Artwork

Konten disediakan oleh Localhost Podcast. Semua konten podcast termasuk episode, grafik, dan deskripsi podcast diunggah dan disediakan langsung oleh Localhost Podcast atau mitra platform podcast mereka. Jika Anda yakin seseorang menggunakan karya berhak cipta Anda tanpa izin, Anda dapat mengikuti proses yang diuraikan di sini https://id.player.fm/legal.
Player FM - Aplikasi Podcast
Offline dengan aplikasi Player FM !

014 - OWASP Top 10

1:01:11
 
Bagikan
 

Manage episode 205025637 series 1354553
Konten disediakan oleh Localhost Podcast. Semua konten podcast termasuk episode, grafik, dan deskripsi podcast diunggah dan disediakan langsung oleh Localhost Podcast atau mitra platform podcast mereka. Jika Anda yakin seseorang menggunakan karya berhak cipta Anda tanpa izin, Anda dapat mengikuti proses yang diuraikan di sini https://id.player.fm/legal.
Hello from the Internet In this we count down the OWASP TOP 10 and explore the implications of each of the issues that we should be looking at in securing our applications. Enjoy the show! ## Show Notes - [OWASP](https://www.owasp.org/index.php/Main_Page) - [OWASP TOP 10 for 2017](https://www.owasp.org/images/7/72/OWASP_Top_10-2017_%28en%29.pdf.pdf) ### 10. Logs - Insufficient Logging and Monitoring - https://www.owasp.org/index.php/Top_10-2017_A10-Insufficient_Logging%26Monitoring - Graylog - https://www.graylog.org/ - Logstash (ELK) - https://www.elastic.co/elk-stack ### 09. Components - https://www.owasp.org/index.php/Top_10-2017_A9-Using_Components_with_Known_Vulnerabilities - Safety - Python - https://pyup.io/safety/ - Ruby - http://guides.rubygems.org/security/ - Node - Node Security - https://github.com/nodesecurity/nsp ### 08. Deserialization - https://www.owasp.org/index.php/Top_10-2017_A8-Insecure_Deserialization ### 07. XSS - https://www.owasp.org/index.php/Top_10-2017_A7-Cross-Site_Scripting_(XSS) ### 06. Security Misconfiguration - https://www.owasp.org/index.php/Top_10-2017_A6-Security_Misconfiguration - How to harden a Linux server: - https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-123.pdf - https://medium.com/viithiisys/10-steps-to-secure-linux-server-for-production-environment-a135109a57c5 - https://www.cyberciti.biz/tips/linux-security.html ### 05. Broken Access Control - https://www.owasp.org/index.php/Top_10-2017_A5-Broken_Access_Control - Firesheep - https://codebutler.com/projects/firesheep/ ### 04. XML External Entities - https://www.owasp.org/index.php/Top_10-2017_A4-XML_External_Entities_(XXE) - Billion Laughs Attack - https://en.wikipedia.org/wiki/Billion_laughs_attack ### 03. Sensitive Data Exposure - https://www.owasp.org/index.php/Top_10-2017_A3-Sensitive_Data_Exposure - PCI DSS - https://www.pcisecuritystandards.org/pci_security/ - GDPR - https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/ - Password Hashing - https://crackstation.net/hashing-security.htm - Best practice for SSL + TLS - https://www.ssllabs.com/ssltest/ - https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/ - Let’s Encrypt - https://letsencrypt.org/ - CipherList - Strong config for Apache / Nginx https://cipherli.st/ ### 02. Broken Authentication - https://www.owasp.org/index.php/Top_10-2017_A2-Broken_Authentication - Horse staple - https://xkcd.com/936/ - NIST - https://www.passwordping.com/surprising-new-password-guidelines-nist/ - Rainbow tables - http://project-rainbowcrack.com/table.htm - Google 2FA - Authy - https://authy.com/ - Duo - https://duo.com/ ### 01. Injection - https://www.owasp.org/index.php/Top_10-2017_A1-Injection - Bobby Tables - https://xkcd.com/327/ - Misc - Nessus - https://www.tenable.com/products/nessus/nessus-professional - OpenVas - http://www.openvas.org/ - ZED Attack Proxy - https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project - zxcvbn: realistic password strength estimation - https://blogs.dropbox.com/tech/2012/04/zxcvbn-realistic-password-strength-estimation/ - Be afraid, be very afraid - https://attack.mitre.org/wiki/Main_Page
  continue reading

