Overview
Cybersecurity is still often overlooked in our industry. Clients don’t necessarily see the impact of the work we do to secure applications, and that can make it hard to prioritize audits and pen-testing over implementing requested features. Regardless, it’s important for developers to understand how to better guard against malicious users and protect the data their applications collect and the users who rely on these applications.
Attendees will learn why we should care about web security and see how it has impacted a number of popular companies in recent years. Kristina will walk through examples of Cross-Site Scripting, Cross-Site Request Forgery, Client-State Manipulation and SQL Injection vulnerabilities and discuss solutions on how to prevent these kinds of attacks. Finally, resources will be provided to facilitate future learning and internal team security audits.
Objective
Attendees will come away with a foundational understanding of how to protect their applications and discover vulnerabilities.
Target Audience
Developers
Assumed Audience Knowledge
Basic coding skills are fine
Five Things Audience Members Will Learn
- Why we should care about web security
- Statistics on web security, and resources for continued learning
- A description of cross-site scripting vulnerabilities
- Client-state manipulation
- Cross-site request forgery and sequel injection with an IRL example, a demo of the vulnerability, and solutions on how to prevent it.