OWASP illustrates that developers keep making the same mistakes over and over again, but what about more esoteric vulnerabilities? In this session Barry will take you beyond SQL injection covering some of the code behind now fixed ASP.NET vulnerabilities. By the end of the session you should be poring through your own code looking for problems with dictionaries, compression, encryption and more.
Join Carl and Richard from .NET Rocks with panelists Andre Klingsheim, Barry Dorrans, Troy Hunt and Niall Merrigan as they discuss the state of application security today. What are the simple things that developers should be doing to make their applications more secure? How much of security is a development responsibility versus operations? How do you effectively test the security of your application, and how often do you need to test it again? Bring your questions and be part of this .NET Rocks episode!
Modern browsers offer multiple opt-in security features that help protect your web application. These features are enabled through a variety of HTTP response headers. You should take advantage of these security headers in your web applications to prevent several common web application attacks.
We'll go through the list of security headers and see what they do to improve security for your users.Security headers are the low hanging fruits of web application security. We should all be using them!
This talk is relevant for web developers, testers and architects on all platforms. The security headers enable security features in the browser, and so is not tied to any particular web application development stack. Any examples will be shown using the NWebsec security library for ASP.NET.
Kali, Backbox, Metasploit, BeEF. All tools in an arsenal that exist to break through security barriers.
This talk introduces the tools available and shows how they are used to get through your defences.
It is more a massive demo than a talk and is an exploration of the tools and what they do. At end of this talk, you will have better understanding how to defend against them and spot the problems. We will go through recon, exploitation and maintenance of exploits.
This is geared at developers, it pros and those with an interest in learning more about security tools and practices
The OWASP Top 10 provides a list of the 10 most critical web application security risks. How do these relate to AngularJS applications? What security vulnerabilities should developers be aware of beyond XSS and CSRF?