Description: In recent years some people have taken the task to try and fix web security. Lets say we fixed all our problems. Let’s say we all use contextual-aware auto-escaping templates, and we all use a secure CSP at a site-wide layer.
Let's say everyone was using an up-to-date browser. Let’s say that our databases and backends were enforcing access control for the application.
Let’s say there are no more APIs that permit attacks like LFI or SQL injection.
Let’s say that we don’t need to worry about Java, Flash, Silverlight, Acrobat, and so on. Let's say mixed content wasn't a problem anymore.
Let's say we didn't need CSRF tokens anymore.
Let’s say all servers around the world were using DH key exchange and Channel ID. Let’s say the whole world was using two-factor authentication.
Let’s say that all our frameworks were developed in a way introducing vulnerabilities is the path or most resistance. What’s next?
This talk would be a quick “this old problems are getting fixed!“, immediately followed by “what’s next is even better”.
For More Inforamtion please visit : - https://appsec.eu/
Tags: securitytube , hacking , hackers , information security , convention , computer security , OWASP-AppsecEU13 ,
Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.