SecAppDev 2019 has ended
Back To Schedule
Thursday, February 21 • 14:00 - 15:30
Modern web application security vulnerabilities

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

This session explores some modern web application vulnerabilities, as often observed in bug bounty programs. We discuss the threat, as well as the available defenses.

The highest ranking vulnerability in the OWASP top 10 is still SQL injection. Even today, SQL injection still poses a significant threat. However, the web security landscape has evolved significantly in the last decade. Today, we see new development paradigms appear. Think about the rise of Single Page Applications, APIs, and the use of technologies such as OAuth 2.0 and JWT. We also see a change in security programs, with bug bounty programs leading the way.

In this session, we explore the impact of bug bounty programs on security research. We go over a few concrete cases, highlighting new takes on old vulnerabilities, as well as new attacks. And most importantly, we look at how to defend your web application against these new types of attacks.

This session is intended for anyone designing, securing, breaking or developing web applications.


Erlend Oftedal

CTO, Blank AS

Thursday February 21, 2019 14:00 - 15:30 CET
West wing (room Lemaître)