of an originally authored exploit for a recently discovered CVE. The commonalities between deserialization attacks will then be discussed, laying the framework for a "how to" guide on finding and exploiting deserialization vulnerabilities. The talk will also explain the incredible difficulty faced when using...
Topics: Youtube, video, Science & Technology, owasp, appsec, appsecusa
From AppSecEU 2016 in Rome https://2016.appsec.eu/ - Managed by the official OWASP Media Project https://www.owasp.org/index.php/OWASP_Media_Project Source: https://www.youtube.com/watch?v=zUDaP0m-gFU Uploader: OWASP
Topics: Youtube, video, Science & Technology, owasp, appsec
Recorded at AppSecUSA 2014 in Denver http://2014.appsecusa.org/ Friday, September 19 • 10:30am - 11:15am Reversing Engineering a Web Application - For Fun, Behavior & WAF Detection Screening HTTP traffic can be something really tricky and attacks to applications are becoming increasingly complex day by day. By analyzing thousands upon thousands of infections, we noticed that regular blacklisting is increasingly failing and we started research on a new approach to mitigate the problem....
Topics: Youtube, video, Science & Technology, owasp, appsec, Rodrigo Montoro
OWASP
movies
eye 6
favorite 0
comment 0
Recorded at AppSecUSA 2016 in Washington, DC https://2016.appsecusa.org/ Misconfigured CORS and why web application security is not getting easier. Web Application Security is actually really hard to enter into the "big-leagues" with a mature security program like facebook, google, and the like. These orgs are very mature and oftentimes roll out the newest, lastest, greatest security features. Part of entering in to the big leagues usually requires the implementation of advanced...
Topics: Youtube, video, Science & Technology, owasp, appsec, appsecusa
OWASP
movies
eye 4
favorite 0
comment 0
This session is an exploration into the world of security culture hacking. In the wake of the "data breach of the day", organizations claim they are more serious about security. The truth is that many still have weak security cultures. At the end of the day, how much actual security culture change occurs post-breach? The answer is not enough. This session describes how to change security culture from the inside out, utilizing best practices and real-world examples. With security...
Topics: Youtube, video, Science & Technology, owasp, appsec
OWASP
movies
eye 11
favorite 0
comment 0
Building a Secure DevOps Pipeline Is software development outpacing your ability to secure your company’s portfolio of apps? You don’t have to buy into Agile, DevOps or CI/CD to realize the business wants to move faster. And it's not like you didn’t already have more than enough to do. This talk will cover how to take the lessons learned from forward thinking software development and show you how they have been applied across several business. This isn’t a theoretical talk. It covers...
Topics: Youtube, video, Science & Technology, owasp, appsec
OWASP
movies
eye 3
favorite 0
comment 0
Friday the 13th: Attacking JSON 2016 was the year of Java deserialization apocalypse. Although Java Deserialization attacks were known for years, the publication of the Apache Commons Collection Remote Code Execution (RCE from now on) gadget finally brought this forgotten vulnerability to the spotlight and motivated the community to start finding and fixing these issues. One of the most suggested solutions for avoiding Java deserialization issues was to move away from Java Deserialization...
Topics: Youtube, video, Science & Technology, owasp, appsec
From AppSecEU 2015 in Amsterdam https://2015.appsec.eu/ Aaron Weaver Building An AppSec Pipeline: Keeping Your Program, And Your Life, Sane You can download all Videos at https://www.its.fh-muenster.de/owasp-appseceu/2015/ - Managed by the official OWASP Media Project https://www.owasp.org/index.php/OWASP_Media_Project Source: https://www.youtube.com/watch?v=1CDSOSl4DQU Uploader: OWASP
Topics: Youtube, video, Entertainment
OWASP
movies
eye 10
favorite 0
comment 0
OWASP Periodic Table of Elements - James Landis https://www.owasp.org/index.php/OWASP_Periodic_Table_of_Vulnerabilities After 25 years of software engineering since the first Internet worm was written to exploit a buffer overflow vulnerability, web developers are still building insecure software. It is time for a new approach. The vast majority of software bug classes can be eliminated by building protections into perimeter technologies, platform infrastructures, and application frameworks...
