Web Application security is a must have requirement for any organisation with business critical web applications deployed internally or external to the organisation. The number of application security related incidents reported by even large organisations in the recent past have confirmed the urgency to ensure that application security is handled as an important requirement for business continuity.

Developing web applications is now easier than ever! Between countless tutorials and results for “How to do X in Node.js”, developers often miss out on security. In this workshop we will exploit OWASP Top 10 vulnerabilities in Damn Vulnerable NodeJS Application and gain hands-on experience in fixing them.

Who should attend this workshop?

Developers who want to build secure web applications.

Pre-requisites

Laptop with Wifi connectivity
Exprerience with NodeJS development

Outline

Plan for the workshop

Hands-on exploitation of vulnerabilities in DVNA
Understanding the cause of vulnerabilities
Hands-on fixing of vulnerabilities in DVNA
Discussing recommendations and mitigations

The following vulnerabilities will be covered

SQL and Command Injection
Broken Authentication
Sensitive Data Exposure
XML External Entities
Broken Access Control
Security Misconfiguration
Cross-Site Scripting (XSS)
Insecure Deserialization
Using Components with Known Vulnerabilities
Insecure Logging and Monitoring
Cross Site Request Forgery
Unvaidated Redirects and Forwards

Subash is a Security Engineer at Appsecco. As an avid security enthusiast and a passionate developer, he enjoys developing meaningful solutions to real world security problems. He is currently working on solving security problems at cloud scale and exploring solutions to improve intelligent automation using AI. During his free time, he loves to explore and research on new and upcoming technologies. Introduced to the world of security by null Open Security Community, he is on track to actively contributing back by presenting at various meetups and conferences and has given talks at null Bangalore and the Serverless Summit. He has also contributed to open source security tools such as OWASP Threat Dragon and DVNA.

Subash’s training on “Automated Defense using Cloud Services for AWS, Azure and GCP” has been presented at Blackhat USA 2018 and Appsec EU 2018. Subash is the author of Damn Vulnerable NodeJS Application(DVNA). He has presented various talks and trainings on learning web security using DVNA

2699, 19th Main Road HAL 2nd Stage, Indiranagar Bengaluru, Karnataka 560008

Workshop: Secure web development

Learn secure web development using Damn Vulnerable NodeJS Application

9:00 AM to 5:00 PM, 28 October 2018, Bangalore

Who should attend this workshop?

Pre-requisites

Outline

Instructors

What else is happening?

You may also be interested in these related events

Tickets

Loading...

Venue

Loading...