Modern AppSec Gotchas

We keep building better web frameworks full of built-in security features, but we keep finding new ways to work around them! In this talk, we’ll explore common patterns where smart developers choose (sometimes accidentally) to forego the built-in protection offered by their tools of choice. We’ll cover where this happens, why it tends to happen, and how to catch these corner cases before they turn up in production. As a developer, it’s easy to be lured into the trap that security is “already taken care of” by that shiny new {NodeJS package/Golang framework/JSX-on-the-blockchain}, but we’ll also give some examples of insecure defaults in commonly relied on frameworks.

Resources mentioned in this session:

Slides: http://hunter2.com/secdev

Hunter2 Community: https://community.hunter2.com

Fletcher Heisler
Fletcher Heisler

Fletcher Heisler is the founder and CEO of Hunter2, a company that provides engineering teams with modern appsec training through an online platform of interactive labs, developers get hands-on practice exploiting and patching up real applications. Fletcher previously ran Real Python, an online community of hundreds of thousands learning modern web development and programming practices.

Fletcher Heisler, Twitter

Related Posts

Privacy Preferences
When you visit our website, it may store information through your browser from specific services, usually in form of cookies. Here you can change your privacy preferences. Please note that blocking some types of cookies may impact your experience on our website and the services we offer.