Topics: Youtube, video, Science & Technology, owasp, Appsecusa, Appsecusa 2013, appsec
OWASP
movies
eye 4
favorite 0
comment 0
Abstract : Authentication is important, but how do you authenticate when user interaction is not an option? For example, an IoT app without a user interface. We need to authenticate the app ― without any predefined credentials. But how? Join this session to find out - including a demo of the solution on a Raspberry Pi! by Omer Levi Hevroni, Security Champion of Soluto in Israel Website https://omerlh.info/ Omer has been writing code for the last 10 years and is currently working at Soluto as...
Topics: Youtube, video, Science & Technology, owasp, appsec, appsec cali 2018, Omer Levi Hevroni
OWASP
by OWASP
movies
eye 9
favorite 0
comment 0
The OWASP Glue Tool Project is a tools based project intended to make security automation easier. It is essentially a ruby gem that co-ordinates the running of different analysis tools and reporting from those tools. https://www.owasp.org/index.php/OWASP_Glue_Tool_Project - Managed by the official OWASP Media Project https://www.owasp.org/index.php/OWASP_Media_Project Source: https://www.youtube.com/watch?v=4ydoMIxPQMw Uploader: OWASP
Topics: Youtube, video, Science & Technology, owasp, appsec
From AppSecEU 2016 in Rome https://2016.appsec.eu/ - Managed by the official OWASP Media Project https://www.owasp.org/index.php/OWASP_Media_Project Source: https://www.youtube.com/watch?v=2O874A5Uj3w Uploader: OWASP
Topics: Youtube, video, Science & Technology, owasp, appsec
OWASP
movies
eye 7
favorite 0
comment 0
By Achim D Brucker and Michael Herzberg Cross-platform frameworks, such as Apache Cordova, are becoming increasingly popular. They promote the development of hybrid apps that combine native, i.e., system specific, code and system independent code, e.g., HTML5/JavaScript. Combining native with platform independent code opens Pandora's box: all the the security risks for native development are multiplied with the security risk of web applications. In the first half of our talk, we start our talk...
Topics: Youtube, video, Science & Technology, owasp, appsec
OWASP
movies
eye 2
favorite 0
comment 0
Clint Gibler NCC Group Research Director Clint Gibler is a senior security consultant and research director at NCC Group, a global information assurance specialist providing organizations with security consulting services. Clint has spoken at a number of security conferences, including Black Hat USA, Virus Bulletin, SecTor, Nullcon, NBT2, MobiSys, and TRUST. Clint holds a Ph.D. in Computer Science from the University of California, Davis, where his research focused on mobile security. Managed...
Topics: Youtube, video, Science & Technology, owasp, appsec, appsec cali 2018, Clint Gibler
OWASP
movies
eye 2
favorite 0
comment 0
Recorded at AppSecUSA 2014 in Denver http://2014.appsecusa.org/ Friday, September 19 • 9:30am - 10:15am Ten Secrets to Secure Mobile Applications Many high profile mobile apps have been in the news for failures to use encryption, bad web service design, and privacy violations against users. Join us to get a grasp on how to threat model mobile applications and what the top vulnerabilities and solutions are for them. This talk will use the OWASP Mobile Top Ten as a framework and will introduce...
Topics: Youtube, video, Science & Technology, owasp, appsec, Daniel Miessler, Jason Haddix
OWASP
movies
eye 5
favorite 0
comment 0
Abstract: Our friends across the pond, love their privacy. Makes you wonder what they're up to, huh? While many organizations are dreading achieving and maintaining GDPR compliance, if approached properly, it can be a big win for the security of your applications. This presentation will cover how GDPR can be a driver for many security initiatives and how to automate much of the work. About Anthony Trummer: Tony has been working in the IT industry for nearly 20 years and has been focused on...
Topics: Youtube, video, Science & Technology, owasp, appsec, appsec cali 2018, Anthony Trummer
OWASP
movies
eye 6
favorite 0
comment 0
From AppSecEU 2016 in Rome https://2016.appsec.eu/ - Managed by the official OWASP Media Project https://www.owasp.org/index.php/OWASP_Media_Project Source: https://www.youtube.com/watch?v=9FXQK3JMZ0E Uploader: OWASP
Topics: Youtube, video, Science & Technology, owasp, appsec
OWASP
movies
eye 5
favorite 0
comment 0
BASHing iOS Applications: dirty, s*xy, cmdline tools for mobile auditors - Jason Haddix, Dawn Isabel The toolchain for (binary) iOS application assessment is weak BUT, like an island of misfit toys, there can be stregnth in numbers. Join us as we explore what actually needs to be done in a mobile assessment and how we can do it right from our SSH prompt on our iOS device. Our tool is simple yet effective and as you learn to do mobile assessments you'll also teach yourself the fundamentals of...
