Positive Trends in Web App Development
when: Sat, 13 Nov 2021 11:00:00 +1300
where: The Michael Fowler Centre
As pen-testers we spend all our time finding bugs. This leads us to focus on the negative side of the software we review, and see everything in terms of problems. However, at least in web app land, things are actually getting better. The classic security bugs are becoming increasingly rare over time (except in the odd app where you can play bingo), while the focus moves to business logic and access control.
This talk covers a range of trends and techniques, which each chip away at the attack surface of an application. Used where possible, we can move web applications to a better place.
A long time ago, pruby used to get up every morning and build convoluted software monstrosities to feed society's insatiable appetite for data. Now he gets to work out how said monstrosities actually work, find a bunch of bugs, and send them home with a note. He's not sure this is more productive, but at least it's fun! Recently, pruby decided to build some software again, but time has moved on since he last did so. This required thinking about what actually does work, which positive trends to embrace, and what separates a "hard target" from what we're more used to seeing.