AppSec Village - Secure Your Code: Injections and Logging

Cite

DEF CON

Krenn, Philipp

Formal Metadata

Title

AppSec Village - Secure Your Code: Injections and Logging

Title of Series

DEF CON Safe Mode

Number of Parts

374

Author

Krenn, Philipp

License

CC Attribution 3.0 Unported:
You are free to use, adapt and copy, distribute and transmit the work or content in adapted or unchanged form for any legal purpose as long as the work is attributed to the author in the manner specified by the author or licensor.

Identifiers

10.5446/51607 (DOI)

Publisher

DEF CON

Release Date

2020

Language

English

Content Metadata

Subject Area

Computer Science

Genre

Conference/Talk

Abstract

This talk combines two of the OWASP top ten security risks to highlight some widespread "this is fine" issues: * Injections (A1:2017): We are using a simple application exploitable by injection and will then secure it with the Web Application Firewall (WAF) ModSecurity. * Insufficient Logging & Monitoring (A10:2017): We are logging and monitoring both the secured and the unsecured application with the Elastic Stack.