Security Training Introduction

Uploaded by

Panos Koukios

0% found this document useful (0 votes)

1 views1 page

Security

Original Title

1. Security Training Introduction

Copyright

Available Formats

PDF, TXT or read online from Scribd

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Report this Document

Security

Copyright:

Available Formats

Download as PDF, TXT or read online from Scribd

Flag for inappropriate content

0% found this document useful (0 votes)

1 views1 page

Security Training Introduction

Uploaded by

Panos Koukios

Security

Copyright:

Available Formats

Download as PDF, TXT or read online from Scribd

Flag for inappropriate content

Jump to Page

You are on page 1of 1

Search inside document

This presentation is designed to raise the awareness towards modern threats and

show the security related challenges that arise during application development. It
consists of two parts. The first is more generic and gives an overview covering the
most common attack vectors, such as phishing. The second is mainly geared
towards Web Application Security, the type of applications we develop at JR
Technologies. It focuses both on the User Interface part as well as the backend and
the communication between them. It describes possible attacks, how to protect
against them and best coding practices to avoid vulnerabilities. A non-exhaustive
list of topics covered follows.

Simple Security Principles:

 Known vulnerabilities
 Phishing/Spear Phishing
 Malware attacks
 Weak authentication
 Secure password storage
 Importance of SSL/TLS (HTTPS)
 Basic terms (authentication, integrity…)
 Network vs Application security
 Secure Requirements

Web Application Security:

 SQL injection/Command Injection
 Authentication and session management. Session hijacking, session fixation,
cookie handling...
 Cross Site Scripting (XSS) Persistent, Reflected, DOM-Based
 Insecure Direct Object Reference
 Missing Function Level Access Control
 File Upload Filtering
 Cross Site Request Forgery (CSRF)
 Unvalidated Redirects and forwards
 Same Origin Policy (SOP)
 Cross Origin Resource Sharing (CORS)
 Clickjacking
 Content Security Policy (CSP)
 Javascript, AJAX, HTML 5, JSON related security
 XML Injection
 XML External Entity Attack (XXE)
 Symmetric-Key Cryptography
 Hash algorithms
 Message Authentication Code (MAC)
 Public-Key Cryptography
 Digital Signatures
 Man-in-the-Middle Attack (MITM)
 Public-Key Infrastructure, Digital Certificates (CRLs, OCSP…)
 SSL/TLS Protocols
 Pseudo Random Number Generators (PRNGs)
 Password management, password hashing algorithms
 Input Validation
 Path Traversal Vulnerability
 Java Best Practices

