Modern Web Application Vulnerabilities (on the perimeter right now)

Discord - https://bit.ly/BSidesDFWDiscord Twitter - https://twitter.com/nopantrootdance Modern Web Application Vulnerabilities (on the perimeter right now) Attend this presentation and walk away with an increased awareness of lingering attack surface on organization perimeters. Though some customers only interface is in brick and mortar service centers, more and more, web and mobile applications are quickly becoming the norm for customer interactions. This experience comes with an inherent expectation that an institution will protect its data, users, and assets in cyberspace. This presentation discusses and demonstrates three classes of modern web application mis-configurations and vulnerabilities widely present on network perimeters today. First, it studies specific vulnerabilities in modern front-end frameworks such as AngularJS. Next, it examines vulnerabilities in PDF generation from untrusted HTML. Last, it argues the importance of HTTPS everywhere and implementing proper HTTP Strict-Transport-Security directives to significantly degrade man-in-the-middle attacks. Cary Hooper is an offensive security engineer working for a Fortune 500 institution. Cary is a combat veteran and graduate of the United States Military Academy at West Point. He led technical teams within the Army Engineer Corps and Cyber Command. Cary's certifications include CISSP, OSCE, OSCP, GPEN, GCIA, and CLSSBB.