This talk combines two of the OWASP top ten security risks to highlight some widespread "this is fine" issues:
* Injections (A1:2017): We are using a simple application exploitable by injection and will then secure it with the Web Application Firewall (WAF) ModSecurity.
* Insufficient Logging & Monitoring (A10:2017): We are logging and monitoring both the secured and the unsecured application with the Elastic Stack.
Speaker(s): Philipp Krenn
Location: Appsec Vlg
Discord: https://discord.com/channels/7082082...33026982690876
Event starts: 2020-08-09 12:00 (12:00 PM) PDT (UTC -07:00)
Event ends: 2020-08-09 12:45 (12:45 PM) PDT (UTC -07:00)
For the most up-to-date information, please either visit https://info.defcon.org, or use HackerTracker, which is available for iOS and Android. This is an automated message, and this data was last modified 2020-07-29T02:28 (UTC).
* Injections (A1:2017): We are using a simple application exploitable by injection and will then secure it with the Web Application Firewall (WAF) ModSecurity.
* Insufficient Logging & Monitoring (A10:2017): We are logging and monitoring both the secured and the unsecured application with the Elastic Stack.
Speaker(s): Philipp Krenn
Location: Appsec Vlg
Discord: https://discord.com/channels/7082082...33026982690876
Event starts: 2020-08-09 12:00 (12:00 PM) PDT (UTC -07:00)
Event ends: 2020-08-09 12:45 (12:45 PM) PDT (UTC -07:00)
For the most up-to-date information, please either visit https://info.defcon.org, or use HackerTracker, which is available for iOS and Android. This is an automated message, and this data was last modified 2020-07-29T02:28 (UTC).