1 / 18

Lessons Learned in Web Security

Agenda. Security Lessons Learned in NCTU a dozen years agoWhat is Security?Top Security IssuesSecurity in Software Development LifecyclePartner Integration SecuritySecurity Issue Tracking and ResolutionPhysical SecuritySocial EngineeringSecurity of Personal ComputerAbuse IssuesHuman Facto

coy
Download Presentation

Lessons Learned in Web Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


    1. Lessons Learned in Web Security Shimin Yeh 12/25/2007

    2. Agenda Security Lessons Learned in NCTU a dozen years ago What is Security? Top Security Issues Security in Software Development Lifecycle Partner Integration Security Security Issue Tracking and Resolution Physical Security Social Engineering Security of Personal Computer Abuse Issues Human Factor

    3. Security Lessons Learned in NCTU a Dozen Years Ago Charles Pfleeger, Security in Computing, 2nd ed. Bruce Schneier, Applied Cryptography, 1st ed. Evi Nemeth et. al, UNIX System Administration Hankbook, 2nd ed. Gene Spafford et. Al., UNIX and Internet Security 2nd ed.

    4. Lessons Learned in my Early Years in Software Industry Netscape web server Checkpoint firewall panacea of securiy? On-line stock trading system project in ‘98 Hardening server software patch - not everyone knows this. Security features and CIA Confidentiality – SSL for channel integration Integrity (and non-repudiation) – digital signature Authentication – password for login plus public key signature for authentication Minimal peer reviews Competition with JPC – non-security factors prevail. SSL = security is easier to sell.

    5. What’s Security? Behaves as it supposed to do. Nothing more and nothing less.

    6. Case Study Victoria’s Secret Prozac AOL MySpace – Samy is my hero Qualcomm CEO’s laptop Defacement cases in zone-h XSS cases in xssed.com Eletronic voting systems in California

    7. What does that mean? Brand damage: Trust is hard to gain but easy to lose. Intenet companies live or die by their reputation.

    8. Top Security Issues Input Validation Issue Buffer overflow SQL injection XSS Misconfiguration Third Party Software

More Related