JSFoo Coimbatore 2019

On building faster, performant and secure web applications

Secure web application - Hands on workshop

Submitted by Abilash Rajasekaran on Apr 22, 2019

Technical level: Intermediate Status: Under evaluation

Abstract

In this workshop we will be using the Damn Vulnerable NodeJS Application(DVNA) to demonstrate the OWASP top ten vulnerabilities. Initially participants will try to exploit, then understand and fix the vulnerability. We will use Kali linux to demostrate how to scan and find some of the vulnerabilities. If time permits we will try to explain, how to build secure containerized application and setting up CI/CD scanner.

Outline

Steps for every vulnerability:
1. Exploit
2. Understand
3. Fix

Below vulnerabilities will be covered
1. SQL and command Injection
2. Broken Authentication
3. Sensitive Data Exposure
4. XML External Entities
5. Broken Access Control
6. Security Misconfiguration
7. Cross-Site Scripting (XSS)
8. Insecure Deserialization
9. Using Components with Known Vulnerabilities
10. Cross Site Request Forgery
11. Unvaidated Redirects and Forwards

If Kali linux installed - participants will get to know how to scan the possible vulnerability.

If time permits - hands on or else just demonstration for the below:
1. Securing Containerized application
2. Setting up security scanner pipeline in CI/CD

Requirements

Must have:
Laptops - Installed docker

Nice to have(not mandatory):
Kali linux(VM/OS)

Speaker bio

Links

Slides

https://appsecco.com/books/dvna-developers-security-guide/intro.html

Comments

{{ gettext('Login to leave a comment') }}

{{ gettext('You need to be a participant to comment.') }}

{{ formTitle }}
{{ gettext('Post a comment...') }}
{{ gettext('New comment') }}

{{ errorMsg }}