OWASP 301 – Infrastructure-Based Security
Some of the trickier application security risks (ASRs) covered by the OWASP Top ten are focused on infrastructure and application configuration. As these risks are deeper within the production stack, they can be harder to find and address. Together, we’ll walk through each of these risks, examine how to identify them in an application or production environment, and cover actionable steps you can take today to address them with your application.
By the end of this session, you will have seen and learned to defend against:
- Sensitive Data Exposure (ASR-3)
- Broken Access Control (ASR-5)
- Security Misconfiguration (ASR-6)
- Using Components with Known Vulnerabilities (ASR-9)
- Insufficient Logging & Monitoring (ASR-10)