State of Web App Security
Before we jump in, let's talk about the current state of Web Application security in comparison to the ops and infrastructure security world. We'll also look at the typical categories of attacks, and what we can do as developers to make sure we're not easy targets ourselves!
-
State of Web App SecurityWelome
We’ll make sure everyone is set up for the workshop, and go over the day’s agenda.
-
State of Web App SecurityState of Web App Security
We’ll look at the role web security plays in the world, dissect the methodology behind some recent high-profile attacks, and discuss some shocking statistics regarding the vulnerability of web applications worldwide.
-
State of Web App SecurityCategories of Attacks
We’ll look at a modern web application system as a whole, and point out several places where an attacker can probe, interfere with, or otherwise compromise it.
-
State of Web App SecurityProtecting Developer Secrets
Developers are part of the system and can be targeted easily. We’ll go through the exercise of putting a password in front of a SSH key, encrypting a text file, and effectively managing file permissions on a POSIX-compliant operating system.
-
State of Web App SecurityEXERCISE: Developer Lockdown
Using our newfound knowledge of developer security best practices, it is time to lock down your own machine.
-
State of Web App SecurityBreak
Coffee Break