This presentation was given to some fresh graduate developers to help them understand how to protect their web apps against some famous attacks like XSS . the presentation was a part of a bigger course that was designed to asset them
AuthN & AuthZ testing: it’s not only about the login formDiana Pinchuk
Presentation in Google Slides http://bit.ly/AuthZ-AuthN-Diana
Testers are often asked at interviews to test a login form. And this is where their acquaintance with authentication testing ends.
We'll talk about authorization and authentication (AuthZ & AuthN) testing: what is the difference between them and how to stop confusing them; what are the specifics of the work of the Oauth 2.0 protocol; what are the best practices of AuthZ & AuthN security testing; what is Identity and Access Management system and where to practice testing of that famous login form.
The talk will be useful for functional testers and those who are interested in the technological aspects of AuthZ & AuthN.
Have you ever dreamed of getting paid to hack?!
As a Bug Hunter, this is what its all about, you hack and find vulnerabilities in software and websites, then end up with profit and fame.
In this session, I will explain to you how to start your journey in bug hunting, Are you ready?
This paper attempts to look behind the wheels of android and keeping special focus on custom rom’s and basically check for security misconfiguration’s which could yield to device compromise, which may result in malware infection or data theft.
A description of Cross-site request forgery (CSRF) attacks and defenses, with a focus on the commonly used libraries and functions which are used for CSRF defense. This presentation goes into each of them, and shows it's strengths, weaknesses, and shortcomings.