2017 OWASP Top 10: Injection Attacks

แชร์
ฝัง
  • เผยแพร่เมื่อ 29 ก.ย. 2024
  • New 2021 OWASP Lightboard Series:
    • 2021 OWASP Top Ten
    Video 1/10 on the 2017 OWASP Top Ten Security Risks.
    John Wagnon discusses the details of the top vulnerability listed in the OWASP Top 10 Security Risks: Injection Attacks. Learn what they are and how to guard against them.
    community.f5.c...

ความคิดเห็น • 73

  • @fk319fk
    @fk319fk 2 ปีที่แล้ว +2

    I wish you would have shown an example, then talked about solutions.

    • @devcentral
      @devcentral  2 ปีที่แล้ว +1

      Good suggestion! Thanks for the comment!!

  • @shashankjosyula3196
    @shashankjosyula3196 6 ปีที่แล้ว +20

    Are you writing backwards?! haha awesome

    • @KenmoreChalfant
      @KenmoreChalfant 6 ปีที่แล้ว +4

      You would think so, but the text on his shirt would be backwards, which it's not... Unless it really is.. then that's some next level stuff.

    • @Amidda
      @Amidda 5 ปีที่แล้ว +5

      @@thegamingguy5614 It is totally mirrored. Google the speaker, his mole on his neck is actually on the other side of his neck. They actually had shirts made with the logo printed mirrored.

  • @mds4509
    @mds4509 2 ปีที่แล้ว +4

    Really good Video! Best Explenation for OWASP top ten

    • @devcentral
      @devcentral  2 ปีที่แล้ว +1

      Glad you enjoyed it!

  • @uchiha__itachi040
    @uchiha__itachi040 3 ปีที่แล้ว +2

    thank you man

  • @passakornborvornrittidech8251
    @passakornborvornrittidech8251 4 ปีที่แล้ว +3

    Easy to understand for beginners to see the big picture.

    • @devcentral
      @devcentral  4 ปีที่แล้ว

      Glad you enjoyed it!

  • @shivamdixit4236
    @shivamdixit4236 5 ปีที่แล้ว +7

    dude...where is the lateral inversion...teaching OWASP you defy physics ... not cool :P

    • @VinodSenthil
      @VinodSenthil 4 ปีที่แล้ว +1

      more than i listen his Owasp teaching. i m demystifying his board and how he writes. i see his logo on the tshirt not inverted. so this is not inverted video. is he is used to writing inverted :o

    • @stelovpflu
      @stelovpflu 3 ปีที่แล้ว

      @@VinodSenthil Same thoughts, I already got distracted the first minutes of the video figuring about that lol

  • @nasalkhaldi9388
    @nasalkhaldi9388 4 ปีที่แล้ว +8

    dude ur amazing you explained it so well thanks!

    • @devcentral
      @devcentral  4 ปีที่แล้ว +1

      Thanks...glad you liked it!

  • @thanshukr.raychoudhury5471
    @thanshukr.raychoudhury5471 3 ปีที่แล้ว +6

    The entire playlist is very good & presentation is quite effective

  • @Amal_Ashokan
    @Amal_Ashokan 2 ปีที่แล้ว +2

    nice explaination

    • @devcentral
      @devcentral  2 ปีที่แล้ว

      Appreciate the comment and glad you liked it!

  • @BrianThomas
    @BrianThomas 2 ปีที่แล้ว +1

    I was thinking about what he said about using a web application firewall. That might not help as much because you still have to use port 80 and port 443. I've see attacks when only these ports were open, so that might only for low hanging fruit attacks. Seems like the common folks are hoping that people that launch these web applications are doing there due diligence.
    What is the web app is running on a surveillance camera or some type of IOT? How could you mitigate against that? Other than up-to-date FW, intrusion detection/prevention, & firewalls?

  • @jogo00062livecom
    @jogo00062livecom 4 ปีที่แล้ว +8

    ..Did you have a mirrored shirt embroidered just for this? "DevCentral" on the T shirt patch should be backwards? I'm so confused

    • @DreamvilleMatt
      @DreamvilleMatt 4 ปีที่แล้ว +1

      pretty sure hes writing and drawing backwards

    • @unstoppablehumour6637
      @unstoppablehumour6637 4 ปีที่แล้ว +2

      Definitely, from the video his shirt buttons are female-ordered if he's left-handed. If you assume he's right-handed, his shirt buttons are male-ordered and yes, the logo is flipped!

  • @martinluckyraj
    @martinluckyraj 5 ปีที่แล้ว +2

    What would be the mitigation generally implemented in code and database for any type of Injection? How could we analysis our code like Java and .Net for injection vulnerability?

    • @joshwaphilip9840
      @joshwaphilip9840 5 ปีที่แล้ว +1

      Implement Server side input validation, Escaping from spacial character and implement Parameterized queries or storage procedure, those are best mitigation method of injection attack

  • @themostcolm
    @themostcolm 5 ปีที่แล้ว +3

    I do not believe we can rely solely on the front end input validation to be solid. Attackers could use a tool like postman to exactly mimic a request to the server for the user information. I think the validation needs to happen in the server.

    • @devcentral
      @devcentral  5 ปีที่แล้ว +1

      great point Alex! it's important to look at all possible attack vectors using this vulnerability, so protection in the server is critical as well!

    • @aaronalquiza9680
      @aaronalquiza9680 5 ปีที่แล้ว +2

      actually, sanitation must happen to both frontend and backend.

    • @joshwaphilip9840
      @joshwaphilip9840 5 ปีที่แล้ว +2

      i recommend use Parameterized queries, it's one of the best preventing method of SQLi

    • @hasmituchil5214
      @hasmituchil5214 5 ปีที่แล้ว

      Great point!

