SlideShare a Scribd company logo
1 of 24
Download to read offline
Singapore	|	28	Feb	-	01	Mar	2019
Web	Services	aren’t	as	secure	as	we	
think
Tilak.T
Singapore	|	28	Feb	-	01	Mar	2019
Yours	truly
• Senior	Solutions	Engineer	at	we45	
• Full	Stack	Developer	
• Developer	of	Open-Source	
• Trainer	and	Speaker	
• PSF	Member	
• Part	of	multiple	CTF
@ti1akt
Singapore	|	28	Feb	-	01	Mar	2019
Outline
• Why	security	is	important	
• Unique	Vulnerabilities	
• Demo	!	
• DevSecOps	Pipeline
@ti1akt
Singapore	|	28	Feb	-	01	Mar	2019
Why	web	services	aren't	secure
@ti1akt
Singapore	|	28	Feb	-	01	Mar	2019
Ref: https://www.imperva.com/blog/the-state-of-web-application-vulnerabilities-in-2018/ @ti1akt
Singapore	|	28	Feb	-	01	Mar	2019
Unique	Vulnerabilities
• JWT	Manipulation	
• Insecure	Deserialization	
• Insecure	Direct	Object	Reference	
• Etc	…
@ti1akt
Singapore	|	28	Feb	-	01	Mar	2019
Singapore	|	28	Feb	-	01	Mar	2019
@ti1akt
Singapore	|	28	Feb	-	01	Mar	2019
JWT	Manipulation
OWASP-2017	A5	Broken	Access	Control
@ti1akt
Singapore	|	28	Feb	-	01	Mar	2019
Why	JWT
• Stateless	Application	
• Authorization	Mechanism	
• Transfers	information	between	
server	and	client	
• Scalable	and	decoupled
@ti1akt
Singapore	|	28	Feb	-	01	Mar	2019
JSON	Web	Token(JWT)
• The	process	is	relatively	simple	(typically):	
• Once	a	user	authenticates,	the	server	generates	some	JSON	payload	(with	some	info)	
and	signs	the	JSON	payload	with	a	key	
• This	can	be	a	HMAC	Based	Key	(HS256)	or	a	Asymmetric	System	(RS256)	
• The	token	is	sent	by	the	client	(like	a	session	cookie)	
• The	server	attempts	to	verify	the	token	based	on	the	signature	and	allows/disallows	
the	user	to	perform	actions
@ti1akt
Singapore	|	28	Feb	-	01	Mar	2019
Lots	of	ways	to	get	JWT	wrong
• Modify	the	algorithm	to	`none`	
• Leakage	of	sensitive	
information	
• Algorithm	Confusion	
• Cracking	Secret	Keys
@ti1akt
Singapore	|	28	Feb	-	01	Mar	2019
@ti1akt
Singapore	|	28	Feb	-	01	Mar	2019
@ti1akt
Singapore	|	28	Feb	-	01	Mar	2019
Insecure	Deserialization
OWASP-2017	A5	Broken	Access	Control
@ti1akt
Singapore	|	28	Feb	-	01	Mar	2019
Singapore	|	28	Feb	-	01	Mar	2019
@ti1akt
Singapore	|	28	Feb	-	01	Mar	2019
@ti1akt
Singapore	|	28	Feb	-	01	Mar	2019
Singapore	|	28	Feb	-	01	Mar	2019
Basic	Pipeline	Demo
@ti1akt
Singapore	|	28	Feb	-	01	Mar	2019
SecDevOps	Jenkins	pipeline	
@ti1akt
Singapore	|	28	Feb	-	01	Mar	2019
@ti1akt
Singapore	|	28	Feb	-	01	Mar	2019
Abhay	Bhargav	
Rahul	Raghavan	
Sandeep	Patil	
Sharath	Kumar	
Nithin	Jois
Singapore	|	28	Feb	-	01	Mar	2019
Thank	You
https://github.com/we45/DevSecCon2019
@ti1akt

More Related Content

What's hot

A Starters Guide to Building APIs with Javascript
A Starters Guide to Building APIs with JavascriptA Starters Guide to Building APIs with Javascript
A Starters Guide to Building APIs with JavascriptAll Things Open
 
I Love APIs 2015: Implementing an API Tier to Enable a New Mobile Platform
I Love APIs 2015: Implementing an API Tier to Enable a New Mobile PlatformI Love APIs 2015: Implementing an API Tier to Enable a New Mobile Platform
I Love APIs 2015: Implementing an API Tier to Enable a New Mobile PlatformApigee | Google Cloud
 
