Overview
Explore common web application vulnerabilities and their mitigations in this comprehensive conference talk from ACCU 2018. Delve into the OWASP Top 10 List 2017 revision, understanding why these security issues persist and how to address them in your own applications. Learn about injection attacks, broken authentication, sensitive data exposure, XML external entities, broken access control, security misconfigurations, cross-site scripting, insecure deserialization, known vulnerable components, and insufficient logging and monitoring. Gain practical insights on implementing effective security measures to protect your Internet-facing services and web applications.
Syllabus
Intro
Introductions
Web Security Threats
How was the 2017 List Produced?
What Changed from 2013 to 2017?
#1 Injection Attacks
Broken Authentication
Sensitive Data Exposure
XML External Entities (XXE)
Broken Access Control
Security Misconfiguration
#7 Cross Site Scripting
#8 Insecure Deserialisation
known Vulnerable Components
Insufficient Logging and Monitoring
Taught by
ACCU Conference