Session
Preparing web applications for security assessments
At some point, you will have your web applications being submitted to a pen-test or security assessment, where a team of security engineers will poke your API and Web Apps to see if they can get different results than expected.
In this workshop, we're going to harden our API and Web application by addressing a lot of common risks:
- fingerprinting
- proper use of cookies
- adding several security-related HTTP headers
- checking our dependencies for vulnerabilities
We'll be using .NET mostly but the concepts will apply to Java, React, Angular and other frameworks as well.