Building APIs with Apigee Edge and Microsoft Azure
Building APIs with Apigee Edge and Microsoft AzureBuilding APIs with Apigee Edge and Microsoft Azure
Building APIs with Apigee Edge and Microsoft AzureApigee | Google Cloud
 
apidays LIVE Australia 2021 - From apps to APIs: how no-code is transforming ...
apidays LIVE Australia 2021 - From apps to APIs: how no-code is transforming ...apidays LIVE Australia 2021 - From apps to APIs: how no-code is transforming ...
apidays LIVE Australia 2021 - From apps to APIs: how no-code is transforming ...apidays
 
Building an API Security Strategy
Building an API Security StrategyBuilding an API Security Strategy
Building an API Security StrategySmartBear
 
Doing more with Static Sites + Transcription and Sentiment Analysis Pipeline ...
Doing more with Static Sites + Transcription and Sentiment Analysis Pipeline ...Doing more with Static Sites + Transcription and Sentiment Analysis Pipeline ...
Doing more with Static Sites + Transcription and Sentiment Analysis Pipeline ...Daniel Zivkovic
 
DevSecCon Seattle 2019: Decentralized Authorization - Implementing Fine Grain...
DevSecCon Seattle 2019: Decentralized Authorization - Implementing Fine Grain...DevSecCon Seattle 2019: Decentralized Authorization - Implementing Fine Grain...
DevSecCon Seattle 2019: Decentralized Authorization - Implementing Fine Grain...DevSecCon
 
Big Apps, Big Data, and Why "Connected Things" are not the IoT
Big Apps, Big Data, and Why "Connected Things" are not the IoTBig Apps, Big Data, and Why "Connected Things" are not the IoT
Big Apps, Big Data, and Why "Connected Things" are not the IoTApigee | Google Cloud
 
DevSecCon Seattle 2019: Liquid Software as the real solution for the Sec in D...
DevSecCon Seattle 2019: Liquid Software as the real solution for the Sec in D...DevSecCon Seattle 2019: Liquid Software as the real solution for the Sec in D...
DevSecCon Seattle 2019: Liquid Software as the real solution for the Sec in D...DevSecCon
 
Executing on API Developer Experience
Executing on API Developer Experience Executing on API Developer Experience
Executing on API Developer Experience SmartBear
 
apidays LIVE Paris 2021 - Automating API Documentation by Ajinkya Marudwar, G...
apidays LIVE Paris 2021 - Automating API Documentation by Ajinkya Marudwar, G...apidays LIVE Paris 2021 - Automating API Documentation by Ajinkya Marudwar, G...
apidays LIVE Paris 2021 - Automating API Documentation by Ajinkya Marudwar, G...apidays
 
Java 8 - Gateway Drug or End of Line?
Java 8 - Gateway Drug or End of Line?Java 8 - Gateway Drug or End of Line?
Java 8 - Gateway Drug or End of Line?Garth Gilmour
 
Developer Services: Making Developers Successful
Developer Services: Making Developers SuccessfulDeveloper Services: Making Developers Successful
Developer Services: Making Developers SuccessfulApigee | Google Cloud
 
Welcome Note by Abhinav Asthana, CEO at Postman
Welcome Note by Abhinav Asthana, CEO at PostmanWelcome Note by Abhinav Asthana, CEO at Postman
Welcome Note by Abhinav Asthana, CEO at PostmanPostman
 
Pain Points In API Development? They’re Everywhere
Pain Points In API Development? They’re EverywherePain Points In API Development? They’re Everywhere
Pain Points In API Development? They’re EverywhereNordic APIs
 
Unlocking Value From the Internet of Things (IoT) with APIs
Unlocking Value From the Internet of Things (IoT) with APIsUnlocking Value From the Internet of Things (IoT) with APIs
Unlocking Value From the Internet of Things (IoT) with APIsApigee | Google Cloud
 

What's hot (20)

A Starters Guide to Building APIs with Javascript
A Starters Guide to Building APIs with JavascriptA Starters Guide to Building APIs with Javascript
A Starters Guide to Building APIs with Javascript
 
I Love APIs 2015: Implementing an API Tier to Enable a New Mobile Platform
I Love APIs 2015: Implementing an API Tier to Enable a New Mobile PlatformI Love APIs 2015: Implementing an API Tier to Enable a New Mobile Platform
I Love APIs 2015: Implementing an API Tier to Enable a New Mobile Platform
 
