Prezi

Present Remotely

Send the link below via email or IM

Copy

Present to your audience

Start remote presentation

  • Invited audience members will follow you as you navigate and present
  • People invited to a presentation do not need a Prezi account
  • This link expires 10 minutes after you close the presentation
  • A maximum of 30 users can follow your presentation
  • Learn more about this feature in the manual

Do you really want to delete this prezi?

Neither you, nor the coeditors you shared it with will be able to recover it again.

DeleteCancel

Make your likes visible on Facebook?

Connect your Facebook account to Prezi and let your likes appear on your timeline.
You can change this under Settings & Account at any time.

No, thanks

OWASP Top Ten Defenses

Owaspified
by Jason Johnson on 29 August 2013

Comments (0)

Please log in to add your comment.

Report abuse

Transcript of OWASP Top Ten Defenses

Top TEN Proactive Controls
Secure Requirements
Core requirements for any project
(technical)
Business logic requirements
(project specific)
Jim Manico
@manicode
Scan Me
Secure Architecture and Design
When to use request, session
or database for data flow.
Mr Snifferson
Business specific features
To:
WildGooseChase
We think
it works
Leverage secure coding frameworks and libraries
PHP
.NET
Turnkey Security Library

Business Specific
Security Library

Apache SHIRO
Identity and Authentication
Password Storage
Forgot Password Workflow
Multi Factor Auth
Session Management
Access Control
Limitations of Role Based Access Control
Mr Thin Line
Capabilities-based access control
If
This
Then
GRANTED
Access Control and Intrusion Detection
Query Parameterization
Stored Procedures and
Query Parameterization

Building SQL and
Query Parameterization

Validation
White List Black List
Input Validation and Internationalization
URL validation
My Name is...WHAT
HTML Validation
Encoding
Code and Data
Output encoding for XSS
Query Parameterization
Other encodings for LDAP, XML
construction and OS Command injection resistance
Data Protection
At rest with AES
In transit with SSL
Secure number generation

Logging, Error Handling and Intrusion Detection
See the full transcript