A programming language agnostic workshop on best practices to develop secure web applications and APIs. Some common attacks are shown and it is possible to get your hands dirty by following along on your own machine.
Software Engineers; No specialized knowledge required.
Starting from common attack vectors on web applications (e.g. OWASP Top 10), best practices for development of secure software are detailed, such as:
- Input validation
- Authentication and authorization
- Rate limiting
- Data persistence (databases, files)
- Error handling and logging
- Testing and scanning
Selected attacks will be demonstrated and can be tested by attendees on their own devices.