SlideShare a Scribd company logo

Secure by Default Web Applications with Apache Sling

Robert Munteanu
Robert Munteanu

The document summarizes a presentation about securing web applications using Apache Sling. The presentation covers an introduction to Apache Sling, a demo of an application, threat modeling of the application's assets and risks, how Apache Sling addresses security through natural access controls and injection-safe APIs, a demo of the secure application, and conclusions about building securely by default and Apache Sling's extensibility.

Technology
1 of 40
Download to read offline
http://robert.muntea.nu @rombert Secure by Default Web Applications With Apache Sling Secure by Default Web Applications With Apache Sling Robert Munteanu, Adobe Systems Bucharest Technology Week 2016
http://robert.muntea.nu @rombert Who I am  $DAYJOB  Adobe Experience Manager  Apache Sling  Apache Jackrabbit  Apache Felix  Open Source  Apache Sling  MantisBT  Mylyn Connector for MantisBT  Mylyn Connector for Review Board
http://robert.muntea.nu @rombert Purpose of the talk Scope Cost Schedule
http://robert.muntea.nu @rombert Purpose of the talk Scope Cost Schedule
http://robert.muntea.nu @rombert Purpose of the talk Scope Cost Schedule
http://robert.muntea.nu @rombert Agenda ● Apache Sling ● Demo application review ● Threat model ● Security with Apache Sling ● Demo ● Conclusion ● Q&A
http://robert.muntea.nu @rombert Apache Sling – Brief History 2007 Incubation 2009 TLP 2015 Version 8 200x Pre-Apache
http://robert.muntea.nu @rombert Apache Sling – Code Statistics
http://robert.muntea.nu @rombert Apache Sling – Contributor activity
http://robert.muntea.nu @rombert Apache Sling – Value proposition ● Content-oriented ● RESTful ● Lightweight ● Integrated authentication and authorization ● OSGi-powered ● Scripting inside ● Easily deployable
http://robert.muntea.nu @rombert Apache Sling – Content-Oriented Blog posts Images Users and Groups
http://robert.muntea.nu @rombert Apache Sling – Content-Oriented Server-side templates and scripts Configurations
http://robert.muntea.nu @rombert Apache Sling – RESTful $ http localhost:8080/content/↵ blog/posts/hello_world.html json xml txt pdf php3
http://robert.muntea.nu @rombert Apache Sling – RESTful
http://robert.muntea.nu @rombert Apache Sling – Persistence via JCR
http://robert.muntea.nu @rombert Apache Sling – Topologies Standalone High Availability
http://robert.muntea.nu @rombert Agenda ● Apache Sling ● Demo application review ● Threat model ● Security with Apache Sling ● Demo ● Conclusion ● Q&A
http://robert.muntea.nu @rombert Demo App – main page
http://robert.muntea.nu @rombert Demo App – Article Page
http://robert.muntea.nu @rombert Demo App – Submitting comments
http://robert.muntea.nu @rombert Agenda ● Apache Sling ● Demo application review ● Threat model ● Security with Apache Sling ● Demo ● Conclusion ● Q&A
http://robert.muntea.nu @rombert Threat modelling “Threat modeling is an engineering technique you can use to help you identify threats, attacks, vulnerabilities, and countermeasures that could affect your application” Threat Modeling Web Applications on MSDN
http://robert.muntea.nu @rombert Threat Modelling - Assets
http://robert.muntea.nu @rombert Threat Modelling - Assets ● Availability ● Content ● User Credentials ● Ability to execute code on server ● Ability to execute code in the browser context
http://robert.muntea.nu @rombert Threat Modelling - Trust Levels
http://robert.muntea.nu @rombert Threat Modelling - Trust Levels 1. Anonymous 2. Author 3. Administrator
http://robert.muntea.nu @rombert Threat Modelling - Threats OWASP
http://robert.muntea.nu @rombert Threat Modelling - Threats 1. Denial of Service 2. Defacement / Deletion 3. Leaking credentials 4. SQL/Shell Injection 5. Stored/Reflected XSS
http://robert.muntea.nu @rombert Threat Modelling - Mitigation
http://robert.muntea.nu @rombert Agenda ● Apache Sling ● Demo application review ● Threat model ● Security with Apache Sling ● Demo ● Conclusion ● Q&A
http://robert.muntea.nu @rombert Apache Sling Security – Natural layering of ACEs
http://robert.muntea.nu @rombert Apache Sling Security – Security applied at the lowest level $ http --auth bob:bob localhost:8080/content/blog/posts/n ew_blog_post 'jcr:title=New post'
http://robert.muntea.nu @rombert Apache Sling Security – Context-aware templating language <div class="comment clearfix"> <img class="avatar img-rounded pull-left" src="${resource.valueMap['authorAvatar']}"/> <h3>${resource.valueMap['jcr:title']}</h3> <p>$ {resource.valueMap['jcr:description']}</p> </div>
http://robert.muntea.nu @rombert Apache Sling Security – Injection-safe APIs Children of /content/blog/posts
http://robert.muntea.nu @rombert Apache Sling Security – Injection-safe APIs Children of /content/blog/comments/ hello_world
http://robert.muntea.nu @rombert Agenda ● Apache Sling ● Demo application review ● Threat model ● Security with Apache Sling ● Demo ● Conclusion ● Q&A
http://robert.muntea.nu @rombert Demo Application – Actual demo!!!!1oneone
http://robert.muntea.nu @rombert Conclusions – Security ● Aim to be “Secure by Default” ● Build a threat model for your application ● Look for components that eliminate problems altogether
http://robert.muntea.nu @rombert Conclusions – Apache Sling ● Simple to be “Secure by Default” ● Eventing, Thread Pooling, Job Management, Caching ● Scripting: Groovy, Scala, JSP, Sightly, Java, Ruby, Thymeleaf ● Flexible resource rendering with resource types ● Very extensible due to being internally powered by OSGi – most extension points available to clients
http://robert.muntea.nu @rombert Resources ● Apache Sling – https://sling.apache.org ● Apache Jackrabbit ● https://jackrabbit.apache.org ● http://jackrabbit.apache.org/oak/ ● OWASP - https://www.owasp.org ● https://www.owasp.org/index.php/OWASP_Top_Ten _Cheat_Sheet ● https://www.owasp.org/index.php/Application_Thre at_Modeling

