Explore a comprehensive analysis of common application security vulnerabilities in this 23-minute conference talk from NolaCon 2016. Delve into the challenges of AppSec, examining issues such as clear-text transmission of user credentials, session token exposure in URLs, information leakage, WebDAV misconfigurations, local file inclusion risks, and unspecified content types. Gain valuable insights into why application security remains a complex field and learn practical approaches to addressing these critical vulnerabilities.
Overview
Syllabus
Intro
A little Background
Why is AppSec so Hard?
User credentials sent in clear text
Session Token In URL (CWE-200)
Information leakage
WebDAV enabled
Local File Inclusion
Content type is not specified
Questions?
