Building secure applications

Starting with the basics of Confidentiality, Integrity and Availability. We will discuss how your application be attacked to leak information, to destroy the information you do have, or to prevent access to your application.

How can services be affected, and how can we develop software better, to mitigate the risks. We will cover the techniques you can use to make your application more secure:

Injection (SQL, LDAP, SSO, API, XML) & External XML Entities

Providing demonstrations of how injection attacks in action and how they can be prevented.

Deserialization Dangers

Demonstration how deserialisation can be used to attack web applications, alongside approaches and techniques you can employ to prevent it.

Cross Site Scripting (XSS)

Examples of how an XSS attack can be used to leverage your web application.

Known Vulnerabilities

A demonstration of how libraries containing known vulnerabilities can be exploited by attackers. We will discuss the tools that can allow you to monitor and mitigate these risks as part of your deployment process.

Other mitigations:

Finally we will discuss other issues, and the mitigations that might be applied.

  • Intercommunication Encryption
  • Auditing, Logging and Monitoring vs. Privacy
  • Firewalls
  • Access Controls
  • Securing dependencies


Speaker:

Joel Stobart

I’m a CFML, Java, Spring Boot, REACT and Angular developer. CTOs and Software Engineer. I am co-founder of company that develops secure software to enable international investigations.