Recommended

Effective web application development with Apache Sling
Effective web application development with Apache SlingEffective web application development with Apache Sling
Effective web application development with Apache SlingRobert Munteanu
 
Apache Sling as a Microservices Gateway
Apache Sling as a Microservices GatewayApache Sling as a Microservices Gateway
Apache Sling as a Microservices GatewayRobert Munteanu
 
Of microservices and microservices
Of microservices and microservicesOf microservices and microservices
Of microservices and microservicesRobert Munteanu
 
Do you really want to go fully micro?
Do you really want to go fully micro?Do you really want to go fully micro?
Do you really want to go fully micro?Robert Munteanu
 
Effective Web Application Development with Apache Sling
Effective Web Application Development with Apache SlingEffective Web Application Development with Apache Sling
Effective Web Application Development with Apache SlingRobert Munteanu
 
Of Microservices and Microservices - Robert Munteanu
Of Microservices and Microservices - Robert MunteanuOf Microservices and Microservices - Robert Munteanu
Of Microservices and Microservices - Robert Munteanumfrancis
 
OSGi for outsiders - Milen Dyankov
OSGi for outsiders - Milen DyankovOSGi for outsiders - Milen Dyankov
OSGi for outsiders - Milen Dyankovmfrancis
 
Laravel Core Concept & Ecosystem
Laravel Core Concept & EcosystemLaravel Core Concept & Ecosystem
Laravel Core Concept & EcosystemMesut Vatansever
 

Recommended

Effective web application development with Apache Sling
Effective web application development with Apache SlingEffective web application development with Apache Sling
Effective web application development with Apache SlingRobert Munteanu
 
Apache Sling as a Microservices Gateway
Apache Sling as a Microservices GatewayApache Sling as a Microservices Gateway
Apache Sling as a Microservices GatewayRobert Munteanu
 
Of microservices and microservices
Of microservices and microservicesOf microservices and microservices
Of microservices and microservicesRobert Munteanu
 
Do you really want to go fully micro?
Do you really want to go fully micro?Do you really want to go fully micro?
Do you really want to go fully micro?Robert Munteanu
 
Effective Web Application Development with Apache Sling
Effective Web Application Development with Apache SlingEffective Web Application Development with Apache Sling
Effective Web Application Development with Apache SlingRobert Munteanu
 
