IDRBT Workshop @ Secure Coding Practices
IDRBT is conducting a short-term
course on ‘Secure Coding Practices’, helmed by Dr.V.Radha.
The duration of the fully residential
program is 5 days and the next program is from January 01 to January 05, 2018.
Background:
The preferred access for bank
customers is moving from offline mode to online mode. The numbers of bank
customers accessing their bank accounts through their own devices is higher
than the bank customers visiting bank branches.
This places an enormous responsibility
on Banks Information Technology team to protect the Banks digital channels from unauthorized access.
IDRBT program on Secure Coding
Practices is a step in that direction.
Banks
are under stress to open APIs, develop new Applications for customers as well
as employees around their core banking. Building new apps around core banking
without proper understanding of OWASP top 10 security vulnerabilities like SQL
Injection, Remote Code Execution etc might put the bank in higher risk zone.
Whether the bank develops the application
on its own or buys it, it is advisable for the bankers to understand the OWASP
vulnerabilities, how do they manifest and what are the remedial measures. For
majority of the attacks, bad programming is the sole source of problem.
Security experts deploy remedial measures
across the entire enterprise network stack right from Web application
firewalls, to end-point security. It is like making the outer wall stronger to
secure the weak inner applications. None of these solutions is needed if the programs
are written with security in mind.
Core
Objective of the Program:-
·
To
bring awareness about OWASP top 10.
·
Discuss
and demonstrate the remedial measures;
·
Automated
testing of applications;
·
Code
Scanning and Code Analysis
Contents
- · OWASP Top 10 – Overview
- · PKI for Information Security in banking services
- · SSL
- · Web Application Security
- · Cross Site Scripting and remedial measures
- · Database Security
- · SQL Injection and Remedial Measures
- · Remote Code Execution – Buffer Overflow Attacks and remedial Measures
- · Session Hijacking and remedial Measures
- · Insecure Authentication and remedial Measures
- · Insecure Data Storage and remedial measures
- · Weak Encryption and remedial measures
- · Testing Overview
- · Automated Testing tools
- · Secure Coding
OWASP is an active body advocating open
standards in the Application Security
space.
The Open Web Application Security Project
(OWASP) is a 501(c)(3) worldwide not-for-profit charitable organization focused
on improving the security of software.
OWASP mission is to make software security
visible, so that individuals and organizations are able to make informed
decisions. OWASP is in a unique position to provide impartial, practical
information about AppSec to individuals, corporations, universities, government
agencies and other organizations worldwide. Operating as a community of
like-minded professionals, OWASP issues software tools and knowledge-based
documentation on application security.
Everyone is free to participate in OWASP. OWASP
does not endorse or recommend commercial products or services, allowing our
community to remain vendor neutral with the collective wisdom of the best minds
in software security worldwide.
OWASP Top 10 vulnerabilities ::
A1:2017 - Injection
A2:2017 - Broken Authentication
A3:2017 - Sensitive Data Exposure
A4:2017 - XML External Entities (XXE)
A5:2017 - Broken Access Control
A6:2017 - Security Misconfiguration
A7:2017 - Cross-Site Scripting (XSS)
A8:2017 - Insecure Deserialization
A9:2017 - Using Components with Known
Vulnerabilities
A10:2017 - Insufficient Logging &
Monitoring…
Comments
Post a Comment