×
Eventil - Find Tech Events
Official mobile app
FREE - In Google Play
View
×
Eventil
Official mobile app
FREE - In App Store
View
Video not available

Send us an email to hello@eventil.com

Bug Bounties and the OWASP Top 10: Messy Vulns and Real Lessons

0 0

Much of the existing application security & secure development curriculum show security issues in a vacuum, or in the simplest example setting. On the other hand, public bug bounty reports inherently show bugs in real world context. Sometimes that context is unbelievably trivial, other times it is intricate and pointedly specific to the vulnerable site. Both of these extremes provide important nuances that help developers and testers understand how to identify and remediate security issues. This walking tour of common vulnerabilities, as well as more pragmatic “dirty” hacks, bridges the theory/practice divide with illustrative examples drawn from real-world bug bounty programs to help you see your code as attackers do. Finally, you’ll see some examples of how others remediate (often badly) when faced with serious, public facing vulnerabilities and get a better appreciation for how defense-in-depth buys you time to do things right.

CodeMash 2017

CodeMash is a unique event that will educate developers on current practices, methodologies, and technology trends in a variety of platforms and development languages such as Java, .NET, Ruby, Pyth...