AR
Abilash Rajasekaran
Secure web application - Hands on workshop
Submitted Apr 22, 2019
Technical level:
Intermediate
In this workshop we will be using the Damn Vulnerable NodeJS Application(DVNA) to demonstrate the OWASP top ten vulnerabilities. Initially participants will try to exploit, then understand and fix the vulnerability. We will use Kali linux to demostrate how to scan and find some of the vulnerabilities. If time permits we will try to explain, how to build secure containerized application and setting up CI/CD scanner.
Outline
Steps for every vulnerability:
- Exploit
- Understand
- Fix
Below vulnerabilities will be covered
- SQL and command Injection
- Broken Authentication
- Sensitive Data Exposure
- XML External Entities
- Broken Access Control
- Security Misconfiguration
- Cross-Site Scripting (XSS)
- Insecure Deserialization
- Using Components with Known Vulnerabilities
- Cross Site Request Forgery
- Unvaidated Redirects and Forwards
If Kali linux installed - participants will get to know how to scan the possible vulnerability.
If time permits - hands on or else just demonstration for the below:
- Securing Containerized application
- Setting up security scanner pipeline in CI/CD
Requirements
Must have:
Laptops - Installed docker
Nice to have(not mandatory):
Kali linux(VM/OS)
Speaker bio
We are group of Thoughtworks, extensively using Nodejs application. Below are the links to speakers profile in LinkedIn
https://www.linkedin.com/in/ramakrishnan-kandasamy-8020a037
https://www.linkedin.com/in/ssharanya
https://www.linkedin.com/in/abdulkaderjeelani
https://www.linkedin.com/in/abilash-rajasekaran
Links
Slides
https://appsecco.com/books/dvna-developers-security-guide/intro.html
{{ gettext('Login to leave a comment') }}
{{ gettext('Post a comment…') }}{{ errorMsg }}
{{ gettext('No comments posted yet') }}