Suche senden
Hochladen
Chaos Report - Web Security Version
•
Als KEY, PDF herunterladen
•
0 gefällt mir
•
833 views
Eduardo Bohrer
Folgen
Slides do Lightning Talk apresentado no Segundo TTLabs Summit em 11/11/2011.
Weniger lesen
Mehr lesen
Technologie
Melden
Teilen
Melden
Teilen
1 von 19
Jetzt herunterladen
Empfohlen
Sophos introduces the Threat Landscape
Sophos introduces the Threat Landscape
Sophos Benelux
Malware self protection-matrix
Malware self protection-matrix
Cyphort
Virus Informáticos
Virus Informáticos
yaya2404
Mmw mac malware-mac
Mmw mac malware-mac
Cyphort
Asw clntg
Asw clntg
Madhu Priya
Cybersecurity 5 road_blocks
Cybersecurity 5 road_blocks
Cyphort
Malware's Most Wanted: Malvertising Attacks on Huffingtonpost, Yahoo, AOL
Malware's Most Wanted: Malvertising Attacks on Huffingtonpost, Yahoo, AOL
Cyphort
The Wannacry Effect - Provided by Raconteur
The Wannacry Effect - Provided by Raconteur
Gary Chambers
Empfohlen
Sophos introduces the Threat Landscape
Sophos introduces the Threat Landscape
Sophos Benelux
Malware self protection-matrix
Malware self protection-matrix
Cyphort
Virus Informáticos
Virus Informáticos
yaya2404
Mmw mac malware-mac
Mmw mac malware-mac
Cyphort
Asw clntg
Asw clntg
Madhu Priya
Cybersecurity 5 road_blocks
Cybersecurity 5 road_blocks
Cyphort
Malware's Most Wanted: Malvertising Attacks on Huffingtonpost, Yahoo, AOL
Malware's Most Wanted: Malvertising Attacks on Huffingtonpost, Yahoo, AOL
Cyphort
The Wannacry Effect - Provided by Raconteur
The Wannacry Effect - Provided by Raconteur
Gary Chambers
Delitos informáticos
Delitos informáticos
Carlos Javier Sanbri
Most notable apt_ attacks_of_2015_and_2016 predictions
Most notable apt_ attacks_of_2015_and_2016 predictions
Cyphort
Malware's Most Wanted: Financial Trojans
Malware's Most Wanted: Financial Trojans
Cyphort
Malware's Most Wanted: The Many Faces of Malware
Malware's Most Wanted: The Many Faces of Malware
Cyphort
MMW June 2016: The Rise and Fall of Angler
MMW June 2016: The Rise and Fall of Angler
Marci Bontadelli
Antivirus weakness
Antivirus weakness
abdesslem amri
What? Why? Who? How? Of Application Security Testing
What? Why? Who? How? Of Application Security Testing
TEST Huddle
Today's malware aint what you think
Today's malware aint what you think
Nathan Winters
20160713 2016 the honeynet projct annual workshop focus and global trends
20160713 2016 the honeynet projct annual workshop focus and global trends
Yi-Lang Tsai
Sucuri website-hacked-report-2016 q1
Sucuri website-hacked-report-2016 q1
Roel Palmaers
The Dangers of Lapto
The Dangers of Lapto
Infosec Europe
2016 Bad Bot Report: Quantifying the Risk and Economic Impact of Bad Bots
2016 Bad Bot Report: Quantifying the Risk and Economic Impact of Bad Bots
Distil Networks
Quick heal threat_report_q3_2016
Quick heal threat_report_q3_2016
Andrey Apuhtin
Protect Yourself Against Today's Cybercriminals and Hackers
Protect Yourself Against Today's Cybercriminals and Hackers
Kaseya
Threats, Threat Modeling and Analysis
Threats, Threat Modeling and Analysis
Ian G
RSA Europe 2013 OWASP Training
RSA Europe 2013 OWASP Training
Jim Manico
En msft-scrty-cntnt-e book-cybersecurity
En msft-scrty-cntnt-e book-cybersecurity
Online Business
2016 Trends in Security
2016 Trends in Security
Ioannis Aligizakis, M.Sc.