Of Microservices and Microservices - Robert Munteanu
Of Microservices and Microservices - Robert MunteanuOf Microservices and Microservices - Robert Munteanu
Of Microservices and Microservices - Robert Munteanumfrancis
 
OSGi for outsiders - Milen Dyankov
OSGi for outsiders - Milen DyankovOSGi for outsiders - Milen Dyankov
OSGi for outsiders - Milen Dyankovmfrancis
 
Laravel Core Concept & Ecosystem
Laravel Core Concept & EcosystemLaravel Core Concept & Ecosystem
Laravel Core Concept & EcosystemMesut Vatansever
 
Introduction To ICT Security Audit OWASP Day Malaysia 2011
Introduction To ICT Security Audit OWASP Day Malaysia 2011Introduction To ICT Security Audit OWASP Day Malaysia 2011
Introduction To ICT Security Audit OWASP Day Malaysia 2011Linuxmalaysia Malaysia
 
All Aboard The Stateful Train
All Aboard The Stateful TrainAll Aboard The Stateful Train
All Aboard The Stateful TrainSmartLogic
 
Beat the Tsunami with a WAVE
Beat the Tsunami with a WAVEBeat the Tsunami with a WAVE
Beat the Tsunami with a WAVEPatrick Dunphy
 
Exposing M2M to the REST of us
Exposing M2M to the REST of usExposing M2M to the REST of us
Exposing M2M to the REST of usMatteo Collina
 
Collaborative communication
Collaborative communicationCollaborative communication
Collaborative communicationIcinga
 
Android component programming
Android component programmingAndroid component programming
Android component programmingNhan Cao
 
Riak at Posterous
Riak at PosterousRiak at Posterous
Riak at Posterouscapotej
 
The Rounds Project: Growing from thousands to millions - Berry Ventura & Yoah...
The Rounds Project: Growing from thousands to millions - Berry Ventura & Yoah...The Rounds Project: Growing from thousands to millions - Berry Ventura & Yoah...
The Rounds Project: Growing from thousands to millions - Berry Ventura & Yoah...DroidConTLV
 
Building Web APIs with Elixir
Building Web APIs with ElixirBuilding Web APIs with Elixir
Building Web APIs with ElixirTom Davies
 
Live Coverage at The New York Times
Live Coverage at The New York TimesLive Coverage at The New York Times
Live Coverage at The New York TimesScott Taylor
 
Varying vagrant vagrants
Varying vagrant vagrantsVarying vagrant vagrants
Varying vagrant vagrantsDuong Ngo Thai
 
Man in the Binder - Michael Shalyt & Idan Revivo, CheckPoint
Man in the Binder - Michael Shalyt & Idan Revivo, CheckPointMan in the Binder - Michael Shalyt & Idan Revivo, CheckPoint
Man in the Binder - Michael Shalyt & Idan Revivo, CheckPointDroidConTLV
 
Flutter For Web: An Intro
Flutter For Web: An IntroFlutter For Web: An Intro
Flutter For Web: An IntroFahad Murtaza
 
AnsibleFest 2019 - Greenfielding Network and Systems Automation in a Large an...
AnsibleFest 2019 - Greenfielding Network and Systems Automation in a Large an...AnsibleFest 2019 - Greenfielding Network and Systems Automation in a Large an...
AnsibleFest 2019 - Greenfielding Network and Systems Automation in a Large an...Logan Best
 
Building Web Apps in Ratpack
Building Web Apps in RatpackBuilding Web Apps in Ratpack
Building Web Apps in RatpackDaniel Woods
 
BarCamp CR 2014 - Python para web
BarCamp CR 2014 - Python para webBarCamp CR 2014 - Python para web
BarCamp CR 2014 - Python para webbarcampcr
 
Ratpack Web Framework
Ratpack Web FrameworkRatpack Web Framework
Ratpack Web FrameworkDaniel Woods
 
Laravel workshop
Laravel workshopLaravel workshop
Laravel workshopJasper Frumau
 
Realtime MVC with Sails.js
Realtime MVC with Sails.jsRealtime MVC with Sails.js
Realtime MVC with Sails.jsSerdar Dogruyol
 
Tdd Primer
Tdd PrimerTdd Primer
Tdd PrimerRobert Munteanu
 
OISC 2019 - The OWASP Top 10 & AppSec Primer
OISC 2019 - The OWASP Top 10 & AppSec PrimerOISC 2019 - The OWASP Top 10 & AppSec Primer
OISC 2019 - The OWASP Top 10 & AppSec PrimerCiNPA Security SIG
 
