@okdt @owaspjapan Hello | Enabling Security for Developers | ©2015 Asterisk Research, Inc. 1
@okdt @owaspjapan
Hello
| Enabling Security for Developers |
2015 Asterisk Research, Inc. 1
hHps://commons.wikimedia.org/wiki/File:VerificaOon_in_SE.jpg
3hHps://www.reddit.com/r/funny/comments/1m628n/the_new_iphone_5s_provides_unmatched_security/
vs
PRIORITY Social Impact
Business decisions
FULL-STACK H/W
Network Application Database
Users
RISK Point of failure Unauthorized
access Disasters
Absence of key person
COMMU-NICATION
Team Stakeholders Government Community
4
Screen Shot 2015-08-14 at 19.54.28.png
8
1963 / 249420 = 0.0078.
Less than 1%
Keynote: Facebook CSO Alex Stamos
2015 Asterisk Research, Inc. 11
RMS Titanic deparOng Southampton on April 10, 1912. (Photo: CreaOve Commons)
Intel Edison SD Card size PC
Bluetooth/LE
Wi-Fi
24x32x2.1mm
22nm 500MHz
Linux
1GB RAM
4GB storage
Dual Core IA
hHp://www.intel.com/content/www/us/en/do-it-yourself/edison.html
: OWASP Japan
: OWASP Japan
: OWASP ja.stackoverflow.com
: OWASP stackoverflow.com
1. 2. 3. 4. 5.
OWASP Top 10
Level0()
Level1
Level2
Level3
OWASP ASVS
Level 0: (=)
Level 1: OpportunisOc ()
Level 2: Standard ()
Detailed VerificaOon Requirements OWASP Top 10
Level 3: Advanced ()
: L3+
ASVS L3 +
V2. AuthenOcaOon VerificaOon Requirements
Level 1
V2.1 V2.2 EchoV2.6
Level 2
V2.12 V2.13 Salt
Level 3V2.5
V. IdenOfy
V8. Error Handling and Logging
Level 1
V8.1
Level 2
V8.2
V8.8
Level 3
V8.9
V. IdenOfy
OWASP
OWASP ProActive Controls
ProacOve Controls!
OWASP Internet of Things Top 10
hHps://www.owasp.org/index.php/OWASP_Internet_of_Things_Top_Ten_Project
I1 I2 I3 I4 I5 I6 I7 I8 I9 I10
OWASP IoT Top 10
OWASP Cheat Sheet Project
No 1 Web
2
3 Web
4
5 PHP
6
7 SQL
8 XSS9
201510Cheat Sheet
OWASP! ZAP
1IPAhttps://www.ipa.go.jp/about/technicalwatch/20131212.html
ZAP
POST /confirm.php HTTP/1.1Cookie: PHPSESSID=xxxxxxname=shonantoka>xss&mail=shonantoka%40example.org&gender=1
shonantoka>[email protected]
ZAP
| Enabling Security for Developers |
2015 Asterisk Research, Inc. 35
1. Find risky coding and vulnerabiliOes earlier
2. Fix & Prevent them
3. Improved educa8on and quality throughout SDLC
OWASP Kyushu2015.3
OWASP Kansai2014.3
OWASP Japan2012.3
OWASP SendaiNew
4
OWASP
31
OWASP
10/19
22
OWASP Japan Local Chapter MeeOngs
Reasons for holding OWASP Global AppSec in Japan OWASP Japan Local Chapter 2013.3.1
40
OWASP Japan
() 2015 IT ()IT (IPA2013)
| Enabling Security for Developers |
2015 Asterisk Research, Inc. 42
@okdt @owaspjapan
Thank you
| Enabling Security for Developers |
2015 Asterisk Research, Inc. 43