Overview
Explore modern web application defense techniques using OWASP tools in this 40-minute conference talk from AppSecUSA 2014. Dive into common vulnerabilities like Cross-Site Scripting (XSS), Session Hijacking, and Clickjacking, and learn how to mitigate them effectively. Witness live demonstrations of OWASP projects and tools in action, and discover proactive strategies to prevent attacks and protect applications. Gain insights into Contextual Output Encoding, Content Security Policy, Strict-Transport-Security, and Cross-Site Request Forgery (CSRF) defenses. Participate in an interactive session designed for developers and architects to enhance their understanding of practical security solutions and risk mitigation techniques.
Syllabus
Cross-Site Scripting (XSS)
Contextual Output Encoding
Content Security Policy
CSP Requirements
CSP Directives
CSP Examples
Strict-Transport-Security
X-Frame-Options
Using Secure Headers
Cross-Site Request Forgery (CSRF)
OWASP 1-Liner
Normal JSON Message
CSRF Attack Form
Forged JSON Message
CSRF Defense
CSRFGuard JSP Tags
CSRFGuard DOM Manipulation
Taught by
OWASP Foundation