Web Security for Newcomers: how to avoid getting hacked as a software developer

Fri September 10, 04:15 PM–04:45 PM • Back to program
Start time 16:15
End time 16:45
Countdown link Open timer

This talk is for software developers who want to understand web security fundamentals and prevent common attacks on web projects. We will discuss prepared source code examples with an insecure Python backend (and a little insecure JavaScript frontend). You don't need prior knowledge.

At first, I will give a short overview of web security fundamentals and explain the OWASP Top Ten. Then, we will discuss some prepared source code examples (Python-Backend) of common attacks and how to prevent them. We will focus on XSS (persistent, non-persistent, DOM) and SQL-Injection, but we will also briefly address Phishing, DDOS, and CSRF. Don't worry if you are not familiar with these abbreviations yet; I will explain them in the talk.

Andreas Paech he/him

IT-Consultant | Engineering Manager | University Lecturer

I am professionally working in software engineering since 2011, both as an engineer and manager for both national (Germany) and international companies. I wrote my first line of code around 2006. In the last few years, I have been working as a freelance consultant. I am also a lecturer at universities for software engineering, testing, architecture, and web security.

I consider myself a full-stack developer but prefer the backend. My primary programming language is Python, and my second is JavaScript/Typescript.