Upload File

Download - Citrix TechEdge 2014 - Understanding and Troubleshooting Authentication Flow in XM Enterprise Edition

Transcript
Page 1: Citrix TechEdge 2014 - Understanding and Troubleshooting Authentication Flow in XM Enterprise Edition

© 2014 Citrix. Confidential.1

TechEdge 2014

Page 2: Citrix TechEdge 2014 - Understanding and Troubleshooting Authentication Flow in XM Enterprise Edition

© 2014 Citrix. Confidential.2

How to protect against Top Web Security Issues

with NetScaler

Page 3: Citrix TechEdge 2014 - Understanding and Troubleshooting Authentication Flow in XM Enterprise Edition

© 2014 Citrix. Confidential.3

OWASPwww.owasp.org

Page 4: Citrix TechEdge 2014 - Understanding and Troubleshooting Authentication Flow in XM Enterprise Edition

© 2014 Citrix. Confidential.4

TopWeb Application Security Vulnerabilities

Page 5: Citrix TechEdge 2014 - Understanding and Troubleshooting Authentication Flow in XM Enterprise Edition

© 2014 Citrix. Confidential.5

The world’s most advanced cloud networking platform

Page 6: Citrix TechEdge 2014 - Understanding and Troubleshooting Authentication Flow in XM Enterprise Edition

© 2014 Citrix. Confidential.6

Page 7: Citrix TechEdge 2014 - Understanding and Troubleshooting Authentication Flow in XM Enterprise Edition

© 2014 Citrix. Confidential.7

Page 8: Citrix TechEdge 2014 - Understanding and Troubleshooting Authentication Flow in XM Enterprise Edition

© 2014 Citrix. Confidential.8

#1 Injection

Page 9: Citrix TechEdge 2014 - Understanding and Troubleshooting Authentication Flow in XM Enterprise Edition

© 2014 Citrix. Confidential.9

Injection Preventions

Signatures

Page 10: Citrix TechEdge 2014 - Understanding and Troubleshooting Authentication Flow in XM Enterprise Edition

© 2014 Citrix. Confidential.10

#2 Authentication/Session Management

Page 11: Citrix TechEdge 2014 - Understanding and Troubleshooting Authentication Flow in XM Enterprise Edition

© 2014 Citrix. Confidential.11

AAA

Cookie Protections

SSL/TLS

Page 12: Citrix TechEdge 2014 - Understanding and Troubleshooting Authentication Flow in XM Enterprise Edition

© 2014 Citrix. Confidential.12

#3 Cross-Site Scripting

Page 13: Citrix TechEdge 2014 - Understanding and Troubleshooting Authentication Flow in XM Enterprise Edition

© 2014 Citrix. Confidential.13

XSSXSS Preventions

Signatures

Page 14: Citrix TechEdge 2014 - Understanding and Troubleshooting Authentication Flow in XM Enterprise Edition

© 2014 Citrix. Confidential.14

#4 Insecure Direct Object References#5 Security Misconfiguration#6 Sensitive Data Exposure#7 Missing Function Level Access Control#8 Cross-site Request Forgery (CSRF)#9 Using vulnerable components#10 Unvalidated Redirects and Forwards

Page 15: Citrix TechEdge 2014 - Understanding and Troubleshooting Authentication Flow in XM Enterprise Edition

© 2014 Citrix. Confidential.15

Feedback

Please tweet about this session

#SYN607 and #CitrixSynergy

Andrew @NStipster

Lucas @NS_Informer

NetScaler @netscaler

Page 16: Citrix TechEdge 2014 - Understanding and Troubleshooting Authentication Flow in XM Enterprise Edition

© 2014 Citrix. Confidential.16

WORK BETTER. LIVE BETTER.


Top Related

Techedge Culture Code
Techedge Culture Code
Citrix Provisioning Services 7 - Product Documentation Citrix Application Firewall, Citrix Application Gateway, Citrix Provisioning Services, Citrix Streaming Profiler, Citrix Streaming
Citrix Provisioning Services 7 - Product Documentation Citrix Application Firewall, Citrix Application Gateway, Citrix Provisioning Services, Citrix Streaming Profiler, Citrix Streaming
XM SureConnect
XM SureConnect
Citrix TechEdge 2014 - Best Practices for Implementing, Administering, and Troubleshooting XenDesktop 7.5
Citrix TechEdge 2014 - Best Practices for Implementing, Administering, and Troubleshooting XenDesktop 7.5
[Citrix] Perforce Standardisation at Citrix
[Citrix] Perforce Standardisation at Citrix
Unicorn - TechEdge
Unicorn - TechEdge
Monitoring & Asset Management · Citrix 10 Citrix GoToMeeting 10 Citrix Password Manager 10 Citrix Receiver 10 Citrix Single Sign-On 10 Citrix Workspace App 10 Delivery Controller
Monitoring & Asset Management · Citrix 10 Citrix GoToMeeting 10 Citrix Password Manager 10 Citrix Receiver 10 Citrix Single Sign-On 10 Citrix Workspace App 10 Delivery Controller
Kapacitetsregulator för Vätskekylaggregat med två ...files.danfoss.com/TechnicalInfo/Dila/01/RS8GK307_AK-CH...AK-XM 102A 8 AK-XM 102B 8 AK-XM 103A 4 4 AK-XM 204A 8 AK-XM 204B 8
Kapacitetsregulator för Vätskekylaggregat med två ...files.danfoss.com/TechnicalInfo/Dila/01/RS8GK307_AK-CH...AK-XM 102A 8 AK-XM 102B 8 AK-XM 103A 4 4 AK-XM 204A 8 AK-XM 204B 8