When we build a web site, we think of it being used a certain way and even if security is baked in, there may be more ways a hacker can break that site. In this talk, Patrick will show many of the ways that hackers attempt to break in to sites. Because as defenders, we need to be correct 100% of the time, but hackers only need a single door to gain a foothold and then often they may be able to go deeper. This talk will show many of those footholds that the hackers try to use and ways to defend against them as well. This is a great overview of things to think about when defending your own web sites.
Patrick is a security analyst/pentester for Rapid7’s Global Services team. His first love is web application security and CSRF in particular. He founded the Rhode Island chapter of OWASP, the first ever BSides Conference in Providence and is the speaker chair for BSides Boston this year.