Главная
Study mode:
on
1
Intro
2
SQL Injection Attack - Example
3
SQL Injection Attack - Solution
4
Parameterization References
5
Anatomy of a XSS Attack
6
Context Matters!
7
XSS Defense by Data Type and Context
8
HTML Body Context
9
HTML Attribute Context
10
HTTP GET Parameter Context
11
URL Context
12
JavaScript Variable Context
13
JSON Parsing Context
14
DOM-Based XSS Defense
15
Encoding Libraries
16
Encode Data Tools
17
Regular Expressions
18
Validating File Uploads
19
Input Validation References
20
Input Validation Tools
21
CWE "Monster Mitigations"
22
Conclusion: Ask Two Questions
23
Apache Shiro Architecture
24
Code to the Activity with Shiro
25
Access Control in the Browser
26
Access Controls References
27
Access Controls Tools
28
The Basic Hash is Dead
29
Password Guidance 3a
30
Password Guidance 3b
31
Password Policy
32
Universal 2nd Factor (U2F) protocol
Description:
Explore a comprehensive overview of OWASP's 2014 Top 10 Proactive Web Application Controls in this informative conference talk by Jason Montgomery. Dive into practical examples and solutions for SQL injection attacks, cross-site scripting (XSS) defenses, and input validation techniques. Learn about context-specific XSS protection strategies, encoding libraries, and tools for secure data handling. Discover best practices for file upload validation, access control implementation, and modern password policies. Gain insights into the Universal 2nd Factor (U2F) protocol and the Apache Shiro security framework. Enhance your web application security knowledge with this in-depth presentation from the Central Ohio Infosec 2015 conference.

OWASP 2014 Top 10 Proactive Web Application Controls

Add to list
#Conference Talks #Information Security (InfoSec) #Ethical Hacking #Cross-Site Scripting (XSS) #SQL Injection #Cybersecurity #Access Control #Programming #Web Development #Web Application Security #Password Management #Input Validation
1 of 32

Intro