Building secure applications
Starting with the basics of Confidentiality, Integrity and Availability. We will discuss how your application be attacked to leak information, to destroy the information you do have, or to prevent access to your application.
How can services be affected, and how can we develop software better, to mitigate the risks. We will cover the techniques you can use to make your application more secure:
Injection (SQL, LDAP, SSO, API, XML) & External XML Entities
Providing demonstrations of how injection attacks in action and how they can be prevented.
Demonstration how deserialisation can be used to attack web applications, alongside approaches and techniques you can employ to prevent it.
Cross Site Scripting (XSS)
Examples of how an XSS attack can be used to leverage your web application.
A demonstration of how libraries containing known vulnerabilities can be exploited by attackers. We will discuss the tools that can allow you to monitor and mitigate these risks as part of your deployment process.
Finally we will discuss other issues, and the mitigations that might be applied.
- Intercommunication Encryption
- Auditing, Logging and Monitoring vs. Privacy
- Access Controls
- Securing dependencies