Topics: Youtube, video, Science & Technology, Appsecusa 2013, appsec, Jason Haddix, owasp, Appsecusa,...
OWASP
movies
eye 12
favorite 0
comment 0
Abstract : “Project edgeguard” is a open framework that allows you to detect when malicious content (planted in your browser via hacking or client-side malware attacks) results in sensitive user data to be stolen and transmitted to third parties (hackers, cybercrime etc). - Similar to many banking Trojans. Injection and tampering attacks: Malicious content can be placed within a user’s browser whilst using your web application by virtue of a client-side security weakness/vulnerability or...
Topics: Youtube, video, Science & Technology, owasp, appsec, appsec cali 2018, Rahim Jina, Eoin Keary
OWASP
movies
eye 4
favorite 0
comment 0
From AppSecEU 2014 in Cambridge https://2014.appsec.eu/ Adversaries today are technically advanced, structured around an underground governed by market forces, and using paradigm shifts in technology to compromise more victims. We examine techniques for identifying, anonymizing, and sharing threat intelligence and discuss use cases ranging from DDOS to malware where this approach can speed response times and prevent breaches. Speakers Jacob West Jacob West is Chief Technology Officer for...
Topics: Youtube, video, Science & Technology, Appseceu, Owasp
OWASP
movies
eye 3
favorite 0
comment 0
Securing C code that seems to work just fine Fastly offers a content delivery network (CDN) that ubiquitous and high-profile web properties like GitHub, Pinterest, and The New York Times rely on for performance, reliability, and security of their web applications. Fastly edge nodes seamlessly execute customer app security controls, handle sensitive user session data, and act as a trusted man-in-the-middle for TLS traffic. Edge daemons in the Fastly CDN are largely implemented in C. C has many...
Topics: Youtube, video, Science & Technology, owasp, appsec
OWASP
movies
eye 4
favorite 0
comment 0
Recorded at AppSecUSA 2014 in Denver http://2014.appsecusa.org/ Thursday, September 18 • 10:30am - 11:15am Use After Free Exploitation Use After Free vulnerabilities are the cause of a large number of web browser and client-side compromises. Software bugs residing on the heap can be difficult to detect through standard debugging and QA. This presentation will first define the Use After Free vulnerability class, and then dive deep into detecting the bug in a debugger and weaponizing it into a...
Topics: Youtube, video, Science & Technology, owasp, appsec, Stephen Sims
OWASP
movies
eye 6
favorite 0
comment 0
AppSec California 2015 - Day 2, Track 2, Slot 3 Title IoT: Taking PKI Where No PKI Has Gone Before Abstract “Traditional PKI focuses on binding a public key to the keyholder’s identity, which is implicitly assumed to be a well-defined, relatively static thing (such as individual’s full name or email address, or the hostname of a public webserver). However, in the envisioned smart grid, for example, the relevant properties of the keyholder are not just the device’s identity (i.e. this is...
Topics: Youtube, video, Science & Technology, web applications, infosec, owasp, appsec california 2015,...
OWASP
movies
eye 2
favorite 0
comment 0
From AppSecEU 2014 in Cambridge https://2014.appsec.eu/ For sys admins, your servers hold many pieces of sensitive information, whether they are iron, virtual or cloud boxes. These keys to your kingdom need protection but must also also allow for infrastructure at scale. Application Security current best practices talk about key management, key rotation but have little to no practical advice beyond policy and general statements. This presentation discusses a proposed solution for key...
Topics: Youtube, video, Science & Technology, Appseceu, Owasp
OWASP
movies
eye 2
favorite 0
comment 0
From AppSecEU 2015 in Amsterdam https://2015.appsec.eu/ Jonathan Cran Hard Knock Lessons On Bug Bounties You can download all Videos at https://www.its.fh-muenster.de/owasp-appseceu/2015/ ⇩ - Managed by the official OWASP Media Project https://www.owasp.org/index.php/OWASP_Media_Project Source: https://www.youtube.com/watch?v=VSk2-XmAvA0 Uploader: OWASP
Topics: Youtube, video, Entertainment
Recorded at AppSecUSA 2016 in Washington, DC https://2016.appsecusa.org/ Practical Static Analysis for Continuous Application Security Static code analysis tools that attempt determine what code does without actually running the code provide an excellent opportunity to perform lightweight security checks as part of the software development lifecycle. Unfortunately, building generic static analysis tools, especially for security, is a costly, time-consuming effort. As a result very few tools...
