Session 1: From attack to writing code...what do you need to know as a developer?

We will look at a concrete attack called: "XML external entity attack (XXE)" and see how we can trace it back to writing code. The described mitigations are simple: configure your parser securely, but is it this simple? We will focus on some examples and see if we can catch the attack with tests, code reviews, etc.

Nanne Baars, Developer at Xebia and OWASP WebGoat Project lead

Session 2: Your Attack Surface Just Got Bigger

Building cloud-native web applications is undoubtedly awesome. However, it comes with undeniable new risks. Next to your own code, you are relying on so many other things. Blindly depending on open-source libraries and Docker images can form a massive risk for your application. The wrong package or image can introduce severe vulnerabilities into your application, exposing your application and your user’s data. Join this hands-on cloud-native live-hacking session where we’ll show common threats, vulnerabilities, and misconfigurations. Most importantly, you’ll learn how to protect your application with actionable remediation and best practices

Brian Vermeer, Senior Developer Advocate at Snyk