La Sécurité des CMS ?
-
Upload
sebastien-gioria -
Category
Internet
-
view
1.100 -
download
0
Transcript of La Sécurité des CMS ?
![Page 1: La Sécurité des CMS ?](https://reader031.fdocuments.in/reader031/viewer/2022021506/58ab42a61a28ab61758b4ea3/html5/thumbnails/1.jpg)
Et si on parlait Sécurité…...
Sébastien [email protected]
OWASP France Leader & Evangelist
1 Avril 2016Paris -‐ France
![Page 2: La Sécurité des CMS ?](https://reader031.fdocuments.in/reader031/viewer/2022021506/58ab42a61a28ab61758b4ea3/html5/thumbnails/2.jpg)
Agenda
• OWASP ? • Quelques statistiques• Et les failles ? • So what ? • Q&A Beer / Wine J
2
![Page 3: La Sécurité des CMS ?](https://reader031.fdocuments.in/reader031/viewer/2022021506/58ab42a61a28ab61758b4ea3/html5/thumbnails/3.jpg)
2
http://www.google.fr/#q=sebastien gioria
‣OWASP France Leader & Founder & Evangelist, ‣OWASP ISO Project & OWASP SonarQube Project & OWASP CSRFGuard Leader
Application Security Expert and Coach
Twitter :@SPoint/@OWASP_France2
‣Proud father of youngs kids trying to hack my digital life.
‣Legal and Forensics expert for Cour of Appealof Poitiers
![Page 4: La Sécurité des CMS ?](https://reader031.fdocuments.in/reader031/viewer/2022021506/58ab42a61a28ab61758b4ea3/html5/thumbnails/4.jpg)
4
Learn Contract
Testing
Design
MaturityCode
![Page 5: La Sécurité des CMS ?](https://reader031.fdocuments.in/reader031/viewer/2022021506/58ab42a61a28ab61758b4ea3/html5/thumbnails/5.jpg)
OWASP publications !
• Publications : – Top10 Application Security
Risk ; bestseller– Testing Guide ; second
bestseller– OWASP Cheat Sheets !!! – Application Security
Verification Standard ; not the best well known document
– OpenSAMM : improve your application security
– OWASP Secure Contract Annex
– OWASP Top10 for ... (mobile, cloud, privacy, ...)
• Tools / API– OWASP Zed Attack Proxy ;
replace WebScarab with a lot of new functionalities
– OWASP ESAPI : API for securing your Software
– OWASP AppSensor ; a IDS/IPS in the heart of your software
– OWASP Cornucoppia ; application security play with cards
– OWASP Snake and ladder : play Top10
and many more....
![Page 6: La Sécurité des CMS ?](https://reader031.fdocuments.in/reader031/viewer/2022021506/58ab42a61a28ab61758b4ea3/html5/thumbnails/6.jpg)
Quelques Statistiques
![Page 7: La Sécurité des CMS ?](https://reader031.fdocuments.in/reader031/viewer/2022021506/58ab42a61a28ab61758b4ea3/html5/thumbnails/7.jpg)
Des incidents qui se multiplient
©RiskBasedSecurity2016
![Page 8: La Sécurité des CMS ?](https://reader031.fdocuments.in/reader031/viewer/2022021506/58ab42a61a28ab61758b4ea3/html5/thumbnails/8.jpg)
Des cibles multiples
©RiskBasedSecurity2016
![Page 9: La Sécurité des CMS ?](https://reader031.fdocuments.in/reader031/viewer/2022021506/58ab42a61a28ab61758b4ea3/html5/thumbnails/9.jpg)
Les applications, la plaie de la DSI (et pas que d’elle…)
![Page 10: La Sécurité des CMS ?](https://reader031.fdocuments.in/reader031/viewer/2022021506/58ab42a61a28ab61758b4ea3/html5/thumbnails/10.jpg)
Du hacking au cyber -‐Terrorisme…
© LeMondeInformatique 2015
![Page 11: La Sécurité des CMS ?](https://reader031.fdocuments.in/reader031/viewer/2022021506/58ab42a61a28ab61758b4ea3/html5/thumbnails/11.jpg)
Et le vainqueurest ….
![Page 12: La Sécurité des CMS ?](https://reader031.fdocuments.in/reader031/viewer/2022021506/58ab42a61a28ab61758b4ea3/html5/thumbnails/12.jpg)
Et les failles dans tout cela ?
