2017 OWASP Top 10: Injection Attacks

Рет қаралды 218,673

6 жыл бұрын

New 2021 OWASP Lightboard Series:
• 2021 OWASP Top Ten
Video 1/10 on the 2017 OWASP Top Ten Security Risks.
John Wagnon discusses the details of the top vulnerability listed in the OWASP Top 10 Security Risks: Injection Attacks. Learn what they are and how to guard against them.
community.f5.com/articles/lig...

Пікірлер: 73

@passakornborvornrittidech8251 3 жыл бұрын

Easy to understand for beginners to see the big picture.

@devcentral 3 жыл бұрын

Glad you enjoyed it!

@nasalkhaldi9388 4 жыл бұрын

dude ur amazing you explained it so well thanks!

@devcentral 4 жыл бұрын

Thanks...glad you liked it!

@thanshukr.raychoudhury5471 3 жыл бұрын

The entire playlist is very good & presentation is quite effective

@devcentral 3 жыл бұрын

glad you enjoyed them all!

@user-gg6bk1os1y 3 жыл бұрын

@@devcentral j

@thestefsterbun1820 5 жыл бұрын

Great explanation! Well done. These are all fantastic to dumb this stuff down.

@devcentral 5 жыл бұрын

glad you enjoyed it!

@uchiha__itachi040 2 жыл бұрын

thank you man

@elwerfally 4 жыл бұрын

it's absolutely awesome video buddy thanks a lot

@devcentral 4 жыл бұрын

glad you enjoyed it!

@mds4509 2 жыл бұрын

Really good Video! Best Explenation for OWASP top ten

@devcentral 2 жыл бұрын

Glad you enjoyed it!

@BrianThomas 2 жыл бұрын

I was thinking about what he said about using a web application firewall. That might not help as much because you still have to use port 80 and port 443. I've see attacks when only these ports were open, so that might only for low hanging fruit attacks. Seems like the common folks are hoping that people that launch these web applications are doing there due diligence. What is the web app is running on a surveillance camera or some type of IOT? How could you mitigate against that? Other than up-to-date FW, intrusion detection/prevention, & firewalls?

@bigmarkua 4 жыл бұрын

Thanks, John. General information, but still it's important to hold this in your mind.

@devcentral 4 жыл бұрын

glad you enjoyed the videos!

@sergiinadieiev4909 3 жыл бұрын

"I'm not gonna write it, cause Query Parametrization are big words..." - made my day! Thanks for the video..

@devcentral 3 жыл бұрын

glad you enjoyed it!

@enjoy618 4 жыл бұрын

Very neat Explaination. Thanks

@devcentral 4 жыл бұрын

glad you enjoyed it!

@mtr4d3r 3 жыл бұрын

Wow...I love your explanation.

@devcentral 3 жыл бұрын

glad you enjoyed the video!

@ameykanekar2412 6 жыл бұрын

Thanks for the video!! Are you guys going to make video of other 9 OWASP attack???

@devcentral 6 жыл бұрын

thanks...glad you enjoyed it! and, yes, we will be making videos of the other 9 OWASP vulnerabilities as well.

@Amal-ul4ec 2 жыл бұрын

nice explaination

@devcentral 2 жыл бұрын

Appreciate the comment and glad you liked it!

@rookieking834 3 жыл бұрын

You just earned a Subscriber

@devcentral 3 жыл бұрын

glad you enjoyed the video!

@martinluckyraj 5 жыл бұрын

What would be the mitigation generally implemented in code and database for any type of Injection? How could we analysis our code like Java and .Net for injection vulnerability?

@joshwaphilip9840 5 жыл бұрын

Implement Server side input validation, Escaping from spacial character and implement Parameterized queries or storage procedure, those are best mitigation method of injection attack

@karthicksubbiah2088 6 жыл бұрын

Thank you very much kindly make a video on the rest of the attacks

@devcentral 6 жыл бұрын

hi karthick...we are planning to do videos on the rest of the attacks as well. stay tuned!

@fk319fk Жыл бұрын

I wish you would have shown an example, then talked about solutions.

@devcentral Жыл бұрын

Good suggestion! Thanks for the comment!!

@laveshmishra5685 4 жыл бұрын

Can we have detailed video on all the different types of injections?

@razorblurHD 6 жыл бұрын

Great vid :)

@devcentral 6 жыл бұрын

glad you enjoyed it!

