Inside a hacker’s mind: Apache Struts, Serverless, and, Stored XSS Zero-day
- Attendees will gain in depth knowledge of the latest vulnerabilities.
- Attendees will understand the methods of prevention and remediation of these vulnerabilities through practical scenarios and code demos.
- Different security perspectives will be shared with the attendees as the concept of cyber-security from an overhead cost to a business enabler is as much a technical change as it is a cultural one.
- Attendees will be able to incorporate change in their work/personal projects using the resources shared in the talk.
The aim of this talk is to introduce the audience to latest critical vulnerabilities. The first half of the talk will cover the two most critical vulnerabilities in platforms previously unfathomable, i.e. vulnerabilities in Apache Struts and Serverless Architectures with examples/demos of exploits and its effects. The second half will delve deeper into the Stored XSS Zero-day, a vulnerability that allowed hackers to compromise 70,000 websites in March 2019. One wonder's about XSS, is it that big of a deal? This talk will enable the audience to answer this question and discover if their/their company’s website is vulnerable to XSS by taking them on a journey of exploring all types of XSS: Stored, Reflective, DOM with real life scenarios, code demos, the effects of exploitation, and recommended prevention/remediation processes. In the end, resources will be shared as the concept of security from an overhead cost to a business enabler is as much a technical change as it is a cultural one.