Jakub Andrzejewski

Security in modern Web Applications - OWASP to the rescue!

Could a malicious NPM package give attackers a reverse shell into your system? Learn how this simple mistake compromised companies like PayPal, Microsoft, and Netflix.

Security in modern Web Applications - OWASP to the rescue!
#1about 3 minutes

Frontend developers now share responsibility for application security

Modern full-stack frameworks like Nuxt.js and Next.js shift security concerns from being backend-only to involving frontend developers.

#2about 3 minutes

Why security is often neglected in development

The push to deliver features quickly often leads development teams to overlook critical aspects like security, performance, and accessibility.

#3about 2 minutes

Understanding the OWASP Top 10 for web security

The OWASP Top 10 is a standard awareness document that provides a starting point for understanding the most critical web application security risks.

#4about 3 minutes

Common web application threats like injection and DoS

Explore common vulnerabilities from the OWASP list, including SQL injection, cross-site scripting (XSS), broken access control, and denial-of-service (DoS) attacks.

#5about 1 minute

Leveraging OWASP resources like cheat sheets and ZAP

OWASP provides valuable resources for developers, including technology-specific cheat sheets and the ZAP penetration testing tool to identify vulnerabilities.

#6about 2 minutes

The danger of dependency confusion in NPM packages

Malicious NPM packages with the same name as private packages can be fetched from public registries, leading to severe security breaches.

#7about 2 minutes

Implementing security with native HTTP security headers

Use HTTP response headers like Content-Security-Policy to instruct the browser on how to handle resources, enhancing security for both dynamic and static sites.

#8about 2 minutes

Managing browser permissions and basic authentication

You can programmatically block access to sensitive browser APIs like geolocation and implement simple basic authentication for access control.

#9about 4 minutes

A practical demonstration of the nuxt-security module

See a live demo of the `nuxt-security` module automatically adding security headers, blocking XSS attempts, rate limiting requests, and enabling basic auth.

#10about 2 minutes

Introducing a new out-of-the-box security module for Next.js

A new security module is being developed for Next.js and React to provide the same easy-to-implement security features as its Nuxt counterpart.

#11about 1 minute

The goal is to make systems too difficult to break

Since no system is truly unbreakable, the primary goal of security is to make your application so time-consuming to compromise that attackers give up.

#12about 2 minutes

Answering questions on LLM injection and header implementation

The Q&A session covers the possibility of LLM injection attacks in future OWASP lists and clarifies the best practice of using server-level headers over `http-equiv`.

Related jobs
Jobs that call for the skills explored in this talk.

Remote

Name of

Name of

Remote
Intermediate
PHP
Java
+1

Matching moments

Essential web security best practices beyond SPAs
03:30 MIN

Essential web security best practices beyond SPAs

A Primer in Single Page Application Security (Angular, React, Vue.js)

Unlock Moments
Create a free account to watch a limited number of Moments each month.
Upgrade to PRO for unlimited access to the full archive.
Focusing on the top three OWASP security threats
04:01 MIN

Focusing on the top three OWASP security threats

It's a (testing) trap! - Common testing pitfalls and how to solve them

Unlock Moments
Create a free account to watch a limited number of Moments each month.
Upgrade to PRO for unlimited access to the full archive.
Making web application security accessible to developers
01:24 MIN

Making web application security accessible to developers

What The Hack is Web App Sec?

Unlock Moments
Create a free account to watch a limited number of Moments each month.
Upgrade to PRO for unlimited access to the full archive.
A seven-step guide to securing modern web apps
06:37 MIN

A seven-step guide to securing modern web apps

Full-stack role-based authorization in 45 minutes

Unlock Moments
Create a free account to watch a limited number of Moments each month.
Upgrade to PRO for unlimited access to the full archive.
Understanding common web and API vulnerability classes
12:11 MIN

Understanding common web and API vulnerability classes

Software Security 101: Secure Coding Basics

Unlock Moments
Create a free account to watch a limited number of Moments each month.
Upgrade to PRO for unlimited access to the full archive.
Focusing on secure architecture over just code
01:20 MIN

Focusing on secure architecture over just code

Architecting API Security

Unlock Moments
Create a free account to watch a limited number of Moments each month.
Upgrade to PRO for unlimited access to the full archive.
Exploring specific web vulnerabilities and filtering issues
03:17 MIN

Exploring specific web vulnerabilities and filtering issues

WeAreDevelopers LIVE - Chrome for Sale? Comet - the upcoming perplexity browser Stealing and leaking

Unlock Moments
Create a free account to watch a limited number of Moments each month.
Upgrade to PRO for unlimited access to the full archive.
Introduction to developer-first security and CTFs
04:09 MIN

Introduction to developer-first security and CTFs

Capture the Flag 101

Unlock Moments
Create a free account to watch a limited number of Moments each month.
Upgrade to PRO for unlimited access to the full archive.

Featured Partners

Related Videos

See all videos
Unleashing the Power of Developers: Why Cybersecurity is the Missing Piece?!?27:36

Unleashing the Power of Developers: Why Cybersecurity is the Missing Piece?!?

Tino Sokic

Architecting API Security47:34

Architecting API Security

Philippe De Ryck

Cross Site Scripting is yesterday's news, isn't it?30:54

Cross Site Scripting is yesterday's news, isn't it?

Martina Kraus

Bullet-Proof APIs: The OWASP API Security Top Ten25:46

Bullet-Proof APIs: The OWASP API Security Top Ten

Christian Wenz

Security Pitfalls for Software Engineers27:32

Security Pitfalls for Software Engineers

Jasmin Azemović

101 Typical Security Pitfalls28:41

101 Typical Security Pitfalls

Alexander Pirker

What The Hack is Web App Sec?24:01

What The Hack is Web App Sec?

Jackie

Friend or Foe? TypeScript Security Fallacies27:41

Friend or Foe? TypeScript Security Fallacies

Liran Tal

Related Articles

View all articles
CH
Chris Heilmann
Dev Digest 138 - Are you secure about this?
Hello there! This is the 2nd "out of the can" edition of 3 as I am on vacation in Greece eating lovely things on the beach. So, fewer news, but lots of great resources. Many around the topic of security. Enjoy! News and ArticlesGoogle Pixel phones t...
Dev Digest 138 - Are you secure about this?
LM
Luis Minvielle
The Best Upcoming IT Webinars
Now that you already know what IT webinars are and how they can help you level up your professional appeal, you might want actually to get into one. Live tech webinars are one of the best ways to stay on top of the latest trends and tools because eit...
The Best Upcoming IT Webinars
Dev Digest 105 - Security First
Last Friday's Dev Digest was mostly about security and game topics, so let's take a look what you didn't get in your inbox. We also covered some brand new online courses to get started as a developer or refresh your knowledge. And we wrapped up CODE1...
Dev Digest 105 - Security First
CH
Chris Heilmann
Dev Digest 110 - XY marks the spotty security
This time we give you a collection of links about the XZ backdoor, solve the last CODE100 puzzle, announce the next round of it, let you play with colours and explain why Lava lamps are great to keep the web secure.News and ArticlesThe big piece of n...
Dev Digest 110 - XY marks the spotty security

From learning to earning

Jobs that call for the skills explored in this talk.