The State of Application Security 2023 • Sebastian Brandes • GOTO 2023
This presentation was recorded at GOTO Copenhagen 2023. #GOTOcon #GOTOcph
Sebastian Brandes - Co-founder of HeyHack
ORIGINAL TALK TITLE
The State of Application Security 2023: Learnings from 4 Million Scanned Services
Unveiling the Power of Proactive Cybersecurity Investments
RESOURCES
ABSTRACT
The digital security environment is always evolving, with fresh vulnerabilities surfacing, outdated software being phased out, and shifting security guidelines. Heyhack has conducted extensive global scans, assessing countless vulnerabilities. This discussion presents key vulnerabilities and delves into the actual data Heyhack has gathered worldwide. The aim is to heighten awareness and offer concrete examples of the most prevalent cyber risks today.
The foundation for this discussion is grounded in Heyhack’s comprehensive study on 4 million public-facing web services across the globe. This extensive research not only highlights the scale of their investigation but also underscores the significance of the vulnerabilities they’ve uncovered. This vast dataset offers a detailed snapshot of the current online security landscape, and it serves as a pivotal reference throughout the talk. [...]
TIMECODES
00:00 Intro
02:48 Agenda
05:04 2011 study
06:10 Results from Heyhack’s global AppSec study 2023
11:18 2023 study overview
11:43 File leaks
13:44 Dangling DNS records
15:09 Dangling Records demo
17:13 Dangling DNS records continued
18:42 Vulnerable FTP servers
19:40 ProFTP demo
21:27 Cross-site scripting
22:30 Cross-site scripting demo
31:02 Case study: Fortnite
36:08 WAF: Web Application Firewalls
40:09 Learnings
40:49 Proactive investments
42:01 Takeaways
44:28 Outro
Download slides and read the full abstract here:
RECOMMENDED BOOKS
Liz Rice • Container Security •
Liz Rice • Kubernetes Security •
Aaron Parecki • OAuth 2.0 Simplified •
Aaron Parecki • OAuth 2.0 Servers •
Aaron Parecki • The Little Book of OAuth 2.0 RFCs •
Erdal Ozkaya • Cybersecurity: The Beginner’s Guide •
#ApplicationSecurity #Cybersecurity #Security #OWASP #GlobalAppSecStudy #AppSec #Heyhack #CrosssiteScripting #ProFTP #FileLeaks #CVEExploits #BrowserExploitationFramework #FortniteHacked #WAF #WebApplicationFirewall #SebastianBrandes
Looking for a unique learning experience?
Attend the next GOTO conference near you! Get your ticket at
Sign up for updates and specials at
SUBSCRIBE TO OUR CHANNEL - new videos posted almost daily.
1 view
0
0
1 day ago 00:18:05 1
US Using Israel to Provoke Iran War, Deny Responsibility, Minimize Retaliation
2 days ago 00:02:49 10
2024 USMC Juniors WFS National Champions: Aspen Blasko vs Savannah Witt: 120 Ibs Finals
3 days ago 00:00:39 1
The Blood of Dawnwalker — Gameplay Reveal Event Announcement
3 days ago 00:02:47 1
Grand Theft Auto VI Trailer 2
3 days ago 00:01:34 1
Donald TRUMP and ELON MUSK Join Forces to Save OHIO Pets
4 days ago 00:38:38 1
Israel Wages War on Iran with Prof. Mohammad Marandi | DEEP FOCUS with John Kiriakou
5 days ago 00:03:53 1
This Tiny SanDisk CFexpress Card Is Faster Than Your SSD?! The 480GB Beast for 8K Shooters! - YouTube
5 days ago 00:10:44 1
We Are All Going To Die - AI Joni Ernst
6 days ago 00:02:44 1
Los Angeles Riots Parody | Visit LA! - Tourism Advert
1 week ago 00:04:03 1
AY YOLA - Yola (Премьера клипа 2025). Официальный клип / Official music video