Workshop: Secure web development

Learn secure web development using Damn Vulnerable NodeJS Application

9:00 AM to 5:00 PM, 28 October 2018, Bangalore

Web Application security is a must have requirement for any organisation with business critical web applications deployed internally or external to the organisation. The number of application security related incidents reported by even large organisations in the recent past have confirmed the urgency to ensure that application security is handled as an important requirement for business continuity.

Developing web applications is now easier than ever! Between countless tutorials and results for “How to do X in Node.js”, developers often miss out on security. In this workshop we will exploit OWASP Top 10 vulnerabilities in Damn Vulnerable NodeJS Application and gain hands-on experience in fixing them.

Who should attend this workshop?

Developers who want to build secure web applications.

Pre-requisites

  • Laptop with Wifi connectivity
  • Exprerience with NodeJS development

Outline

Plan for the workshop

  • Hands-on exploitation of vulnerabilities in DVNA
  • Understanding the cause of vulnerabilities
  • Hands-on fixing of vulnerabilities in DVNA
  • Discussing recommendations and mitigations

The following vulnerabilities will be covered

  • SQL and Command Injection
  • Broken Authentication
  • Sensitive Data Exposure
  • XML External Entities
  • Broken Access Control
  • Security Misconfiguration
  • Cross-Site Scripting (XSS)
  • Insecure Deserialization
  • Using Components with Known Vulnerabilities
  • Insecure Logging and Monitoring
  • Cross Site Request Forgery
  • Unvaidated Redirects and Forwards

Instructors


Subash

Security Engineer, Appsecco.

Tickets

Loading...