Information Security Practice
● CEO at WebbyLab
● 15 years in software development
Why I talk about security?
1. I switched to software development from IT security
2. I work with software engineers for many years and this topic is highly
3. I work with different businesses for many years and risks are highly
4. Governmental regulations (GDPR, PCI DSS etc)
5. It makes you a better software engineer
6. It is FUN!!
What I will talk about?
1. Not about OWASP (Open Web Application Security Project) Top 10 report
2. Not about security tools (metasploit, sqlmap etc)
3. Not about content security policy.
4. Only practical cases that we’ve met in real life.
6. Real cases simulated in environment
a. React frontend
b. NodeJs backend
c. Set of exploits
Case 7: Takeaways
Think about communication
Get the whole picture
Use HTTPS everywhere
Case 8: Clickjacking
Case 9: Tabnapping
Case 10: CSRF (cookie, basic auth)
Case 11: SQL Injection (pass through ORM)
Case 12: ORM Injection
Case 13: Unsafe HTTPS Redirect
Case 14: Target=_blank (without rel="noopener noreferrer")
What I like information security?
Information security is about understanding how things work
It makes you a better developer
You can create more complex projects
It is fun