Modern AppSec Gotchas

We keep building better web frameworks full of built-in security features, but we keep finding new ways to work around them! In this talk, we'll explore common patterns where smart developers choose (sometimes accidentally) to forego the built-in protection offered by their tools of choice. We'll cover where this happens, why it tends to happen, and how to catch these corner cases before they turn up in production. As a developer, it's easy to be lured into the trap that security is "already taken care of" by that shiny new {NodeJS package/Golang framework/JSX-on-the-blockchain}, but we'll also give some examples of insecure defaults in commonly relied on frameworks.



Resources mentioned in this session:


Slides: http://hunter2.com/secdev

Hunter2 Community: https://community.hunter2.com


Fletcher Heisler

Fletcher Heisler is the founder and CEO of Hunter2, a company that provides engineering teams with modern appsec training through an online platform of interactive labs, developers get hands-on practice exploiting and patching up real applications. Fletcher previously ran Real Python, an online community of hundreds of thousands learning modern web development and programming practices.


Find Fletcher on twitter

MyDevSecOps ©2020 POWERED BY SNYK

The MyDevSecOps community is powered by Snyk Ltd. Our aim is to create a vendor-neutral space to share knowledge and best practices related to software security.

avatar-transparent.png
  • White Twitter Icon
  • White YouTube Icon