current web security challenges in latvia
DESCRIPTION
Ēriks Dobelis, RTU RBS, BITI, eriks . dobelis @ biti . lv. Current web security challenges in Latvia. Contents. Identity theft Code quality Single layer of control Lack of monitoring Decreasing importance of perimeter Impact of consumerisation and device specialization - PowerPoint PPT PresentationTRANSCRIPT
Current web security challenges in Latvia
Ēriks Dobelis, RTU RBS, BITI, eriks . dobelis @ biti . lv
Contents
Identity theft Code quality Single layer of control Lack of monitoring Decreasing importance of perimeter Impact of consumerisation and
device specialization Other long term trends
Identity theft
Most popular authentication methods: User/password Code card Code calculator MobileID Internetbank as authentication provider
Identity theft (cont.)
Risks Insecure storage (esp. password, code
card) Phishing
Solutions More secure authentication methods User education
Code quality
Secure code development not part of typical curriculum
A lot of vulnerable code Solutions
Training and education Penetration testing Architecture
Single layer of control
Most web applications put 100% of security controls in code
Mistake by one developer may lead to huge impact
Solutions Application level security proxy Usage of frameworks
Lack of monitoring
Most organizations cannot afford dedicated security professionals
Most IDS systems fail to identify large sets of attacks
Solutions Application level security proxy Regular log analysis
Decreasing role of perimeter
False sense of security from firewall Increasing number of business
partners Increased use of hosted applications Solutions
Access control centralization Security policy
Impact of consumerisation and device specialization
Consumers using increasing range of devices to connect to web applications
Impossible to restrict browser versions and platforms
Browser vulnerabilities Solutions
Platform independent standards based development
Other long term trends
HTML5 new funcionality WebSockets Offline applications Local data storage and access to files Concurrency
Move to cloud Increasing power of large vendors