Download de presentatie
De presentatie wordt gedownload. Even geduld aub
GepubliceerdValentijn Verlinden Laatst gewijzigd meer dan 8 jaar geleden
1
Broodje Security 18 november 2014
2
Vroeger Security nog geen hot topic Inbraak bleef soms lang uit
3
Tegenwoordig Iedereen kan hacken Tools beschikbaar Focus op veelgebruikte software Gaten soms binnen 15 min misbruikt
4
Inbraak 24/7 Uit een server log: 199.193.197.15 - - [02/Nov/2014:09:56:13 +0100] "GET /phpmyadmin/main.php HTTP/1.0" 404 18671 "-" "-" 199.193.197.15 - - [02/Nov/2014:09:56:13 +0100] "GET /phpMyAdmin/main.php HTTP/1.0" 404 18671 "-" "-" 199.193.197.15 - - [02/Nov/2014:09:56:14 +0100] "GET /pma/main.php HTTP/1.0" 404 18664 "-" "-" 199.193.197.15 - - [02/Nov/2014:09:56:14 +0100] "GET /mysql/main.php HTTP/1.0" 404 18666 "-" "-" 199.193.197.15 - - [02/Nov/2014:09:56:14 +0100] "GET /sql/main.php HTTP/1.0" 404 18664 "-" "-" 199.193.197.15 - - [02/Nov/2014:09:56:14 +0100] "GET /PMA/main.php HTTP/1.0" 404 18664 "-" "-" 199.193.197.15 - - [02/Nov/2014:09:56:15 +0100] "GET /admin/main.php HTTP/1.0" 404 18666 "-" "-" 199.193.197.15 - - [02/Nov/2014:09:56:15 +0100] "GET /dbadmin/main.php HTTP/1.0" 404 18668 "-" "-" 199.193.197.15 - - [02/Nov/2014:09:56:15 +0100] "GET /myadmin/main.php HTTP/1.0" 404 18668 "-" "-" 199.193.197.15 - - [02/Nov/2014:09:56:15 +0100] "GET /db/main.php HTTP/1.0" 404 18663 "-" "-" 199.193.197.15 - - [02/Nov/2014:09:56:15 +0100] "GET /phpmyadmin/main.php HTTP/1.0" 404 18671 "-" "-" 199.193.197.15 - - [02/Nov/2014:09:56:15 +0100] "GET /sqlmanager/main.php HTTP/1.0" 404 18671 "-" "-" 199.193.197.15 - - [02/Nov/2014:09:56:15 +0100] "GET /phpMyAdmin/main.php HTTP/1.0" 404 18671 "-" "-" 199.193.197.15 - - [02/Nov/2014:09:56:16 +0100] "GET /phpmyadmin2/main.php HTTP/1.0" 404 18672 "-" "-" 199.193.197.15 - - [02/Nov/2014:09:56:16 +0100] "GET /pma/main.php HTTP/1.0" 404 18664 "-" "-" 199.193.197.15 - - [02/Nov/2014:09:56:16 +0100] "GET /phpMyAdmin2/main.php HTTP/1.0" 404 18672 "-" "-" 199.193.197.15 - - [02/Nov/2014:09:56:16 +0100] "GET /mysql/main.php HTTP/1.0" 404 18666 "-" "-" 199.193.197.15 - - [02/Nov/2014:09:56:16 +0100] "GET /phpMyAdmin-2/main.php HTTP/1.0" 404 18673 "-" "-" 199.193.197.15 - - [02/Nov/2014:09:56:16 +0100] "GET /sql/main.php HTTP/1.0" 404 18664 "-" "-" 199.193.197.15 - - [02/Nov/2014:09:56:16 +0100] "GET /php-my-admin/main.php HTTP/1.0" 404 18673 "-" "-" 199.193.197.15 - - [02/Nov/2014:09:56:16 +0100] "GET /PMA/main.php HTTP/1.0" 404 18664 "-" "-" 199.193.197.15 - - [02/Nov/2014:09:56:16 +0100] "GET /phpMyAdmin-3.5.8-rc1/main.php HTTP/1.0" 404 18681 "-" "-" 199.193.197.15 - - [02/Nov/2014:09:56:17 +0100] "GET /admin/main.php HTTP/1.0" 404 18666 "-" "-" 199.193.197.15 - - [02/Nov/2014:09:56:17 +0100] "GET /phpMyAdmin-4.0.0-rc1/main.php HTTP/1.0" 404 18681 "-" "-" 199.193.197.15 - - [02/Nov/2014:09:56:17 +0100] "GET /dbadmin/main.php HTTP/1.0" 404 18668 "-" "-"
5
Waarom inbreken? Aandacht van grote criminaliteit Bank / creditcard gegevens Verspreiding malware via besmetting site Verspreiding illegale software Bedrijfsgeheimen
6
Security is geen kinderspel!
7
OWASP Top 10
8
Live demo
9
Voorkomen OWASP heeft aanbevelingen Google naar: OWASP Cheat Sheet Series Bijvoorbeeld: XSS (Cross Site Scripting) Prevention Cheat Sheet SQL Injection Prevention Cheat Sheet XSS (Cross Site Scripting) Prevention Cheat Sheet SQL Injection Prevention Cheat Sheet
10
Discussie Wat doen we goed? Wat nog niet? Hoe kunnen we dit verbeteren? Andere punten?... Vragen?
11
Einde
Verwante presentaties
© 2024 SlidePlayer.nl Inc.
All rights reserved.