AppSec & OWASP Top 10 Primer
AppSec & OWASP Top 10 PrimerAppSec & OWASP Top 10 Primer
AppSec & OWASP Top 10 PrimerCiNPA Security SIG
 

More Related Content

What's hot

Introduction To ICT Security Audit OWASP Day Malaysia 2011
Introduction To ICT Security Audit OWASP Day Malaysia 2011Introduction To ICT Security Audit OWASP Day Malaysia 2011
Introduction To ICT Security Audit OWASP Day Malaysia 2011Linuxmalaysia Malaysia
 
All Aboard The Stateful Train
All Aboard The Stateful TrainAll Aboard The Stateful Train
All Aboard The Stateful TrainSmartLogic
 
Beat the Tsunami with a WAVE
Beat the Tsunami with a WAVEBeat the Tsunami with a WAVE
Beat the Tsunami with a WAVEPatrick Dunphy
 
Exposing M2M to the REST of us
Exposing M2M to the REST of usExposing M2M to the REST of us
Exposing M2M to the REST of usMatteo Collina
 
Collaborative communication
Collaborative communicationCollaborative communication
Collaborative communicationIcinga
 
Android component programming
Android component programmingAndroid component programming
Android component programmingNhan Cao
 
Riak at Posterous
Riak at PosterousRiak at Posterous
Riak at Posterouscapotej
 
The Rounds Project: Growing from thousands to millions - Berry Ventura & Yoah...
The Rounds Project: Growing from thousands to millions - Berry Ventura & Yoah...The Rounds Project: Growing from thousands to millions - Berry Ventura & Yoah...
The Rounds Project: Growing from thousands to millions - Berry Ventura & Yoah...DroidConTLV
 
Building Web APIs with Elixir
Building Web APIs with ElixirBuilding Web APIs with Elixir
Building Web APIs with ElixirTom Davies
 
Live Coverage at The New York Times
Live Coverage at The New York TimesLive Coverage at The New York Times
Live Coverage at The New York TimesScott Taylor
 
Varying vagrant vagrants
Varying vagrant vagrantsVarying vagrant vagrants
Varying vagrant vagrantsDuong Ngo Thai
 
Man in the Binder - Michael Shalyt & Idan Revivo, CheckPoint
Man in the Binder - Michael Shalyt & Idan Revivo, CheckPointMan in the Binder - Michael Shalyt & Idan Revivo, CheckPoint
Man in the Binder - Michael Shalyt & Idan Revivo, CheckPointDroidConTLV
 
Flutter For Web: An Intro
Flutter For Web: An IntroFlutter For Web: An Intro
Flutter For Web: An IntroFahad Murtaza
 
AnsibleFest 2019 - Greenfielding Network and Systems Automation in a Large an...
AnsibleFest 2019 - Greenfielding Network and Systems Automation in a Large an...AnsibleFest 2019 - Greenfielding Network and Systems Automation in a Large an...
AnsibleFest 2019 - Greenfielding Network and Systems Automation in a Large an...Logan Best
 
Building Web Apps in Ratpack
Building Web Apps in RatpackBuilding Web Apps in Ratpack
Building Web Apps in RatpackDaniel Woods
 
BarCamp CR 2014 - Python para web
BarCamp CR 2014 - Python para webBarCamp CR 2014 - Python para web
BarCamp CR 2014 - Python para webbarcampcr
 
Ratpack Web Framework
Ratpack Web FrameworkRatpack Web Framework
Ratpack Web FrameworkDaniel Woods
 
Realtime MVC with Sails.js
Realtime MVC with Sails.jsRealtime MVC with Sails.js
Realtime MVC with Sails.jsSerdar Dogruyol
 

What's hot (19)

Introduction To ICT Security Audit OWASP Day Malaysia 2011
Introduction To ICT Security Audit OWASP Day Malaysia 2011Introduction To ICT Security Audit OWASP Day Malaysia 2011
Introduction To ICT Security Audit OWASP Day Malaysia 2011
 
All Aboard The Stateful Train
All Aboard The Stateful TrainAll Aboard The Stateful Train
All Aboard The Stateful Train
 
Beat the Tsunami with a WAVE
Beat the Tsunami with a WAVEBeat the Tsunami with a WAVE
Beat the Tsunami with a WAVE
 
