Bozidar Spirovski & Wekoslav Stefanovski

How to Defend Against Data Manipulation Attacks - Bozidar Spirovski & Wekoslav Stefanovski

Anything a user sends is an injection vector, including cookies and JWTs. Learn to break things safely to build more resilient applications.

How to Defend Against Data Manipulation Attacks - Bozidar Spirovski & Wekoslav Stefanovski
#1about 2 minutes

Bridging the communication gap between developers and security

Security and development teams often work in silos, but collaboration is essential for building secure products from the start.

#2about 3 minutes

An overview of classic and modern injection attacks

The workshop covers a range of vulnerabilities from classic SQL injection and XSS to modern threats like template and AI prompt injection.

#3about 2 minutes

How SSRF exploits cloud metadata services in microservices

Server-Side Request Forgery (SSRF) is a critical vulnerability in cloud-native applications that can allow attackers to access sensitive metadata servers.

#4about 3 minutes

Weaponizing cookies and JWTs for denial of service

Attackers can cause a denial-of-service by bloating JSON Web Tokens (JWTs) in cookies to overwhelm and bottleneck backend authentication systems.

#5about 5 minutes

A practical demo of a command injection vulnerability

A hands-on demonstration shows how a command injection in a file export feature can be used to execute arbitrary commands on the server.

#6about 6 minutes

The dangerous trend of prioritizing speed over security

The pressure to ship features quickly leads to half-baked products and a culture where security is treated as an afterthought, creating significant risk.

#7about 7 minutes

Adopting a proactive mindset for secure development

Developers can prevent vulnerabilities by moving away from "magical thinking" about libraries and actively breaking their own code to find flaws early.

#8about 7 minutes

A horror story of hardcoded and shared secrets

A real-world example illustrates the common but dangerous practice of committing secrets to git and sharing passwords in plain text files.

#9about 5 minutes

How flawed password policies create predictable vulnerabilities

A financial institution's policy of monthly password rotation led to users adopting a simple, predictable pattern that defeated the security measure entirely.

Related jobs
Jobs that call for the skills explored in this talk.

Matching moments

Hands-on security training for developers
04:38 MIN

Hands-on security training for developers

How GitHub secures open source

Common web application threats like injection and DoS
02:52 MIN

Common web application threats like injection and DoS

Security in modern Web Applications - OWASP to the rescue!

Why developers make basic cybersecurity mistakes
02:26 MIN

Why developers make basic cybersecurity mistakes

Don't Be A Naive Developer: How To Avoid Basic Cybersecurity Mistakes

When attackers target the developer's own tools
01:20 MIN

When attackers target the developer's own tools

Stranger Danger: Your Java Attack Surface Just Got Bigger

Practical takeaways from the accessibility masterclass
05:40 MIN

Practical takeaways from the accessibility masterclass

Secure and Accessible Login Systems - Ramona Schwering

Why attackers use prompt injection techniques
05:38 MIN

Why attackers use prompt injection techniques

Manipulating The Machine: Prompt Injections And Counter Measures

Understanding and defending against prompt injection attacks
01:43 MIN

Understanding and defending against prompt injection attacks

DevOps for AI: running LLMs in production with Kubernetes and KubeFlow

Exploring specific web vulnerabilities and filtering issues
03:17 MIN

Exploring specific web vulnerabilities and filtering issues

WeAreDevelopers LIVE - Chrome for Sale? Comet - the upcoming perplexity browser Stealing and leaking

Featured Partners

Related Videos

See all videos
What The Hack is Web App Sec?24:01

What The Hack is Web App Sec?

Jackie

The attacker's footprint2:08:06

The attacker's footprint

Antonio de Mello & Amine Abed

101 Typical Security Pitfalls28:41

101 Typical Security Pitfalls

Alexander Pirker

Typed Security: Preventing Vulnerabilities By Design58:19

Typed Security: Preventing Vulnerabilities By Design

Michael Koppmann

Security in modern Web Applications - OWASP to the rescue!26:59

Security in modern Web Applications - OWASP to the rescue!

Jakub Andrzejewski

Security Pitfalls for Software Engineers27:32

Security Pitfalls for Software Engineers

Jasmin Azemović

Architecting API Security47:34

Architecting API Security

Philippe De Ryck

You click, you lose: a practical look at VSCode's security29:47

You click, you lose: a practical look at VSCode's security

Thomas Chauchefoin & Paul Gerste

Related Articles

View all articles
DC
Daniel Cranney
The Overflow: 5 Security and Privacy Tools for Developers
We’re back again with another edition of the Overflow, where we share some of the best tools we’ve found from around the web that we just couldn’t cram into the already jam-packed editions of the Dev Digest. So let’s take a look at five security and ...
The Overflow: 5 Security and Privacy Tools for Developers
CH
Chris Heilmann
Dev Digest 138 - Are you secure about this?
Hello there! This is the 2nd "out of the can" edition of 3 as I am on vacation in Greece eating lovely things on the beach. So, fewer news, but lots of great resources. Many around the topic of security. Enjoy! News and ArticlesGoogle Pixel phones t...
Dev Digest 138 - Are you secure about this?
DC
Daniel Cranney
Dev Digest 198: 30 years of JS, In-Browser AI, How Attackers Abuse GenAI
Inside last week’s Dev Digest 198 . 🎂 30 years of JavaScript ⏰ How long is a JavaScript second 💻 Clean code in Angular 🤦‍♂️ AI makes different mistakes than humans 👨‍💻 In-browser and offline AI 🟠 Undocumented Hacker News features 🐋 DeepSeek censored...
Dev Digest 198: 30 years of JS, In-Browser AI, How Attackers Abuse GenAI

From learning to earning

Jobs that call for the skills explored in this talk.