Professional Documents
Culture Documents
L49 - Advanced Security
L49 - Advanced Security
L49 - Advanced Security
C:\WINDOWS\system32>whoami
●
●
●
●
●
2
Agenda
3
Disclaimer
4
Common Web Application
Flaws
5
Common Web Application Flaws
●
○
○
●
○
○
●
○
○
6
OWASP Top 10
7
Mitre CWE top 25
8
Mitre CWE top 25
9
XML External Entities (XXE)
●
○
○
○
○
■
■
10
XXE cont.
11
XXE cont.
●
○
○
○
○
●
○
12
XXE cont.
13
XXE cont.
●
○
○
○
14
XXE Defined
●
15
XXE cont.
16
XXE cont.
17
XXE cont.
●
○
●
○
●
○
18
Path Traversal
●
●
○
○
19
Local File Inclusion (LFI)
●
●
●
●
20
LFI cont.
21
LFI cont.
●
●
●
●
22
Remote File Inclusion (RFI)
●
●
23
Securing Web Applications
24
Practice Secure Coding
●
●
●
○
○
○
○
○
●
25
Penetration Testing
●
●
●
●
26
Penetration Testing cont.
27
Web Application Firewall (WAF)
●
28
WAF cont.
29
WAF cont.
30
WAF cont.
Differences between WAFs and Network Firewalls
31
WAF cont.
●
○
○
○
○
32
ModSecurity WAF
●
○
○
○
33
ModSecurity WAF cont.
●
○
●
○
●
○
34
ModSecurity WAF cont.
35
ModSecurity WAF cont.
36
When Security goes wrong: The Capital
One Data Breach Case Study
●
○
○
●
○
○
37
Penetration Testing and WAFs
●
●
38
Summary
●
●
●
●
●
●
●
39
References
40
References
41
Questions?
42