OWASP NZ Day 2019: Exploiting Vulnerabilities from the OWASP Top 10: SQLi, XSS, XXE, File Injection
iSpeech
David Waters and Kieran Molloy - Pushpay
Abstract
We will give a brief introduction to a selection of the OWASP Top 10 and then demonstrate the exploitation of each of these vulnerabilities using tools and hand crafted attacks. We will also demonstrate how a combination vulnerabilities can be chained together by an attacker.
Speaker Biographies
David is a Senior Software Engineer/Tech Lead and one of the leaders of the Secure Coding Guild at Pushpay, David previously worked for 3 years in the security industry including 1 year in the Security Team at Google in London and draws on 20 years experience as a systems and web developer, primarily working in .NET, Java and JavaScript.
Kieran is a developer with an interest in security.
This presentation is from OWASP New Zealand Day 2019, which was held on 22 Feb 2019 in Auckland, New Zealand.
2019-03-01 03:13:41
source
Gloss