Embed Size (px)
Citation preview
Et si on parlait Sécurité…...
Sébastien [email protected]
OWASP France Leader & Evangelist
1 Avril 2016Paris -‐ France
Agenda
• OWASP ? • Quelques statistiques• Et les failles ? • So what ? • Q&A Beer / Wine J
2
2
http://www.google.fr/#q=sebastien gioria
‣OWASP France Leader & Founder & Evangelist, ‣OWASP ISO Project & OWASP SonarQube Project & OWASP CSRFGuard Leader
Application Security Expert and Coach
Twitter :@SPoint/@OWASP_France2
‣Proud father of youngs kids trying to hack my digital life.
‣Legal and Forensics expert for Cour of Appealof Poitiers
4
Learn Contract
Testing
Design
MaturityCode
OWASP publications !
• Publications : – Top10 Application Security
Risk ; bestseller– Testing Guide ; second
bestseller– OWASP Cheat Sheets !!! – Application Security
Verification Standard ; not the best well known document
– OpenSAMM : improve your application security
– OWASP Secure Contract Annex
– OWASP Top10 for ... (mobile, cloud, privacy, ...)
• Tools / API– OWASP Zed Attack Proxy ;
replace WebScarab with a lot of new functionalities
– OWASP ESAPI : API for securing your Software
– OWASP AppSensor ; a IDS/IPS in the heart of your software
– OWASP Cornucoppia ; application security play with cards
– OWASP Snake and ladder : play Top10
and many more....
Quelques Statistiques
Des incidents qui se multiplient
©RiskBasedSecurity2016
Des cibles multiples
©RiskBasedSecurity2016
Les applications, la plaie de la DSI (et pas que d’elle…)
Du hacking au cyber -‐Terrorisme…
© LeMondeInformatique 2015
Et le vainqueurest ….
Et les failles dans tout cela ?
Joomla
En 2016 !!!!
Ez…..
Wordpress
Drupal
.NET Nuke
So what ?
Hackers are clever
Be accurate
Bad Design
Update you’re CMS
Logs and errors
Money, Money, Money
