Securing Web Services - Presentation Transcript
- Securing Web Applications Tara Kissoon, CISA, CISSP Visa Inc.
- Objectives The participant will learn more about: How to integrate OWASP Top 10 to mitigate Web application security vulnerabilities.
- What is an application? An application: – Defined as user software – Is made up of a number of files, including configuration files, executable programs and data files. – Is layered above an operating system and uses the functionality of the operating system to deliver its service. – The operating system provides a number of mechanisms used for securing the application. – Contains security functionality that uses mechanisms not residing within the operating system.
- This presentation is on Web Services Security , pointing at almost all of the fields requires attention for web application security.Shows how to effectively manage application development lifecycle and how to integrate Top 10 OWASP projects to develop any application keeping security in mind.
A1 - Cross Site Scripting (XSS)
A2 - Injection Flaws
A3 - Malicious File Execution
A4 - Insecure Direct Object Reference
A5 - Cross Site Request Forgery (CSRF)
A6 - Information Leakage and Improper Error Handling
A7 - Broken Authentication and Session Management
A8 - Insecure Cryptographic Storage
A9 - Insecure Communications
A10 - Failure to Restrict URL Access