The Web Hacking Incidents Database Annual
The Web Hacking Incidents Database Annual
guest376352
DevSecCon London 2019: Are Open Source Developers Security’s New Front Line?
DevSecCon London 2019: Are Open Source Developers Security’s New Front Line?
DevSecCon
Web Application Security
Web Application Security
sudip pudasaini
Indiancybercrimescene
Indiancybercrimescene
Rahul Mohandas
Weitere ähnliche Inhalte
Was ist angesagt?
Delitos informáticos
Delitos informáticos
Carlos Javier Sanbri
Most notable apt_ attacks_of_2015_and_2016 predictions
Most notable apt_ attacks_of_2015_and_2016 predictions
Cyphort
Malware's Most Wanted: Financial Trojans
Malware's Most Wanted: Financial Trojans
Cyphort
Malware's Most Wanted: The Many Faces of Malware
Malware's Most Wanted: The Many Faces of Malware
Cyphort
MMW June 2016: The Rise and Fall of Angler
MMW June 2016: The Rise and Fall of Angler
Marci Bontadelli
Antivirus weakness
Antivirus weakness
abdesslem amri
Was ist angesagt?
(6)
Delitos informáticos
Delitos informáticos
Most notable apt_ attacks_of_2015_and_2016 predictions
Most notable apt_ attacks_of_2015_and_2016 predictions
Malware's Most Wanted: Financial Trojans
Malware's Most Wanted: Financial Trojans
Malware's Most Wanted: The Many Faces of Malware
Malware's Most Wanted: The Many Faces of Malware
MMW June 2016: The Rise and Fall of Angler
MMW June 2016: The Rise and Fall of Angler
Antivirus weakness
Antivirus weakness
Ähnlich wie Chaos Report - Web Security Version
What? Why? Who? How? Of Application Security Testing
What? Why? Who? How? Of Application Security Testing
TEST Huddle
Today's malware aint what you think
Today's malware aint what you think
Nathan Winters
20160713 2016 the honeynet projct annual workshop focus and global trends
20160713 2016 the honeynet projct annual workshop focus and global trends
Yi-Lang Tsai
Sucuri website-hacked-report-2016 q1
Sucuri website-hacked-report-2016 q1
Roel Palmaers
The Dangers of Lapto
The Dangers of Lapto
Infosec Europe
2016 Bad Bot Report: Quantifying the Risk and Economic Impact of Bad Bots
2016 Bad Bot Report: Quantifying the Risk and Economic Impact of Bad Bots
Distil Networks
Quick heal threat_report_q3_2016
Quick heal threat_report_q3_2016
Andrey Apuhtin
Protect Yourself Against Today's Cybercriminals and Hackers
Protect Yourself Against Today's Cybercriminals and Hackers
Kaseya
Threats, Threat Modeling and Analysis
Threats, Threat Modeling and Analysis
Ian G
RSA Europe 2013 OWASP Training
RSA Europe 2013 OWASP Training
Jim Manico
En msft-scrty-cntnt-e book-cybersecurity
En msft-scrty-cntnt-e book-cybersecurity
Online Business
2016 Trends in Security
2016 Trends in Security
Ioannis Aligizakis, M.Sc.
The Web Hacking Incidents Database Annual
The Web Hacking Incidents Database Annual
guest376352
DevSecCon London 2019: Are Open Source Developers Security’s New Front Line?
DevSecCon London 2019: Are Open Source Developers Security’s New Front Line?
