I was thinking about what he said about using a web application firewall. That might not help as much because you still have to use port 80 and port 443. I've see attacks when only these ports were open, so that might only for low hanging fruit attacks. Seems like the common folks are hoping that people that launch these web applications are doing there due diligence. What is the web app is running on a surveillance camera or some type of IOT? How could you mitigate against that? Other than up-to-date FW, intrusion detection/prevention, & firewalls?
Definitely, from the video his shirt buttons are female-ordered if he's left-handed. If you assume he's right-handed, his shirt buttons are male-ordered and yes, the logo is flipped!
I do not believe we can rely solely on the front end input validation to be solid. Attackers could use a tool like postman to exactly mimic a request to the server for the user information. I think the validation needs to happen in the server.
What would be the mitigation generally implemented in code and database for any type of Injection? How could we analysis our code like Java and .Net for injection vulnerability?
Implement Server side input validation, Escaping from spacial character and implement Parameterized queries or storage procedure, those are best mitigation method of injection attack
Great video! I have a question, If i want to test if my software is vulnerable to these attacks what software would I use? Is there a software to test all top 10?
Great question! There is a wide variety of DAST and SAST tools that you could use to test your software. But, not all 10 of the OWASP Top Ten are able to be tested with tools. For example, #10 Insufficient Logging and Monitoring can't really be tested by software. You could have logging and monitoring tools in place, but if you don't check them properly, then you are vulnerable to that security risk. However, many of the Top Ten risks can be checked with DAST or SAST tools. Thanks!
@@thegamingguy5614 It is totally mirrored. Google the speaker, his mole on his neck is actually on the other side of his neck. They actually had shirts made with the logo printed mirrored.
more than i listen his Owasp teaching. i m demystifying his board and how he writes. i see his logo on the tshirt not inverted. so this is not inverted video. is he is used to writing inverted :o
![[LIVE] : ONE ลุมพินี 91 | คู่เอก "คมอาวุธ vs อเล็กเซย์"](http://i.ytimg.com/vi/V0RkEfYFsgM/mqdefault.jpg)
The entire playlist is very good & presentation is quite effective
glad you enjoyed them all!
@@devcentral j
Easy to understand for beginners to see the big picture.
Glad you enjoyed it!
Really good Video! Best Explenation for OWASP top ten
Glad you enjoyed it!
I was thinking about what he said about using a web application firewall. That might not help as much because you still have to use port 80 and port 443. I've see attacks when only these ports were open, so that might only for low hanging fruit attacks. Seems like the common folks are hoping that people that launch these web applications are doing there due diligence.
What is the web app is running on a surveillance camera or some type of IOT? How could you mitigate against that? Other than up-to-date FW, intrusion detection/prevention, & firewalls?
thank you man
"I'm not gonna write it, cause Query Parametrization are big words..." - made my day!
Thanks for the video..
glad you enjoyed it!
nice explaination
Appreciate the comment and glad you liked it!
I wish you would have shown an example, then talked about solutions.
Good suggestion! Thanks for the comment!!
..Did you have a mirrored shirt embroidered just for this? "DevCentral" on the T shirt patch should be backwards? I'm so confused
pretty sure hes writing and drawing backwards
Definitely, from the video his shirt buttons are female-ordered if he's left-handed. If you assume he's right-handed, his shirt buttons are male-ordered and yes, the logo is flipped!
dude ur amazing you explained it so well thanks!
Thanks...glad you liked it!
I do not believe we can rely solely on the front end input validation to be solid. Attackers could use a tool like postman to exactly mimic a request to the server for the user information. I think the validation needs to happen in the server.
great point Alex! it's important to look at all possible attack vectors using this vulnerability, so protection in the server is critical as well!
actually, sanitation must happen to both frontend and backend.
i recommend use Parameterized queries, it's one of the best preventing method of SQLi
Great point!
What would be the mitigation generally implemented in code and database for any type of Injection? How could we analysis our code like Java and .Net for injection vulnerability?
Implement Server side input validation, Escaping from spacial character and implement Parameterized queries or storage procedure, those are best mitigation method of injection attack
Wow...I love your explanation.
glad you enjoyed the video!
Great video! I have a question, If i want to test if my software is vulnerable to these attacks what software would I use? Is there a software to test all top 10?
Great question! There is a wide variety of DAST and SAST tools that you could use to test your software. But, not all 10 of the OWASP Top Ten are able to be tested with tools. For example, #10 Insufficient Logging and Monitoring can't really be tested by software. You could have logging and monitoring tools in place, but if you don't check them properly, then you are vulnerable to that security risk. However, many of the Top Ten risks can be checked with DAST or SAST tools. Thanks!
You just earned a Subscriber
glad you enjoyed the video!
Great explanation! Well done. These are all fantastic to dumb this stuff down.
glad you enjoyed it!
Can we have detailed video on all the different types of injections?
Very neat Explaination. Thanks
glad you enjoyed it!
How does he write backwards?
oh the video is probably mirrored
@@judahschwartz7459 if it is mirrored, does that mean he has a shirt with a mirrored print of Dev Central logo?
it's absolutely awesome video buddy thanks a lot
glad you enjoyed it!
Thanks, John. General information, but still it's important to hold this in your mind.
glad you enjoyed the videos!
How can i do this kind of videos? Great Video!
Details of our build are in this article: devcentral.f5.com/articles/lightboard-lessons-behind-the-scenes
@@devcentral how does it look like if you have to delete something from the board?
@@mamita8108 if a small correction it's not too bad. But if you need to erase a lot, it's pretty messy and we just cut and reshoot from the beginning.
@@devcentral so then you have shirts with logo that is backwards? brilliant!
@@ALDOE00 you got it!!
Thanks for the video!!
Are you guys going to make video of other 9 OWASP attack???
thanks...glad you enjoyed it! and, yes, we will be making videos of the other 9 OWASP vulnerabilities as well.
loved this
glad you enjoyed it!
Are you writing backwards?! haha awesome
You would think so, but the text on his shirt would be backwards, which it's not... Unless it really is.. then that's some next level stuff.
@@thegamingguy5614 It is totally mirrored. Google the speaker, his mole on his neck is actually on the other side of his neck. They actually had shirts made with the logo printed mirrored.
Thank you very much kindly make a video on the rest of the attacks
hi karthick...we are planning to do videos on the rest of the attacks as well. stay tuned!
Awesome :)
glad you enjoyed it!
Great vid :)
glad you enjoyed it!
It's part of my final exam which I have in 3 days, seriously, your OWASP top 10 helped me a lot :),
keep up the good work :D
very nice
glad you enjoyed it!
dude...where is the lateral inversion...teaching OWASP you defy physics ... not cool :P
more than i listen his Owasp teaching. i m demystifying his board and how he writes. i see his logo on the tshirt not inverted. so this is not inverted video. is he is used to writing inverted :o
@@VinodSenthil Same thoughts, I already got distracted the first minutes of the video figuring about that lol