security primer
DESCRIPTION
Presentation for the Yorkville Media Centre on Web and Application SecurityTRANSCRIPT
Security Primer“To Serve & Protect”
Puleen Patel
November 6, 2010
Introduction Traditional View The Map of The Web Digital View Types of Breaches Security Terminologies Questions
Overview
My name is Puleen, Technology is my passion During the day a Canadian Bank lets me
apply, learn and grow my passion At other times
Hi!
Protection of Content◦ Belongings
Jewels, Car, Money…◦ Information
Financial, Bills, Will…◦ Communication
Voice conversations, Messages, Letters…
Security – Traditional View
A Map of The Web
Protection of Content◦ Physical Assets
Servers, Workstations, Laptops…◦ Software & Intellectual Assets
Applications, Code, Databases…◦ Channels
IM, Email, Web, Mobile…◦ Social *NEW*
Facebook, MySpace, Flickr, Picasa…
Security – Digital View
Network◦ IP Spoofing / Maquerading◦ Packet Sniffing◦ Denial of Service Attacks◦ …
Application◦ Login / Password◦ Email◦ SQL Injection◦ Session Hijacking◦ Cross-Site Scripting◦ Phishing◦ …
Types of Breaches
Encryption◦ Secure Socket Layer (SSL / HTTPS)◦ Secure FTP (SFTP)◦ Secure Email (Digital Signatures)◦ Public Key Interchange (PKI / Digital Certificates)
Firewalls / Gateways Virtual Private Networks (VPN)
Security Terminologies
In 2007, parent company of Winner / HomeSense had 2 million visa card numbers in Canada and 20 million globally stolen by fraudsters
Phishing sites attempt to send emails that take users to legitimate looking websites which are setup to capture confidential information
May 2010, a security exploit was discovered which allowed capturing Facebook friends list, email addresses and other data by way of Cross Site Scripting (XSS)
IT security breaches at Canadian firms account for an average annual loss of $834,149, a figure that reflects a 97 per cent increase from the $423,469 average cost reported in 2008, according to a national study released Tuesday.
Real-Life Examples
http://puleen.com http://blog.puleen.com [email protected] @puleen
Contact Info
Making Sense of Security - http://www.technicalinfo.net/index.html
Web Application Security - http://www.phpwact.org/security/web_application_security
Apache Security - http://www.apachesecurity.net/ IT Security Best Practices - http://
www.internet.com/IT/Security/BestPractices Best Computer Security Practices of Home, Home Office,
Small Business and Telecommuters - http://www.sans.org/reading_room/whitepapers/hsoffice/computer-security-practices-home-home-office-small-business-telecommuters_616
Security Best Practices for Twitter applications - http://dev.twitter.com/pages/security_best_practices
References