Taking Security Seriously • Philippe De Ryck • GOTO 2019
Вставка
- Опубліковано 10 лип 2024
- This presentation was recorded at GOTO Amsterdam 2019. #GOTOcon #GOTOams
gotoams.nl
Philippe De Ryck - Founder of Pragmatic Web Security, Google Developer Expert
ABSTRACT
Billions of breached records. Millions paid in bug bounties. Thousands of unpatched vulnerabilities. Yet, almost every post-breach message is adamant about stating that security is taken seriously. Making fun of these security failures is nothing short of counter-productive arrogance. Instead, we should strive to give real meaning to "taking it seriously".
In this talk, we take an honest look at the current security landscape. Using plenty of real-world examples, we dive into the dangers applications face today. We investigate the underlying problems and the struggles developers face when building secure software. You will walk away from this talk with actionable advice on [...]
Download slides and read the full abstract here:
gotoams.nl/2019/sessions/1077
RECOMMENDED BOOKS
Aaron Parecki • OAuth 2.0 Simplified • amzn.to/2A3IMOf
Aaron Parecki • OAuth 2.0 Servers • amzn.to/3ecHEsz
Aaron Parecki • The Little Book of OAuth 2.0 RFCs • amzn.to/3i7qnlC
Erdal Ozkaya • Cybersecurity: The Beginner's Guide • amzn.to/2T6OIj3
Richer & Sanso • OAuth 2 in Action • amzn.to/3hXiAH6
Wilson & Hingnikar • Demystifying OAuth 2.0, OpenID Connect, and SAML 2.0 • amzn.to/2U8iLY2
/ gotoamst
/ gotoconference
/ goto-
gotocon.com
#security #SecurityAttacks #BreachedRecords
Looking for a unique learning experience?
Attend the next GOTO Conference near you! Get your ticket at gotocon.com
SUBSCRIBE TO OUR CHANNEL - new videos posted almost daily.
ua-cam.com/users/GotoConf... - Наука та технологія
another awesome talk from Philippe De Ryck... always interesting and something to learn new every time
Any harm an xss attack could do, a unsuspecting user that can be convinced of copy pasting some script into their dev tools can do as well. Therefore it's very important maybe even more important to secure your backend. That said, allowing an attacker to execute their script on all of your customers devices (xss) without them even knowing it is definitely very bad publicity and can lead to loss of any data those users have access to...