Suche senden
Hochladen
Chaos Report - Web Security Version
•
Als KEY, PDF herunterladen
•
0 gefällt mir
•
833 views
Eduardo Bohrer
Folgen
Slides do Lightning Talk apresentado no Segundo TTLabs Summit em 11/11/2011.
Weniger lesen
Mehr lesen
Technologie
Melden
Teilen
Melden
Teilen
1 von 19
Jetzt herunterladen
Empfohlen
Sophos introduces the Threat Landscape
Sophos introduces the Threat Landscape
Sophos Benelux
Malware self protection-matrix
Malware self protection-matrix
Cyphort
Virus Informáticos
Virus Informáticos
yaya2404
Mmw mac malware-mac
Mmw mac malware-mac
Cyphort
Asw clntg
Asw clntg
Madhu Priya
Cybersecurity 5 road_blocks
Cybersecurity 5 road_blocks
Cyphort
Malware's Most Wanted: Malvertising Attacks on Huffingtonpost, Yahoo, AOL
Malware's Most Wanted: Malvertising Attacks on Huffingtonpost, Yahoo, AOL
Cyphort
The Wannacry Effect - Provided by Raconteur
The Wannacry Effect - Provided by Raconteur
Gary Chambers
Empfohlen
Sophos introduces the Threat Landscape
Sophos introduces the Threat Landscape
Sophos Benelux
Malware self protection-matrix
Malware self protection-matrix
Cyphort
Virus Informáticos
Virus Informáticos
yaya2404
Mmw mac malware-mac
Mmw mac malware-mac
Cyphort
Asw clntg
Asw clntg
Madhu Priya
Cybersecurity 5 road_blocks
Cybersecurity 5 road_blocks
Cyphort
Malware's Most Wanted: Malvertising Attacks on Huffingtonpost, Yahoo, AOL
Malware's Most Wanted: Malvertising Attacks on Huffingtonpost, Yahoo, AOL
Cyphort
The Wannacry Effect - Provided by Raconteur
The Wannacry Effect - Provided by Raconteur
Gary Chambers
Delitos informáticos
Delitos informáticos
Carlos Javier Sanbri
Most notable apt_ attacks_of_2015_and_2016 predictions
Most notable apt_ attacks_of_2015_and_2016 predictions
Cyphort
Malware's Most Wanted: Financial Trojans
Malware's Most Wanted: Financial Trojans
Cyphort
Malware's Most Wanted: The Many Faces of Malware
Malware's Most Wanted: The Many Faces of Malware
Cyphort
MMW June 2016: The Rise and Fall of Angler
MMW June 2016: The Rise and Fall of Angler
Marci Bontadelli
Antivirus weakness
Antivirus weakness
abdesslem amri
What? Why? Who? How? Of Application Security Testing
What? Why? Who? How? Of Application Security Testing
TEST Huddle
Today's malware aint what you think
Today's malware aint what you think
Nathan Winters
20160713 2016 the honeynet projct annual workshop focus and global trends
20160713 2016 the honeynet projct annual workshop focus and global trends
Yi-Lang Tsai
Sucuri website-hacked-report-2016 q1
Sucuri website-hacked-report-2016 q1
Roel Palmaers
The Dangers of Lapto
The Dangers of Lapto
Infosec Europe
2016 Bad Bot Report: Quantifying the Risk and Economic Impact of Bad Bots
2016 Bad Bot Report: Quantifying the Risk and Economic Impact of Bad Bots
Distil Networks
Quick heal threat_report_q3_2016
Quick heal threat_report_q3_2016
Andrey Apuhtin
Protect Yourself Against Today's Cybercriminals and Hackers
Protect Yourself Against Today's Cybercriminals and Hackers
Kaseya
Threats, Threat Modeling and Analysis
Threats, Threat Modeling and Analysis
Ian G
RSA Europe 2013 OWASP Training
RSA Europe 2013 OWASP Training
Jim Manico
En msft-scrty-cntnt-e book-cybersecurity
En msft-scrty-cntnt-e book-cybersecurity
Online Business
2016 Trends in Security
2016 Trends in Security
Ioannis Aligizakis, M.Sc.
