Lightning Talk: Modern Web Security: The Art of Creating and Breaking Assertions - John Villamil скачать в хорошем качестве

Lightning Talk: Modern Web Security: The Art of Creating and Breaking Assertions - John Villamil

https://appseccalifornia.org/ Modern web security is a mix of relatively recent frameworks, methods, languages, and abstractions. The age of injection bugs has come and gone. We are firmly in the age of assertions. This age is widely defined by business logic flaws. On a deeper level this age is governed by the security auditor's skill in creating and breaking assertions in the target. Assertions come from any source and they represent statements of security or functionality made by the target. We'll talk about our experience auditing modern web applications over the last three years. We'll talk about the current state of web application security, how its evolved, and where its going. We give examples of assertions (big and small) created and broken during various security audits and the value this brought to the customer. Our goal is to introduce the age of assertions into the zeitgeist and provide auditors a more refined way of thinking beyond injection bugs. John Villamil Co-founder, Doyensec John has worked in a variety of infosec roles from forensics and consulting to large enterprise security. He was most recently part of the Yahoo! Paranoids red team, operating on a network with over 600,000 systems servicing nearly a billion users.