Learning application security by finding and fixing insecure code in OWASP NodeGoat
Wouldn't it be great if we, developers, learn about application security by training on purposely-built vulnerable applications rather than finding our mistakes in production? Yes, we think so too.
In this session, we welcome Priscila Oliveira, Software Engineer at Sentry and core contributor of open source npm proxy project Verdaccio, to chat about her appsec experiences as developer, and learn together about secure coding practices, how to hack a live application, open source vulnerabilities and how to fix them.
We will be using OWASP's NodeGoat which is an open source project that provides an environment to learn how OWASP Top 10 security risks apply to web applications developed using Node.js.