JSFoo 2018

On JavaScript and Security

Learn secure web development using Damn Vulnerable NodeJS Application

Submitted by Subash SN (@pingsns) on Thursday, 17 May 2018

videocam_off

Technical level

Intermediate

Section

Workshop

Status

Submitted

Vote on this proposal

Login to vote

Total votes:  +2

Abstract

Damn Vulnerable NodeJS Application (DVNA) is a simple NodeJS application to demonstrate OWASP Top 10 Vulnerabilities and guide on fixing and avoiding these vulnerabilities. In this hands-on workshop we will understand, exploit and learn how to fix/avoid OWASP Top 10 vulnerabilities.

Outline

Plan for the workshop

  1. Hands-on practice of exploiting vulnerabilities in DVNA
  2. Understanding the cause of vulnerabilities
  3. Discussion on how to fix/avoid vulnerabilities

Depending on the time allocated for the workshop the following vulnerabilities will be covered

  1. SQL and command Injection
  2. Broken Authentication
  3. Sensitive Data Exposure
  4. XML External Entities
  5. Broken Access Control
  6. Security Misconfiguration
  7. Cross-Site Scripting (XSS)
  8. Insecure Deserialization
  9. Using Components with Known Vulnerabilities
  10. Cross Site Request Forgery
  11. Unvaidated Redirects and Forwards

Requirements

Laptop with wifi connectivity

Speaker bio

Subash is a Security Engineer at Appsecco. As an avid security enthusiast and a passionate developer, he enjoys developing meaningful solutions to real world security problems. He is currently working on solving security problems at cloud scale and exploring solutions to improve intelligent automation using AI. During his free time, he loves to explore and research on new and upcoming technologies. Introduced to the world of security by null Open Security Community, he is on track to actively contributing back by presenting at various meetups and conferences and has given talks at null Bangalore and the Serverless Summit. He has also contributed to open source security tools such as OWASP Threat Dragon and DVNA.

Links

Comments

Login with Twitter or Google to leave a comment