The Web Hacking Incidents Database Annual
The Web Hacking Incidents Database Annual
guest376352
DevSecCon London 2019: Are Open Source Developers Security’s New Front Line?
DevSecCon London 2019: Are Open Source Developers Security’s New Front Line?
DevSecCon
Web Application Security
Web Application Security
sudip pudasaini
Indiancybercrimescene
Indiancybercrimescene
Rahul Mohandas
Weitere ähnliche Inhalte
Was ist angesagt?
Delitos informáticos
Delitos informáticos
Carlos Javier Sanbri
Most notable apt_ attacks_of_2015_and_2016 predictions
Most notable apt_ attacks_of_2015_and_2016 predictions
Cyphort
Malware's Most Wanted: Financial Trojans
Malware's Most Wanted: Financial Trojans
Cyphort
Malware's Most Wanted: The Many Faces of Malware
Malware's Most Wanted: The Many Faces of Malware
Cyphort
MMW June 2016: The Rise and Fall of Angler
MMW June 2016: The Rise and Fall of Angler
Marci Bontadelli
Antivirus weakness
Antivirus weakness
abdesslem amri
Was ist angesagt?
(6)
Delitos informáticos
Delitos informáticos
Most notable apt_ attacks_of_2015_and_2016 predictions
Most notable apt_ attacks_of_2015_and_2016 predictions
Malware's Most Wanted: Financial Trojans
Malware's Most Wanted: Financial Trojans
Malware's Most Wanted: The Many Faces of Malware
Malware's Most Wanted: The Many Faces of Malware
MMW June 2016: The Rise and Fall of Angler
MMW June 2016: The Rise and Fall of Angler
Antivirus weakness
Antivirus weakness
Ähnlich wie Chaos Report - Web Security Version
What? Why? Who? How? Of Application Security Testing
What? Why? Who? How? Of Application Security Testing
TEST Huddle
Today's malware aint what you think
Today's malware aint what you think
Nathan Winters
20160713 2016 the honeynet projct annual workshop focus and global trends
20160713 2016 the honeynet projct annual workshop focus and global trends
Yi-Lang Tsai
Sucuri website-hacked-report-2016 q1
Sucuri website-hacked-report-2016 q1
Roel Palmaers
The Dangers of Lapto
The Dangers of Lapto
Infosec Europe
2016 Bad Bot Report: Quantifying the Risk and Economic Impact of Bad Bots
2016 Bad Bot Report: Quantifying the Risk and Economic Impact of Bad Bots
Distil Networks
Quick heal threat_report_q3_2016
Quick heal threat_report_q3_2016
Andrey Apuhtin
Protect Yourself Against Today's Cybercriminals and Hackers
Protect Yourself Against Today's Cybercriminals and Hackers
Kaseya
Threats, Threat Modeling and Analysis
Threats, Threat Modeling and Analysis
Ian G
RSA Europe 2013 OWASP Training
RSA Europe 2013 OWASP Training
Jim Manico
En msft-scrty-cntnt-e book-cybersecurity
En msft-scrty-cntnt-e book-cybersecurity
Online Business
2016 Trends in Security
2016 Trends in Security
Ioannis Aligizakis, M.Sc.
The Web Hacking Incidents Database Annual
The Web Hacking Incidents Database Annual
guest376352
DevSecCon London 2019: Are Open Source Developers Security’s New Front Line?
DevSecCon London 2019: Are Open Source Developers Security’s New Front Line?
