AppSec California 2020, January 21-24 at the Annenberg Beach House, Santa Monica, CA
Back To Schedule
Friday, January 24 • 10:00am - 10:25am
Lightning Talk: Modern Web Security: The Art of Creating and Breaking Assertions

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
Modern web security is a mix of relatively recent frameworks, methods, languages, and abstractions. The age of injection bugs has come and gone. We are firmly in the age of assertions. This age is widely defined by business logic flaws. On a deeper level this age is governed by the security auditor's skill in creating and breaking assertions in the target. Assertions come from any source and they represent statements of security or functionality made by the target.

We'll talk about our experience auditing modern web applications over the last three years. We'll talk about the current state of web application security, how its evolved, and where its going. We give examples of assertions (big and small) created and broken during various security audits and the value this brought to the customer. Our goal is to introduce the age of assertions into the zeitgeist and provide auditors a more refined way of thinking beyond injection bugs.

avatar for John Villamil

John Villamil

Co-founder, Doyensec
John has worked in a variety of infosec roles from forensics and consulting to large enterprise security. He was most recently part of the Yahoo! Paranoids red team, operating on a network with over 600,000 systems servicing nearly a billion users. That kind of scale totally alters... Read More →

Friday January 24, 2020 10:00am - 10:25am PST
Garden Terrace Room