How Hackers View Your Application

Published at 2025-01-16

Description

In this presentation, we’ll dive into the mindset of cybercriminals and explore how they approach your applications. By understanding the attacker’s perspective, you’ll gain invaluable insights into fortifying your digital defenses.

Key Highlights:

  • Real-World Demonstrations: Witness live hacking scenarios that showcase common vulnerabilities and attack vectors.
  • Case Studies: Explore actual penetration testing stories, revealing surprising security oversights in seemingly robust applications.
  • Attacker Methodology: Learn the step-by-step process hackers use to identify and exploit weaknesses in your systems.
  • Defense Strategies: Discover practical techniques to shield your applications from various attack techniques.

Our speaker, an experienced penetration tester, will guide you through the hacker’s toolkit, demonstrating how seemingly innocuous application features can be leveraged for malicious purposes. You’ll gain a new appreciation for the importance of a security-first mindset in application development.

Whether you’re a developer, system administrator, or security professional, this talk will equip you with the knowledge to see your applications through the eyes of an attacker – and ultimately, to build more secure systems.

Don’t miss this chance to step into the shoes of a hacker and revolutionize your approach to application security!

Notes

How to Do Security Training

  • Set up a web server.
  • Send a link to everyone with access to the web server.
  • Include a page stating that they should not have clicked the link.

Risk Assessment Insights

  • Soda machines kill more people than sharks.
  • Cows kill more people than they bite.
  • Humans are generally bad at assessing risk.

Web Application Security

  • Web apps are common targets for attacks.
  • Build unit tests around registration functionality.
  • Consider the risks posed by unauthenticated users.

Initial System Assessment

  • First thing to examine: how does the system handle clients?
    • Are there organizational accounts?
    • Is there support for multi-tenancy?

Development vs Production

  • Development environments are usually less secure than production environments.

Threats and Mitigations

  • Be aware of dictionary attacks.
  • If something is stolen, determine what would necessitate shutting down the system.

Action Items

  1. Check what happens when you swap the access token.
  2. Convert login from GraphQL to REST.
  3. Ensure the Refresh Token is secure over HTTPS.

Comments

No comments yet. Be the first to comment!

Add a Comment

Wyat © 2025