DevSum reposted this
What fantastic two days it has been at DevSum 2024! The event featured great speakers and fascinating topics, I particularly listened in on the security tracks. It’s quite alarming just how "easy" it is to hack something. Here are some key notes from the lectures I attended: Secure Coding: This lecture focused on common coding problems and mistakes, mapping them to OWASP findings. A startling revelation was from the OWASP 2023 API security Top 10 attacks: three of the top five issues are related to access control. Why is access control so challenging to implement correctly, and what solutions do we have? The session delved deep into these questions, providing practical insights and solutions. Don't Trust the Browser: Secure SPAs with BFF: OpenIdConnect and OAuth are industry standards for securing frontend and backend applications with tokens. However, sending tokens to the browser is risky—comparable to trusting lions with a cow. This lecture introduced the BFF (Backend For Frontend) pattern as a solution, using ASP.NET Core on the server and React on the client side. Even if you’re not using ASP.NET Core, the concepts are universally applicable. Supply Chain Attacks in the Terraform Registry: The Terraform Registry enables engineers to incorporate community modules into their configurations for managing enterprise infrastructures. Unfortunately, the Registry has a significant security vulnerability. This session highlighted the risks and provided strategies to mitigate these supply chain attacks. Attending DevSum 2024 was a fantastic experience, filled with valuable insights and practical knowledge on cybersecurity. Looking forward to applying these learnings and attending future events! I attended with my fantastic colleagues, Jakob Erixon, Christian Kihlstrand, Willy Kind, Mattias Sundström and Chaitanya Kumar Singanamala, it was nice sharing this experience with you, thank you so much! #devsum