Topics: Youtube, video, Science & Technology, owasp, appsec, appsecusa
OWASP
movies
eye 4
favorite 0
comment 0
Leveraging OWASP in Open Source Projects - CAS AppSec Working Group - Aaron Weaver, David Ohsie, Bill Thompson The CAS AppSec Working Group is a diverse volunteer team of builders, breakers, and defenders that is working to improve the security of Jasig CAS, an open source WebSSO project. This presentation will show how the team is leveraging OWASP resources to improve security, provide security artifacts for potential adopters, and implementing policy and processes for vulnerability analysis...
Topics: Youtube, video, Science & Technology, Appsecusa, appsec, Appsecusa 2013, owasp
Abstract Cross-Site Scripting is a constant problem of the Web platform. Over the years many techniques have been introduced to prevent or mitigate XSS. Most of these techniques, thereby, focus on script tags and event handlers. HTML sanitizers, for example, aim at removing potentially dangerous tags and attributes. Another example is the Content Security Policy, which forbids inline event handlers and aims at white listing of legitimate scripts. In this talk, we present a novel Web hacking...
Topics: Youtube, video, Science & Technology, owasp, appsec
OWASP
movies
eye 7
favorite 0
comment 0
From AppSecEU 2014 in Cambridge https://2014.appsec.eu/ It's estimated that 86% of all websites had at least a serious vulnerability during 2012. Attackers either manually or automatically (via botnets) deploy C&C servers and malware droppers within exploited websites to infect clients. When such an intrusion is not detected by the owner, the website can deliver malware for long periods until somebody either privately or publicly notices it and maybe an investigation starts. To tackle this,...
Topics: Youtube, video, Science & Technology, Appseceu, Owasp
OWASP
by OWASP
movies
eye 4
favorite 0
comment 0
WebShells are an often misunderstood and overlooked form of malware. Yet they continue to be a popular and powerful attacker tool. WebShells can range from extremely simple to elegant and complex. And they are often a favorite tool used by intruders to establish a long term, stealthy presence in a compromised network. Webshells fall into a few distinct categories, and most follow the same common concepts in their design and purpose. This talk will outline the common parts of a WebShell, why...
Topics: Youtube, video, Science & Technology, owasp, appsec, AppSecCali‎2014
From AppSecEU 2015 in Amsterdam https://2015.appsec.eu/ Joshua Corman Continuous Acceleration: Why Continuous Everything Requires A Supply Chain Approach You can download all Videos at https://www.its.fh-muenster.de/owasp-appseceu/2015/ ⇩ - Managed by the official OWASP Media Project https://www.owasp.org/index.php/OWASP_Media_Project Source: https://www.youtube.com/watch?v=0mUN3RppEHE Uploader: OWASP
Topics: Youtube, video, Entertainment
OWASP
movies
eye 4
favorite 0
comment 0
How is the reality on Android mobile, password manger applications? Can users really be sure that their secrets are stored in a secure way, even if their device gets lost or stolen? Considering this "lost device" scenario we analyzed 15 of the most popular Android password manager apps based on download count. In our analyses, we tested the apps' resistance against attempts to extract the user's stored secrets and we tried to assess how hard it would be for an attacker to steal the...
Topics: Youtube, video, Science & Technology, owasp, appsec
OWASP
movies
eye 12
favorite 0
comment 0
Recorded at AppSecUSA 2014 in Denver http://2014.appsecusa.org/ Thursday, September 18 • 10:30am - 11:15am Anatomy of memory scraping, credit card stealing POS malware Learn the nuts-and-bolts of how a memory scraping, credit card stealing point-of-sale (POS) malware works and identify strategies that you can implement to make it hard for the bad guys. Sensitive information, like credit card numbers, are encrypting on disk and also during transit. But the one place where this information is...