DevSecCon
Web Application Security
Web Application Security
sudip pudasaini
Indiancybercrimescene
Indiancybercrimescene
Rahul Mohandas
Vinoo thomas rahul_mohandas__indian_cybercrime_scene - ClubHack2009
Vinoo thomas rahul_mohandas__indian_cybercrime_scene - ClubHack2009
ClubHack
Cisco Web and Email Security Overview
Cisco Web and Email Security Overview
Cisco Security
Renaud Bido & Mohammad Shams - Hijacking web servers & clients
Renaud Bido & Mohammad Shams - Hijacking web servers & clients
nooralmousa
Threat Check for Struts Released, Equifax Breach Dominates News
Threat Check for Struts Released, Equifax Breach Dominates News
Black Duck by Synopsys
Ähnlich wie Chaos Report - Web Security Version
(20)
What? Why? Who? How? Of Application Security Testing
What? Why? Who? How? Of Application Security Testing
Today's malware aint what you think
Today's malware aint what you think
20160713 2016 the honeynet projct annual workshop focus and global trends
20160713 2016 the honeynet projct annual workshop focus and global trends
Sucuri website-hacked-report-2016 q1
Sucuri website-hacked-report-2016 q1
The Dangers of Lapto
The Dangers of Lapto
2016 Bad Bot Report: Quantifying the Risk and Economic Impact of Bad Bots
2016 Bad Bot Report: Quantifying the Risk and Economic Impact of Bad Bots
Quick heal threat_report_q3_2016
Quick heal threat_report_q3_2016
Protect Yourself Against Today's Cybercriminals and Hackers
Protect Yourself Against Today's Cybercriminals and Hackers
Threats, Threat Modeling and Analysis
Threats, Threat Modeling and Analysis
RSA Europe 2013 OWASP Training
RSA Europe 2013 OWASP Training
En msft-scrty-cntnt-e book-cybersecurity
En msft-scrty-cntnt-e book-cybersecurity
2016 Trends in Security
2016 Trends in Security
The Web Hacking Incidents Database Annual
The Web Hacking Incidents Database Annual
DevSecCon London 2019: Are Open Source Developers Security’s New Front Line?
DevSecCon London 2019: Are Open Source Developers Security’s New Front Line?
Web Application Security
Web Application Security
Indiancybercrimescene
Indiancybercrimescene
Vinoo thomas rahul_mohandas__indian_cybercrime_scene - ClubHack2009
Vinoo thomas rahul_mohandas__indian_cybercrime_scene - ClubHack2009
Cisco Web and Email Security Overview
Cisco Web and Email Security Overview
Renaud Bido & Mohammad Shams - Hijacking web servers & clients
Renaud Bido & Mohammad Shams - Hijacking web servers & clients
Threat Check for Struts Released, Equifax Breach Dominates News
Threat Check for Struts Released, Equifax Breach Dominates News
Mehr von Eduardo Bohrer
Monitorando sistemas distribuidos
Monitorando sistemas distribuidos
Eduardo Bohrer
Kubernetes - ThoughtWorks Tech Radar 18
Kubernetes - ThoughtWorks Tech Radar 18
Eduardo Bohrer
Refatoração - XPConfBR 2015
Refatoração - XPConfBR 2015
Eduardo Bohrer
Node.JS - Workshop do básico ao avançado
Node.JS - Workshop do básico ao avançado
Eduardo Bohrer
Builds e Pipelines - A arte de automatizar a entrega de software!
Builds e Pipelines - A arte de automatizar a entrega de software!
Eduardo Bohrer
Git para quem gosta de git
Git para quem gosta de git
Eduardo Bohrer
NoSQL and AWS Dynamodb
NoSQL and AWS Dynamodb
Eduardo Bohrer
uMov.me API - Do básico ao avançado
uMov.me API - Do básico ao avançado
Eduardo Bohrer
XSS (Cross site scripting)
XSS (Cross site scripting)
Eduardo Bohrer
Memória e Garbage Collection na JVM
Memória e Garbage Collection na JVM
Eduardo Bohrer
Mehr von Eduardo Bohrer
(10)
Monitorando sistemas distribuidos
Monitorando sistemas distribuidos
Kubernetes - ThoughtWorks Tech Radar 18
Kubernetes - ThoughtWorks Tech Radar 18
Refatoração - XPConfBR 2015
Refatoração - XPConfBR 2015
Node.JS - Workshop do básico ao avançado
Node.JS - Workshop do básico ao avançado
Builds e Pipelines - A arte de automatizar a entrega de software!
