Back to program
- 12:00
Cinema 6
Intermediate -

So you want a secure web application?

Every product owner wants a secure web application, no matter what happens. But at what cost?
Security is a broad topic, and we cannot protect ourselves against everything.

In this talk, Koos will discuss the basics of risk analysis, classes of attackers, attacker goals (reputation damage, DOS, application abuse, data retrieval) and attack vectors to give an idea of how broad security can be, and drawing a line at the one things under our control: the application.

During this overview, we will look into some attacks against which we cannot easily defend, some tooling which can give insight, and basic techniques to defend or mitigate different attacks (e.g. different hashing schemes, CSP, input validation & mass assignment vulnerability). Implementing these helps, but no lunch is free (except, of course at DevCon).

About the speakers


Koos Gadellaa

Software Engineer at Luminis /Apeldoorn

Koos is a senior software engineer at Luminis in Apeldoorn. He specializes mostly in Spring, testing, and backend development, but is also an avid security aficionado. Ever since his master thesis on security, he is more than outspoken about the many ways security measures can be circumvented. In his spare time he’s a passionate basketball referee.