Topics: Youtube, video, Science & Technology, owasp, appsec
OWASP
movies
eye 3
favorite 0
comment 0
http://appseceurope2014.sched.org/venue/LAB026 Wednesday, June 25 Backup-Stream: http://itsecteam.ms/live Live from AppSecEU 2014 in Cambridge https://2014.appsec.eu/ 09:15 Keynote - Fighting Next-Generation Adversaries with Shared Threat Intelligence 10:00 OWASP Board Presentation 11:00 Biting into the Forbidden Fruit. Lessons from Trusting JavaScript Crypto. 11:50 OWASP Security Shepherd - Mobile/Web Security Awareness and Education 13:50 OWASP Hackademic: Towards an Educational Ecosystem for...
Topics: Youtube, video, Science & Technology, owasp, appsec, appseceu, Application Security
OWASP
movies
eye 5
favorite 0
comment 0
Today’s world of Equifax breaches is the same old data security problem. In the past you’d need a solid SQL injection to pull all the records of a database. Now days, you need an RCE on the application server. The root problem has not changed. The app server has keys to database, decryption, and a public presence. How do you protect data in this architecture. A solution is crypto anchoring paired with effective monitoring. Speakers Jon Debonis Head of Security / CSO, Blend Hi. I'm Jon. I...
Topics: Youtube, video, Science & Technology, owasp, appsec
OWASP
by OWASP
movies
eye 3
favorite 0
comment 0
- Managed by the official OWASP Media Project https://www.owasp.org/index.php/OWASP_Media_Project Source: https://www.youtube.com/watch?v=pqL01VZPLB8 Uploader: OWASP
Topics: Youtube, video, Science & Technology, owasp, appsec
OWASP
movies
eye 7
favorite 0
comment 0
- Managed by the official OWASP Media Project https://www.owasp.org/index.php/OWASP_Media_Project Source: https://www.youtube.com/watch?v=4oBEy-hoJeg Uploader: OWASP
Topics: Youtube, video, Science & Technology, owasp, appsec
OWASP
movies
eye 6
favorite 0
comment 0
Recently, an anonymous open source developer decides to remove his code (left-pad) from a public repository. Shortly thereafter, several large organizations felt the impact of his actions. Facebook, AirBnB and others experienced errors impacting the functionality of their services. Packages using 'left-pad' wouldn't properly execute. Today, we embrace both the open source community and the growth of open source projects, modules and packages but dependencies and recursive dependencies might...
Topics: Youtube, video, Science & Technology, owasp, appsec
OWASP
by OWASP
movies
eye 3
favorite 0
comment 0
AppSec Pipelines and Event-based Security: Moving beyond a traditional security test. Matt Tesauro OWASP Foundation Senior Technical Project Engineer Matt Tesauro is currently working full-time for the OWASP Foundation, adding automation and awesome to OWASP projects. Previously, he was a founder and CTO of Infinitiv, a Senior Software Security Engineer at Pearson and the Senior Product Security Engineer at Rackspace. He is also an Adjunct Professor for the University of Texas Computer Science...
Topics: Youtube, video, Science & Technology, owasp, appsec
OWASP
movies
eye 7
favorite 0
comment 0
Abstract: What would you see occurring that would let you know that your security capabilities are improving while the business scales? Scale meaning more staff, more systems, more software, more cloud platforms/apis, more third parties and more regions/markets all growing with more speed. This talk will focus on methods of measurement, with code, that will help you answer these questions. by Richard Seiersen, SVP/CISO of Lending Club Website: howtomeasureanything.com/cybersecurity/ Richard is...
Topics: Youtube, video, Science & Technology, owasp, appsec, appsec cali 2018, richard seiersen
OWASP
by OWASP
movies
eye 4
favorite 0
comment 0
Want to be secure? Eliminate passwords. If you don't have a password, it can't be stolen! Jack Bicer Sekur Me CEO Websitesekur.me Jack Bicer is the founder and CEO of SEKUR.me, a mobile security and payments company, that eliminates passwords securely. His two previous inventions “Uninstall” and “Automatic Software Updates”, run on every computer and every smartphone today. A 35 year software industry veteran, Jack is an industry expert on mobile applications, authentication, SaaS and...
