PLAY PODCASTS
2020-014-Server Side Request Forgery defense, Tanya Janca, AppSec discussion

2020-014-Server Side Request Forgery defense, Tanya Janca, AppSec discussion

BrakeSec Education Podcast · Bryan Brake

April 14, 202048m 16s

Audio is streamed directly from the publisher (traffic.libsyn.com) as published in their RSS feed. Play Podcasts does not host this file. Rights-holders can request removal through the copyright & takedown page.

Original episode page

Show Notes

Tanya's AppSec Course

https://www.shehackspurple.dev/server-side-request-forgery-ssrf-defenses

https://www.shehackspurple.dev

Server-side request forgery - https://portswigger.net/web-security/ssrf

What are differences between Stored XSS and SSRF?

This requires a MITM type of issue?

Doesn't stored XSS get stored on the server?

What conditions must exist for SSRF to be possible?

What mitigations need to be in place for mitigation of SSRF? CORS? CSP?

Would a WAF or mod_security be effective?

Can it be completely mitigated or are there still ways around it?

Part2 -next week

Github actions - https://github.com/features/actions

How are these written?

It looks like a marketplace format? How do they maintain code quality?

What does it take setup the actions?

It looks like IFTTT for DevOps?

What kind of integrations does it allow for? Will it handle logins or API calls for you?

Is it moderated in some way? What's the acceptance criteria for these?

What are you trying to accomplish by using Github Actions? What are the benefits of using these over XX product?

What is gained by using this?

Mention twitch Channel and when (join the mailing list)

Github actions "Twitch.tv/shehackspurple"

Coaching, Project Management, Scrum Management

Alice and Bob learn Application Security - Wylie - Fall/Winter 2020

Links:

https://shehackspurple.dev

https://mailchi.mp/e2ab45528831/shehackspurple

https://twitter.com/shehackspurple

https://dev.to/shehackspurple

https://medium.com/@shehackspurple

https://www.youtube.com/shehackspurple

https://www.twitch.tv/shehackspurple

https://www.linkedin.com/in/tanya-janca

https://github.com/shehackspurple/

Tanya Janca

https://SheHacksPurple.dev

Check out our Store on Teepub! https://brakesec.com/store

Join us on our #Slack Channel! Send a request to @brakesec on Twitter or email [email protected]

#Brakesec Store!:https://www.teepublic.com/user/bdspodcast

#Spotify: https://brakesec.com/spotifyBDS #Pandora: https://pandora.app.link/p9AvwdTpT3

#RSS: https://brakesec.com/BrakesecRSS

#Youtube Channel: http://www.youtube.com/c/BDSPodcast

#iTunes Store Link: https://brakesec.com/BDSiTunes

#Google Play Store: https://brakesec.com/BDS-GooglePlay

Our main site: https://brakesec.com/bdswebsite

#iHeartRadio App: https://brakesec.com/iHeartBrakesec

#SoundCloud: https://brakesec.com/SoundcloudBrakesec

Comments, Questions, Feedback: [email protected]

Support Brakeing Down Security Podcast by using our #Paypal: https://brakesec.com/PaypalBDS OR our #Patreon

https://brakesec.com/BDSPatreon

#Twitter: @brakesec @boettcherpwned @bryanbrake @infosystir

#Player.FM : https://brakesec.com/BDS-PlayerFM

#Stitcher Network: https://brakesec.com/BrakeSecStitcher

#TuneIn Radio App: https://brakesec.com/TuneInBrakesec

← All episodes of BrakeSec Education Podcast