![Page 13: La Sécurité des CMS ?](https://reader031.fdocuments.in/reader031/viewer/2022021506/58ab42a61a28ab61758b4ea3/html5/thumbnails/13.jpg)
Joomla
![Page 14: La Sécurité des CMS ?](https://reader031.fdocuments.in/reader031/viewer/2022021506/58ab42a61a28ab61758b4ea3/html5/thumbnails/14.jpg)
En 2016 !!!!
![Page 15: La Sécurité des CMS ?](https://reader031.fdocuments.in/reader031/viewer/2022021506/58ab42a61a28ab61758b4ea3/html5/thumbnails/15.jpg)
![Page 16: La Sécurité des CMS ?](https://reader031.fdocuments.in/reader031/viewer/2022021506/58ab42a61a28ab61758b4ea3/html5/thumbnails/16.jpg)
Ez…..
![Page 17: La Sécurité des CMS ?](https://reader031.fdocuments.in/reader031/viewer/2022021506/58ab42a61a28ab61758b4ea3/html5/thumbnails/17.jpg)
![Page 18: La Sécurité des CMS ?](https://reader031.fdocuments.in/reader031/viewer/2022021506/58ab42a61a28ab61758b4ea3/html5/thumbnails/18.jpg)
![Page 19: La Sécurité des CMS ?](https://reader031.fdocuments.in/reader031/viewer/2022021506/58ab42a61a28ab61758b4ea3/html5/thumbnails/19.jpg)
Wordpress
![Page 20: La Sécurité des CMS ?](https://reader031.fdocuments.in/reader031/viewer/2022021506/58ab42a61a28ab61758b4ea3/html5/thumbnails/20.jpg)
![Page 21: La Sécurité des CMS ?](https://reader031.fdocuments.in/reader031/viewer/2022021506/58ab42a61a28ab61758b4ea3/html5/thumbnails/21.jpg)
![Page 22: La Sécurité des CMS ?](https://reader031.fdocuments.in/reader031/viewer/2022021506/58ab42a61a28ab61758b4ea3/html5/thumbnails/22.jpg)
![Page 23: La Sécurité des CMS ?](https://reader031.fdocuments.in/reader031/viewer/2022021506/58ab42a61a28ab61758b4ea3/html5/thumbnails/23.jpg)
Drupal
![Page 24: La Sécurité des CMS ?](https://reader031.fdocuments.in/reader031/viewer/2022021506/58ab42a61a28ab61758b4ea3/html5/thumbnails/24.jpg)
![Page 25: La Sécurité des CMS ?](https://reader031.fdocuments.in/reader031/viewer/2022021506/58ab42a61a28ab61758b4ea3/html5/thumbnails/25.jpg)
![Page 26: La Sécurité des CMS ?](https://reader031.fdocuments.in/reader031/viewer/2022021506/58ab42a61a28ab61758b4ea3/html5/thumbnails/26.jpg)
.NET Nuke
![Page 27: La Sécurité des CMS ?](https://reader031.fdocuments.in/reader031/viewer/2022021506/58ab42a61a28ab61758b4ea3/html5/thumbnails/27.jpg)
So what ?
![Page 28: La Sécurité des CMS ?](https://reader031.fdocuments.in/reader031/viewer/2022021506/58ab42a61a28ab61758b4ea3/html5/thumbnails/28.jpg)
![Page 29: La Sécurité des CMS ?](https://reader031.fdocuments.in/reader031/viewer/2022021506/58ab42a61a28ab61758b4ea3/html5/thumbnails/29.jpg)
Hackers are clever
![Page 30: La Sécurité des CMS ?](https://reader031.fdocuments.in/reader031/viewer/2022021506/58ab42a61a28ab61758b4ea3/html5/thumbnails/30.jpg)
Be accurate
![Page 31: La Sécurité des CMS ?](https://reader031.fdocuments.in/reader031/viewer/2022021506/58ab42a61a28ab61758b4ea3/html5/thumbnails/31.jpg)
Bad Design
![Page 32: La Sécurité des CMS ?](https://reader031.fdocuments.in/reader031/viewer/2022021506/58ab42a61a28ab61758b4ea3/html5/thumbnails/32.jpg)
Update you’re CMS
![Page 33: La Sécurité des CMS ?](https://reader031.fdocuments.in/reader031/viewer/2022021506/58ab42a61a28ab61758b4ea3/html5/thumbnails/33.jpg)
Logs and errors
![Page 34: La Sécurité des CMS ?](https://reader031.fdocuments.in/reader031/viewer/2022021506/58ab42a61a28ab61758b4ea3/html5/thumbnails/34.jpg)
Money, Money, Money