Building APIs with Apigee Edge and Microsoft Azure
Building APIs with Apigee Edge and Microsoft AzureBuilding APIs with Apigee Edge and Microsoft Azure
Building APIs with Apigee Edge and Microsoft Azure
 
apidays LIVE Australia 2021 - From apps to APIs: how no-code is transforming ...
apidays LIVE Australia 2021 - From apps to APIs: how no-code is transforming ...apidays LIVE Australia 2021 - From apps to APIs: how no-code is transforming ...
apidays LIVE Australia 2021 - From apps to APIs: how no-code is transforming ...
 
Building an API Security Strategy
Building an API Security StrategyBuilding an API Security Strategy
Building an API Security Strategy
 
Doing more with Static Sites + Transcription and Sentiment Analysis Pipeline ...
Doing more with Static Sites + Transcription and Sentiment Analysis Pipeline ...Doing more with Static Sites + Transcription and Sentiment Analysis Pipeline ...
Doing more with Static Sites + Transcription and Sentiment Analysis Pipeline ...
 
DevSecCon Seattle 2019: Decentralized Authorization - Implementing Fine Grain...
DevSecCon Seattle 2019: Decentralized Authorization - Implementing Fine Grain...DevSecCon Seattle 2019: Decentralized Authorization - Implementing Fine Grain...
DevSecCon Seattle 2019: Decentralized Authorization - Implementing Fine Grain...
 
Big Apps, Big Data, and Why "Connected Things" are not the IoT
Big Apps, Big Data, and Why "Connected Things" are not the IoTBig Apps, Big Data, and Why "Connected Things" are not the IoT
Big Apps, Big Data, and Why "Connected Things" are not the IoT
 
DevSecCon Seattle 2019: Liquid Software as the real solution for the Sec in D...
DevSecCon Seattle 2019: Liquid Software as the real solution for the Sec in D...DevSecCon Seattle 2019: Liquid Software as the real solution for the Sec in D...
DevSecCon Seattle 2019: Liquid Software as the real solution for the Sec in D...
 
Executing on API Developer Experience
Executing on API Developer Experience Executing on API Developer Experience
Executing on API Developer Experience
 
apidays LIVE Paris 2021 - Automating API Documentation by Ajinkya Marudwar, G...
apidays LIVE Paris 2021 - Automating API Documentation by Ajinkya Marudwar, G...apidays LIVE Paris 2021 - Automating API Documentation by Ajinkya Marudwar, G...
apidays LIVE Paris 2021 - Automating API Documentation by Ajinkya Marudwar, G...
 
Java 8 - Gateway Drug or End of Line?
Java 8 - Gateway Drug or End of Line?Java 8 - Gateway Drug or End of Line?
Java 8 - Gateway Drug or End of Line?
 
Apigee Edge Product Demo
Apigee Edge Product DemoApigee Edge Product Demo
Apigee Edge Product Demo
 
Developer Services: Making Developers Successful
Developer Services: Making Developers SuccessfulDeveloper Services: Making Developers Successful
Developer Services: Making Developers Successful
 
Monitoring Solutions for APIs
Monitoring Solutions for APIsMonitoring Solutions for APIs
Monitoring Solutions for APIs
 
Welcome Note by Abhinav Asthana, CEO at Postman
Welcome Note by Abhinav Asthana, CEO at PostmanWelcome Note by Abhinav Asthana, CEO at Postman
Welcome Note by Abhinav Asthana, CEO at Postman
 
Pain Points In API Development? They’re Everywhere
Pain Points In API Development? They’re EverywherePain Points In API Development? They’re Everywhere
Pain Points In API Development? They’re Everywhere
 
API Design Workflows
API Design WorkflowsAPI Design Workflows
API Design Workflows
 
A Checklist for Every API Call
A Checklist for Every API CallA Checklist for Every API Call
A Checklist for Every API Call
 
Unlocking Value From the Internet of Things (IoT) with APIs
Unlocking Value From the Internet of Things (IoT) with APIsUnlocking Value From the Internet of Things (IoT) with APIs
Unlocking Value From the Internet of Things (IoT) with APIs
 

Similar to DevSecCon Singapore 2019: Web Services aren’t as secure as we think

DevSecCon Singapore 2019: The journey of digital transformation through DevSe...
DevSecCon Singapore 2019: The journey of digital transformation through DevSe...DevSecCon Singapore 2019: The journey of digital transformation through DevSe...
DevSecCon Singapore 2019: The journey of digital transformation through DevSe...DevSecCon
 
