Peter Yaworski – Hackers Gonna Hack: Identifying and Fixing Vulnerabilities Proactively | Øredev 2018
Text to Speech
It's impossible to avoid shipping code without vulnerabilities. Instead, the goal should be identifying and fixing those vulnerabilities as soon as possible, without repeating the same mistakes twice. In this session, I will walk you through how hackers discover your assets, test your systems and look for interesting functionality to shake bugs out of. In doing so, I'll detail various vulnerabilities I've found and other notable public write-ups / disclosures. We'll cover less popular but high impact vulnerabilities like cross-origin web socket hijacking, password reset poisoning, exfiltrating files from the File API and common design patterns that lead to unintentional information disclosure, just to name a few. Attending this session will help developers better understand what hackers look for, how they test and how to think like them in order to code more securely from day one.
Likes: 1
Viewed:
source
Gloss