Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Web App Security

Web App Security

Alessandro Lepore

October 10, 2017

More Decks by Alessandro Lepore

Other Decks in Technology


  1. Alessandro Classic Developer Saw Star Wars false true Saw Star

    Trek false true Gamer false true Drinks coffee false true Drinks beer true true Has beard true true ~2 meters tall true false
  2. “At some point in the history of your company, you’re

    probably going to get hacked.” - Heather Adkins, director of security at Google “There are only two types of companies: those that have been hacked, and those that will be.” - Robert Mueller, FBI Director
  3. OWASP Top 10 Most Critical Web Application Security Risks 1.

    Injection 2. Broken Authentication and Session Management 3. Cross-Site Scripting (XSS) 4. Insecure Direct Object References 5. Security Misconfiguration 6. Sensitive Data Exposure 7. Missing Function Level Access Control 8. Cross-Site Request Forgery (CSRF) 9. Using Components with Known Vulnerabilities 10. Unvalidated Redirects and Forwards
  4. Application Security is ignored or underrated • Complex topic •

    Difficult to sell • “I never had any security incident” ™
  5. “We have our own security system, and it has never

    been breached in more than 15 years” - oilandgasinternational.com
  6. WARNING: Very advanced hacker skills > brew install sqlmap >

    sqlmap --dump --url= "http://localhost:3000/ilike_search?search_term=rails"
  7. How to be better at security • Have a black

    hoodie • Have basic security knowledge • Know some tools • Have a plan for responding to incidents • Have a security contact page
  8. Bonus: Security is fun!!! • Hacking labs • Challenges •

    Capture the flag • Example: root-me.org