C e r t ifie d Se c u r e W e b

C r t ifi d S c u r W b Z r t ifizi r t Sic h r h it im W b 1

D l gat s N ic o las M ay n c o u r t, C EO, D r am lab T c h n o lo gi s A G M ar c -A n d r é B c k, C o n su lt an t, D r am lab T c h n o lo gi s A G 2

In h alt C r t ifi d S c u r W b O ff n St an d ar d s L ist u n gsm r k m al N u t r al s B ac k n d 3

C r t ifi d S c u r W b 4

W ar u m? 5

6

7

8

9

10

11

D ar u m. W b ap p lik at io n n gw in n n an B d u t u n g Z u n h m n d w r d n s n sib l D at n ü b r W b ap p lik at io n n au sg t au sc h t. W b ap p lik at io n n sin d u n zu r ic h n d g sc h ü t zt 12

W as k ö n n n w ir t u n? 13

K lu g K ö p f sc h ü t z n sic h 14

Im r ic h t ig n L b n sc h ü t z n si sic h d o c h au c h W ar u m t u n si s n ic h t im In t r n t? 15

C SW - G r u n d sc h u t z = 16

C SW - In it iat iv = Hal th world (wid wb) - mak it a bttr plac 17

B d ar f fü r K o n su m n t n Sic h r h it im W b A n r k an n t Sic h r h it K n n gr ö ss fü r d i Sic h r h it in r W b sit 18

B d ar f fü r U n t r n h m n G r o ss In v st it io n n w r d n g t ät igt fü r Sic h r h it C o m p lian c (PC I-D SS, ISO, So X, B as l II, B SI, O SST M M ) R t u r n o n s c u r it y in v st C r t ifi d S c u r W b b i t t V isib ilit ät C r t ifi d S c u r W b sc h afft V r t r au n C r t ifi d S c u r W b sc h afft V r gl ic h b ar k it 19 Sic h r h it als C h an c

Z w i Z r t ifik at Z r t ifizi r u n gsl h r gan g fü r S c u r Pr o gr am m in g 20 S c u r it y A u d it s m it Z r t ifik at als ad d d v alu

A n r k an n t St an d ar d s O W A SP 21

O ff n St an d ar d s 22

O SST M M D as O p n So u r c S c u r it y T st in g M t h o d o lo gy M an u al w ir d vo n ISEC O M (d m «In st it u t fo r S c u r it y an d O p n M t h o d o lo gi s») g p fl gt u n d w it r n t w ic k lt 23

St är k n vo n O SST M M Ein h it lic h M t r ik zu r B m ssu n g vo n o p r at iv r Sic h r h it : R isk A ss ssm n t V alu (R A V ) K lar fo r m u li r t Vo r gab n zu m A b lau f vo n S c u r it y A u d it s Et h isc h L it lin i n Tr an sp ar n t u n d r p r o d u zi r b ar R su lt at 24

O W A SP O W A SP D as O p n W b A p p lic at io n S c u r it y Pr o j c t w ir d vo n in r w lt w it n C o m m u n it y vo n Fac h k r äft n n t w ic k lt u n d g p fl gt O W A SP ist in Sam m lu n g vo n In fo r m at io n n, Pr o gr am m n, R ic h t lin i n u n d Vo r gab n r u n d u m d i A p p lik at io n ssic h r h it 25

O W A SP St är k n vo n O W A SP B r it A u sr ic h t u n g d r in t r n at io n al o r gan isi r t n C o m m u n it y G r o ss s R p r t o ir an sp zifisc h m W iss n «O W A SP T st in g G u id» als T st l it fad n «O W A SP To p T n» b i t n in n G r u n d sc h u t z «O W A SP SD L C» b i t t R ic h t lin i n zu r sic h r n En t w ic k lu n g 26

O W A SP D i O W A SP To p 1 0 D i O W A SP To p T n ist in L ist d r h äu figst n V r w u n d b ar k it sfam ili n vo n W b ap p lik at io n n G ar an t i r t in b as lin p r o t c t io n w i si vo n in t r n at io n al n St an d ar d s w i ISO o d r PC I g fo r d r t w ir d 27

L ist u n gsm r k m al 28

C SW T D i T c h n o lo gy -Z r t ifizi r u n g z r t ifizi r t in n r r ic h t n G r u n d sc h u t z D as Z r t ifik at r ic h t t sic h an U nt r nhm n En t w ic k l r V n d o r n 29

C SW T U m fan g Z w i A n w n d u n gsfäll Z r t ifizi r t w ir d in Sc o p. D as h isst in k o n k r t In st an z d r A p p lik at io n En t w ic k l r u n d V n d o r n n t w ic k ln ih r A p p lik at io n n o d r A p p lian c s b r it s C SW R ad y En t w ic k l r u n d V n d o r n b i t n ih r n K u n d n in n Z r t ifizi r u n gss r v ic an 30

C SW T A b lau f d r Z r t ifizi r u n g Rzrtifizirung nach inm Jahr ja D finition Scop A udit Rport B hbung Z rt? nin Sourc C od A pplikation OS 31

Z r t ifizi r u n gsgr u n d lag D r R isk A ss ssm n t V alu ist gr ö ss r o d r gl ic h 90% K in st r at gisc h V r w u n d b ar k it ist vo r h an d n D as D sign d r A p p lik at io n n t sp r ic h t d n B st Pr ac t ic s vo n O W A SP 32

C SW D Z r t ifizi r t En t w ic k l r vo n W b ap p lik at io n n /A p p lian c s R ic h t t sic h an : U nt r nhm n En t w ic k l r U n iv r sit ät n 33