Building analytics with event grid
Building analytics with event gridBuilding analytics with event grid
Building analytics with event gridTeemu Tapanila
 
Know What You Don’t Know - ModusBox Presents the Metrics Dashboard
Know What You Don’t Know - ModusBox Presents the Metrics DashboardKnow What You Don’t Know - ModusBox Presents the Metrics Dashboard
Know What You Don’t Know - ModusBox Presents the Metrics DashboardMuleSoft
 
Microservices
MicroservicesMicroservices
MicroservicesPT.JUG
 
TOG Indonesia Company Profile | 2017
TOG Indonesia Company Profile | 2017TOG Indonesia Company Profile | 2017
TOG Indonesia Company Profile | 2017Monster Group
 
Profile of Sastry
Profile of SastryProfile of Sastry
Profile of SastryRama Sastry
 
[hoctap.suctremmt.com]14814s15_01.pdf
[hoctap.suctremmt.com]14814s15_01.pdf[hoctap.suctremmt.com]14814s15_01.pdf
[hoctap.suctremmt.com]14814s15_01.pdfHoangNguyenLeThai1
 
LJC 2015 "The Crafty Consultants Guide to DevOps"
LJC 2015 "The Crafty Consultants Guide to DevOps"LJC 2015 "The Crafty Consultants Guide to DevOps"
LJC 2015 "The Crafty Consultants Guide to DevOps"Daniel Bryant
 
Simple steps and tips to improve IT infrastructure operations #yapcasia #yapc...
Simple steps and tips to improve IT infrastructure operations #yapcasia #yapc...Simple steps and tips to improve IT infrastructure operations #yapcasia #yapc...
Simple steps and tips to improve IT infrastructure operations #yapcasia #yapc...Yuichiro Saito
 
(iBeacons) for Recruitment Events (University of Bradford)
(iBeacons) for Recruitment Events (University of Bradford)(iBeacons) for Recruitment Events (University of Bradford)
(iBeacons) for Recruitment Events (University of Bradford)Claire Gibbons
 
CV@rajat Sujanian
CV@rajat SujanianCV@rajat Sujanian
CV@rajat SujanianRajat Kant
 
Pune meetup 16 feb 2019
Pune meetup 16 feb 2019Pune meetup 16 feb 2019
Pune meetup 16 feb 2019Santosh Ojha
 
BrightEdge Share15 - CM202: Content Marketing Models: Content Mix - Kent Yunk
BrightEdge Share15 - CM202: Content Marketing Models: Content Mix - Kent YunkBrightEdge Share15 - CM202: Content Marketing Models: Content Mix - Kent Yunk
BrightEdge Share15 - CM202: Content Marketing Models: Content Mix - Kent YunkBrightEdge Technologies
 
Better delivery with DevOps Driven Development
Better delivery with DevOps Driven DevelopmentBetter delivery with DevOps Driven Development
Better delivery with DevOps Driven DevelopmentJirayut Nimsaeng
 
Cross Platform Angular 2 and TypeScript Development
Cross Platform Angular 2 and TypeScript DevelopmentCross Platform Angular 2 and TypeScript Development
Cross Platform Angular 2 and TypeScript DevelopmentJeremy Likness
 
deliver:Agile 2018 "Continuous Delivery Patterns for Modern Architectures"
deliver:Agile 2018 "Continuous Delivery Patterns for Modern Architectures"deliver:Agile 2018 "Continuous Delivery Patterns for Modern Architectures"
deliver:Agile 2018 "Continuous Delivery Patterns for Modern Architectures"Daniel Bryant
 
Microservices - Scaling Development and Service
Microservices - Scaling Development and ServiceMicroservices - Scaling Development and Service
Microservices - Scaling Development and ServicePaulo Gaspar
 

Similar to DevSecCon Singapore 2019: Web Services aren’t as secure as we think (20)

DevSecCon Singapore 2019: The journey of digital transformation through DevSe...
DevSecCon Singapore 2019: The journey of digital transformation through DevSe...DevSecCon Singapore 2019: The journey of digital transformation through DevSe...
DevSecCon Singapore 2019: The journey of digital transformation through DevSe...
 
