Scribd
Upload
103 views4 pages

Owasp Standards PDF

The document discusses several cybersecurity topics: 1. Buffer overflows which allow malicious code injection and are a common vulnerability in C and C++ programs. 2. 5G network virtualization using SDN and NFV technologies. 3. The Mirai botnet which infects IoT devices to launch DDoS attacks by exploiting default passwords. 4. The OWASP Application Security Verification Standard which provides requirements for secure development and testing against vulnerabilities like XSS and SQL injection.

Uploaded by

KaisSlimeni
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
103 views4 pages

Owasp Standards PDF

The document discusses several cybersecurity topics: 1. Buffer overflows which allow malicious code injection and are a common vulnerability in C and C++ programs. 2. 5G network virtualization using SDN and NFV technologies. 3. The Mirai botnet which infects IoT devices to launch DDoS attacks by exploiting default passwords. 4. The OWASP Application Security Verification Standard which provides requirements for secure development and testing against vulnerabilities like XSS and SQL injection.

Uploaded by

KaisSlimeni
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 4

Kais Slimeni

2019-2020
I. Buffer overflow
Buffer overflows have been the most common form of security vulnerability for
the last ten years. Moreover, buffer overflow vulnerabilities dominate the area of
remote network penetration vulnerabilities, where an anonymous Internet user
seeks to gain partial or total control of a host.

The attack consists of:

1. Injecting new (malicious) code into some writable memory area,


2. Changing a code pointer (usually the return address) in such a way that it
points to the injected malicious code.

Example :
Language don’t have built-in safeguards against overwriting or accessing data in
their memory.

❖ C
❖ C++

Mac OSX, Windows, and Linux all use code written in C and C++.
II. 5G
The new 5G architectures will be fully virtualized thanks to two innovations:

1. Software Defined Networking (SDN), a set of technologies for configuring


network equipment according to service needs using a network controller.
2. Network Function Virtualization (NFV), the ability to separate hardware
from software for network equipment.

III. Mirai Attack


Mirai is malware that infects smart devices that run on ARC processors, turning
them into a network of remotely controlled bots or "zombies". This network of
bots, called a botnet, is often used to launch DDoS attacks

Mirai scans the Internet for IoT devices that run on the ARC processor. This
processor runs a stripped-down version of the Linux operating system. If the
default username-and-password combo is not changed, Mirai is able to log into the
device and infect it.
IV. OWASP Application Security Verification Standard

The OWASP Application Security Verification Standard (ASVS) Project provides


a basis for testing web application technical security controls and also provides
developers with a list of requirements for secure development.

The standard provides a basis for testing application technical security controls, as
well as any technical security controls in the environment, that are relied on to
protect against vulnerabilities such as Cross-Site Scripting (XSS) and SQL
injection.

V1: Architecture, Design and threat modelling requirements

V2: Authentication verification requirements

V3: Session management verification requirements

V4: Access control verification requirements

V5: Validation, Sanitization and Encoding Verification Requirements

V6: Stored Cryptography Verification Requirements

V7: Error Handling and Logging Verification Requirements

V8: Data Protection Verification Requirements

V9: Communications Verification Requirements

V10: Malicious Code Verification Requirements

V11: Business Logic Verification Requirements

V12: File and Resources Verification Requirements

V13: API and Web Service Verification Requirements

V14: Configuration Verification Requirements.

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy