Web Security Training

Navigating the web security landscape

Navigating the web security landscape


The websec digest #15

The websec digest gives you a filtered overview of noteworthy incidents, interesting technologies and upcoming events. This edition is overshadowed by the WannaCry ransomware epidemic, which has buried the regular web security news feed. Nonetheless, here are a few interesting pointers to check out.

I was at the OWASP AppSec Europe conference in Belfast to deliver a talk on building secure Angular applications. I can honestly say that the conference had plenty of high-quality talks about a wide variety of web security topics. Definitely take a look at the published slides, and keep an eye out for the recordings that will be published soon!

The last 10 days have been all about ransomware, especially the very widespread WannaCry variant. Since this topic is quite far from the web security field, I’m not going to spend too much time on it. I just want to share this map of ransomware trojans since 2010, to put things into perspective. The map is part of F-Secure’s state of cyber security 2017, an interesting read.

As bug bounties are increasing in popularity (we’re hosting an event about this topic), a lot of vulnerabilities are being disclosed as a story of a bounty payout. This story is a good illustration of an information disclosure through an error page. The vulnerability was located in one of Google’s employee services, and resulted in a $ 5000 bounty.

To conclude the digest with a positive note: another major site has completed the transition to HTTPS. For now on, all Stack Overflow sites are running on HTTPS, which was a major undertaking. Read all about the process that they followed to transform a huge content base to HTTPS. And if you’re still not convinced about the benefits of HTTPS (you’re reading the digests, right?), go read this nice overview first!

Upcoming Events

In the coming month, you can catch me speaking at the following events:

As usual, you can find the full list of events on my speaking page.


Comments & Discussion