For more info on the next Devoxx UK event 👉 www.devoxx.co.uk
Every year, several entities around the world are victims of cybersecurity attacks. Data breaches are affecting every domain, from the healthcare to the financial world. All of those succeeded attacks are coming with a cost which is consistenly increasing, reaching an average of 4.35 million dollars in 2022 (Cost of a Data Breach Report 2022).
In this talk, we will walk through the most common java security flaws nowadays in application code reviews. The flaws we will discuss about are as follow :
SQL injections - parametrized queries
XXE (XML external entity) - disable external entity resolution
XSS (Cross-site scripting) - white list / input sanitization
OS Command Injection - trying to avoid it / white list / input sanitization
Direct Object Reference - access control
For each one of them, we will start by looking at a vulnerable website and how to exploit the flaw. Then, we will take a look at the code and see why it is vulnerable. Finally, we will see how to remediate the issue and make the application safe, fixing the vulnerable website in live !
To finish the talk, I will briefly present some of the most common third party softwares that can be use in order to find issues in your code (Veracode, netsparker, apiiro ...)