Building analytics with event grid
Building analytics with event gridBuilding analytics with event grid
Building analytics with event grid
 
Know What You Don’t Know - ModusBox Presents the Metrics Dashboard
Know What You Don’t Know - ModusBox Presents the Metrics DashboardKnow What You Don’t Know - ModusBox Presents the Metrics Dashboard
Know What You Don’t Know - ModusBox Presents the Metrics Dashboard
 
Microservices
MicroservicesMicroservices
Microservices
 
TOG Indonesia Company Profile | 2017
TOG Indonesia Company Profile | 2017TOG Indonesia Company Profile | 2017
TOG Indonesia Company Profile | 2017
 
Presentation1
Presentation1Presentation1
Presentation1
 
Profile of Sastry
Profile of SastryProfile of Sastry
Profile of Sastry
 
[hoctap.suctremmt.com]14814s15_01.pdf
[hoctap.suctremmt.com]14814s15_01.pdf[hoctap.suctremmt.com]14814s15_01.pdf
[hoctap.suctremmt.com]14814s15_01.pdf
 
LJC 2015 "The Crafty Consultants Guide to DevOps"
LJC 2015 "The Crafty Consultants Guide to DevOps"LJC 2015 "The Crafty Consultants Guide to DevOps"
LJC 2015 "The Crafty Consultants Guide to DevOps"
 
Simple steps and tips to improve IT infrastructure operations #yapcasia #yapc...
Simple steps and tips to improve IT infrastructure operations #yapcasia #yapc...Simple steps and tips to improve IT infrastructure operations #yapcasia #yapc...
Simple steps and tips to improve IT infrastructure operations #yapcasia #yapc...
 
(iBeacons) for Recruitment Events (University of Bradford)
(iBeacons) for Recruitment Events (University of Bradford)(iBeacons) for Recruitment Events (University of Bradford)
(iBeacons) for Recruitment Events (University of Bradford)
 
Using Learning Data to Predict and Alter Business Outcomes 
Using Learning Data to Predict and Alter Business Outcomes Using Learning Data to Predict and Alter Business Outcomes 
Using Learning Data to Predict and Alter Business Outcomes 
 
CV@rajat Sujanian
CV@rajat SujanianCV@rajat Sujanian
CV@rajat Sujanian
 
Pune meetup 16 feb 2019
Pune meetup 16 feb 2019Pune meetup 16 feb 2019
Pune meetup 16 feb 2019
 
WeiYapResume
WeiYapResumeWeiYapResume
WeiYapResume
 
BrightEdge Share15 - CM202: Content Marketing Models: Content Mix - Kent Yunk
BrightEdge Share15 - CM202: Content Marketing Models: Content Mix - Kent YunkBrightEdge Share15 - CM202: Content Marketing Models: Content Mix - Kent Yunk
BrightEdge Share15 - CM202: Content Marketing Models: Content Mix - Kent Yunk
 
Better delivery with DevOps Driven Development
Better delivery with DevOps Driven DevelopmentBetter delivery with DevOps Driven Development
Better delivery with DevOps Driven Development
 
Cross Platform Angular 2 and TypeScript Development
Cross Platform Angular 2 and TypeScript DevelopmentCross Platform Angular 2 and TypeScript Development
Cross Platform Angular 2 and TypeScript Development
 
deliver:Agile 2018 "Continuous Delivery Patterns for Modern Architectures"
deliver:Agile 2018 "Continuous Delivery Patterns for Modern Architectures"deliver:Agile 2018 "Continuous Delivery Patterns for Modern Architectures"
deliver:Agile 2018 "Continuous Delivery Patterns for Modern Architectures"
 
Microservices - Scaling Development and Service
Microservices - Scaling Development and ServiceMicroservices - Scaling Development and Service
Microservices - Scaling Development and Service
 

More from DevSecCon

DevSecCon London 2019: Workshop: Cloud Agnostic Security Testing with Scout S...
DevSecCon London 2019: Workshop: Cloud Agnostic Security Testing with Scout S...DevSecCon London 2019: Workshop: Cloud Agnostic Security Testing with Scout S...
DevSecCon London 2019: Workshop: Cloud Agnostic Security Testing with Scout S...DevSecCon
 
DevSecCon London 2019: Are Open Source Developers Security’s New Front Line?
DevSecCon London 2019: Are Open Source Developers Security’s New Front Line?DevSecCon London 2019: Are Open Source Developers Security’s New Front Line?
DevSecCon London 2019: Are Open Source Developers Security’s New Front Line?DevSecCon
 
DevSecCon London 2019: How to Secure OpenShift Environments and What Happens ...
DevSecCon London 2019: How to Secure OpenShift Environments and What Happens ...DevSecCon London 2019: How to Secure OpenShift Environments and What Happens ...
DevSecCon London 2019: How to Secure OpenShift Environments and What Happens ...DevSecCon
 
DevSecCon London 2019: A Kernel of Truth: Intrusion Detection and Attestation...
DevSecCon London 2019: A Kernel of Truth: Intrusion Detection and Attestation...DevSecCon London 2019: A Kernel of Truth: Intrusion Detection and Attestation...
DevSecCon London 2019: A Kernel of Truth: Intrusion Detection and Attestation...DevSecCon
 
DevSecCon Seattle 2019: Containerizing IT Security Knowledge
DevSecCon Seattle 2019: Containerizing IT Security KnowledgeDevSecCon Seattle 2019: Containerizing IT Security Knowledge
DevSecCon Seattle 2019: Containerizing IT Security KnowledgeDevSecCon
 
DevSecCon Singapore 2019: Four years of reflection: How (not) to secure Web A...
DevSecCon Singapore 2019: Four years of reflection: How (not) to secure Web A...DevSecCon Singapore 2019: Four years of reflection: How (not) to secure Web A...
DevSecCon Singapore 2019: Four years of reflection: How (not) to secure Web A...DevSecCon
 
DevSecCon Singapore 2019: Workshop - Burp extension writing workshop
DevSecCon Singapore 2019: Workshop - Burp extension writing workshopDevSecCon Singapore 2019: Workshop - Burp extension writing workshop
DevSecCon Singapore 2019: Workshop - Burp extension writing workshopDevSecCon
 
DevSecCon Singapore 2019: Embracing Security - A changing DevOps landscape
DevSecCon Singapore 2019: Embracing Security - A changing DevOps landscapeDevSecCon Singapore 2019: Embracing Security - A changing DevOps landscape
DevSecCon Singapore 2019: Embracing Security - A changing DevOps landscapeDevSecCon
 
DevSecCon Singapore 2019: Preventative Security for Kubernetes
DevSecCon Singapore 2019: Preventative Security for KubernetesDevSecCon Singapore 2019: Preventative Security for Kubernetes
DevSecCon Singapore 2019: Preventative Security for KubernetesDevSecCon
 
DevSecCon London 2018: Is your supply chain your achille's heel
DevSecCon London 2018: Is your supply chain your achille's heelDevSecCon London 2018: Is your supply chain your achille's heel
DevSecCon London 2018: Is your supply chain your achille's heelDevSecCon
 
DevSecCon London 2018: Get rid of these TLS certificates
DevSecCon London 2018: Get rid of these TLS certificatesDevSecCon London 2018: Get rid of these TLS certificates
DevSecCon London 2018: Get rid of these TLS certificatesDevSecCon
 
DevSecCon London 2018: Open DevSecOps
DevSecCon London 2018: Open DevSecOpsDevSecCon London 2018: Open DevSecOps
DevSecCon London 2018: Open DevSecOpsDevSecCon
 
DevSecCon London 2018: Building effective DevSecOps teams through role-playin...
DevSecCon London 2018: Building effective DevSecOps teams through role-playin...DevSecCon London 2018: Building effective DevSecOps teams through role-playin...
DevSecCon London 2018: Building effective DevSecOps teams through role-playin...DevSecCon
 
DevSecCon London 2018: Variant Analysis – A critical step in handling vulnera...
DevSecCon London 2018: Variant Analysis – A critical step in handling vulnera...DevSecCon London 2018: Variant Analysis – A critical step in handling vulnera...
DevSecCon London 2018: Variant Analysis – A critical step in handling vulnera...DevSecCon
 
DevSecCon London 2018: Lessons from the legion (the DevSecCon London Remix)
DevSecCon London 2018: Lessons from the legion (the DevSecCon London Remix)DevSecCon London 2018: Lessons from the legion (the DevSecCon London Remix)
DevSecCon London 2018: Lessons from the legion (the DevSecCon London Remix)DevSecCon
 
DevSecCon London 2018: Security in the serverless world
DevSecCon London 2018: Security in the serverless worldDevSecCon London 2018: Security in the serverless world
DevSecCon London 2018: Security in the serverless worldDevSecCon
 