C SW D U m fan g Sc h u lu n g fü r S c u r Pr o gr am m in g H an d s-o n H ac k in g vo n W b ap p lik at io n n V r st än d n is d r O W A SP To p T n V r st än d n is d s R isk A ss ssm n t V alu s V r st än d n is d s SD L C 34

C SW D Z r t ifizi r u n gsgr u n d lag D i 5-T ägig Sc h u lu n g w u r d ab so lv i r t D i Pr ü fu n g w u r d r fo lgr ic h ab gsc h lo ss n 35

N u t r al s B ac k n d K o m p t n zz n t r u m 36

Z i ls t zu n g N u t r al s Z r t ifizi r u n gsb ac k n d In t r n at io n al s K o m p t n zz n t r u m (Po o l vo n K o m p t n z n ) In it iat iv zu r V r b ss r u n g d r Sic h r h it im W b 37

St r u k t u r d s B ac k n d s 38

St r u k t u r d s B ac k n d s C SW B acknd 39

St r u k t u r d s B ac k n d s C SW B acknd 40 Z rtifizirungsinstanz (D L)

St r u k t u r d s B ac k n d s C SW B acknd 41 Z rtifizirungsinstanz (D L) Z rtifizirungsinstanz

St r u k t u r d s B ac k n d s C SW B acknd 42 Z rtifizirungsinstanz (D L) Z rtifizirungsinstanz Z rtifizirungsinstanz

St r u k t u r d s B ac k n d s A kadmischs B acking C SW B acknd 43 Z rtifizirungsinstanz (D L) Z rtifizirungsinstanz Z rtifizirungsinstanz

St r u k t u r d s B ac k n d s A kadmischs B acking C SW B acknd Vndors 44 Z rtifizirungsinstanz (D L) Z rtifizirungsinstanz Z rtifizirungsinstanz

Fin an zi r u n g A kadm ischs B acking C S W B acknd Vndors Z rtifizirungsinstanzn KTI M itglidr B iträg 45 Schulung n A kkrditirun g G bührn

Fin an zi r u n g A kadm ischs B acking C S W B acknd Vndors M itglidrbiträg / KTI 46 Z rtifizirungsinstanzn Schulung n A kkrditirun g G bührn

Fin an zi r u n g A kadm ischs B acking M itglidr aus Industri M itglidrbiträg / KTI 47 C S W B acknd Z rtifizirungsinstanzn Schulung n A kkrditirun g G bührn

D an k fü r Ih r A u fm r k sam k it 48

D l gat s D r. En d r B an g r t r, B FH T c h n ik u n d In fo r m at ik 49

T I-B FH B ac k gr o u n d (1 /3) IT S c u r it y ist in r d r Sc h w r p u n k t d r H o c h sc h u l fü r T c h n ik u n d In fo r m at ik an d r B FH. Lhr B ac h lo r m it Sc h w r p u n k t in IT S c u r it y 24+ W o c h n l k t io n n S it 2006 & r fo lgr ic h : ~30 St u d n t n u n d an g h n d S c u r it y Sp zialist n p r o Jah r M ast r in IT S c u r it y s it H r b st 2008 50 V r sc h i d n W ah lvo r l su n g n in IT S c u r it y

T I-B FH B ac k gr o u n d (2/3)? Fo r sc h u n g & En t w ic k lu n g N u r A u ft r ag d r Fac h h o c h sc h u l n Z i l - A n gw an d t Fo r sc h u n g Tr an sf r ak ad m isc h r R su lt at in d i Pr ax is In Z u sam m n ar b it m it In d u st r i p ar t n r n D r it t m it t l fin an zi r t B r at u n gsd i n st l ist u n g n 51

T I-B FH B ac k gr o u n d (3/3)? Fo r sc h u n g & En t w ic k lu n g in IT S c u r it y T h m n & Pr o j k t Id n t it y an d Pr iv ac y E-Vo t in g S c u r it y n gin r in g o f c r y p t o sy st m s M alw ar an aly sis W b S c u r it y Par t n r u n d Fu n d in g 52 EU : FID IS (Fu t u r o f Id n t it y in t h In fo r m at io n So c i t y ) u n d C A C E C o m p u t r A id d C r y p t o En gin r in g KTI

T I-B FH & C SW - W i so? C SW ist in gu t Sac h - k lar r B d ar f u n d k lar r N u t z n + W ic h t igk it u n d R o ll d r IT S c u r it y an T I-B FH = En gag m n t u n d M it ar b it in C SW 53

R o ll d r T I-B FH in C SW N u t r al r Par t n r - U n ab h än gigk it vo n A n b i t r n u n d Pr o d u k t n C SW gu t s Pr o d u k t as is -W it r n t w ic k lu n g vo n C SW ist fü r Er fo lg j d o c h u n r lässlic h T c h n o lo gisc h r W an d l A u sb au vo n C SW B FH -T I ist R & D Par t n r fü r W it r n t w ic k lu n g vo n C SW R&D K o m p t n z Z u gan g zu R & D Fu n d in g M c h an ism n Sc h u lu n g d r En t w ic k l r ist z n t r al r B st an d t il vo n C SW 54 B FH -T I u n t r st ü t zt C SW in Sc h u lu n gsfr ag n In h alt lic h

W it r n t w ic k lu n g C SW S m an t ic Filt r in g S c u r B r o w s r S c u r Tr an sac t io n s S c u r it y o f St an d ar d s (A jax, X M L, (X )H T M L, t c.) M o b ilit y 55

D an k fü r Ih r A u fm r k sam k it 56