Live Hacking: Breaking into Your Web App • Brian Vermeer • GOTO 2022
This presentation was recorded at GOTO Amsterdam 2022. #GOTOcon #GOTOams
Brian Vermeer - Java Champion & Senior Developer Advocate at Snyk
ABSTRACT
Join us for a captivating live hacking session with Brian Vermeer.
In Brian’s opinion, open source modules are undoubtedly impressive. However, they also represent an undeniable and massive risk.
Within open source modules you are introducing someone else’s code into your system, often with little or no scrutiny. The wrong package can introduce severe vulnerabilities into your application, exposing your application and your user’s data.
This talk will use a sample application, Goof, which uses various vulnerable dependencies, which together with Brian, you’ll exploit as an attacker would. For each issue, Brian will explain why it happened, show its impact, and – most importantly – see how to avoid or fix it. Brian will live hack exploits like the classic struts vulnerability that recently made it famous, along with Spring Break and several others.
In this talk, you’ll learn:
• That security is important. Not only for your own code but also the frameworks and libraries you depend on
• What might happen when using outdated libraries with known vulnerabilities [...]
TIMECODES
00:00 Intro
00:25 DevSecOps
03:13 What are the problems?
05:22 How bad is the situation?
07:41 Demo
11:05 Your app’s code
13:02 Serverless example
14:36 Spring serverless example
15:54 Open source usage has exploded
19:56 Live hacking/Demo
31:21 Docker
35:57 What’s the solution?
38:35 DveSecOps in your SDLC
40:25 Recources
40:47 Outro
Download slides and read the full abstract here:
RECOMMENDED BOOKS
Jim Manico & August Detlefsen • Iron-Clad Java •
Liz Rice • Container Security •
Liz Rice • Kubernetes Security •
Aaron Parecki • OAuth 2.0 Simplified •
Aaron Parecki • OAuth 2.0 Servers •
Aaron Parecki • The Little Book of OAuth 2.0 RFCs •
Erdal Ozkaya • Cybersecurity: The Beginner’s Guide •
Richer & Sanso • OAuth 2 in Action •
Wilson & Hingnikar • Demystifying OAuth 2.0, OpenID Connect, and SAML 2.0 •
#Security #DevSecOps #Risk #OpenSource #OpenSourceModules #Vulnerable #Dependencies #VulnerableDependencies #Privacy #Programming #SoftwareEngineering #SoftwareDevelopment #Serverless #Java #Spring #Log4j #Docker
Looking for a unique learning experience?
Attend the next GOTO conference near you! Get your ticket at
Sign up for updates and specials at
SUBSCRIBE TO OUR CHANNEL - new videos posted almost daily.
1 view
0
0
4 weeks ago 00:01:00 1
Уникальное средство для чистки обуви‼️ Лайфхак от Испанской домохозяйки 🇪🇦
4 weeks ago 00:00:33 1
Survival Skills: Amazing Dirty Water Purification Filter. #survival #camping #lifehacks
4 weeks ago 00:00:37 1
Это самые невероятные лайфхаки!
4 weeks ago 00:00:54 1
Универсальные советы для дома. Больше интересного в телеграм #lifehacks #diy #tools #tips #shorts
4 weeks ago 02:32:15 1
Dark Journalist: X Assassination and the UFO File
4 weeks ago 00:01:00 1
Мойте окна с фейри. Лайфхак от Романа
4 weeks ago 00:00:53 1
ЛАЙФХАК КОТОРЫЙ ВЗОРВАЛ ИНТЕРНЕТ😱#истории #лайфхаки #сад
4 weeks ago 00:01:00 1
СУПЕР СРЕДСТВО В ЛЕТНИЙ ПЕРИОД ✅ #рецепты #советы #андрейника #лайфхаки
4 weeks ago 00:00:59 1
Устал мыть унитаз? Лайфхак от Романа
4 weeks ago 00:10:47 1
Омоложение: 3 лайфхака, о которых вы не знали
1 month ago 00:00:50 1
Лайфхак - быстрая смена груза на силиконовой приманке!
1 month ago 00:01:01 1
Как очень быстро сварить картошку без воды и огня👌🏽 сохраняй✅ #ЮраВикаКузьменко #лайфхаки #советы