Hello! This is the report from the sixth meeting of Backend United. This time, the mitap was dedicated to security issues and was called Tabasco. Speakers from Skyeng, Avito, Tinkoff and Yandex.Cloud talked about how beginners can improve their skills in security issues, work with Sentry and organize the processes for finding and eliminating vulnerabilities by developers.
Below the cut are links to video recordings of speeches with timecodes for easy navigation and links to speaker presentations.
Web Application Security: How to Break and Not Break - Denis Yuriev, Skyeng
Denis talked about how topical security issues are for a developer from a large company and how beginners can get better at them. Using different projects as an example, he showed things that developers can detect and have time to fix - from incorrectly configured nginx and XSS headers to DDoS.
00:00 —
01:38 — : -
03:35 — : ,
07:19 — : -
12:53 — :
17:13 — :
29:47 — ,
Single quote injection to find them all — ,
Sentry.
00:04 —
00:29 — SQL-injections,
01:52 —
03:05 —
05:03 — Error tracking software Sentry,
08:35 —
10:13 —
13:10 —
Security Training & Awareness — ,
, .
00:00 —
00:07 — , AppSec
02:36 —
03:12 — : , security champions, internal bug-bounty
14:56 —
15:45 — : ,
16:07 —
23:10 —
DevSecOps : . — , .
. , . .
00:00 —
01:13 —
07:25 — .
09:42 — Security development lifecycle .
24:59 —
28:05 — Application Sandboxing
30:58 — Complience
32:31 — Production access control hardenings
!