DevSecOps, Detection, Defense: Stopping Hackers Before they Strike

Due to their large and complex attack surface and the difficulty in ensuring they are secure, web applications continue to be a prime target of hackers. All it takes is a flaw in the application itself, its framework, the web server or proxy server configuration, or even some third-party component (e.g. a JavaScript library that is embedded on each web page) to lead to a full compromise of a host or network.

In this session, we will talk both generally about the trends in web application security and look at specific examples of how key vulnerabilities arise (e.g. discussing how, without adequate sanitisation, tainted user input can reach dangerous functions within some layer of the system), paying particular attention to those more subtle cases that usually go under the radar.

We discuss the hardening of existing SDLC/DevOps processes through the embedding of automated vulnerability scanning.

Key Takeaways:

• Gain an appreciation of the attack surface complexity of modern web applications
• An insight into how vulnerabilities manifest, whatever their particular form, and their detection through means of
  inference and signatures
• An insight into more subtle detection, such as side-channel and out-of-band detection
• The benefits of automated vulnerability scanning within DevSecOps/SDLC processes