A good example is when an object in a browser is sent as json text to a backend API or vise versa but there are also many other forms and applications. In “secure deserialisation, and how to do it” Alexei Kojenov set out a collection of examples how to OWASP Proactive Controls Lessons do this. In this keynote, we review various cases where frameworks and libraries get in the way of security, paving the way for application-level vulnerabilities. With practical examples, we investigate more robust approaches to application security.
Section three starts with a discussion of authentication and authorization in web applications, followed by examples of exploitation and the mitigations that can be implemented in the short and long terms. Considering the trend to move towards less reliance on passwords for authentication, we cover the modern patterns of password-less authentication and multifactor https://remotemode.net/ authentications. The provided VM lab environment contains realistic application environment to explore the attacks and the effects of the defensive mechanisms. The exercise is structured in a challenge format with hints available along the way. The practical hands-on exercises help students gain experience to hit the ground running back at the office.
More Related Content
Everyone is free to participate in OWASP and all of our materials are available under a free and open software license. In “Five key trends in application security” Ameya Talwalkar summed up five key trends he sees in the application security landscape. Ameya underpins these trends by showing concrete examples of real-world threats and attacks. Serialization and deserialization is used in many places when data is exchanged between systems or components.
As automation is becoming a critical element of the development process, infrastructure and development components are built and maintained through configuration. The management of these configurations is crucial to the security of the application. Seth Law is an experienced Application Security Professional with over 15 years of experience in the computer security industry. During this time, Seth has worked within multiple disciplines in the security field, from software development to network protection, both as a manager and individual contributor. Seth has honed his application security skills using offensive and defensive techniques, including tool development.
With over 10 years specialized in application security projects, we are recognized in the market as one of the most experienced brazilian company in Application Security. Fabio Cerullo is an official certified instructor for ², the global leader in information security education and certification. Fabio has over 15 years of experience in the information security field gained across a diverse range of industries ranging from financial and government institutions to software houses and start-ups.