Professional Documents
Culture Documents
Brian Chess
Founder / Chief Scientist
Fortify Software
brian@fortifysoftware.com
OWASP
AppSec
Seattle Copyright © 2006 - The OWASP Foundation
Oct 2006 Permission is granted to copy, distribute and/or modify this document under the
terms of the Creative Commons Attribution-ShareAlike 2.5 License. To view this
license, visit http://creativecommons.org/licenses/by-sa/2.5/
Background
Business
Architecture
Risk
Authentication
Access Control
Attacks and Other Security Challenges
Security Today
Silver Bullets
Directory
Java
Java Directory
Java
Java
Java Database
Java Database
Database
Internet Apache
Apache Directory
Apache
Database
Database
Database
Java
Java
Java
Java
Java Database
Java Database
Database
Database
Java Database
Java Database
Java
Java
Java Database
Java Database
Database
Database
Java Database
Java Database
Performance Logging Java
My data
Your data
Market Risk
Risk
Security Risk
Time
Application:
Complex, user-defined roles
Administration
progression of security measures: IP address,
login, authenticate against CORP, auditing
problem w. log security--need to give access
to outsourced support
bug #1
Severity S5 - Minor
Priority 9
OWASP AppSec Seattle 2006 23
Noteworthy Security Challenges
bug #1
SSH with blackberry
Installing X Windows
Playing nicely with partners
problem w. logging: must not log
passwords, cc#s