Bug Bounties and the OWASP Top 10: Messy Vulns and Real Lessons
iSpeech
Speaker: Justice Cassell, Information Security Consultant at Cisco (https://justicecassel.com/)
Abstract: Much of the existing application security & secure development curriculum show security issues in a vacuum, or in the simplest example setting. On the other hand, public bug bounty reports inherently show bugs in real world context. Sometimes that context is unbelievably trivial, other times it is intricate and pointedly specific to the vulnerable site. Both of these extremes provide important nuances that help developers and testers understand how to identify and remediate security issues. By discussing the risks and benefits you will learn about the environment that bug bounties have created. This walking tour of common vulnerabilities, as well as more pragmatic “dirty” hacks, bridges the theory/practice divide with illustrative examples drawn from real-world bug bounty programs.
Hosted by DePaul Security Daemons (http://secdaemons.org/)
Follow us at https://twitter.com/SecurityDaemons!
2017-05-12 06:44:12
source
Gloss