Talks
Speakers
Events
Topics
Sign in
Home
Talks
Speakers
Events
Topics
Leaderboard
Use
Analytics
Sign in
Suggest modification to this talk
Title
Description
Join me for a wild ride through the dizzying highs and terrifying lows of web security in 2015. Take a look at some major breaches of the year, from Top Secret clearances, to medical records, all the way to free beer. We’ll look at how attack trends have changed over the past year and new ways websites are being compromised. We’ve pulled together data from all the sites we protect to show you insights on types and patterns of attacks, and sophistication and origin of the attackers. After the bad, we’ll look at the good - new technologies like U2F and RASP that are helping secure the web.
Date
Summarized using AI?
If this talk's summary was generated by AI, please check this box. A "Summarized using AI" badge will be displayed in the summary tab to indicate that the summary was generated using AI.
Show "Summarized using AI" badge on summary page
Summary
Markdown supported
In the presentation titled "The State of Web Security," Mike Milner delves into the evolving landscape of web security as of 2015, exploring both significant vulnerabilities and emerging protective technologies. The talk, held during RailsConf 2016, emphasizes the immense challenges developers face in keeping their applications secure amidst a variety of attack vectors. **Key Points of Discussion:** - **Introduction to the Speaker and Context:** Mike Milner begins by establishing his role as the CTO at Immuno, highlighting the importance of RailsConf to his company's origins and mission. - **Vulnerabilities in Web Applications:** The focus shifts to three significant types of vulnerable code which can exist within applications: 1) application code, 2) view logic, and 3) Ruby code in controllers. Developers are reminded of their responsibility for both their own code and third-party libraries, underscoring the interconnectedness of code. - **Common Threats:** Milner elaborates on SQL injection, detailing its persistence as a vulnerability despite its long-standing recognition, citing recent data breaches like the VTech incident, which compromised millions of personal records. Notably, he shares a case about Weatherspoon’s pub in the UK, where attackers exploited SQL injection to access customer data and even beer vouchers. - **Emerging Vulnerabilities in Rails:** He touches on a newly discovered information leak vulnerability in Rails that can arise from unsafe render functions, urging developers to implement secure coding practices to prevent exposure. - **Ransomware and Credential Stuffing:** The speaker transitions to discussing ransomware as a growing concern targeting web applications and identifies credential stuffing, linking it to poor password practices among users. - **Preventive Measures:** Suggested strategies for mitigating risks include rate limiting, educating users on strong password creation, and implementing defensive tools such as web application firewalls (WAFs) and Runtime Application Self-Protection (RASP). - **Continuous Education and Monitoring:** The importance of staying current with security trends and conducting regular threat assessments is emphasized. Milner recommends utilizing resources like OWASP for ongoing developer education. **Conclusions and Takeaways:** Milner concludes by reminding attendees that web application security is a continuous journey requiring diligence, education, and effective strategies to safeguard user data and maintain system integrity. He stresses that as long as applications are built and users engage with them, vigilance against vulnerabilities must be a priority.
Suggest modifications
Cancel
