Show notes are at https://stevelitchfield.com/sshow/chat.html
…
continue reading
Kandungan disediakan oleh Localhost Podcast. Semua kandungan podcast termasuk episod, grafik dan perihalan podcast dimuat naik dan disediakan terus oleh Localhost Podcast atau rakan kongsi platform podcast mereka. Jika anda percaya seseorang menggunakan karya berhak cipta anda tanpa kebenaran anda, anda boleh mengikuti proses yang digariskan di sini https://ms.player.fm/legal.
Player FM - Aplikasi Podcast
Pergi ke luar talian dengan aplikasi Player FM !
Pergi ke luar talian dengan aplikasi Player FM !
014 - OWASP Top 10
MP3•Laman utama episod
Manage episode 205025637 series 1354553
Kandungan disediakan oleh Localhost Podcast. Semua kandungan podcast termasuk episod, grafik dan perihalan podcast dimuat naik dan disediakan terus oleh Localhost Podcast atau rakan kongsi platform podcast mereka. Jika anda percaya seseorang menggunakan karya berhak cipta anda tanpa kebenaran anda, anda boleh mengikuti proses yang digariskan di sini https://ms.player.fm/legal.
Hello from the Internet In this we count down the OWASP TOP 10 and explore the implications of each of the issues that we should be looking at in securing our applications. Enjoy the show! ## Show Notes - [OWASP](https://www.owasp.org/index.php/Main_Page) - [OWASP TOP 10 for 2017](https://www.owasp.org/images/7/72/OWASP_Top_10-2017_%28en%29.pdf.pdf) ### 10. Logs - Insufficient Logging and Monitoring - https://www.owasp.org/index.php/Top_10-2017_A10-Insufficient_Logging%26Monitoring - Graylog - https://www.graylog.org/ - Logstash (ELK) - https://www.elastic.co/elk-stack ### 09. Components - https://www.owasp.org/index.php/Top_10-2017_A9-Using_Components_with_Known_Vulnerabilities - Safety - Python - https://pyup.io/safety/ - Ruby - http://guides.rubygems.org/security/ - Node - Node Security - https://github.com/nodesecurity/nsp ### 08. Deserialization - https://www.owasp.org/index.php/Top_10-2017_A8-Insecure_Deserialization ### 07. XSS - https://www.owasp.org/index.php/Top_10-2017_A7-Cross-Site_Scripting_(XSS) ### 06. Security Misconfiguration - https://www.owasp.org/index.php/Top_10-2017_A6-Security_Misconfiguration - How to harden a Linux server: - https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-123.pdf - https://medium.com/viithiisys/10-steps-to-secure-linux-server-for-production-environment-a135109a57c5 - https://www.cyberciti.biz/tips/linux-security.html ### 05. Broken Access Control - https://www.owasp.org/index.php/Top_10-2017_A5-Broken_Access_Control - Firesheep - https://codebutler.com/projects/firesheep/ ### 04. XML External Entities - https://www.owasp.org/index.php/Top_10-2017_A4-XML_External_Entities_(XXE) - Billion Laughs Attack - https://en.wikipedia.org/wiki/Billion_laughs_attack ### 03. Sensitive Data Exposure - https://www.owasp.org/index.php/Top_10-2017_A3-Sensitive_Data_Exposure - PCI DSS - https://www.pcisecuritystandards.org/pci_security/ - GDPR - https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/ - Password Hashing - https://crackstation.net/hashing-security.htm - Best practice for SSL + TLS - https://www.ssllabs.com/ssltest/ - https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/ - Let’s Encrypt - https://letsencrypt.org/ - CipherList - Strong config for Apache / Nginx https://cipherli.st/ ### 02. Broken Authentication - https://www.owasp.org/index.php/Top_10-2017_A2-Broken_Authentication - Horse staple - https://xkcd.com/936/ - NIST - https://www.passwordping.com/surprising-new-password-guidelines-nist/ - Rainbow tables - http://project-rainbowcrack.com/table.htm - Google 2FA - Authy - https://authy.com/ - Duo - https://duo.com/ ### 01. Injection - https://www.owasp.org/index.php/Top_10-2017_A1-Injection - Bobby Tables - https://xkcd.com/327/ - Misc - Nessus - https://www.tenable.com/products/nessus/nessus-professional - OpenVas - http://www.openvas.org/ - ZED Attack Proxy - https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project - zxcvbn: realistic password strength estimation - https://blogs.dropbox.com/tech/2012/04/zxcvbn-realistic-password-strength-estimation/ - Be afraid, be very afraid - https://attack.mitre.org/wiki/Main_Page
…
continue reading
32 episod
MP3•Laman utama episod
Manage episode 205025637 series 1354553
Kandungan disediakan oleh Localhost Podcast. Semua kandungan podcast termasuk episod, grafik dan perihalan podcast dimuat naik dan disediakan terus oleh Localhost Podcast atau rakan kongsi platform podcast mereka. Jika anda percaya seseorang menggunakan karya berhak cipta anda tanpa kebenaran anda, anda boleh mengikuti proses yang digariskan di sini https://ms.player.fm/legal.
