Web Security

Security is an increasingly important part of building modern web applications, but developers often fall victim to the pressure of tight deadlines. In this course, we'll get hands on, both from the attacking and defending standpoint, and learn how to keep the baddies out.

Web Security

State of Web App Security

Before we jump in, let's talk about the current state of Web Application security in comparison to the ops and infrastructure security world. We'll also look at the typical categories of attacks, and what we can do as developers to make sure we're not easy targets ourselves!

  • State of Web App SecurityWelome

    We’ll make sure everyone is set up for the workshop, and go over the day’s agenda.

  • State of Web App SecurityState of Web App Security

    We’ll look at the role web security plays in the world, dissect the methodology behind some recent high-profile attacks, and discuss some shocking statistics regarding the vulnerability of web applications worldwide.

  • State of Web App SecurityCategories of Attacks

    We’ll look at a modern web application system as a whole, and point out several places where an attacker can probe, interfere with, or otherwise compromise it.

  • State of Web App SecurityProtecting Developer Secrets

    Developers are part of the system and can be targeted easily. We’ll go through the exercise of putting a password in front of a SSH key, encrypting a text file, and effectively managing file permissions on a POSIX-compliant operating system.

  • State of Web App SecurityEXERCISE: Developer Lockdown

    Using our newfound knowledge of developer security best practices, it is time to lock down your own machine.

  • State of Web App SecurityBreak

    Coffee Break