Exposing M2M to the REST of us
Exposing M2M to the REST of usExposing M2M to the REST of us
Exposing M2M to the REST of us
 
Collaborative communication
Collaborative communicationCollaborative communication
Collaborative communication
 
Android component programming
Android component programmingAndroid component programming
Android component programming
 
Riak at Posterous
Riak at PosterousRiak at Posterous
Riak at Posterous
 
The Rounds Project: Growing from thousands to millions - Berry Ventura & Yoah...
The Rounds Project: Growing from thousands to millions - Berry Ventura & Yoah...The Rounds Project: Growing from thousands to millions - Berry Ventura & Yoah...
The Rounds Project: Growing from thousands to millions - Berry Ventura & Yoah...
 
Building Web APIs with Elixir
Building Web APIs with ElixirBuilding Web APIs with Elixir
Building Web APIs with Elixir
 
Live Coverage at The New York Times
Live Coverage at The New York TimesLive Coverage at The New York Times
Live Coverage at The New York Times
 
Varying vagrant vagrants
Varying vagrant vagrantsVarying vagrant vagrants
Varying vagrant vagrants
 
Man in the Binder - Michael Shalyt & Idan Revivo, CheckPoint
Man in the Binder - Michael Shalyt & Idan Revivo, CheckPointMan in the Binder - Michael Shalyt & Idan Revivo, CheckPoint
Man in the Binder - Michael Shalyt & Idan Revivo, CheckPoint
 
Flutter For Web: An Intro
Flutter For Web: An IntroFlutter For Web: An Intro
Flutter For Web: An Intro
 
AnsibleFest 2019 - Greenfielding Network and Systems Automation in a Large an...
AnsibleFest 2019 - Greenfielding Network and Systems Automation in a Large an...AnsibleFest 2019 - Greenfielding Network and Systems Automation in a Large an...
AnsibleFest 2019 - Greenfielding Network and Systems Automation in a Large an...
 
Building Web Apps in Ratpack
Building Web Apps in RatpackBuilding Web Apps in Ratpack
Building Web Apps in Ratpack
 
BarCamp CR 2014 - Python para web
BarCamp CR 2014 - Python para webBarCamp CR 2014 - Python para web
BarCamp CR 2014 - Python para web
 
Ratpack Web Framework
Ratpack Web FrameworkRatpack Web Framework
Ratpack Web Framework
 
Laravel workshop
Laravel workshopLaravel workshop
Laravel workshop
 
Realtime MVC with Sails.js
Realtime MVC with Sails.jsRealtime MVC with Sails.js
Realtime MVC with Sails.js
 

Similar to Secure by Default Web Applications with Apache Sling

OISC 2019 - The OWASP Top 10 & AppSec Primer
OISC 2019 - The OWASP Top 10 & AppSec PrimerOISC 2019 - The OWASP Top 10 & AppSec Primer
OISC 2019 - The OWASP Top 10 & AppSec PrimerCiNPA Security SIG
 
Demystify Information Security & Threats for Data-Driven Platforms With Cheta...
Demystify Information Security & Threats for Data-Driven Platforms With Cheta...Demystify Information Security & Threats for Data-Driven Platforms With Cheta...
Demystify Information Security & Threats for Data-Driven Platforms With Cheta...Chetan Khatri
 
Best Practices You Must Apply to Secure Your APIs - Scott Morrison, SVP & Dis...
Best Practices You Must Apply to Secure Your APIs - Scott Morrison, SVP & Dis...Best Practices You Must Apply to Secure Your APIs - Scott Morrison, SVP & Dis...
Best Practices You Must Apply to Secure Your APIs - Scott Morrison, SVP & Dis...CA API Management
 
sts-scanner_tutorial
sts-scanner_tutorialsts-scanner_tutorial
sts-scanner_tutorialtutorialsruby
 
sts-scanner_tutorial
sts-scanner_tutorialsts-scanner_tutorial
sts-scanner_tutorialtutorialsruby
 
Manual JavaScript Analysis Is A Bug
Manual JavaScript Analysis Is A BugManual JavaScript Analysis Is A Bug
Manual JavaScript Analysis Is A BugLewis Ardern
 
TriplePlay-WebAppPenTestingTools
TriplePlay-WebAppPenTestingToolsTriplePlay-WebAppPenTestingTools
TriplePlay-WebAppPenTestingToolsYury Chemerkin
 
