Upgrade to Pro — share decks privately, control downloads, hide ads and more …

OWASP for dummies

Sibiu Web Meetup
November 23, 2018
Programming
0
150

OWASP for dummies

In this presentation, we are going to dig into the inner workings of the most common 3 OWASP web vulnerabilities. We are going to see attack vectors such as XSS, exploiting components with known vulnerabilities and silly security misconfigurations.

Sibiu Web Meetup

November 23, 2018
Tweet

More Decks by Sibiu Web Meetup

See All by Sibiu Web Meetup
Git commit messages and PR etiquette
sibiuwebmeetup
0
7
Introduction to Cypress
sibiuwebmeetup
0
11
Web Application Security
sibiuwebmeetup
0
45
Zero Coupled Microservices
sibiuwebmeetup
0
8
Ethereum: Quick & Dirty
sibiuwebmeetup
0
71
Automation in Code Reviews
sibiuwebmeetup
0
82
useState(props.title)
sibiuwebmeetup
0
80
Introduction into ClojureScript
sibiuwebmeetup
0
32
Launching into Orbit.js
sibiuwebmeetup
0
38

Other Decks in Programming

See All in Programming
try! Swift Tokyo 初参加報告LT
hinakko2
0
220
Build Apps for iOS, Android & Desktop in 100% Kotlin With Compose Multiplatform (mDevCamp 2024)
zsmb
0
330
障害対応を起点としたもっといい開発と運用のサイクル作りのためにできること / Hatena Enginner Seminar #29
polamjag
0
160
Ruby Pattern Matching
bkuhlmann
0
930
Milestoner
bkuhlmann
1
410
GitHub Copilotのススメ
marcy731
1
200
MicrosoftのPlatform Engineeringガイドを読んで実際になにかやってみた
ymd65536
1
330
try!Swift Tokyo 2024 参加報告 LT
akidon0000
1
220
Kotlin Multiplatform at Stable and Beyond (Android Makers 2024)
zsmb
0
210
Amazon SQSコンシューマー疎結合への旅 - 出張! #DevelopersIO IT技術ブログの中の人が語る勉強会 #3
quiver
0
270
Snowflakeで眠ったデータを起こそう!
estie
0
120
Rethinking UI building strategies @ SFI 2024
letelete
0
270

Featured

See All Featured
Mobile First: as difficult as doing things right
swwweet
216
8.6k
Designing Dashboards & Data Visualisations in Web Apps
destraynor
226
51k
Into the Great Unknown - MozCon
thekraken
10
990
Fontdeck: Realign not Redesign
paulrobertlloyd
76
4.9k
CSS Pre-Processors: Stylus, Less & Sass
bermonpainter
352
28k
Visualization
eitanlees
136
14k
The MySQL Ecosystem @ GitHub 2015
samlambert
243
12k
Let's Do A Bunch of Simple Stuff to Make Websites Faster
chriscoyier
501
140k
Done Done
chrislema
178
15k
Code Reviewing Like a Champion
maltzj
514
39k
Unsuck your backbone
ammeep
663
57k
RailsConf & Balkan Ruby 2019: The Past, Present, and Future of Rails at GitHub
eileencodes
125
32k

Transcript

  1. OWASP FOR DUMMIES

  2. Lucian Petri

  3. None
  4. None
  5. None

  6. Hacking ( Shhh… )

  7. None

  8. Disclaimer •Prezentarea va fi foarte serioasă cu 0 sarcasm și

    ironie •Nu vă voi arăta live hacking •Nici un calculator nu va fi rănit în procesul acestei demonstrări •Eu nu sunt responsabil pentru orice vei face cu ce ai învățat aici și… blablabla •Limba pe care o voi folosi în prezentare va fi faimoasa Romengleza ( I’m lying ) ( I’m not lying ) ( hope so... )
  9. None

  10. SQL Injection Broken Authentication Sensitive Data Exposure XML External Entities

    Broken Access Control Security Misconfiguration Cross-Site Scripting Using Components With Known Vulnerabilities Insufficient Logging And Monitoring

  11. Javascript won!

  12. None
  13. None
  14. None

  15. Back in the old days VS Today’s days Code is

    vulnerable? Your fault. You could have air tight security More effort = More readable code App vulnerable? Check yo modules! You can never know quickly enough Frameworks do your job

  16. LET’S START H4CK1NG! <3

  17. Q & A Time!

  18. Links for help •https://github.com/LucianPetri/goof •http://dreamerslab.com/blog/en/write-a-todo-list-with-express-and- mongodb/ •https://snyk.io/vuln/npm:mongoose:20160116 •https://snyk.io/vuln/npm:st:20140206 •https://snyk.io/vuln/npm:marked:20150520