Weekly DevSec Friday Webinars

A 600+ strong online community of developers and security professionals. Join us Friday’s at 12PM EST for exercises and discussions on the latest tools and DevSecOps practices.

Writing Secure JavaScript Applications

📅 Every Friday @ 12PM EST  | October 23 – Nov 6

JavaScript Injection Attacks

Injection attacks are very common in JavaScript due to how the language works. During this webinar we will go over the different versions of injection attacks and the different ways of mitigating them.

Cross-Site Scripting

XSS is one of the most common vulnerabilities in general but it is even more prominent in JavaScript based stacks due to the increased attack surface. Although, Angular and React are doing better in terms of mitigations there are still a few places that need attention if you are using these frameworks.

Prototype Pollution & Denial of Service

Prototype Pollution is the latest security pain the JavaScript ecosystem. Protoype pollution can sometimes lead to arbitrary code execution, sanitizer bypass and slew of other vulnerabilities. Additionally, we are going to tackle denial of service in JavaScript and how to mitigate it.

5/5

Building A DevSecOps Pipeline Using GitHub Actions

Integrating Static Analysis Security Testing

We'll discuss best practices, modern tools, and hear from experts who have had success building security into their development pipeline, and have a live Q&A period.

Integrating Dynamic Analysis Security Testing

We will be integrating checks for git secrets into the pipeline, dynamic application security testing (DAST) to the pipeline, hear from our guest StackHawk and wrap up with a live Q&A period.

Checking For 3rd Party Dependencies

We will be discussing the top dependency check tools for your pipeline, walk through exercises, integrating dependency checks within your IDE, and have a live Q&A period.

Adding Container Security Into Your Pipeline

We will be discussing the topics related to containers and container security. We will integrate a free container security tool and Integrate and demo Snyk for container security.

OWASP Webinar Series

injection

OWASP Top 10: Injection

Occurs when untrusted data is sent to an interpreter as part of a command or query which can execute unintended commands or access unauthorized data.

OWASP Top 10: Broken Authentication

A result of an inadequately developed login pages, authentication logic, backdoor, custom session management or authentication scheme.

sensitive data exposure

OWASP Top 10: Sensitive Data Exposure

Attackers steal keys, execute man-in-the-middle attacks, or steal clear text data off the server, while in transit, or from the user’s client.

Read to get started?

A light-weight code security tool built for developers to code securely, fix quickly, and deploy fast.