Hello from the Internet In this we count down the OWASP TOP 10 and explore the implications of each of the issues that we should be looking at in securing our applications. Enjoy the show! ## Show Notes - [OWASP](https://www.owasp.org/index.php/Main_Page) - [OWASP TOP 10 for 2017](https://www.owasp.org/images/7/72/OWASP_Top_10-2017_%28en%29.pdf.pdf) ### 10. Logs - Insufficient Logging and Monitoring - https://www.owasp.org/index.php/Top_10-2017_A10-Insufficient_Logging%26Monitoring - Graylog - https://www.graylog.org/ - Logstash (ELK) - https://www.elastic.co/elk-stack ### 09. Components - https://www.owasp.org/index.php/Top_10-2017_A9-Using_Components_with_Known_Vulnerabilities - Safety - Python - https://pyup.io/safety/ - Ruby - http://guides.rubygems.org/security/ - Node - Node Security - https://github.com/nodesecurity/nsp ### 08. Deserialization - https://www.owasp.org/index.php/Top_10-2017_A8-Insecure_Deserialization ### 07. XSS - https://www.owasp.org/index.php/Top_10-2017_A7-Cross-Site_Scripting_(XSS) ### 06. Security Misconfiguration - https://www.owasp.org/index.php/Top_10-2017_A6-Security_Misconfiguration - How to harden a Linux server: - https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-123.pdf - https://medium.com/viithiisys/10-steps-to-secure-linux-server-for-production-environment-a135109a57c5 - https://www.cyberciti.biz/tips/linux-security.html ### 05. Broken Access Control - https://www.owasp.org/index.php/Top_10-2017_A5-Broken_Access_Control - Firesheep - https://codebutler.com/projects/firesheep/ ### 04. XML External Entities - https://www.owasp.org/index.php/Top_10-2017_A4-XML_External_Entities_(XXE) - Billion Laughs Attack - https://en.wikipedia.org/wiki/Billion_laughs_attack ### 03. Sensitive Data Exposure - https://www.owasp.org/index.php/Top_10-2017_A3-Sensitive_Data_Exposure - PCI DSS - https://www.pcisecuritystandards.org/pci_security/ - GDPR - https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/ - Password Hashing - https://crackstation.net/hashing-security.htm - Best practice for SSL + TLS - https://www.ssllabs.com/ssltest/ - https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/ - Let’s Encrypt - https://letsencrypt.org/ - CipherList - Strong config for Apache / Nginx https://cipherli.st/ ### 02. Broken Authentication - https://www.owasp.org/index.php/Top_10-2017_A2-Broken_Authentication - Horse staple - https://xkcd.com/936/ - NIST - https://www.passwordping.com/surprising-new-password-guidelines-nist/ - Rainbow tables - http://project-rainbowcrack.com/table.htm - Google 2FA - Authy - https://authy.com/ - Duo - https://duo.com/ ### 01. Injection - https://www.owasp.org/index.php/Top_10-2017_A1-Injection - Bobby Tables - https://xkcd.com/327/ - Misc - Nessus - https://www.tenable.com/products/nessus/nessus-professional - OpenVas - http://www.openvas.org/ - ZED Attack Proxy - https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project - zxcvbn: realistic password strength estimation - https://blogs.dropbox.com/tech/2012/04/zxcvbn-realistic-password-strength-estimation/ - Be afraid, be very afraid - https://attack.mitre.org/wiki/Main_Page
…
continue reading
32 episod
Semua episod
×Selamat datang ke Player FM
Player FM mengimbas laman-laman web bagi podcast berkualiti tinggi untuk anda nikmati sekarang. Ia merupakan aplikasi podcast terbaik dan berfungsi untuk Android, iPhone, dan web. Daftar untuk melaraskan langganan merentasi peranti.