Ruby on Rails Penetration Testing
Ruby on Rails Penetration TestingRuby on Rails Penetration Testing
Ruby on Rails Penetration Testing3S Labs
 
The 3 Top Techniques for Web Security Testing Using a Proxy
The 3 Top Techniques for Web Security Testing Using a ProxyThe 3 Top Techniques for Web Security Testing Using a Proxy
The 3 Top Techniques for Web Security Testing Using a ProxyTEST Huddle
 
OWASP Poland Day 2018 - Andrzej Dyjak - Zero Trust Theorem
OWASP Poland Day 2018 - Andrzej Dyjak - Zero Trust TheoremOWASP Poland Day 2018 - Andrzej Dyjak - Zero Trust Theorem
OWASP Poland Day 2018 - Andrzej Dyjak - Zero Trust TheoremOWASP
 
DMA - Stupid Cyber Criminal Tricks
DMA - Stupid Cyber Criminal TricksDMA - Stupid Cyber Criminal Tricks
DMA - Stupid Cyber Criminal TricksCiNPA Security SIG
 
Frontend Monoliths: Run if you can!
Frontend Monoliths: Run if you can!Frontend Monoliths: Run if you can!
Frontend Monoliths: Run if you can!Jonas Bandi
 
OISF Aniversary: Active Defense - Helping threat actors hack themselves!
OISF Aniversary: Active Defense - Helping threat actors hack themselves!OISF Aniversary: Active Defense - Helping threat actors hack themselves!
OISF Aniversary: Active Defense - Helping threat actors hack themselves!CiNPA Security SIG
 

Similar to Secure by Default Web Applications with Apache Sling (20)

Tdd Primer
Tdd PrimerTdd Primer
Tdd Primer
 
OISC 2019 - The OWASP Top 10 & AppSec Primer
OISC 2019 - The OWASP Top 10 & AppSec PrimerOISC 2019 - The OWASP Top 10 & AppSec Primer
OISC 2019 - The OWASP Top 10 & AppSec Primer
 
AppSec & OWASP Top 10 Primer
AppSec & OWASP Top 10 PrimerAppSec & OWASP Top 10 Primer
AppSec & OWASP Top 10 Primer
 
Demystify Information Security & Threats for Data-Driven Platforms With Cheta...
Demystify Information Security & Threats for Data-Driven Platforms With Cheta...Demystify Information Security & Threats for Data-Driven Platforms With Cheta...
Demystify Information Security & Threats for Data-Driven Platforms With Cheta...
 
Web Security... Level Up
Web Security... Level UpWeb Security... Level Up
Web Security... Level Up
 
Best Practices You Must Apply to Secure Your APIs - Scott Morrison, SVP & Dis...
Best Practices You Must Apply to Secure Your APIs - Scott Morrison, SVP & Dis...Best Practices You Must Apply to Secure Your APIs - Scott Morrison, SVP & Dis...
Best Practices You Must Apply to Secure Your APIs - Scott Morrison, SVP & Dis...
 
sts-scanner_tutorial
sts-scanner_tutorialsts-scanner_tutorial
sts-scanner_tutorial
 
sts-scanner_tutorial
sts-scanner_tutorialsts-scanner_tutorial
sts-scanner_tutorial
 
Manual JavaScript Analysis Is A Bug
Manual JavaScript Analysis Is A BugManual JavaScript Analysis Is A Bug
Manual JavaScript Analysis Is A Bug
 
TriplePlay-WebAppPenTestingTools
TriplePlay-WebAppPenTestingToolsTriplePlay-WebAppPenTestingTools
TriplePlay-WebAppPenTestingTools
 
Ruby on Rails Penetration Testing
Ruby on Rails Penetration TestingRuby on Rails Penetration Testing
Ruby on Rails Penetration Testing
 
The 3 Top Techniques for Web Security Testing Using a Proxy
The 3 Top Techniques for Web Security Testing Using a ProxyThe 3 Top Techniques for Web Security Testing Using a Proxy
The 3 Top Techniques for Web Security Testing Using a Proxy
 
OWASP Poland Day 2018 - Andrzej Dyjak - Zero Trust Theorem
OWASP Poland Day 2018 - Andrzej Dyjak - Zero Trust TheoremOWASP Poland Day 2018 - Andrzej Dyjak - Zero Trust Theorem
OWASP Poland Day 2018 - Andrzej Dyjak - Zero Trust Theorem
 
