Nobody will see him come, […] He
can hear every secret.
Slide 15
Slide 15 text
No content
Slide 16
Slide 16 text
Deny by default
Slide 17
Slide 17 text
Deny by default
Rate limit API and controller
access
Slide 18
Slide 18 text
Deny by default
Rate limit API and controller
access
Invalidate stateful session
identifiers
Slide 19
Slide 19 text
Deny by default
Rate limit API and controller
access
Invalidate stateful session
identifiers
Implement and reuse access control
mechanisms
Slide 20
Slide 20 text
OpenFGA
Slide 21
Slide 21 text
No content
Slide 22
Slide 22 text
Cryptographic Failures
Slide 23
Slide 23 text
The box. You opened it.
We came
Slide 24
Slide 24 text
No content
Slide 25
Slide 25 text
Encrypt all
sensitive data
Slide 26
Slide 26 text
Classify data processed, stored, or
transmitted
Encrypt all
sensitive data
Slide 27
Slide 27 text
Classify data processed, stored, or
transmitted
Don't store sensitive data
unnecessarily
Encrypt all
sensitive data
Slide 28
Slide 28 text
Classify data processed, stored, or
transmitted
Don't store sensitive data
unnecessarily
Don‘t cache sensitive
responses
Encrypt all
sensitive data
Slide 29
Slide 29 text
Classify data processed, stored, or
transmitted
Don't store sensitive data
unnecessarily
secure, strong & up-to-date
protocols
Don‘t cache sensitive
responses
Encrypt all
sensitive data
Slide 30
Slide 30 text
No content
Slide 31
Slide 31 text
No content
Slide 32
Slide 32 text
No content
Slide 33
Slide 33 text
No content
Slide 34
Slide 34 text
No content
Slide 35
Slide 35 text
No content
Slide 36
Slide 36 text
No content
Slide 37
Slide 37 text
Use a safe API
Slide 38
Slide 38 text
Use a safe API
positive server-side input
validation
Slide 39
Slide 39 text
Use a safe API
positive server-side input
validation
Use SQL features
Slide 40
Slide 40 text
Use a safe API
positive server-side input
validation
Use SQL features escape special characters
Slide 41
Slide 41 text
Example sanitation
Slide 42
Slide 42 text
Example sanitation
Library or build your
own
Slide 43
Slide 43 text
Example sanitation
Slide 44
Slide 44 text
No content
Slide 45
Slide 45 text
No content
Slide 46
Slide 46 text
Vurnerable and Outdated
Dependencies
Slide 47
Slide 47 text
No content
Slide 48
Slide 48 text
No content
Slide 49
Slide 49 text
Remove ununsed dependencies
etc.
Slide 50
Slide 50 text
Remove ununsed dependencies
etc.
Inventory of all version
numbers
Slide 51
Slide 51 text
Remove ununsed dependencies
etc.
Inventory of all version
numbers
Obtain from official sources &
secure links
Slide 52
Slide 52 text
Remove ununsed dependencies
etc.
Inventory of all version
numbers
Obtain from official sources &
secure links
Monitor if library get
unmaintained
Slide 53
Slide 53 text
Remove ununsed dependencies
etc.
Inventory of all version
numbers
Obtain from official sources &
secure links
Monitor if library get
unmaintained
Slide 54
Slide 54 text
No content
Slide 55
Slide 55 text
No content
Slide 56
Slide 56 text
No content
Slide 57
Slide 57 text
Stay as a team
Slide 58
Slide 58 text
Stay as a team Take care of your batteries
Slide 59
Slide 59 text
Stay as a team Take care of your batteries
Double-check if the
killer was defeated
Slide 60
Slide 60 text
Stay as a team Take care of your batteries
Double-check if the
killer was defeated
Take your prof‘s OWASP‘s
advice seriously