Overview
Witness a captivating live hacking session that exposes the vulnerabilities in web applications using open source modules. Explore the risks associated with introducing third-party code into your system and learn how to exploit and fix these issues. Discover the importance of security not only for your own code but also for the frameworks and libraries you depend on. Follow along as the presenter demonstrates real-world exploits, including the infamous Struts vulnerability and Spring Break. Gain insights into the explosive growth of open source usage and its implications for security. Learn practical solutions to implement DevSecOps throughout your software development lifecycle. Acquire valuable knowledge on container security, Kubernetes, OAuth 2.0, and cybersecurity fundamentals through recommended resources.
Syllabus
Intro
DevSecOps
What are the problems?
How bad is the situation?
Demo
Your app's code
Serverless example
Spring serverless example
Open source usage has exploded
Live hacking/Demo
Docker
What's the solution?
DveSecOps in your SDLC
Resources
Outro
Taught by
GOTO Conferences