I’ve had the opportunity to attend OWASP London Chapter Meetup featuring three exceptional speakers discussing the following topics:
* "E2E Detection Testing" by George G. : George highlights the importance of minimizing false negatives in detection and response operations, introducing the concept of end-to-end testing for detection engineering. He also mentioned the integration of Elasticsearch into Datadogs Threatest with the goal of automating red team efforts.
* "5 Open Source Security Tools All Developers Should Know About" by Raz Probstein: The Minimum Viable Security approach ensures robust security integration from code to deployment. Raz delivered an energetic talk on five security tool categories for developers: code scanners, dependency checkers, infrastructure-as-code scanners, container scanners, and runtime scanners. She provides specific open-source tool recommendations based on their experience at Jit, highlighting their features and considerations for evaluation.
* "I Will IDOR Myself In" by Vangelis Stykas: With a great touch of humor, Vangelis underscores the critical importance of securing APIs, emphasizing that while building an API might be easy, constructing a truly secure one poses significant challenges. With a focus on REST, GraphQL, SOAP, and nonstandard APIs, the talk dives into common vulnerabilities, urging developers to be vigilant about authentication, authorization, and input validation. The real-world examples provided, such as compromising IoT devices, EV chargers, and even child tracking applications, highlight the potential severity of API security lapses and stress the need for thorough testing.
A big thank you to the organizers Sam Stepanyan and OWASP London Chapter for this insightful meetup and to the speakers for sharing their expertise! Looking forward to more events like this.
If to be honest, I feel like a baby with wide-open eyes, exploring the new world of cybersecurity and learning its language. I am absolutely sure that I am in the right place. Love it!
#OWASPLondon #Cybersecurity #TechTalks"🚀🔐👏