We've all heard of the OWASP Top 10- it is the standard first reference we give web developers who are interested in making their applications more secure. It is also the categorization scheme we give to web vulnerabilities on our pentest reports. But surely there is more to web application security than the OWASP Top 10, right? In this talk, we will discuss 5 vulnerabilities that don't quite fit into the OWASP Top 10 categories, but are just as dangerous if present in a web application. Both developers and pentesters will benefit from this talk, as both exploits and mitigations will be covered for each of the 5 vulnerabilities.
Aaron Hnatiw is a Senior Security Researcher for Security Compass, an information security advisory firm specializing in application security. Prior to working at Security Compass, Aaron was a professor of Application Security at Georgian College, as well as the founder of Inspectral Security, a security consulting company specializing in red team assessments and vulnerability assessments. Aaron?s background has covered most areas of information technology- he has worked as a security consultant, system administrator, web and desktop application developer, and network security engineer. His current role involves researching information security issues across industries, and developing innovative solutions to these problems.
Recorded at NolaCon 2017
If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.
Copyright 2020, IronGeek