Upload File

cloud = web, web = hacked! fabio viggiani. why web apps? every organization exposes web apps most...

  • Home
  • Documents
  • Cloud = Web, Web = Hacked! Fabio Viggiani. Why Web Apps? Every organization exposes web apps Most common entry point Image source:
13
Cloud = Web, Web = Hacked! Fabio Viggiani

Upload: leon-richardson

Post on 17-Jan-2016

222 views

Category:

Documents


0 download

Report

Tags:

TRANSCRIPT

Page 1: Cloud = Web, Web = Hacked! Fabio Viggiani. Why Web Apps? Every organization exposes web apps Most common entry point Image source:

Cloud = Web, Web = Hacked!Fabio Viggiani

Page 2: Cloud = Web, Web = Hacked! Fabio Viggiani. Why Web Apps? Every organization exposes web apps Most common entry point Image source:

Why Web Apps?• Every organization exposes web apps• Most common entry point

Image source: http://i.imgur.com

Image source:https://www.flickr.com/photos/brianklug/6870002408

Page 3: Cloud = Web, Web = Hacked! Fabio Viggiani. Why Web Apps? Every organization exposes web apps Most common entry point Image source:

Focus

• SQL injection, XSS… again with that old stuff???• Well, we DO find them every day!• Why?

Page 4: Cloud = Web, Web = Hacked! Fabio Viggiani. Why Web Apps? Every organization exposes web apps Most common entry point Image source:

Demo Environment

Page 5: Cloud = Web, Web = Hacked! Fabio Viggiani. Why Web Apps? Every organization exposes web apps Most common entry point Image source:

Let’s hack!• Basic stuff – warm up and understand• Cross Site Scripting (XSS)• SQL injection

Image source: http://gizmodo.com/5498412/sql-injection-license-plate-hopes-to-foil-euro-traffic-cameras

Page 6: Cloud = Web, Web = Hacked! Fabio Viggiani. Why Web Apps? Every organization exposes web apps Most common entry point Image source:

We should be able to fix this

• XSS filters available online• Prepared statements – easy and well documented

• Let’s do it

Page 7: Cloud = Web, Web = Hacked! Fabio Viggiani. Why Web Apps? Every organization exposes web apps Most common entry point Image source:

Let’s hack, again.

Image source: http://www.ekantipur.com

Page 8: Cloud = Web, Web = Hacked! Fabio Viggiani. Why Web Apps? Every organization exposes web apps Most common entry point Image source:

Demo Environment

Page 9: Cloud = Web, Web = Hacked! Fabio Viggiani. Why Web Apps? Every organization exposes web apps Most common entry point Image source:

2nd order SQL injection

Page 10: Cloud = Web, Web = Hacked! Fabio Viggiani. Why Web Apps? Every organization exposes web apps Most common entry point Image source:

What went wrong?

• Best practices• Input validation / Output encoding• Whitelist / Blacklist

• Localized fixes• Code structure• Default behaviors

Page 11: Cloud = Web, Web = Hacked! Fabio Viggiani. Why Web Apps? Every organization exposes web apps Most common entry point Image source:

We hack once again. For real now.

Page 12: Cloud = Web, Web = Hacked! Fabio Viggiani. Why Web Apps? Every organization exposes web apps Most common entry point Image source:

We hack once again. For real now.

Page 13: Cloud = Web, Web = Hacked! Fabio Viggiani. Why Web Apps? Every organization exposes web apps Most common entry point Image source:

We hack once again. For real now.


Web Apps vs Native Apps

Office Web Apps para Professores - download.microsoft.comdownload.microsoft.com/.../Passo_a_passo_WebApps.pdf · Usar o Office Web Apps no Windows Live Para usar o Office Web Apps

Web Apps vs. Native Apps: The Low Down

Web 2.0 Apps

Native Apps vs Hybrid Apps vs Mobile Web Apps

DTT Development in Italy Egidio Viggiani General Secretary Sarajevo, 22 May 2008

Native Mobile Apps Vs. Web Apps

Apps web vs apps nativas

PHILLIP VIGGIANI Special Agent, Federal Bureau of

Web Apps vs Web Site

1.cdn.edl.io  · Web viewJanuary 2016Volume 4, Issue 2Principal - Mr. Steve Viggiani Co-Advisors – Mrs

Web and API Apps in Azure - files.meetup.comfiles.meetup.com/5337282/Introduction to Azure - Web and API.pdf · Logic Apps API Apps. ... Visual Studio + App Service Web Apps Create

Company Portfolio : Apps and Web Apps Development

DTT Development in Italy Egidio Viggiani General Secretary

Viggiani, G., And Atkinson, J. H._1995_Geotechnique

Mobile web apps

Health Promotion Theoretical Frameworks Jennie Naidoo and Nick de Viggiani June 2009

Viggiani C., Piles and Pile Foundations, 2012.pdf

DA with Wa - Desktop Apps With Web Apps

Mobile Web Apps vs. Mobile Native Apps

HTML5 Web Apps vs. Native Apps

Web Mobile Apps vs Native Apps

django web apps

Web apps architecture

Native Apps vs Web Apps

Web Apps Azure

Choosing Native Apps or Web Apps – Let’s Debate

Postmodern Web Apps

Web Apps Security

Global Web & Apps

Are Web Apps a Feasible Alternative to Native Apps in the ... · Are Web Apps a Feasible Alternative to Native Apps ... to investigate if web apps are a feasible alternative to native

Flavia Steiner-Viggiani, M.Ed. COMS. CLVT Michigan AER, 2009

08 Web Apps

modern web apps

Apps vs. web