DevSecCon
Web Application Security
Web Application Security
sudip pudasaini
Indiancybercrimescene
Indiancybercrimescene
Rahul Mohandas
Vinoo thomas rahul_mohandas__indian_cybercrime_scene - ClubHack2009
Vinoo thomas rahul_mohandas__indian_cybercrime_scene - ClubHack2009
ClubHack
Cisco Web and Email Security Overview
Cisco Web and Email Security Overview
Cisco Security
Renaud Bido & Mohammad Shams - Hijacking web servers & clients
Renaud Bido & Mohammad Shams - Hijacking web servers & clients
nooralmousa
Threat Check for Struts Released, Equifax Breach Dominates News
Threat Check for Struts Released, Equifax Breach Dominates News
Black Duck by Synopsys
Ähnlich wie Chaos Report - Web Security Version
(20)
What? Why? Who? How? Of Application Security Testing
What? Why? Who? How? Of Application Security Testing
Today's malware aint what you think
Today's malware aint what you think
20160713 2016 the honeynet projct annual workshop focus and global trends
20160713 2016 the honeynet projct annual workshop focus and global trends
Sucuri website-hacked-report-2016 q1
Sucuri website-hacked-report-2016 q1
The Dangers of Lapto
The Dangers of Lapto
2016 Bad Bot Report: Quantifying the Risk and Economic Impact of Bad Bots
2016 Bad Bot Report: Quantifying the Risk and Economic Impact of Bad Bots
Quick heal threat_report_q3_2016
Quick heal threat_report_q3_2016
Protect Yourself Against Today's Cybercriminals and Hackers
Protect Yourself Against Today's Cybercriminals and Hackers
Threats, Threat Modeling and Analysis
Threats, Threat Modeling and Analysis
RSA Europe 2013 OWASP Training
RSA Europe 2013 OWASP Training
En msft-scrty-cntnt-e book-cybersecurity
En msft-scrty-cntnt-e book-cybersecurity
2016 Trends in Security
2016 Trends in Security
The Web Hacking Incidents Database Annual
The Web Hacking Incidents Database Annual
DevSecCon London 2019: Are Open Source Developers Security’s New Front Line?
DevSecCon London 2019: Are Open Source Developers Security’s New Front Line?
Web Application Security
Web Application Security
Indiancybercrimescene
Indiancybercrimescene
Vinoo thomas rahul_mohandas__indian_cybercrime_scene - ClubHack2009
Vinoo thomas rahul_mohandas__indian_cybercrime_scene - ClubHack2009
Cisco Web and Email Security Overview
Cisco Web and Email Security Overview
Renaud Bido & Mohammad Shams - Hijacking web servers & clients
Renaud Bido & Mohammad Shams - Hijacking web servers & clients
Threat Check for Struts Released, Equifax Breach Dominates News
Threat Check for Struts Released, Equifax Breach Dominates News
Mehr von Eduardo Bohrer
Monitorando sistemas distribuidos
Monitorando sistemas distribuidos
Eduardo Bohrer
Kubernetes - ThoughtWorks Tech Radar 18
Kubernetes - ThoughtWorks Tech Radar 18
Eduardo Bohrer
Refatoração - XPConfBR 2015
Refatoração - XPConfBR 2015
Eduardo Bohrer
Node.JS - Workshop do básico ao avançado
Node.JS - Workshop do básico ao avançado
Eduardo Bohrer
Builds e Pipelines - A arte de automatizar a entrega de software!
Builds e Pipelines - A arte de automatizar a entrega de software!
Eduardo Bohrer
Git para quem gosta de git
Git para quem gosta de git
Eduardo Bohrer
NoSQL and AWS Dynamodb
NoSQL and AWS Dynamodb
Eduardo Bohrer
uMov.me API - Do básico ao avançado
uMov.me API - Do básico ao avançado
Eduardo Bohrer
XSS (Cross site scripting)
XSS (Cross site scripting)
Eduardo Bohrer
Memória e Garbage Collection na JVM
Memória e Garbage Collection na JVM
Eduardo Bohrer
Mehr von Eduardo Bohrer
(10)
Monitorando sistemas distribuidos
Monitorando sistemas distribuidos
Kubernetes - ThoughtWorks Tech Radar 18
Kubernetes - ThoughtWorks Tech Radar 18
Refatoração - XPConfBR 2015
Refatoração - XPConfBR 2015
Node.JS - Workshop do básico ao avançado
Node.JS - Workshop do básico ao avançado
Builds e Pipelines - A arte de automatizar a entrega de software!
