Hvis du tror at Unicode bare er et tegnsæt ligesom ASCII så har Tore Nestenius noget at lære dig. Der er en hel stribe måder hvorpå hackere kan bruge mulighederne i Unicode til at angribe dine systemer eller usynligt angribe den open source, du bruger.
Du tror måske også at du har løst Cross-Site problemet fordi du har implementeret counter-measures mod XSS. Men ved du hvad Cross-Site Request Forgery er, og hvordan du beskytter dig?
Kom til Faglig Fredag 16. december og bliv klogere på nogen af de seneste sikkerhedsudfordringer når seniorkonsulent Tore Nestenius holder oplægget “Unicode Exploits and Cross-Site Request Forgery.” Vi ses på IDA Conference på Kalvebod Brygge eller online.
Unicode Exploits and Cross-Site Request Forgery (English)
Earlier this year, I presented fighting XSS attacks using content security policy, one of the most common security exploits. Today, I will be talking about two more common exploits in modern web application security: Unicode exploits and Cross-Site Request Forgery (CSRF) attacks. You will also learn some common methods for fighting these attacks and keeping your data and your client’s data safe from harm.
Here is a sneak peek at what I will present:
- Unicode and encoding
At the lowest level, we have characters, Unicode, and encoding that most of the web is built upon. In this part, you will learn the fundamental concepts involving Unicode and encoding and why emojis and other characters can cause trouble for us in our applications. - Cross-Site Request Forgery (CSRF) attacks and prevention
This is a common attack against our web applications that involve hackers tricking innocent end users into making requests to websites and applications that they’re logged into. In this talk, you will learn how this attack is carried out and what you can do to protect yourself against it.
After this talk, you will be more aware of common web security concepts, how Unicode and encoding exploits, as well as CSRF attacks, are executed, and how to protect yourself and your users better. By studying these ideas, you can help make the internet a little more secure.
Tore Nestenius – Seniorkonsulent | Instruktør
Tore is an independent software consultant and trainer based in Helsingborg, Sweden. For the last 10 years, he has trained developers worldwide in software architecture, web security, OpenID-connect, C#/.NET, and domain-driven design. When he is not teaching, he is mentoring and coaching developer teams all around Europe. He is currently working on courses in secure development and web security that will be released through Lund&Bendsen in the coming months.