Stream about web application security

In the comments and chats to previous streams, there was often a suggestion that it would be interesting to watch or listen to something on the topic of secure web application development. Both about writing secure code and about protecting networks, virtual machines and containers.

This topic is now especially relevant due to the tightening of liability for personal data leaks and for failure to comply with legal requirements for the storage and protection of this data. In addition, if we actively develop and publish applications in Docker containers, then there is an immediate need to understand the protection of these containers and the networks between them.

Based on these requests, we will hold our next big, cool stream for one or two evenings about the security of web applications and related infrastructure.

During the stream, we will conduct a study of different types of attacks. We will discuss with examples the writing of secure program code on the backend and frontend. We will analyze hashing and encryption of data. We will protect HTML forms from forgery and API from brute force. We will make it impossible to inject third-party JavaScript through filtering and browser security policies. We will additionally protect OAuth2 authentication. We will figure out how to protect infrastructure in Linux natively and in Docker containers. We will select tools for auditing and vulnerability search. We will organize compliance with technical requirements for personal data processing, backup and monitoring under Federal Law No. 152-FZ for our project.