Builds e Pipelines - A arte de automatizar a entrega de software!
Git para quem gosta de git
Git para quem gosta de git
NoSQL and AWS Dynamodb
NoSQL and AWS Dynamodb
uMov.me API - Do básico ao avançado
uMov.me API - Do básico ao avançado
XSS (Cross site scripting)
XSS (Cross site scripting)
Memória e Garbage Collection na JVM
Memória e Garbage Collection na JVM
Kürzlich hochgeladen
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
Alan Dix
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
Dubai Multi Commodity Centre
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
NavinnSomaal
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An Introduction
Dilum Bandara
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Precisely
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
BookNet Canada
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level piece
charlottematthew16
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
Pixlogix Infotech
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
LoriGlavin3
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
2toLead Limited
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
Lorenzo Miniero
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
Lonnie McRorey
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
Enterprise Knowledge
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
hariprasad279825
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
Hervé Boutemy
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
Commit University
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering Tips
Miki Katsuragi
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Zilliz
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
Addepto
Kürzlich hochgeladen
(20)
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An Introduction
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level piece
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering Tips
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
Chaos Report - Web Security Version
1.
The Chaos
Report Web Security Version Eduardo Bohrer - @nbluis eduardobohrer.com.br
2.
Você tem tido
o devido cuidado?
3.
O nosso inimigo
está armado e parapetado!
4.
Os números de
2010
5.
Os números de
2010 93% mais ataques web 15~20 milhões de ataques por dia 1+ milhão bots 42% mais ataques mobile 260+ milhões novos malwares Brasil 4 colocado em atividade maliciosa Fonte: Symantec Security Threat Report Volume 16
6.
7.
6
8.
30 vulnerabilidades mais
recorrentes. 84% websites do mundo são susceptíveis. Fonte: Whitehat website security statistics report 2011. 6
9.
30 vulnerabilidades 84% websites
do mundo Fonte: Whitehat website security statistics report 2011. 6
10.
11.
Quem poderá nos
defender?
12.
Sem fins lucrativos
13.
Diversos apoiadores
14.
Muitos projetos e
material de estudo
15.
Muitos projetos e
material de estudo OWASP Top 10 OWASP Testing Guide ESAPI Web Goat WebScarab OWASP Development Guide
16.
Grupo de discussão; Organização
de eventos; Fez a organização do AppSec Latin America 2011.
17.
18.
Referencias http://www.symantec.com/business/threatreport/ https://www.whitehatsec.com/assets/WPstats_winter11_11th.pdf https://www.owasp.org/index.php/Main_Page https://www.owasp.org/index.php/Category:OWASP_Project https://www.owasp.org/index.php/Porto_Alegre https://www.owasp.org/index.php/Category:OWASP_WebScarab_Project https://www.owasp.org/index.php/Category:OWASP_Guide_Project https://www.owasp.org/index.php/Category:OWASP_Testing_Project https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project https://www.owasp.org/index.php/Category:OWASP_WebGoat_Project https://www.owasp.org/index.php/Category:OWASP_Enterprise_Security_API
19.
Imagens http://3.bp.blogspot.com/_Na4CPVnGtCk/TT8o77X2PxI/AAAAAAAAZ6c/xfQtTtZxM_w/s400/ apontando_o_dedo.jpg http://1.bp.blogspot.com/_TBFrVWg5uOM/TF_9R41sK7I/AAAAAAAAB1U/elW_A1ning8/s1600/chapolin.jpg http://www.yaboukir.com/wp-content/uploads/2011/09/owasp.png https://www.owasp.org/images/c/c1/Owasp-poa-eng.png http://wallpapergravity.com/wallpapers2/650/650912.jpg http://i277.photobucket.com/albums/kk65/darinaldi/fuuu.png http://fak3r.com/wp-content/blogs.dir/12/files/ challenge_accepted_Amazing_Feats_Fails_WIns_Lolz_and_A_Contest-s325x265-158648-535.png http://osprofanos.com/wp-content/uploads/2011/02/
Hinweis der Redaktion
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
Jetzt herunterladen