Even the simplest web application has so many vectors of attack, it’s no wonder most people forget at least one. Web applications aren’t stand-alone; they are built upon frameworks, upon platforms, upon core libraries, each of which could suffer from vulnerabilities you’re not only unaware of, you’re statistically unlikely to discover them all. Consider, for example, last year’s OpenSSL “Heartbleed” Bug.
We hear about security vulnerabilities every week, now it’s time to experience them. Find out what the leading concerns are, and the not so common ones too, and experience live demonstrations of how these attacks play out.
This presentation aims to arm you with the mindset, tools and resources to minimise the opportunities for attack, and to reduce the fallout when they succeed. From cross-site scripting and session hijacking to brute force and man-in-the-middle attacks, you’re expected to cover all your bases so the bad guys can’t use a single one.
This talk was given at YOW! West, 2015.
Web Application Security (YOW! West 2015)