Overview

Every few months Salesforce has been hosting a conference for JavaScript developers here in Bellevue.

I wrote talk on the fundamentals of web application security from both an offensive and defensive point of view. I gave this talk in October of 2018 to try to get more developers interested in writing secure code.

The whole talk was about 45 minutes long and covered mapping web apps, finding and exploiting several OWASP-10 vulnerabilities and protecting against those vulnerabilities.

Near the end I talk about some more advanced types of attacks, and how you can build a security culture at your company to help mitigate risk. Initially I discuss getting developers involved and contracting third party penetration testers. Than I talk a bit about offering incentives for responsible disclosure through bug bounty programs.

You can view the slides here: