Dive into a comprehensive conference talk on securing web applications, exploring effective strategies to identify and mitigate common security vulnerabilities. Learn about essential resources and tools, including the OWASP Top 10, open-source code analysis for CI/CD pipelines, and security scanning techniques. Discover methods to avoid low-level threats such as SQL injections, CSRF, and XSS attacks through proper ORM usage, data scrubbing, and rendering techniques. Explore application-level security measures, including user authentication best practices, password hashing, OAuth security, and multi-tenancy resource access. Gain valuable insights into developing a robust InfoSec mindset, securing data stores, designing secure networks and systems, and protecting sensitive credentials. Equip yourself with the knowledge to build and maintain secure web applications in today's threat landscape.
Overview
Syllabus
Intro
Software is Everywhere
Security Breaches
Web Applications
Strategies
Open Web Application Security Project
Code Scanning: PHP
Code Scanning: Python
Code Scanning: JavaScript
Dependency Check
Penetration Testing
Web Application Firewalls
Low-Level Vulnerabilities
ORM SQL Injection Data Mapper
ORM SQL Injection Active Record
XSS: Cross-Site Scripting
XSS: Mitigation
XSS: Rendering: Mitigation
XSS: Saving Data: Mitigation
CSRF: Cross-Site Req. Forgery
CSRF: Mitigation
Application Vulnerabilities
User Authentication
User Auth: Failure Messaging
User Auth: Failure Handling
User Auth: Multi-Factor
User Auth: Account Recovery
User Auth: Password Policies
User Auth: Password Hashing
User Auth: Password Transport
Compromised Account
Resource Access & Multi-Tenancy
Securing Data Stores
Network & System Design
Securing Credentials
InfoSec Mindset
Taught by
NDC Conferences
