Don't Run With Scissors: How to Standardize the Way Your Developers Use Dangerous Aspects of Your Framework

Presented at ShellCon 2019, Oct. 11, 2019, 11 a.m. (50 minutes).

Developers often do not know what the common issues are with the framework they are using. At the same time, most common frameworks ship with easy ways to shoot your application's security in the foot. In this world we live in, developer education will fail if even one mistake is made, which will expose a dangerous vulnerability. In this talk, we'll show how you can dramatically reduce the chance developers will shoot themselves in the foot by giving them safer versions of their common tools so your company can ship more secure code. We will write wrapper classes and safe versions of common tools to eliminate XSS vectors, open redirects, XXE, SSRF, LFI, and other dangerous bugs in your codebase.

Presenters:

• Morgan Roman
  Morgan Roman works on the application security team at DocuSign. He started his career writing integration tests for web applications and APIs as a software development engineer in test. He is passionate about finding ways to automate security testing and make it part of the deployment process.

Links:

• https://2019.shellcon.io/talks/dont-run-with-scissors/
• https://www.youtube.com/watch?v=xYBKX16ruV4
• https://shellcon.io/slides/dont-run-with-scissors-shellcon2019.pptx

Similar Presentations:

• ToorCon San Diego TwentyOne (2019) / Don’t run with scissors: how to standardize the way your developers use dangerous aspects of your framework