TestJS Summit

TestJS Summit 2021

Today's Workshop covered a range of topics related to web application security. It emphasized the importance of understanding and addressing security in everyday activities. The Workshop discussed various vulnerabilities and techniques for exploiting them, including SQL injection and cross-site scripting. It also highlighted the significance of secure design, proper authentication and session management, and the detection of breaches. Resources such as the OWASP Top 10 and the Security Knowledge Framework were recommended for further learning.

The Application Security Training is a 3 Hour training. This Training is intended for those who are interested in making a career in the Information Security domain. This training involves real world scenarios that every Security Professional must be well versed with. It involves decompiling, real-time analyzing and testing of the applications from a security standpoint. This training covers understanding the internals of web and mobile web applications, Real-time testing of web applications and android applications and a strategic approach to analyze applications for OWASP Top 10 vulnerabilities (Web) security issues such as Injections, Cross Site Scripting (XSS), CSRF Attacks, Insecure API’s, Insecure logging, Insecure communication, Insufficient cryptography, Insecure authentication and Poor code quality and many more. <a href="https://www.froala.com/wysiwyg-editor?pb=1"> </a>

Learn to defend by learning the hacker mindset

Vandana Verma

We'll discuss the benefits and vulnerabilities of open source software, including the importance of being aware of transitive dependencies. Open source supply chain security is a growing concern, and tools like Snyk can help identify and fix vulnerabilities. The workshop covers topics such as directory traversal, cross-site scripting, and catastrophic backtracking, demonstrating how these vulnerabilities can be exploited and fixed. The key takeaways include continuous scanning, checking vulnerabilities in new dependencies, and using tools like Snyk for secure software development.

This workshop will lead you through installing and exploiting a number of intentionally vulnerable applications. The applications will use real-world packages with know vulnerabilities, including: - Directory traversal - Regular expression denial of service (ReDoS) - Cross site scripting (XSS) - Remote code execution (RCE) - Arbitrary file overwrite (Zip Slip) - These exploits exist in a number of applications, most of which you will need to install either locally or on a cloud instance. You can do this workshop in 2 different flavours: - Using the prepared Docker images OR - Install everything on your local machine. <a href="https://www.froala.com/wysiwyg-editor?pb=1"> </a>

How to Exploit Real World Vulnerabilities

Noa Moshe

React Advanced

React Advanced 2021

React's default security against XSS vulnerabilities, exploring and fixing XSS vulnerabilities in React, exploring control characters and security issues, exploring an alternative solution for JSON parsing, and exploring JSON input and third-party dependencies.

Modern frontend frameworks like React are well thought-of in their application security design and that’s great. However, there is still plenty of room for developers to make mistakes and use insecure APIs, vulnerable components, or generally do the wrong thing that turns user input into a Cross-site Scripting vulnerability (XSS). Let me show you how React applications get hacked in the real-world. <a href="https://www.froala.com/wysiwyg-editor?pb=1"> </a>

#xss