DevSecCon London 2018: Enabling shift-left for 12k banking developers from sc...
DevSecCon London 2018: Enabling shift-left for 12k banking developers from sc...DevSecCon London 2018: Enabling shift-left for 12k banking developers from sc...
DevSecCon London 2018: Enabling shift-left for 12k banking developers from sc...DevSecCon
 
DevSecCon London 2018: Whatever happened to attack aware applications?
DevSecCon London 2018: Whatever happened to attack aware applications?DevSecCon London 2018: Whatever happened to attack aware applications?
DevSecCon London 2018: Whatever happened to attack aware applications?DevSecCon
 
DevSecCon London 2018: A Journey to Continuous Cloud Compliance
DevSecCon London 2018: A Journey to Continuous Cloud ComplianceDevSecCon London 2018: A Journey to Continuous Cloud Compliance
DevSecCon London 2018: A Journey to Continuous Cloud ComplianceDevSecCon
 
DevSecCon London 2018: Securing a web app: business security VS the OWASP top 10
DevSecCon London 2018: Securing a web app: business security VS the OWASP top 10DevSecCon London 2018: Securing a web app: business security VS the OWASP top 10
DevSecCon London 2018: Securing a web app: business security VS the OWASP top 10DevSecCon
 

More from DevSecCon (20)

DevSecCon London 2019: Workshop: Cloud Agnostic Security Testing with Scout S...
DevSecCon London 2019: Workshop: Cloud Agnostic Security Testing with Scout S...DevSecCon London 2019: Workshop: Cloud Agnostic Security Testing with Scout S...
DevSecCon London 2019: Workshop: Cloud Agnostic Security Testing with Scout S...
 
DevSecCon London 2019: Are Open Source Developers Security’s New Front Line?
DevSecCon London 2019: Are Open Source Developers Security’s New Front Line?DevSecCon London 2019: Are Open Source Developers Security’s New Front Line?
DevSecCon London 2019: Are Open Source Developers Security’s New Front Line?
 
DevSecCon London 2019: How to Secure OpenShift Environments and What Happens ...
DevSecCon London 2019: How to Secure OpenShift Environments and What Happens ...DevSecCon London 2019: How to Secure OpenShift Environments and What Happens ...
DevSecCon London 2019: How to Secure OpenShift Environments and What Happens ...
 
DevSecCon London 2019: A Kernel of Truth: Intrusion Detection and Attestation...
DevSecCon London 2019: A Kernel of Truth: Intrusion Detection and Attestation...DevSecCon London 2019: A Kernel of Truth: Intrusion Detection and Attestation...
DevSecCon London 2019: A Kernel of Truth: Intrusion Detection and Attestation...
 
DevSecCon Seattle 2019: Containerizing IT Security Knowledge
DevSecCon Seattle 2019: Containerizing IT Security KnowledgeDevSecCon Seattle 2019: Containerizing IT Security Knowledge
DevSecCon Seattle 2019: Containerizing IT Security Knowledge
 
DevSecCon Singapore 2019: Four years of reflection: How (not) to secure Web A...
DevSecCon Singapore 2019: Four years of reflection: How (not) to secure Web A...DevSecCon Singapore 2019: Four years of reflection: How (not) to secure Web A...
DevSecCon Singapore 2019: Four years of reflection: How (not) to secure Web A...
 
DevSecCon Singapore 2019: Workshop - Burp extension writing workshop
DevSecCon Singapore 2019: Workshop - Burp extension writing workshopDevSecCon Singapore 2019: Workshop - Burp extension writing workshop
DevSecCon Singapore 2019: Workshop - Burp extension writing workshop
 
DevSecCon Singapore 2019: Embracing Security - A changing DevOps landscape
DevSecCon Singapore 2019: Embracing Security - A changing DevOps landscapeDevSecCon Singapore 2019: Embracing Security - A changing DevOps landscape
DevSecCon Singapore 2019: Embracing Security - A changing DevOps landscape
 
DevSecCon Singapore 2019: Preventative Security for Kubernetes
DevSecCon Singapore 2019: Preventative Security for KubernetesDevSecCon Singapore 2019: Preventative Security for Kubernetes
DevSecCon Singapore 2019: Preventative Security for Kubernetes
 
DevSecCon London 2018: Is your supply chain your achille's heel
DevSecCon London 2018: Is your supply chain your achille's heelDevSecCon London 2018: Is your supply chain your achille's heel
DevSecCon London 2018: Is your supply chain your achille's heel
 
DevSecCon London 2018: Get rid of these TLS certificates
DevSecCon London 2018: Get rid of these TLS certificatesDevSecCon London 2018: Get rid of these TLS certificates
DevSecCon London 2018: Get rid of these TLS certificates
 
DevSecCon London 2018: Open DevSecOps
DevSecCon London 2018: Open DevSecOpsDevSecCon London 2018: Open DevSecOps
DevSecCon London 2018: Open DevSecOps
 
DevSecCon London 2018: Building effective DevSecOps teams through role-playin...
DevSecCon London 2018: Building effective DevSecOps teams through role-playin...DevSecCon London 2018: Building effective DevSecOps teams through role-playin...
DevSecCon London 2018: Building effective DevSecOps teams through role-playin...
 