Don't screw it up! How to build durable API
Don't screw it up! How to build durable API Don't screw it up! How to build durable API
Don't screw it up! How to build durable API
 
ISC2: AppSec & OWASP Primer
ISC2: AppSec & OWASP PrimerISC2: AppSec & OWASP Primer
ISC2: AppSec & OWASP Primer
 
DMA - Stupid Cyber Criminal Tricks
DMA - Stupid Cyber Criminal TricksDMA - Stupid Cyber Criminal Tricks
DMA - Stupid Cyber Criminal Tricks
 
Web security
Web securityWeb security
Web security
 
Frontend Monoliths: Run if you can!
Frontend Monoliths: Run if you can!Frontend Monoliths: Run if you can!
Frontend Monoliths: Run if you can!
 
Computer security
Computer securityComputer security
Computer security
 
OISF Aniversary: Active Defense - Helping threat actors hack themselves!
OISF Aniversary: Active Defense - Helping threat actors hack themselves!OISF Aniversary: Active Defense - Helping threat actors hack themselves!
OISF Aniversary: Active Defense - Helping threat actors hack themselves!
 

More from Robert Munteanu

Secure by Default Web Applications
Secure by Default Web ApplicationsSecure by Default Web Applications
Secure by Default Web ApplicationsRobert Munteanu
 
Sling Applications - A DevOps perspective
Sling Applications - A DevOps perspectiveSling Applications - A DevOps perspective
Sling Applications - A DevOps perspectiveRobert Munteanu
 
Will it blend? Java agents and OSGi
Will it blend? Java agents and OSGiWill it blend? Java agents and OSGi
Will it blend? Java agents and OSGiRobert Munteanu
 
Escape the defaults - Configure Sling like AEM as a Cloud Service
Escape the defaults - Configure Sling like AEM as a Cloud ServiceEscape the defaults - Configure Sling like AEM as a Cloud Service
Escape the defaults - Configure Sling like AEM as a Cloud ServiceRobert Munteanu
 
Crash course in Kubernetes monitoring
Crash course in Kubernetes monitoringCrash course in Kubernetes monitoring
Crash course in Kubernetes monitoringRobert Munteanu
 
Java agents for fun and (not so much) profit
Java agents for fun and (not so much) profitJava agents for fun and (not so much) profit
Java agents for fun and (not so much) profitRobert Munteanu
 
Will it blend? Java agents and OSGi
Will it blend? Java agents and OSGiWill it blend? Java agents and OSGi
Will it blend? Java agents and OSGiRobert Munteanu
 
Cloud-native legacy applications
Cloud-native legacy applicationsCloud-native legacy applications
Cloud-native legacy applicationsRobert Munteanu
 
From Monolith to Modules - breaking apart a one size fits all product into mo...
From Monolith to Modules - breaking apart a one size fits all product into mo...From Monolith to Modules - breaking apart a one size fits all product into mo...
From Monolith to Modules - breaking apart a one size fits all product into mo...Robert Munteanu
 
What's new in the Sling developer tooling?
What's new in the Sling developer tooling?What's new in the Sling developer tooling?
What's new in the Sling developer tooling?Robert Munteanu
 
Scaling up development of a modular code base
Scaling up development of a modular code baseScaling up development of a modular code base
Scaling up development of a modular code baseRobert Munteanu
 
Scaling up development of a modular code base
Scaling up development of a modular code baseScaling up development of a modular code base
Scaling up development of a modular code baseRobert Munteanu
 
Scaling up development of a modular code base
Scaling up development of a modular code baseScaling up development of a modular code base
Scaling up development of a modular code baseRobert Munteanu
 
Zero downtime deployments for Sling application using Docker
Zero downtime deployments for Sling application using DockerZero downtime deployments for Sling application using Docker
Zero downtime deployments for Sling application using DockerRobert Munteanu
 
Scaling up development of a modular code base
Scaling up development of a modular code baseScaling up development of a modular code base
Scaling up development of a modular code baseRobert Munteanu
 
Slide IDE Tooling (adaptTo 2016)
Slide IDE Tooling (adaptTo 2016)Slide IDE Tooling (adaptTo 2016)
Slide IDE Tooling (adaptTo 2016)Robert Munteanu
 