  • @sergiinadieiev4909
    @sergiinadieiev4909 3 ปีที่แล้ว +5

    "I'm not gonna write it, cause Query Parametrization are big words..." - made my day!
    Thanks for the video..

    • @devcentral
      @devcentral  3 ปีที่แล้ว

      glad you enjoyed it!

  • @mtr4d3r
    @mtr4d3r 3 ปีที่แล้ว +2

    Wow...I love your explanation.

    • @devcentral
      @devcentral  3 ปีที่แล้ว +1

      glad you enjoyed the video!

  • @enjoy618
    @enjoy618 4 ปีที่แล้ว +2

    Very neat Explaination. Thanks

    • @devcentral
      @devcentral  4 ปีที่แล้ว

      glad you enjoyed it!

  • @elwerfally
    @elwerfally 5 ปีที่แล้ว +2

    it's absolutely awesome video buddy thanks a lot

    • @devcentral
      @devcentral  5 ปีที่แล้ว

      glad you enjoyed it!

  • @judahschwartz7459
    @judahschwartz7459 5 ปีที่แล้ว +2

    How does he write backwards?

    • @judahschwartz7459
      @judahschwartz7459 5 ปีที่แล้ว

      oh the video is probably mirrored

    • @kitan1512
      @kitan1512 5 ปีที่แล้ว

      @@judahschwartz7459 if it is mirrored, does that mean he has a shirt with a mirrored print of Dev Central logo?

  • @Hardenedsystems1
    @Hardenedsystems1 5 ปีที่แล้ว +3

    How can i do this kind of videos? Great Video!

    • @devcentral
      @devcentral  5 ปีที่แล้ว +2

      Details of our build are in this article: devcentral.f5.com/articles/lightboard-lessons-behind-the-scenes

    • @mamita8108
      @mamita8108 4 ปีที่แล้ว

      @@devcentral how does it look like if you have to delete something from the board?

    • @JasonRahm
      @JasonRahm 4 ปีที่แล้ว +1

      @@mamita8108 if a small correction it's not too bad. But if you need to erase a lot, it's pretty messy and we just cut and reshoot from the beginning.

    • @ALDOE00
      @ALDOE00 2 ปีที่แล้ว +1

      @@devcentral so then you have shirts with logo that is backwards? brilliant!

    • @devcentral
      @devcentral  2 ปีที่แล้ว

      @@ALDOE00 you got it!!

  • @rookieking834
    @rookieking834 4 ปีที่แล้ว +1

    You just earned a Subscriber

    • @devcentral
      @devcentral  4 ปีที่แล้ว

      glad you enjoyed the video!

  • @thestefsterbun1820
    @thestefsterbun1820 5 ปีที่แล้ว +4

    Great explanation! Well done. These are all fantastic to dumb this stuff down.

    • @devcentral
      @devcentral  5 ปีที่แล้ว

      glad you enjoyed it!

  • @maharubhossain1179
    @maharubhossain1179 5 ปีที่แล้ว +2

    Awesome :)

    • @devcentral
      @devcentral  5 ปีที่แล้ว

      glad you enjoyed it!

  • @DomanaxTV
    @DomanaxTV 4 ปีที่แล้ว +5

    Great video! I have a question, If i want to test if my software is vulnerable to these attacks what software would I use? Is there a software to test all top 10?

    • @devcentral
      @devcentral  4 ปีที่แล้ว +2

      Great question! There is a wide variety of DAST and SAST tools that you could use to test your software. But, not all 10 of the OWASP Top Ten are able to be tested with tools. For example, #10 Insufficient Logging and Monitoring can't really be tested by software. You could have logging and monitoring tools in place, but if you don't check them properly, then you are vulnerable to that security risk. However, many of the Top Ten risks can be checked with DAST or SAST tools. Thanks!

  • @bigmarkua
    @bigmarkua 4 ปีที่แล้ว +2

    Thanks, John. General information, but still it's important to hold this in your mind.

    • @devcentral
      @devcentral  4 ปีที่แล้ว

      glad you enjoyed the videos!

  • @razorblurHD
    @razorblurHD 6 ปีที่แล้ว +2

    Great vid :)

    • @devcentral
      @devcentral  6 ปีที่แล้ว +1

      glad you enjoyed it!

    • @razorblurHD
      @razorblurHD 6 ปีที่แล้ว +2

      It's part of my final exam which I have in 3 days, seriously, your OWASP top 10 helped me a lot :),
      keep up the good work :D

  • @ameykanekar2412
    @ameykanekar2412 6 ปีที่แล้ว +2

    Thanks for the video!!
    Are you guys going to make video of other 9 OWASP attack???

    • @devcentral
      @devcentral  6 ปีที่แล้ว +6

      thanks...glad you enjoyed it! and, yes, we will be making videos of the other 9 OWASP vulnerabilities as well.

  • @laveshmishra5685
    @laveshmishra5685 4 ปีที่แล้ว +1

    Can we have detailed video on all the different types of injections?

  • @deepaksharmasharma1809
    @deepaksharmasharma1809 4 ปีที่แล้ว +2

    very nice

    • @devcentral
      @devcentral  4 ปีที่แล้ว +1

      glad you enjoyed it!

  • @storyonbikes
    @storyonbikes 5 ปีที่แล้ว +2

    loved this

    • @devcentral
      @devcentral  5 ปีที่แล้ว

      glad you enjoyed it!

  • @karthicksubbiah2088
    @karthicksubbiah2088 6 ปีที่แล้ว +1

    Thank you very much kindly make a video on the rest of the attacks

    • @devcentral
      @devcentral  6 ปีที่แล้ว +2

      hi karthick...we are planning to do videos on the rest of the attacks as well. stay tuned!