Builds e Pipelines - A arte de automatizar a entrega de software!
Git para quem gosta de git
Git para quem gosta de git
NoSQL and AWS Dynamodb
NoSQL and AWS Dynamodb
uMov.me API - Do básico ao avançado
uMov.me API - Do básico ao avançado
XSS (Cross site scripting)
XSS (Cross site scripting)
Memória e Garbage Collection na JVM
Memória e Garbage Collection na JVM
Kürzlich hochgeladen
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
Antenna Manufacturer Coco
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
The Digital Insurer
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
The Digital Insurer
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
Rafal Los
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
Puma Security, LLC
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
vu2urc
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
Safe Software
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
Joaquim Jorge
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
Radu Cotescu
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
Principled Technologies
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
Enterprise Knowledge
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Neo4j
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Igalia
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
wesley chun
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
HampshireHUG
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
Maria Levchenko
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
hans926745
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Katpro Technologies
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
Pixlogix Infotech
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
debabhi2
Kürzlich hochgeladen
(20)
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
Chaos Report - Web Security Version
1.
The Chaos
Report Web Security Version Eduardo Bohrer - @nbluis eduardobohrer.com.br
2.
Você tem tido
o devido cuidado?
3.
O nosso inimigo
está armado e parapetado!
4.
Os números de
2010
5.
Os números de
2010 93% mais ataques web 15~20 milhões de ataques por dia 1+ milhão bots 42% mais ataques mobile 260+ milhões novos malwares Brasil 4 colocado em atividade maliciosa Fonte: Symantec Security Threat Report Volume 16
6.
7.
6
8.
30 vulnerabilidades mais
recorrentes. 84% websites do mundo são susceptíveis. Fonte: Whitehat website security statistics report 2011. 6
9.
30 vulnerabilidades 84% websites
do mundo Fonte: Whitehat website security statistics report 2011. 6
10.
11.
Quem poderá nos
defender?
12.
Sem fins lucrativos
13.
Diversos apoiadores
14.
Muitos projetos e
material de estudo
15.
Muitos projetos e
material de estudo OWASP Top 10 OWASP Testing Guide ESAPI Web Goat WebScarab OWASP Development Guide
16.
Grupo de discussão; Organização
de eventos; Fez a organização do AppSec Latin America 2011.
17.
18.
Referencias http://www.symantec.com/business/threatreport/ https://www.whitehatsec.com/assets/WPstats_winter11_11th.pdf https://www.owasp.org/index.php/Main_Page https://www.owasp.org/index.php/Category:OWASP_Project https://www.owasp.org/index.php/Porto_Alegre https://www.owasp.org/index.php/Category:OWASP_WebScarab_Project https://www.owasp.org/index.php/Category:OWASP_Guide_Project https://www.owasp.org/index.php/Category:OWASP_Testing_Project https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project https://www.owasp.org/index.php/Category:OWASP_WebGoat_Project https://www.owasp.org/index.php/Category:OWASP_Enterprise_Security_API
19.
Imagens http://3.bp.blogspot.com/_Na4CPVnGtCk/TT8o77X2PxI/AAAAAAAAZ6c/xfQtTtZxM_w/s400/ apontando_o_dedo.jpg http://1.bp.blogspot.com/_TBFrVWg5uOM/TF_9R41sK7I/AAAAAAAAB1U/elW_A1ning8/s1600/chapolin.jpg http://www.yaboukir.com/wp-content/uploads/2011/09/owasp.png https://www.owasp.org/images/c/c1/Owasp-poa-eng.png http://wallpapergravity.com/wallpapers2/650/650912.jpg http://i277.photobucket.com/albums/kk65/darinaldi/fuuu.png http://fak3r.com/wp-content/blogs.dir/12/files/ challenge_accepted_Amazing_Feats_Fails_WIns_Lolz_and_A_Contest-s325x265-158648-535.png http://osprofanos.com/wp-content/uploads/2011/02/
Hinweis der Redaktion
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
Jetzt herunterladen