Professional Documents
Culture Documents
http://blog.harisfazillah.info/2011/02/green-open-source-security-tools-owasp.html
http://www.docstoc.com/docs/71251140/green_klgreenhat_10022011
Harisfazillah Jamel presentation during KL GreenHat 2011 UniKL Kuala Lumpur Malaysia -
http://greenhat.my/
Archive
http://www.scribd.com/doc/48505680/Open-Source-Security-Tools-OWASP-Malaysia-KL-GreenHat-
2011-UniKL
http://www.slideshare.net/linuxmalaysia/green-open-source-security-tools-owasp-malaysia
Transcript :-
G.R.E.E.N
Open Source Security Tools
OWASP Malaysia
www.owasp.my
KL GreenHat - 10 Feb 2011
G.R.E.E.N
G roup
R econ
E ducation
E motion Control
N eutralized
G.R.E.E.N
G roup
G roup
G roup
G roup
ps. If you are reading this slide, you need to come to my session KL Greenhat 2011 and I will tell you.
G roup
Within Group
We can set policy and rules
We can implement policy and rules
We can by law punish who break the rules
G roup
G roup
G roup
G roup
http://www.owasp.org/index.php/Category:How_To
G roup
Audit Tools
Bastille Unix
• A hardening script
• bastille --report
• http://bastille-linux.sourceforge.net/
G roup
G.R.E.E.N
R econ
R econ
• Log monitoring
• Process monitoring
• Network Monitoring
• Files Monitoring
• Host Monitoring
• Human Monitoring
R econ
Log Monitoring
R econ
Process Monitoring
R econ
Network Monitoring
Network Intrusion Detection System
• Snort
• Snort Web interface using ACID
• BRO - ada berani (need to customize)
R econ
Files Monitoring
R econ
Host Monitoring
R econ
Human Monitoring
Opensource CCTV
Zoneminder - www.zoneminder.com
G.R.E.E.N
E ducation
E ducation
E ducation
Action Plan
Users - Cybersafe Malaysia
Sysadmin - OWASP Webgoat
Developers - OWASP top 10
Management - Create and implement Security policy
E ducation
www.cybersafe.my
E ducation
E ducation
A1: Injection
A2: Cross-Site Scripting (XSS)
A3: Broken Authentication and Session
Management
A4: Insecure Direct Object References
A5: Cross-Site Request Forgery (CSRF)
A6: Security Misconfiguration
A7: Insecure Cryptographic Storage
A8: Failure to Restrict URL Access
A9: Insufficient Transport Layer Protection
A10: Unvalidated Redirects and Forwards
E ducation
Certification is important
Get your people certified
G.R.E.E.N
E motion Control
E motion Control
Be Calm
E motion Control
TuxRacer
Bos Wars
Globulation 2
FreeCol
LinCity-NGSauerbraten
Sokoban
EnigmaBillardGL
Wesnoth
FlightgearBzflag
Opensource games
G.R.E.E.N
N eutralized
N eutralized
• Firewall
•Intrusion Prevention Framework
Filter the packets and data
• Web proxy
• Email filter
Protect the connection
N eutralized
Firewall
• M0n0wall
• PFsense
• Fail2ban
• TCP Wrapper
N eutralized
Webproxy
• Squid + Dansguardian
• Nginx
Email Filter
• Amavis-new
• Mailscanner
N eutralized
OWASP Malaysia
www.owasp.my
The End
Harisfazillah Jamel
10 Feb 2011