AppSec is Too Hard
Offered By: Devoxx via YouTube
Course Description
Overview
Explore the challenges and misconceptions of application security in this 43-minute Devoxx conference talk. Delve into practical examples that demonstrate how frameworks and libraries can inadvertently compromise security, leading to recurring vulnerabilities. Learn about more robust approaches to AppSec, including strategies for improving security at scale. Examine specific cases involving React, HTML rendering, and JSON Web Tokens, and understand common pitfalls in implementing security features. Gain valuable insights on encapsulation, leveraging tools, and fostering security awareness to create more secure and manageable applications.
Syllabus
Intro
Good intentions
How do you build secure software
React example
Practical examples
HTML rendering
React dangerously set inner HTML
The solution
First takeaway
Documentation
Its not enough
Code Scan
Save HTML
Simplify your code
Zero findings
Encapsulation
Chasing Web Tokens
What is a JSON Web Token
Apache Pulsar vulnerability
Jot vulnerability
Dark mode
Open Source Documentation
Elginon Problem
Attack
Common Pitfalls
Json Web Tokens
Digital Signatures
Parse Claims
Key Rotation
What I need to learn
Why encapsulate
Flexibility
Netflix
Takeaways
Security Awareness
Encapsulate
Leverage tooling
Shameless plug
Taught by
Devoxx
Related Courses
Introduction à la programmation orientée objet (en Java)École Polytechnique Fédérale de Lausanne via Coursera Foundations of Objective-C App Development
University of California, Irvine via Coursera AP Computer Science A: Java Programming Classes and Objects
Purdue University via edX Object Oriented Programming in Java
Microsoft via edX Object Oriented Programming in Java
Udacity