Demystifying Web Application Security
Submitted by Shyam Seshadri (@shyamseshadri) on Thursday, 30 August 2018
Section: Full Talk Technical level: Intermediate
Web Application security has generally been focused aroud OWASP, and terms like XSS, CSRF and the like are generally thrown around. In this talk, the aim is to change the mind-map of how we think about and approach security, and outline a methodology that allows you to think about security in a holistic, comprehensive manner. This talk will not specifically talk about security hole A or B, but rather a mindset that we can adopt while developing applications.
The intended audience is both front-end and backend developers.
We will start with covering the top security holes as per OWASP. Moving on we will talk about how this approach itself lends itself to blindspots, and requires constant education and keeping on top of things. And so we try to change the paradigm by covering an approach that many large companies take to application security. We will then look at standard attack vectors instead, and use them as a base to talk about how keeping them in mind might help with security. It will be holistic in that it will not necessarily limit itself to just web application or backend security.
Shyam is the CEO of ReStok, his own startup right not, and has been a Googler, and an Amazonian in the past. He has run both his own startup and headed the engineering of large e-commerce startups as well. He has also been a Security Reviewer at Amazon and helped certify many applications before launch to ensure they adhere to the best security practices.