Top 10 things I'm seeing dev teams forget to do that leads to vulnerabilities.
Presenters: Ethan Wilder
The world is filled with frameworks packed with layer after layer of protection. Things like XSS and SQL Injection are becoming easier to mitigate by simply using a pre-built library. OAuth, SAML, and OpenID are drop in authentication / authorization frameworks. TLS libraries are baked into every major language now. Yet the role of a penetration tester is still a valuable one that frequently bears fruit.
From the eyes of a programmer-turned-application penetration tester, these are the top 10 things I see development teams forgetting to do in production despite the presence of such powerful libraries. We'll go over each basic item, explain the risk involved, how to mitigate, and discuss the likely reasons we forget about them.
Ethan Wilder is a long time software developer turned hacker. He has a masters degree in Information Assurance from ISU and have been building and breaking things since before he could read.