Write Secure* Apps - (*more-secure)

Slides and links from 2018 Experts Series talk on Application Security at Lighthouse Labs - Vancouver, Canada

Links from video…

Common types of attack:

1. Phishing Attacks

2. SQL Injection Attacks (SQLi)

3. Cross-Site Scripting (XSS)

4. Man-in-the-Middle (MITM) Attacks

5. Malware Attacks

6. Denial-of-Service Attacks

7. Spear Phishing Attacks

8. Whaling Phishing Attacks

9. Brute-Force and Dictionary Attacks

SANS top-25 software security errors

3 categories

• Software Error Category: Insecure Interaction Between Components
  (6 errors)

• Software Error Category: Risky Resource Management
  (8 errors)

Software Error Category: Porous Defenses
(11 errors)

Fun Hints From The Trenches

Beware of angry insiders: Paine Webber | Don’t over-trust your infra vendor | Update your knowledge | Don’t be sloppy | Some errors are irrecoverable | Cloud Vendor lock-in is still lock-in

References

SANS software errors | SANS Posters | Mozilla Rapid Risk Assessment | OWASP HTML5 security cheat sheet | Rapid 7 Security Fundamentals | SANS infosec reading room | Cyberedge Group 2018 Cyberthreat Report

More about Morgane

Morgane Oger
Lead Consultant
RO IT Systems

170-422 Richards Street
Vancouver, BC V6B 2Z4

@MorganeOgerBC

m.oger@roitsystems.ca

http://fb.me/roitststems

https://morganeoger.ca/about