@razorblurHD 6 жыл бұрын

It's part of my final exam which I have in 3 days, seriously, your OWASP top 10 helped me a lot :), keep up the good work :D

@maharubhossain1179 5 жыл бұрын

Awesome :)

@devcentral 5 жыл бұрын

glad you enjoyed it!

@themostcolm 5 жыл бұрын

I do not believe we can rely solely on the front end input validation to be solid. Attackers could use a tool like postman to exactly mimic a request to the server for the user information. I think the validation needs to happen in the server.

@devcentral 5 жыл бұрын

great point Alex! it's important to look at all possible attack vectors using this vulnerability, so protection in the server is critical as well!

@aaronalquiza9680 5 жыл бұрын

actually, sanitation must happen to both frontend and backend.

@joshwaphilip9840 5 жыл бұрын

i recommend use Parameterized queries, it's one of the best preventing method of SQLi

@hasmituchil5214 5 жыл бұрын

Great point!

@jogo00062livecom 4 жыл бұрын

..Did you have a mirrored shirt embroidered just for this? "DevCentral" on the T shirt patch should be backwards? I'm so confused

@DreamvilleMatt 4 жыл бұрын

pretty sure hes writing and drawing backwards

@unstoppablehumour6637 4 жыл бұрын

Definitely, from the video his shirt buttons are female-ordered if he's left-handed. If you assume he's right-handed, his shirt buttons are male-ordered and yes, the logo is flipped!

@DarkCovering 4 жыл бұрын

Great video! I have a question, If i want to test if my software is vulnerable to these attacks what software would I use? Is there a software to test all top 10?

@devcentral 4 жыл бұрын

Great question! There is a wide variety of DAST and SAST tools that you could use to test your software. But, not all 10 of the OWASP Top Ten are able to be tested with tools. For example, #10 Insufficient Logging and Monitoring can't really be tested by software. You could have logging and monitoring tools in place, but if you don't check them properly, then you are vulnerable to that security risk. However, many of the Top Ten risks can be checked with DAST or SAST tools. Thanks!

@storyonbikes 4 жыл бұрын

loved this

@devcentral 4 жыл бұрын

glad you enjoyed it!

@shashankjosyula3196 5 жыл бұрын

Are you writing backwards?! haha awesome

@KenmoreChalfant 5 жыл бұрын

You would think so, but the text on his shirt would be backwards, which it's not... Unless it really is.. then that's some next level stuff.

@Amidda 5 жыл бұрын

@@thegamingguy5614 It is totally mirrored. Google the speaker, his mole on his neck is actually on the other side of his neck. They actually had shirts made with the logo printed mirrored.

@Hardenedsystems1 5 жыл бұрын

How can i do this kind of videos? Great Video!

@devcentral 5 жыл бұрын

Details of our build are in this article: devcentral.f5.com/articles/lightboard-lessons-behind-the-scenes

@mamita8108 3 жыл бұрын

@@devcentral how does it look like if you have to delete something from the board?

@JasonRahm 3 жыл бұрын

@@mamita8108 if a small correction it's not too bad. But if you need to erase a lot, it's pretty messy and we just cut and reshoot from the beginning.

@ALDOE00 2 жыл бұрын

@@devcentral so then you have shirts with logo that is backwards? brilliant!

@devcentral 2 жыл бұрын

@@ALDOE00 you got it!!

@judahschwartz7459 5 жыл бұрын

How does he write backwards?

@judahschwartz7459 5 жыл бұрын

oh the video is probably mirrored

@kitan1512 5 жыл бұрын

@@judahschwartz7459 if it is mirrored, does that mean he has a shirt with a mirrored print of Dev Central logo?

@deepaksharmasharma1809 4 жыл бұрын

very nice

@devcentral 4 жыл бұрын

glad you enjoyed it!

@shivamdixit4236 5 жыл бұрын

dude...where is the lateral inversion...teaching OWASP you defy physics ... not cool :P

@VinodSenthil 3 жыл бұрын

more than i listen his Owasp teaching. i m demystifying his board and how he writes. i see his logo on the tshirt not inverted. so this is not inverted video. is he is used to writing inverted :o

@stelovpflu 3 жыл бұрын

@@VinodSenthil Same thoughts, I already got distracted the first minutes of the video figuring about that lol