The State of Application Security 2023 • Sebastian Brandes • GOTO 2023

This presentation was recorded at GOTO Copenhagen 2023. #GOTOcon #GOTOcph Sebastian Brandes - Co-founder of HeyHack ORIGINAL TALK TITLE The State of Application Security 2023: Learnings from 4 Million Scanned Services Unveiling the Power of Proactive Cybersecurity Investments RESOURCES ABSTRACT The digital security environment is always evolving, with fresh vulnerabilities surfacing, outdated software being phased out, and shifting security guidelines. Heyhack has conducted extensive global scans, assessing countless vulnerabilities. This discussion presents key vulnerabilities and delves into the actual data Heyhack has gathered worldwide. The aim is to heighten awareness and offer concrete examples of the most prevalent cyber risks today. The foundation for this discussion is grounded in Heyhack’s comprehensive study on 4 million public-facing web services across the globe. This extensive research not only highlights the scale of their investigation but also underscores the significance of the vulnerabilities they’ve uncovered. This vast dataset offers a detailed snapshot of the current online security landscape, and it serves as a pivotal reference throughout the talk. [...] TIMECODES 00:00 Intro 02:48 Agenda 05:04 2011 study 06:10 Results from Heyhack’s global AppSec study 2023 11:18 2023 study overview 11:43 File leaks 13:44 Dangling DNS records 15:09 Dangling Records demo 17:13 Dangling DNS records continued 18:42 Vulnerable FTP servers 19:40 ProFTP demo 21:27 Cross-site scripting 22:30 Cross-site scripting demo 31:02 Case study: Fortnite 36:08 WAF: Web Application Firewalls 40:09 Learnings 40:49 Proactive investments 42:01 Takeaways 44:28 Outro Download slides and read the full abstract here: RECOMMENDED BOOKS Liz Rice • Container Security • Liz Rice • Kubernetes Security • Aaron Parecki • OAuth 2.0 Simplified • Aaron Parecki • OAuth 2.0 Servers • Aaron Parecki • The Little Book of OAuth 2.0 RFCs • Erdal Ozkaya • Cybersecurity: The Beginner’s Guide • #ApplicationSecurity #Cybersecurity #Security #OWASP #GlobalAppSecStudy #AppSec #Heyhack #CrosssiteScripting #ProFTP #FileLeaks #CVEExploits #BrowserExploitationFramework #FortniteHacked #WAF #WebApplicationFirewall #SebastianBrandes Looking for a unique learning experience? Attend the next GOTO conference near you! Get your ticket at Sign up for updates and specials at SUBSCRIBE TO OUR CHANNEL - new videos posted almost daily.