Webapplication security audits
Hans de Raad
Independent consultant, open-source enthusiast (openSUSE, Drupal, etc). Also a big classical music lover (artistic manager of the Huygensfestival in Voorburg, supporter of several international chamber music festivals in/around The Hague, The Netherlands). One of my companies basic philosophies is, if open-source provides you with a stable revenue (thank you, 10x), you should do something in return. So my company donates 10% of its annual profit to one of the projects we've been using that year. This contribution can also be by providing help, i.e. in 2015 I was project lead and organizer for openSUSE conference in The Hague!
No video of the event yet, sorry!
When developing and deploying web applications, the final result is a collection of software all carefully combined to offer a coherent platform. This platform however consists of several loosely coupled items which can, on various levels, offer possibilities of manipulating the deployment.
This session offers an analysis of these items and offers some insight in the possible attack vectors these might offer.
Focus is not on actually hacking the components but on hardening them, by putting prevention measures (like mod_security) in place.
This presentation is derived from a standard auditprocedure which the author follows on a regular basis.
- Date:
- 2013 July 22 - 11:00
- Duration:
- 2 h
- Room:
- Hephaestus
- Conference:
- openSUSE Conference
- Language:
- Track:
- openWorld
- Difficulty:
- openSUSE Artwork & Branding - Putting it all together
- Start Time:
- 2013 July 22 10:00
- Room:
- Dimitra