Topics: Youtube, video, Science & Technology, owasp, appsec
OWASP
by OWASP
movies
eye 5
favorite 0
comment 0
- Managed by the official OWASP Media Project https://www.owasp.org/index.php/OWASP_Media_Project Source: https://www.youtube.com/watch?v=kF220Wpy5LM Uploader: OWASP
Topics: Youtube, video, Science & Technology, owasp, appsec
OWASP
by OWASP
movies
eye 3
favorite 0
comment 0
- Managed by the official OWASP Media Project https://www.owasp.org/index.php/OWASP_Media_Project Source: https://www.youtube.com/watch?v=9XBP04a8A18 Uploader: OWASP
Topics: Youtube, video, Science & Technology, owasp, appsec
Chromebooks and network motes to enforce security posture from the device to the cloud. Telling a developer they cannot have admin access on their local machine is not practical. We want them to get work done. For any company that doesn’t have an IT security team greater than 4 to 5 people, monitoring devices is not practical. How do we both provide secure access to production where the stakes are very high, and provide admin rights on personal devices? Our solution was to roll out chrome...
Topics: Youtube, video, Science & Technology, owasp, appsec
OWASP
movies
eye 6
favorite 0
comment 0
HTTP Time Bandit - Vaagn Toukharian, Tigran Gevorgyan While web applications have become richer to provide a higher level user experience, they run increasingly large amounts of code on both the server and client sides. A few of the pages on the web server may be performance bottlenecks. Identifying those pages gives both application owners as well as potential attackers the chance to be more efficient in performance or attack. We will discuss a tool created to identify weaknesses in the web...
Topics: Youtube, video, Science & Technology, Appsecusa, appsec, Appsecusa 2013, owasp
OWASP
movies
eye 7
favorite 0
comment 0
Abstract : Over the last two years, we've received and analyzed more than ten million SSL validation failure reports from more than a thousand of iOS and Android apps available on the Stores, and used all around the world. From mobile banking to music apps, each report was triggered because an unknown or unexpected certificate was being served to the app, preventing it from establishing a secure connection to its server via SSL/TLS. We've analyzed each of these reports to understand what caused...
Topics: Youtube, video, Science & Technology, owasp, appsec, appsec cali 2018, Alban Diquet
OWASP
movies
eye 7
favorite 0
comment 0
Big Data Intelligence (Harnessing Petabytes of WAF statistics to Analyze & Improve Web Protection in the Cloud) - Ory Segal, Tsvika Klein Presentation Title: "Big Data Intelligence" Subtitle: "Harnessing Petabytes of WAF statistics to Analyze & Improve Web Protection in the Cloud" As web application attacks turn into massive campaigns against large corporations across the globe, web application firewall data increases exponentially, leaving security experts with a...
Topics: Youtube, video, Science & Technology, Appsecusa, owasp, appsec, Appsecusa 2013
OWASP
by OWASP
movies
eye 6
favorite 0
comment 0
2013 WASPY Awards followed by OWASP Jeopardy with host Jerry Hoff https://www.owasp.org/index.php/WASPY_Awards_2013 - Recorded and live streamed by: https://www.owasp.org/index.php/OWASP_Media_Project Source: https://www.youtube.com/watch?v=dvGsvbcTmRA Uploader: OWASP
Topics: Youtube, video, Science & Technology, Hangouts On Air, Appsecusa 2013, owasp, #hoa,...
OWASP
movies
eye 12
favorite 0
comment 0
The Jakarta EE architecture provides the necessary enablement but most developers do not have the time or the training to take full advantage of what it has to offer. This technical session describes and demos an end-to-end application security architecture for an Apache Wicket Web app running in Tomcat. It includes practical, hands-on guidance to properly implementing authentication, authorization, and confidentiality controls using Java, Spring and Apache Fortress controls. In addition to...
Topics: Youtube, video, Science & Technology, owasp, appsec
OWASP
movies
eye 7
favorite 0
comment 0
(Audio only) Wassup MOM? Owning the Message Oriented Middleware - Gursev Singh Kalra Message Oriented Middleware (MOM) allows disparate applications to communicate with each other by exchanging information in the form of messages. A MOM and its clients create an enterprise messaging application that forms the transactional backbone of several large organizations worldwide. Security is therefore an important aspect of these applications. This research analyzes enterprise messaging security from...
Topics: Youtube, video, Science & Technology, Appsecusa 2013, owasp, appsec, Appsecusa