COMPTIA Security+ Cheat Sheet
Document2 pages
COMPTIA Security+ Cheat Sheet
arekbee
100% (3)
Comptia Security Plus Notes
Document9 pages
Comptia Security Plus Notes
Ismail Abdirahman
No ratings yet
Cyber Exploits and Vulnerabilities For Ethical Hackers
Document10 pages
Cyber Exploits and Vulnerabilities For Ethical Hackers
Shaimaa Ali
No ratings yet
Application Security and Secure Programming
Document81 pages
Application Security and Secure Programming
Semi Yulianto
No ratings yet
Seven Deadliest Web Application Attacks
From Everand
Seven Deadliest Web Application Attacks
Mike Shema
No ratings yet
Security As A Process in Software Development Lifecycle v2.0
Document39 pages
Security As A Process in Software Development Lifecycle v2.0
shruti
No ratings yet
SOC Interview Questions
Document35 pages
SOC Interview Questions
Akhil Kumar
No ratings yet
Cross Site Request Forgery (CSRF) Attack
Document8 pages
Cross Site Request Forgery (CSRF) Attack
andrisuranti
No ratings yet
الأسئلة المتوقعة لمقابلات الأمن السيبراني
Document8 pages
الأسئلة المتوقعة لمقابلات الأمن السيبراني
Abood Alotibi
No ratings yet
Email Is The Best Way To Reach Me: Chirag Jatin Gajiwala Lead Security Engineer/Consultant Tel: 314-394-8287 Email ID
Document12 pages
Email Is The Best Way To Reach Me: Chirag Jatin Gajiwala Lead Security Engineer/Consultant Tel: 314-394-8287 Email ID
Ashwani kumar
No ratings yet
Application Security Cloud
Document31 pages
Application Security Cloud
M S Prasad
100% (1)
Source Code Review
Document37 pages
Source Code Review
cikgufatah
No ratings yet
CNS - Notes
Document155 pages
CNS - Notes
Ramalaxmi Bolla
0% (1)
Comptia Security+ Sy0-601: Course Content
Document8 pages
Comptia Security+ Sy0-601: Course Content
Shiva Chandrasekharan
50% (2)
Secure Web Application Development
Document3 pages
Secure Web Application Development
Mangesh Abnave
No ratings yet
Cyber Security
Document2 pages
Cyber Security
Sudheer Ramakrishna
No ratings yet
Exploiting Server Vulnerabilities With XSS and Server Side Scripting Attacks
Document21 pages
Exploiting Server Vulnerabilities With XSS and Server Side Scripting Attacks
Mike Kennedy
100% (1)
Web Application Security
Document9 pages
Web Application Security
tbt
No ratings yet
Is Scouse Outline VF
Document4 pages
Is Scouse Outline VF
Muller Muley
No ratings yet
Information Security Management in Organisation
Document21 pages
Information Security Management in Organisation
Deepak Raturi
No ratings yet
(SQL) Injection and Cross-Site Scripting - Edited
Document5 pages
(SQL) Injection and Cross-Site Scripting - Edited
John John
No ratings yet
Extra Credit Review Notes
Document1 page
Extra Credit Review Notes
scythermantis
No ratings yet
Information Security
Document9 pages
Information Security
ascii02
No ratings yet
Priyal Keharia Is Exp 5
Document19 pages
Priyal Keharia Is Exp 5
Priyal Keharia
No ratings yet
The Threats To Our Products: Loren Kohnfelder and
Document9 pages
The Threats To Our Products: Loren Kohnfelder and
h2425695
No ratings yet
Cross-Site Scripting: Computer and Network Security Seminar
Document25 pages
Cross-Site Scripting: Computer and Network Security Seminar
nageshmalyala
No ratings yet
Computersecurity Outline
Document5 pages
Computersecurity Outline
shifara Tesfaye
No ratings yet
Faculty of Engineering, Sciences & Technology Cryptography and Data Security Assignment Instructor: Ali Ahmad Siddiqui
Document11 pages
Faculty of Engineering, Sciences & Technology Cryptography and Data Security Assignment Instructor: Ali Ahmad Siddiqui
Usama Ashraf
No ratings yet
Module - 4
Document3 pages
Module - 4
Aishwarya Aishwarya
No ratings yet
ECSS v3 Brochure
Document39 pages
ECSS v3 Brochure
Mahesh Bhat
No ratings yet
CCS374 Web Application Security
Document18 pages
CCS374 Web Application Security
barathkumar00001
No ratings yet
CSRF and XSS Attacks and Defense Mechanisms
Document4 pages
CSRF and XSS Attacks and Defense Mechanisms
International Journal of Innovative Science and Research Technology
100% (1)
Ethical Hacking Modules
Document21 pages
Ethical Hacking Modules
sarwarbilal523
No ratings yet
AISE Syllabus
Document1 page
AISE Syllabus
Shivam Chhabra
No ratings yet
06-Determine The Type of Attack
Document4 pages
06-Determine The Type of Attack
Luis Miguel P. Freitas
No ratings yet
Cybersecurity Measures Hardware Vulnerabilities
Document12 pages
Cybersecurity Measures Hardware Vulnerabilities
Seethal S Kumar
No ratings yet
Ethical Hacking C'Measure Revision
