Professional Documents
Culture Documents
doctype html>
SECURITY
OWASP Helsinki 15.6.2011
Ville Svuori
<!doctype html>
html
Distributed Log storage, analysis Graphing HTTP Caching Input/Output Filtering Memory Caching Non-relational Key Stores Rate Limiting Relational Storage Queues Rate Limiting Real-time messaging (XMPP) Search
Instrumentation/Monitoring Failover Node addition/removal and hashing Auto-scaling for cloud resources
Multiple Devs, Staging, Prod Data model upgrades Rolling deployments Multiple versions (selective beta) Bucket Testing Rollbacks CDN Management
Ranging Geo
Dirty-table management
http://randomfoo.net/2009/01/28/infrastructure-for-modern-web-sites
complex
http://www.flickr.com/photos/stuckincustoms/5069047950/
what is it?
security
<audio>
HTTP/1.1 200 OK Date: Wed, 15 Jun 2011 17:45:00 GMT Server: Nginx/1.0.4 Access-Control-Allow-Origin: http://syneus.fi
local storage
localStorage.setItem('name', 'Hello World!');
SVG
CSS3
div > p:last-of-type { ... }
GeoLocation
navigator.geolocation.getCurrentPosition(show_map);
<iframe sandbox="allow-scripts">
in the wild
http://www.flickr.com/photos/sharkbait/2992242065/
common issues
http://www.flickr.com/photos/rainbirder/5068808204/
XSS
http://www.flickr.com/photos/rainbirder/5068808204/
XSRF
http://www.flickr.com/photos/rainbirder/5068808204/
SQL Injection
http://www.flickr.com/photos/rainbirder/5068808204/
Clickjacking
http://www.flickr.com/photos/rainbirder/5068808204/
ways to protect
http://www.flickr.com/photos/soldiersmediacenter/5285447846/
understand threats
http://www.flickr.com/photos/soldiersmediacenter/5285447846/
sanitation
http://www.flickr.com/photos/soldiersmediacenter/5285447846/
http://www.flickr.com/photos/soldiersmediacenter/5285447846/
stay updated
http://www.flickr.com/photos/soldiersmediacenter/5285447846/
The answers to your Security Questions are case sensitive and cannot contain special characters like an apostrophe, or the words insert, delete, drop, update, null, or select.
Sacramento Credit Union
http://www.flickr.com/photos/remydwd/48898192/
Best practices
http://www.flickr.com/photos/amagill/51806161/
trust no one
http://www.flickr.com/photos/furryscalyman/673915993/
outsource
or
hire someone
but at least
use a checklist
educate them
Why is it important to have a good password?
MORE
html5sec.org lyh.fi/web_security www.syneus.fi/aiheet/html5
Kiitos!
Ville Svuori @uninen
MORE
html5sec.org lyh.fi/web_security www.syneus.fi/aiheet/html5