Previous proposalWhy Should I Use a Linter?
Learn secure web development using Damn Vulnerable NodeJS Application
Submitted by Subash SN (@pingsns) on Thursday, 17 May 2018
Section: Workshop Technical level: Intermediate Status: Under evaluation
Damn Vulnerable NodeJS Application (DVNA) is a simple NodeJS application to demonstrate OWASP Top 10 Vulnerabilities and guide on fixing and avoiding these vulnerabilities. In this hands-on workshop we will understand, exploit and learn how to fix/avoid OWASP Top 10 vulnerabilities.
Plan for the workshop
- Hands-on practice of exploiting vulnerabilities in DVNA
- Understanding the cause of vulnerabilities
- Discussion on how to fix/avoid vulnerabilities
Depending on the time allocated for the workshop the following vulnerabilities will be covered
- SQL and command Injection
- Broken Authentication
- Sensitive Data Exposure
- XML External Entities
- Broken Access Control
- Security Misconfiguration
- Cross-Site Scripting (XSS)
- Insecure Deserialization
- Using Components with Known Vulnerabilities
- Cross Site Request Forgery
- Unvaidated Redirects and Forwards
Laptop with wifi connectivity
Subash is a Security Engineer at Appsecco. As an avid security enthusiast and a passionate developer, he enjoys developing meaningful solutions to real world security problems. He is currently working on solving security problems at cloud scale and exploring solutions to improve intelligent automation using AI. During his free time, he loves to explore and research on new and upcoming technologies. Introduced to the world of security by null Open Security Community, he is on track to actively contributing back by presenting at various meetups and conferences and has given talks at null Bangalore and the Serverless Summit. He has also contributed to open source security tools such as OWASP Threat Dragon and DVNA.