Presentation is loading. Please wait.

Presentation is loading. Please wait.

Cheng Tang U.S. Department of Education 2012 Software Developers Webinar #3 PII Updates.

Published byDelphia Arnold Modified over 8 years ago

Similar presentations

Presentation on theme: "Cheng Tang U.S. Department of Education 2012 Software Developers Webinar #3 PII Updates."— Presentation transcript:

1 Cheng Tang U.S. Department of Education 2012 Software Developers Webinar #3 PII Updates

2 Agenda FSA Strategic Security Plans PII Update Software Security Programming Security Input Validation References 2

3 FSA Strategic Security Plans TFA Identity Management Logging and Alerting Cloud 3

4 PII Update Keylogger trending downward Breaches trending upward Privileged accounts being secured by TFA Student accounts still using SSN/PIN 4

5 Software Security Common Application Vulnerabilities Input Validation XSS, CSRF, SQL Injection Hidden Variables Cookie Forgery Response Splitting Parameter Manipulation 5

6 Programming Security Input Validation Basics Client-side versus Server-side Decode Input Blacklist/Whitelist Validation Input Database Parameterization Encode/Escaping Output 6

7 References Secure Application Coding https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prev ention_Cheat_Sheet https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prev ention_Cheat_Sheet Sans.org training Privacy Breaches http://www.privacyrights.org 7

8 Contact Information We appreciate your feedback and comments. Please contact me at: Cheng Tang Phone: (202) 377- 4567 Cheng.Tang@ed.gov

Download ppt "Cheng Tang U.S. Department of Education 2012 Software Developers Webinar #3 PII Updates."

Similar presentations

HI-TEC 2011 SQL Injection. Client’s Browser HTTP or HTTPS Web Server Apache or IIS HTML Forms CGI Scripts Database SQL Server or Oracle or MySQL ODBC.

HI-TEC 2011 SQL Injection. Client’s Browser HTTP or HTTPS Web Server Apache or IIS HTML Forms CGI Scripts Database SQL Server or Oracle or MySQL ODBC.
The OWASP Foundation OWASP OWASP Conference 2008 Application Security – The code analysis way Maty Siman CTO Checkmarx.

The OWASP Foundation OWASP OWASP Conference 2008 Application Security – The code analysis way Maty Siman CTO Checkmarx.
Creating Stronger, Safer, Web Facing Code JPL IT Security Mary Rivera June 17, 2011.

Creating Stronger, Safer, Web Facing Code JPL IT Security Mary Rivera June 17, 2011.
15 Tactical Improvements to IT Security Virtual Keyboard, Two Factor Authentication, Active Confirmation and FAA Access to CPS Online Ganesh Reddy.

15 Tactical Improvements to IT Security Virtual Keyboard, Two Factor Authentication, Active Confirmation and FAA Access to CPS Online Ganesh Reddy.
WebGoat & WebScarab “What is computer security for $1000 Alex?”

WebGoat & WebScarab “What is computer security for $1000 Alex?”
A Demo of and Preventing XSS in.NET Applications.

A Demo of and Preventing XSS in.NET Applications.
Information Networking Security and Assurance Lab National Chung Cheng University The Ten Most Critical Web Application Security Vulnerabilities Ryan J.W.

Information Networking Security and Assurance Lab National Chung Cheng University The Ten Most Critical Web Application Security Vulnerabilities Ryan J.W.
It’s always better live. MSDN Events Securing Web Applications Part 1 of 2 Understanding Threats and Attacks.

It’s always better live. MSDN Events Securing Web Applications Part 1 of 2 Understanding Threats and Attacks.
Web Audit Vulnerability cross-site scripting (XSS) concerns by Ron Widitz.

Web Audit Vulnerability cross-site scripting (XSS) concerns by Ron Widitz.
Information Networking Security and Assurance Lab National Chung Cheng University 1 Top Vulnerabilities in Web Applications (I) Unvalidated Input:  Information.

Information Networking Security and Assurance Lab National Chung Cheng University 1 Top Vulnerabilities in Web Applications (I) Unvalidated Input:  Information.
March Intensive: XSS Exploits

March Intensive: XSS Exploits
Handling Security Threats in Kentico CMS Karol Jarkovsky Sr. Solution Architect Kentico Software

Handling Security Threats in Kentico CMS Karol Jarkovsky Sr. Solution Architect Kentico Software
Varun Sharma Security Engineer | ACE Team | Microsoft Information Security

Varun Sharma Security Engineer | ACE Team | Microsoft Information Security
Web Application Attacks ECE 4112 Fall 2007 Group 9 Zafeer Khan & Simmon Yau.

Web Application Attacks ECE 4112 Fall 2007 Group 9 Zafeer Khan & Simmon Yau.
Designing Security In Web Applications Andrew Tomkowiak 10/8/2013 UW-Platteville Software Engineering Department

Designing Security In Web Applications Andrew Tomkowiak 10/8/2013 UW-Platteville Software Engineering Department
Web Application Vulnerabilities Checklist. EC-Council Parameter Checklist  URL request  URL encoding  Query string  Header  Cookie  Form field 

Web Application Vulnerabilities Checklist. EC-Council Parameter Checklist  URL request  URL encoding  Query string  Header  Cookie  Form field 
Martin Kruliš 2. 4. 2015 by Martin Kruliš (v1.0)1.

Martin Kruliš by Martin Kruliš (v1.0)1.
Introduction to Application Penetration Testing

Introduction to Application Penetration Testing
Web Security Overview Lohika ASC team 2009

Web Security Overview Lohika ASC team 2009
Cosc 4765 Server side Web security. Web security issues From Cenzic Vulnerability report 2014 https://info.cenzic.com/2013-Application-Security-Trends-Report.html.

Cosc 4765 Server side Web security. Web security issues From Cenzic Vulnerability report

Similar presentations

Ads by Google