DevSecOps Road Trip Netherlands stop - Nanne Baars & Brian Vermeer
Session 1: From attack to writing code...what do you need to know as a developer?
We will look at a concrete attack called: "XML external entity attack (XXE)" and see how we can trace it back to writing code. The described mitigations are simple: configure your parser securely, but is it this simple? We will focus on some examples and see if we can catch the attack with tests, code reviews, etc.
Nanne Baars, Developer at Xebia and OWASP WebGoat Project lead
Session 2: Your Attack Surface Just Got Bigger
Building cloud-native web applications is undoubtedly awesome. However, it comes with undeniable new risks. Next to your own code, you are relying on so many other things. Blindly depending on open-source libraries and Docker images can form a massive risk for your application. The wrong package or image can introduce severe vulnerabilities into your application, exposing your application and your user’s data. Join this hands-on cloud-native live-hacking session where we’ll show common threats, vulnerabilities, and misconfigurations. Most importantly, you’ll learn how to protect your application with actionable remediation and best practices
Brian Vermeer, Senior Developer Advocate at Snyk