This session explores some modern web application vulnerabilities, as often observed in bug bounty programs. We discuss the threat, as well as the available defenses.
Abstract The highest ranking vulnerability in the OWASP top 10 is still SQL injection. Even today, SQL injection still poses a significant threat. However, the web security landscape has evolved significantly in the last decade. Today, we see new development paradigms appear. Think about the rise of Single Page Applications, APIs, and the use of technologies such as OAuth 2.0 and JWT. We also see a change in security programs, with bug bounty programs leading the way.
In this session, we explore the impact of bug bounty programs on security research. We go over a few concrete cases, highlighting new takes on old vulnerabilities, as well as new attacks. And most importantly, we look at how to defend your web application against these new types of attacks.
This session is intended for anyone designing, securing, breaking or developing web applications.