Document14 pages
Ethical Hacking C'Measure Revision
Calvin Diong
No ratings yet
Cyber Ops Summary
Document5 pages
Cyber Ops Summary
Dominique Eijansantos
No ratings yet
What Is Cross-Site Scripting (XSS) ?
Document4 pages
What Is Cross-Site Scripting (XSS) ?
serzhan
No ratings yet
Network Security Fundamentals & Concepts (INE-converted)
Document45 pages
Network Security Fundamentals & Concepts (INE-converted)
Niko
No ratings yet
Cross-Site Scripting Detection and Prevention Techniques
Document23 pages
Cross-Site Scripting Detection and Prevention Techniques
Arfa Shaikh
No ratings yet
CISCO Term Paper 1-4 Module
Document11 pages
CISCO Term Paper 1-4 Module
Avinash A
No ratings yet
Web Security, XSS, Injection
Document137 pages
Web Security, XSS, Injection
Menberu Munye
No ratings yet
XSS (Cross Site Scripting) Prevention Cheat Sheet
Document11 pages
XSS (Cross Site Scripting) Prevention Cheat Sheet
sjmpak
No ratings yet
Title 5
Document2 pages
Title 5
М. Энэрэлт
No ratings yet
7 Types of Information Security Incidents
Document9 pages
7 Types of Information Security Incidents
ebrahimranama
No ratings yet
Software Security: Cybersecurity Specialization-Coursera
Document25 pages
Software Security: Cybersecurity Specialization-Coursera
Raunak
No ratings yet
CSS Question Bank
Document19 pages
CSS Question Bank
Arun Choudhary
No ratings yet
Artificial Intelligence and Machine Learning in The Security Operations Center Overview
Document12 pages
Artificial Intelligence and Machine Learning in The Security Operations Center Overview
Duc Nguyen Minh
No ratings yet
Veracode Whitepaper Eradicate Xss
Document8 pages
Veracode Whitepaper Eradicate Xss
gxa2007
No ratings yet
Analysis
Document5 pages
Analysis
api-235769548
No ratings yet
Infrastructure Security
Document107 pages
Infrastructure Security
Doctor Lyrics
No ratings yet
Latest Research Papers On Network Security PDF
Document5 pages
Latest Research Papers On Network Security PDF
fvf3f9h1
100% (1)
Final Interviw Prepar
Document4 pages
Final Interviw Prepar
sandeep singh
No ratings yet
Security Quick Review 2020
Document84 pages
Security Quick Review 2020
Ahmed Ali
No ratings yet
Advanced Java Security
Document10 pages
Advanced Java Security
Arunendu Maji
No ratings yet
Syllabus in Computer System Security
Document3 pages
Syllabus in Computer System Security
Era Buzo
No ratings yet
Types of Web Security Threats & Their Fixes
Document7 pages
Types of Web Security Threats & Their Fixes
Abhijit Chatterjee
No ratings yet
QB Honors
Document4 pages
QB Honors
Kandha Kumaran Thevar
No ratings yet
Secure Coding Protecting Windows and C Web Applications
From Everand
Secure Coding Protecting Windows and C Web Applications
Américo Moreira
No ratings yet
Aerostream Order APIs v1.7
Document51 pages
Aerostream Order APIs v1.7
Panos Koukios
No ratings yet
Soldier of Fortune
Document2 pages
Soldier of Fortune
Panos Koukios
100% (1)
Java-C++ Comparison: Differences at A Glance
Document3 pages
Java-C++ Comparison: Differences at A Glance
Panos Koukios
No ratings yet
Web Application Security
Document181 pages
Web Application Security
Panos Koukios
No ratings yet
The ObjectStore Database System - Lamb
Document14 pages
The ObjectStore Database System - Lamb
Panos Koukios
No ratings yet
Study Guide For 1Z0-144 by Matthew Morris - Code
Document36 pages
Study Guide For 1Z0-144 by Matthew Morris - Code
Panos Koukios
0% (1)
Improved Histograms For Selectivity Estimation of Range Predicates - Poosala
Document12 pages
Improved Histograms For Selectivity Estimation of Range Predicates - Poosala
Panos Koukios
No ratings yet
Wcaching PDF
Document34 pages
Wcaching PDF
Panos Koukios
No ratings yet
Join Processing in Database With Large Main Memories Systems
Document26 pages
Join Processing in Database With Large Main Memories Systems
absials
No ratings yet
Access Path Selection in A Relational Dbms - Selinger
Document12 pages
Access Path Selection in A Relational Dbms - Selinger
Panos Koukios
No ratings yet
Efficient Locking For Concurrent Operations On B-Trees - Lehman
Document21 pages
Efficient Locking For Concurrent Operations On B-Trees - Lehman
Panos Koukios
No ratings yet
Granularity of Locks and Degrees of Consistency in A Shared Database - Gray
Document29 pages
Granularity of Locks and Degrees of Consistency in A Shared Database - Gray
Panos Koukios
No ratings yet
Working With Unix
Document212 pages
Working With Unix
Richa Rahul Mishra
No ratings yet