Live Hacking: Breaking into Your Web App • Brian Vermeer • GOTO 2022

Published: 13 July 2022
on channel: GOTO Conferences

89,136

564

This presentation was recorded at GOTO Amsterdam 2022. #GOTOcon #GOTOams
http://gotoams.nl

Brian Vermeer - Java Champion & Senior Developer Advocate at Snyk

ABSTRACT
Join us for a captivating live hacking session with Brian Vermeer.
In Brian's opinion, open source modules are undoubtedly impressive. However, they also represent an undeniable and massive risk.
Within open source modules you are introducing someone else's code into your system, often with little or no scrutiny. The wrong package can introduce severe vulnerabilities into your application, exposing your application and your user's data.

This talk will use a sample application, Goof, which uses various vulnerable dependencies, which together with Brian, you'll exploit as an attacker would. For each issue, Brian will explain why it happened, show its impact, and – most importantly – see how to avoid or fix it. Brian will live hack exploits like the classic struts vulnerability that recently made it famous, along with Spring Break and several others.

In this talk, you'll learn:
• That security is important. Not only for your own code but also the frameworks and libraries you depend on
• What might happen when using outdated libraries with known vulnerabilities [...]

TIMECODES
00:00 Intro
00:25 DevSecOps
03:13 What are the problems?
05:22 How bad is the situation?
07:41 Demo
11:05 Your app's code
13:02 Serverless example
14:36 Spring serverless example
15:54 Open source usage has exploded
19:56 Live hacking/Demo
31:21 Docker
35:57 What's the solution?
38:35 DveSecOps in your SDLC
40:25 Resources
40:47 Outro

Download slides and read the full abstract here:
https://gotoams.nl/2022/sessions/1603...

RECOMMENDED BOOKS
Jim Manico & August Detlefsen • Iron-Clad Java • https://amzn.to/3qGqwBw
Liz Rice • Container Security • https://amzn.to/3oU4iJe
Liz Rice • Kubernetes Security • https://www.oreilly.com/library/view/...
Aaron Parecki • OAuth 2.0 Simplified • https://amzn.to/2A3IMOf
Aaron Parecki • OAuth 2.0 Servers • https://amzn.to/3ecHEsz
Aaron Parecki • The Little Book of OAuth 2.0 RFCs • https://amzn.to/3i7qnlC
Erdal Ozkaya • Cybersecurity: The Beginner's Guide • https://amzn.to/2T6OIj3
Richer & Sanso • OAuth 2 in Action • https://amzn.to/3hXiAH6
Wilson & Hingnikar • Demystifying OAuth 2.0, OpenID Connect, and SAML 2.0 • https://amzn.to/2U8iLY2

  / gotocon
  / goto-
  / gotoconferences
#Security #DevSecOps #Risk #OpenSource #OpenSourceModules #Vulnerable #Dependencies #VulnerableDependencies #Privacy #Programming #SoftwareEngineering #SoftwareDevelopment #Serverless #Java #Spring #Log4j #Docker

Looking for a unique learning experience?
Attend the next GOTO conference near you! Get your ticket at https://gotopia.tech
Sign up for updates and specials at https://gotopia.tech/newsletter

SUBSCRIBE TO OUR CHANNEL - new videos posted almost daily.
https://www.youtube.com/user/GotoConf...

Watch video Live Hacking: Breaking into Your Web App • Brian Vermeer • GOTO 2022 online without registration, duration hours minute second in high quality. This video was added by user GOTO Conferences 13 July 2022, don't forget to share it with your friends and acquaintances, it has been viewed on our site 89,136 once and liked it 564 people.

785