55 1 Alain Sullam • OWASP • 2 mars 2015 Cuckoo Sandbox Analyse automatisée de code malveillant Alain Sullam – OWASP – 2 mars 2015
Application Security Project (OWASP) XSS was found in 55 of websites in 2011 Legal and other opt-ins Source: OWASP Application Logging Cheat Sheet
Critical 55 37 0 33 71 0 100 Information Leakage High 32 34 57 49 45 39 29 Content Spoofing High 31 30
At least 55 of websites + Browser Auto-Complete = pwn Cross-Site Request Forgery (CSRF) At least 19 of websites DNS Rebinding
OWASP Security Spending Benchmarks Report Boaz Gelbord Executive Director of Information Security Wireless Generation Project Leader OWASP Security
Critical 55 37 0 33 71 0 100 Information Leakage High 32 34 57 49 45 39 29 Content Spoofing High
Colaborador OWASP O2 Platform Project Líder del Capítulo OWASP Costa Rica XSS es la vulnerabilidad prevaleciente (55 )
1 juil 2010 · Code 2006 $20000 budget OWASP Spring of Code 2007 $117500 budget OWASP Summer of Code 2008 $126000 budget OWASP Foundation 55
30 avr 2015 · 55 289 45 242 45 of apps dealing with private data does not protect you against MiTM! Page 17 What happened next? Page 18
Agile project success rates: the effect of distribution 55 73 79 70 Average Co-Located Near Located Far Located Source: Dr Dobb's 2008 Project