Apache Sling as an OSGi-powered REST middleware
Apache Sling as an OSGi-powered REST middlewareApache Sling as an OSGi-powered REST middleware
Apache Sling as an OSGi-powered REST middlewareRobert Munteanu
 
Building domain-specific testing tools : lessons learned from the Apache Slin...
Building domain-specific testing tools : lessons learned from the Apache Slin...Building domain-specific testing tools : lessons learned from the Apache Slin...
Building domain-specific testing tools : lessons learned from the Apache Slin...Robert Munteanu
 
So how do I test my Sling application?
So how do I test my Sling application? So how do I test my Sling application?
So how do I test my Sling application?Robert Munteanu
 

More from Robert Munteanu (20)

Secure by Default Web Applications
Secure by Default Web ApplicationsSecure by Default Web Applications
Secure by Default Web Applications
 
Sling Applications - A DevOps perspective
Sling Applications - A DevOps perspectiveSling Applications - A DevOps perspective
Sling Applications - A DevOps perspective
 
Will it blend? Java agents and OSGi
Will it blend? Java agents and OSGiWill it blend? Java agents and OSGi
Will it blend? Java agents and OSGi
 
Escape the defaults - Configure Sling like AEM as a Cloud Service
Escape the defaults - Configure Sling like AEM as a Cloud ServiceEscape the defaults - Configure Sling like AEM as a Cloud Service
Escape the defaults - Configure Sling like AEM as a Cloud Service
 
Crash course in Kubernetes monitoring
Crash course in Kubernetes monitoringCrash course in Kubernetes monitoring
Crash course in Kubernetes monitoring
 
Java agents for fun and (not so much) profit
Java agents for fun and (not so much) profitJava agents for fun and (not so much) profit
Java agents for fun and (not so much) profit
 
Will it blend? Java agents and OSGi
Will it blend? Java agents and OSGiWill it blend? Java agents and OSGi
Will it blend? Java agents and OSGi
 
Cloud-native legacy applications
Cloud-native legacy applicationsCloud-native legacy applications
Cloud-native legacy applications
 
Cloud-Native Sling
Cloud-Native SlingCloud-Native Sling
Cloud-Native Sling
 
From Monolith to Modules - breaking apart a one size fits all product into mo...
From Monolith to Modules - breaking apart a one size fits all product into mo...From Monolith to Modules - breaking apart a one size fits all product into mo...
From Monolith to Modules - breaking apart a one size fits all product into mo...
 
What's new in the Sling developer tooling?
What's new in the Sling developer tooling?What's new in the Sling developer tooling?
What's new in the Sling developer tooling?
 
Scaling up development of a modular code base
Scaling up development of a modular code baseScaling up development of a modular code base
Scaling up development of a modular code base
 
Scaling up development of a modular code base
Scaling up development of a modular code baseScaling up development of a modular code base
Scaling up development of a modular code base
 
Scaling up development of a modular code base
Scaling up development of a modular code baseScaling up development of a modular code base
Scaling up development of a modular code base
 
Zero downtime deployments for Sling application using Docker
Zero downtime deployments for Sling application using DockerZero downtime deployments for Sling application using Docker
Zero downtime deployments for Sling application using Docker
 
Scaling up development of a modular code base
Scaling up development of a modular code baseScaling up development of a modular code base
Scaling up development of a modular code base
 
Slide IDE Tooling (adaptTo 2016)
Slide IDE Tooling (adaptTo 2016)Slide IDE Tooling (adaptTo 2016)
Slide IDE Tooling (adaptTo 2016)
 
Apache Sling as an OSGi-powered REST middleware
Apache Sling as an OSGi-powered REST middlewareApache Sling as an OSGi-powered REST middleware
Apache Sling as an OSGi-powered REST middleware
 
Building domain-specific testing tools : lessons learned from the Apache Slin...
Building domain-specific testing tools : lessons learned from the Apache Slin...Building domain-specific testing tools : lessons learned from the Apache Slin...
Building domain-specific testing tools : lessons learned from the Apache Slin...
 
So how do I test my Sling application?
So how do I test my Sling application? So how do I test my Sling application?
So how do I test my Sling application?
 

Recently uploaded

Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfRankYa
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clashcharlottematthew16
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionDilum Bandara
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningLars Bell
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 

Recently uploaded (20)

Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdf
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clash
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An Introduction
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine Tuning
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 

Secure by Default Web Applications with Apache Sling