We keep building better web frameworks full of built-in security features, but we keep finding new ways to work around them! In this talk, we’ll explore common patterns where smart developers choose (sometimes accidentally) to forego the built-in protection offered by their tools of choice. We’ll cover where this happens, why it tends to happen, and how to catch these corner cases before they turn up in production. As a developer, it’s easy to be lured into the trap that security is “already taken care of” by that shiny new {NodeJS package/Golang framework/JSX-on-the-blockchain}, but we’ll also give some examples of insecure defaults in commonly relied on frameworks.
Resources:
- Slides for this presentation
- Hunter2 Community: https://community.hunter2.com