32 episode

Artwork
iconBagikan
 
Manage episode 205025637 series 1354553
Konten disediakan oleh Localhost Podcast. Semua konten podcast termasuk episode, grafik, dan deskripsi podcast diunggah dan disediakan langsung oleh Localhost Podcast atau mitra platform podcast mereka. Jika Anda yakin seseorang menggunakan karya berhak cipta Anda tanpa izin, Anda dapat mengikuti proses yang diuraikan di sini https://id.player.fm/legal.
Hello from the Internet In this we count down the OWASP TOP 10 and explore the implications of each of the issues that we should be looking at in securing our applications. Enjoy the show! ## Show Notes - [OWASP](https://www.owasp.org/index.php/Main_Page) - [OWASP TOP 10 for 2017](https://www.owasp.org/images/7/72/OWASP_Top_10-2017_%28en%29.pdf.pdf) ### 10. Logs - Insufficient Logging and Monitoring - https://www.owasp.org/index.php/Top_10-2017_A10-Insufficient_Logging%26Monitoring - Graylog - https://www.graylog.org/ - Logstash (ELK) - https://www.elastic.co/elk-stack ### 09. Components - https://www.owasp.org/index.php/Top_10-2017_A9-Using_Components_with_Known_Vulnerabilities - Safety - Python - https://pyup.io/safety/ - Ruby - http://guides.rubygems.org/security/ - Node - Node Security - https://github.com/nodesecurity/nsp ### 08. Deserialization - https://www.owasp.org/index.php/Top_10-2017_A8-Insecure_Deserialization ### 07. XSS - https://www.owasp.org/index.php/Top_10-2017_A7-Cross-Site_Scripting_(XSS) ### 06. Security Misconfiguration - https://www.owasp.org/index.php/Top_10-2017_A6-Security_Misconfiguration - How to harden a Linux server: - https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-123.pdf - https://medium.com/viithiisys/10-steps-to-secure-linux-server-for-production-environment-a135109a57c5 - https://www.cyberciti.biz/tips/linux-security.html ### 05. Broken Access Control - https://www.owasp.org/index.php/Top_10-2017_A5-Broken_Access_Control - Firesheep - https://codebutler.com/projects/firesheep/ ### 04. XML External Entities - https://www.owasp.org/index.php/Top_10-2017_A4-XML_External_Entities_(XXE) - Billion Laughs Attack - https://en.wikipedia.org/wiki/Billion_laughs_attack ### 03. Sensitive Data Exposure - https://www.owasp.org/index.php/Top_10-2017_A3-Sensitive_Data_Exposure - PCI DSS - https://www.pcisecuritystandards.org/pci_security/ - GDPR - https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/ - Password Hashing - https://crackstation.net/hashing-security.htm - Best practice for SSL + TLS - https://www.ssllabs.com/ssltest/ - https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/ - Let’s Encrypt - https://letsencrypt.org/ - CipherList - Strong config for Apache / Nginx https://cipherli.st/ ### 02. Broken Authentication - https://www.owasp.org/index.php/Top_10-2017_A2-Broken_Authentication - Horse staple - https://xkcd.com/936/ - NIST - https://www.passwordping.com/surprising-new-password-guidelines-nist/ - Rainbow tables - http://project-rainbowcrack.com/table.htm - Google 2FA - Authy - https://authy.com/ - Duo - https://duo.com/ ### 01. Injection - https://www.owasp.org/index.php/Top_10-2017_A1-Injection - Bobby Tables - https://xkcd.com/327/ - Misc - Nessus - https://www.tenable.com/products/nessus/nessus-professional - OpenVas - http://www.openvas.org/ - ZED Attack Proxy - https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project - zxcvbn: realistic password strength estimation - https://blogs.dropbox.com/tech/2012/04/zxcvbn-realistic-password-strength-estimation/ - Be afraid, be very afraid - https://attack.mitre.org/wiki/Main_Page
  continue reading

32 episode

Semua episode

×
 
Loading …

Selamat datang di Player FM!

Player FM memindai web untuk mencari podcast berkualitas tinggi untuk Anda nikmati saat ini. Ini adalah aplikasi podcast terbaik dan bekerja untuk Android, iPhone, dan web. Daftar untuk menyinkronkan langganan di seluruh perangkat.

 

Panduan Referensi Cepat