Protecting against Insufficient Transport Layer Protection: HSTS - HTTP Strict Transport Security, Cert Pinning, and New Protection against XSS and Clickjacking: X-Frame-Options and CSP

Setting up, managing and improving your global information security organization using mature OWASP projects and tools. Achieving cost-effective application security and bringing it all together on th

RESTful API已经被各个web应用广泛采用，而且业界已经有很多的框架供我们使用。本议题讲解RESTful API一些常见的设计漏洞，以及如何利用一个常见的RESTful framework漏洞得到Shell # Agenda - REST brief introduction - Secure your RESTful API - Some attack examples