The websec digest #15

I was at the OWASP AppSec Europe conference in Belfast to deliver a talk on building secure Angular applications. I can honestly say that the conference had plenty of high-quality talks about a wide variety of web security topics. Definitely take a look at the published slides, and keep an eye out for the recordings that will be published soon!

The last 10 days have been all about ransomware, especially the very widespread WannaCry variant. Since this topic is quite far from the web security field, I’m not going to spend too much time on it. I just want to share this map of ransomware trojans since 2010, to put things into perspective. The map is part of F-Secure’s state of cyber security 2017, an interesting read.

As bug bounties are increasing in popularity (we’re hosting an event about this topic), a lot of vulnerabilities are being disclosed as a story of a bounty payout. This story is a good illustration of an information disclosure through an error page. The vulnerability was located in one of Google’s employee services, and resulted in a $ 5000 bounty.

To conclude the digest with a positive note: another major site has completed the transition to HTTPS. For now on, all Stack Overflow sites are running on HTTPS, which was a major undertaking. Read all about the process that they followed to transform a huge content base to HTTPS. And if you’re still not convinced about the benefits of HTTPS (you’re reading the digests, right?), go read this nice overview first!

Upcoming Events

In the coming month, you can catch me speaking at the following events:

• I am invited to give a masterclass on building secure Angular applications at ScaleUp Porto on May 31st. Registration is free, and I definitely hope to see you there!
• On June 22nd, I’ll be giving a similar talk at Voxxed Days Luxembourg

As usual, you can find the full list of events on my speaking page.