Security: Threats, Bugs, Exploits, Principles and Workflows
In this tutorial I will give a rough overview how attackers work to find week spots, what weak spots regularly are in a web application stack and what admins, developers and project managers can do to make life harder for attackers.
Absolute Security is impossible to achieve. It is however possible to mitigate the most common threats and handle inevitably occurring incidents in a way which prevents major damage.
The tutorial will have three parts
- Most common threats and attack vectors
What are weak spots in a common web application stack (commonly LAMP) and in web applications? How do attackers identify them?
- Most common errors during operations
What are typical errors when running a web application?
How can safety nets be applied? What are best practices?
- Most common errors during development
What are the most common bugs causing security holes?
How can they be avoided by applying best practices?