DevSecCon London 2018: Variant Analysis – A critical step in handling vulnera...
DevSecCon London 2018: Variant Analysis – A critical step in handling vulnera...DevSecCon London 2018: Variant Analysis – A critical step in handling vulnera...
DevSecCon London 2018: Variant Analysis – A critical step in handling vulnera...
 
DevSecCon London 2018: Lessons from the legion (the DevSecCon London Remix)
DevSecCon London 2018: Lessons from the legion (the DevSecCon London Remix)DevSecCon London 2018: Lessons from the legion (the DevSecCon London Remix)
DevSecCon London 2018: Lessons from the legion (the DevSecCon London Remix)
 
DevSecCon London 2018: Security in the serverless world
DevSecCon London 2018: Security in the serverless worldDevSecCon London 2018: Security in the serverless world
DevSecCon London 2018: Security in the serverless world
 
DevSecCon London 2018: Enabling shift-left for 12k banking developers from sc...
DevSecCon London 2018: Enabling shift-left for 12k banking developers from sc...DevSecCon London 2018: Enabling shift-left for 12k banking developers from sc...
DevSecCon London 2018: Enabling shift-left for 12k banking developers from sc...
 
DevSecCon London 2018: Whatever happened to attack aware applications?
DevSecCon London 2018: Whatever happened to attack aware applications?DevSecCon London 2018: Whatever happened to attack aware applications?
DevSecCon London 2018: Whatever happened to attack aware applications?
 
DevSecCon London 2018: A Journey to Continuous Cloud Compliance
DevSecCon London 2018: A Journey to Continuous Cloud ComplianceDevSecCon London 2018: A Journey to Continuous Cloud Compliance
DevSecCon London 2018: A Journey to Continuous Cloud Compliance
 
DevSecCon London 2018: Securing a web app: business security VS the OWASP top 10
DevSecCon London 2018: Securing a web app: business security VS the OWASP top 10DevSecCon London 2018: Securing a web app: business security VS the OWASP top 10
DevSecCon London 2018: Securing a web app: business security VS the OWASP top 10
 

Recently uploaded

Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rick Flair
 
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better StrongerModern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Strongerpanagenda
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
Data governance with Unity Catalog Presentation
Data governance with Unity Catalog PresentationData governance with Unity Catalog Presentation
Data governance with Unity Catalog PresentationKnoldus Inc.
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxLoriGlavin3
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersRaghuram Pandurangan
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesThousandEyes
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demoSample pptx for embedding into website for demo
Sample pptx for embedding into website for demoHarshalMandlekar2
 
Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Farhan Tariq
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxLoriGlavin3
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfMounikaPolabathina
 
Potential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsPotential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsRavi Sanghani
 
Assure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyesAssure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyesThousandEyes
 
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Alkin Tezuysal
 
Scale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterScale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterMydbops
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
Manual 508 Accessibility Compliance Audit
Manual 508 Accessibility Compliance AuditManual 508 Accessibility Compliance Audit
Manual 508 Accessibility Compliance AuditSkynet Technologies
 

Recently uploaded (20)

Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...
 
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better StrongerModern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
Data governance with Unity Catalog Presentation
Data governance with Unity Catalog PresentationData governance with Unity Catalog Presentation
Data governance with Unity Catalog Presentation
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptx
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information Developers
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demoSample pptx for embedding into website for demo
Sample pptx for embedding into website for demo
 
Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdf
 
Potential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsPotential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and Insights
 
Assure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyesAssure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyes
 
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
 
Scale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterScale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL Router
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
Manual 508 Accessibility Compliance Audit
Manual 508 Accessibility Compliance AuditManual 508 Accessibility Compliance Audit
Manual 508 Accessibility Compliance Audit
 

DevSecCon Singapore 2019: Web Services aren’t as secure as we think